Answered by:
Windows 7 Genuine Advantage error

Question
-
Here's the report. I can follow up with answers about the OEM and retail key (Microsoft issued a new key to try to fix the problem, etc.) I'll leave all that nonsense for later if necessary. THANKS!
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-8JBCC-FT6FV-Y4HQV
Windows Product Key Hash: 71GUAfRBdhZJ85zgF1BtEHfCQMY=
Windows Product ID: 00371-154-3875633-85707
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A38D9603-8DFC-46C1-B52E-7A2B352EA63C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A38D9603-8DFC-46C1-B52E-7A2B352EA63C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-Y4HQV</PKey><PID>00371-154-3875633-85707</PID><PIDType>5</PIDType><SID>S-1-5-21-2880382539-4044894903-2630104961</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20080721000000.000000+000</Date></BIOS><HWID>BCAB3807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-154-387563-01-1033-7601.0000-0672013
Installation ID: 003255048794433375683486821882563273752902403033015070
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: Y4HQV
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/10/2013 6:56:03 AMWindows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x0000000000000004
Event Time Stamp: 3:8:2013 12:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\wat\npwatweb.dll
HWID Data-->
HWID Hash Current: OAAAAAEABgABAAEAAAADAAAAAQABAAEAln3m6gCahDT2pEa8ClbiX8rNGrv65pqITHL9Zmg6Rso=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC IntelR AWRDACPI
FACP IntelR AWRDACPI
HPET IntelR AWRDACPI
MCFG IntelR AWRDACPI
SSDT PmRef CpuPmSunday, March 10, 2013 12:12 PM
Answers
-
You have a tampered file...
Tampered File: %systemroot%\system32\wat\npwatweb.dll
The easiest way to deal with this is probably to uninstall and reinstall the WAT update.
Close all open windows.
Open an Elevated Command Prompt window, and type the following command
wusa /uninstall /kb:971033
and hit the Enter key
Accept the warnings/confirmations, and wait for it to complete
copy and paste the output (if any) from the command prompt window to a reply here,
Reboot
reinstall the update from http://support.microsoft.com/kb/971033
Reboot
run another MGADiag report, and post it.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.- Proposed as answer by Noel D PatonModerator Monday, March 11, 2013 12:10 PM
- Marked as answer by Noel D PatonModerator Monday, March 18, 2013 4:47 PM
Sunday, March 10, 2013 3:27 PMModerator
All replies
-
You have a tampered file...
Tampered File: %systemroot%\system32\wat\npwatweb.dll
The easiest way to deal with this is probably to uninstall and reinstall the WAT update.
Close all open windows.
Open an Elevated Command Prompt window, and type the following command
wusa /uninstall /kb:971033
and hit the Enter key
Accept the warnings/confirmations, and wait for it to complete
copy and paste the output (if any) from the command prompt window to a reply here,
Reboot
reinstall the update from http://support.microsoft.com/kb/971033
Reboot
run another MGADiag report, and post it.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.- Proposed as answer by Noel D PatonModerator Monday, March 11, 2013 12:10 PM
- Marked as answer by Noel D PatonModerator Monday, March 18, 2013 4:47 PM
Sunday, March 10, 2013 3:27 PMModerator -
Thank you for the quick response.
Here's the new log:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-8JBCC-FT6FV-Y4HQV
Windows Product Key Hash: 71GUAfRBdhZJ85zgF1BtEHfCQMY=
Windows Product ID: 00371-154-3875633-85707
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {A38D9603-8DFC-46C1-B52E-7A2B352EA63C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error:
Validation Diagnostic:
Resolution Status: N/AVista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: AllowedFile Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A38D9603-8DFC-46C1-B52E-7A2B352EA63C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-Y4HQV</PKey><PID>00371-154-3875633-85707</PID><PIDType>5</PIDType><SID>S-1-5-21-2880382539-4044894903-2630104961</SID><SYSTEM><Manufacturer>OEM</Manufacturer><Model>OEM</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20080721000000.000000+000</Date></BIOS><HWID>BCAB3807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-154-387563-01-1033-7601.0000-0672013
Installation ID: 003255048794433375683486821882563273752902403033015070
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: Y4HQV
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/10/2013 2:58:29 PMWindows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:8:2013 12:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OAAAAAEABgABAAEAAAADAAAAAQABAAEAln3m6gCahDT2pEa8ClbiX8rNGrv65pqITHL9Zmg6Rso=OEM Activation 1.0 Data-->
N/AOEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC IntelR AWRDACPI
FACP IntelR AWRDACPI
HPET IntelR AWRDACPI
MCFG IntelR AWRDACPI
SSDT PmRef CpuPmSunday, March 10, 2013 8:00 PM -
That looks better :)
You should confirm the result by validating at www.microsoft.com/genuine/validate
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.Sunday, March 10, 2013 9:59 PMModerator -
Validation passed!
Thanks for the help! The only change to the system over the last three years or so was I just recently wiped the external/backup harddrive. It's getting a bit dodgy, so I did a complete wipe on it. Nothing else lives on that drive other than Windows Backup (daily). The WGA nagware started a day or two later. Maybe coincidence. *Shrug*
Trick414
Monday, March 11, 2013 11:32 AM -
I don't *think* they are connected - it's more likely to be the result of fiddling with security options in Firefox or Chrome :)
The npwatweb.dll is required for proper validation using browsers other than IE.
Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth
No - I do not work for Microsoft, or any of its contractors.Monday, March 11, 2013 12:08 PMModerator