New
#21
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-VQDMV-JTGT9-FCRMX
Windows Product Key Hash: NRyafbSHEB1MlRMfsxmJcsmZBTM=
Windows Product ID: 00359-OEM-8702927-08299
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {3436DED9-695A-445E-B95E-E642E936A7F9}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7600.win7_gdr.120830-0334
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x800b0003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x800b0003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x800b0003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x800b0003]
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3436DED9-695A-445E-B95E-E642E936A7F9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-FCRMX</PKey><PID>00359-OEM-8702927-08299</PID><PIDType>3</PIDType><SID>S-1-5-21-1364423553-166044482-3992125300</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>G31M-ES2L</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>FF</Version><SMBIOSVersion major="2" minor="4"/><Date>20091013000000.000000+000</Date></BIOS><HWID>1FB93607018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7600.16385
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-029-208299-02-1033-7600.0000-2862012
Installation ID: 003105284322244770870530938345148970906060095002530405
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: FCRMX
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 11/14/2012 12:06:23 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x800700c1
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEAeqikDTAPqnYG6CCVZvSQDRhMTFg=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
TAMG GBT GBT B0
SSDT PmRef CpuPm
Yeurgh!
OK....
let's try this.
Open Windows Explorer (Computer)
Navigate to the C:\Windows folder
Find the System32 sub-folder and right-click on it
select Properties
Clear the 'blob' from the 'Read-only (Only applies to files in folder)' box by clicking on it until it's plain white.
Click on Apply.
Make sure that the radio button for 'Apply changes to this folder, subfolders and files' is set, and click OK.
Accept the Administrator prompt. After a couple of seconds, you'll be told there is an error - click on the 'Ignore all' button.
Wait for it to finish - it could take a couple of minutes.
OK out, and exit Windows Explorer.
Now open an Elevated Command Prompt.and run the following commands
regsvr32 C:\Windows\system32\Wat\npwatweb.dll
regsvr32 C:\Windows\system32\Wat\watweb.dll
Close the window
Reboot twice and post a new MGADiag report
....also, run the following command and post the results
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatAdminSvc /S
I received an error on first command prompt (filename, directory name,or volume lable syntex is incorrect ) I will have to get back to this later , again, Thanks
Very odd....
Please open an Elevated Command prompt and run the following commands.
ICACLS C:\Windows\system32\wat /T
ATTRIB C:\Windows\wat*.dll /s
ATTRIB C:\Windows\wat*.exe /s
post the results
C:\Users\COLONEL>ICACLS C:\Windows\system32\wat /T
C:\Windows\system32\wat NT SERVICE\TrustedInstallerF)
NT SERVICE\TrustedInstallerCI)(IO)(F)
NT AUTHORITY\SYSTEMM)
NT AUTHORITY\SYSTEMOI)(CI)(IO)(F)
BUILTIN\AdministratorsM)
BUILTIN\AdministratorsOI)(CI)(IO)(F)
BUILTIN\UsersRX)
BUILTIN\UsersOI)(CI)(IO)(GR,GE)
CREATOR OWNEROI)(CI)(IO)(F)
C:\Windows\system32\wat\npWatWeb.dll NT SERVICE\TrustedInstallerF)
BUILTIN\AdministratorsRX)
NT AUTHORITY\SYSTEMRX)
BUILTIN\UsersRX)
C:\Windows\system32\wat\WatAdminSvc.exe NT SERVICE\TrustedInstallerF)
BUILTIN\AdministratorsRX)
NT AUTHORITY\SYSTEMRX)
BUILTIN\UsersRX)
C:\Windows\system32\wat\WatUX.exe NT SERVICE\TrustedInstallerF)
BUILTIN\AdministratorsRX)
NT AUTHORITY\SYSTEMRX)
BUILTIN\UsersRX)
C:\Windows\system32\wat\WatWeb.dll NT SERVICE\TrustedInstallerF)
BUILTIN\AdministratorsRX)
NT AUTHORITY\SYSTEMRX)
BUILTIN\UsersRX)
Successfully processed 5 files; Failed processing 0 files
C:\Users\COLONEL>ATTRIB C:\Windows\wat*.dll /s
A C:\Windows\System32\Wat\WatWeb.dll
A C:\Windows\winsxs\x86_microsoft-windows-s..ologies-webcontrols_31bf
3856ad364e35_7.1.7600.16395_none_39bc056e339474f4\WatWeb.dll
C:\Users\COLONEL>ATTRIB C:\Windows\wat*.exe /s
A C:\Windows\System32\Wat\WatAdminSvc.exe
A C:\Windows\System32\Wat\WatUX.exe
A C:\Windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf
3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatAdminSvc.exe
A C:\Windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf
3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatUX.exe
C:\Users\COLONEL>ATTRIB C:\Windows\wat*.exe /s
That all looks normal enough..
Please run this command and post the results
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatAdminSvc /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatAdminSvc
DisplayName REG_SZ @%SystemRoot%\system32\Wat\WatUX.exe,-601
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\Wat\WatAdminSvc.exe
Start REG_DWORD 0x3
Type REG_DWORD 0x10
Description REG_SZ @%SystemRoot%\system32\Wat\WatUX.exe,-602
ObjectName REG_SZ LocalSystem
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeTcbPrivilege
\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPrivilege\0SeAuditPrivilege
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatAdminSvc\Security
Security REG_BINARY 01001480A0000000AC000000140000003000000002001C0001
00000002C0140002000D00010100000000000100000000020070000500000000001400FF010F0001
010000000000051200000000001800BF01020001020000000000052000000020020000000014009D
010200010100000000000504000000000014009D0102000101000000000005060000000000140014
00000001010000000000050B000000010100000000000512000000010100000000000512000000
Please run the following commands, and post the results - sorry about the apparent floundering, but this is the first time I have ever seen this type of error in the 30+ months I've been dealing with MGADiag reports!
REG QUERY HKLM\SOFTWARE\Classes\CLSID\{F1CA3CE9-57E0-4862-B35F-C55328F05F1C} /S
REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WatAdminSvc.WatAdminSvcObject /S
REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WatAdminSvc.WatAdminSvcObject.1 /S
REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WatWeb.WatWebObject /S
REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WatWeb.WatWebObject.1 /S