Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Activation Technologies Pop-up

07 Oct 2015   #11
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

watadminsvc.exe

Windows Activation Technologies Service - WatAdminSvc.exe - Program Information



My System SpecsSystem Spec
.
07 Oct 2015   #12
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
You never did answer the question I asked in post #2

Quote:
Check and see if your system has KB971033 installed.
Installed 14 Mar 2015
My System SpecsSystem Spec
07 Oct 2015   #13
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Callender View Post
Okay so upload "C:\Windows\System32\Wat\WatAdminSvc.exe" to virus total and see if it is the leigitimate file from microsoft or an imposter.
Attachment 373158
Attachment 373159
I checked the file with my ESET Smart Security 8 and SuperAntiSpyware Pro. I also checked the properties and it appears to be digitally signed by Microsoft.

I'm not familiar with Virus Total. Is it on my system?

Other than that the file appears to be good.

The main issues I'm experiencing at the moment are that when I click on any folder or the start menu button, the system is very sluggish to respond and extremely slow when navigating between different folders. Also, when I do a shutdown, I see a webpage that the system is or has tried to connect to. It appears to be an adware type virus from hell. Also, my ESET Smart Security 8 is giving me lots of alerts about blocking the address in the picture below. So, what ever is on this system still has a remnant that wants to connect to that address.

Windows Activation Technologies Pop-up-eset-warning.jpg

I've started a re-indexing for Windows Explorer and I did a SFC /SCANNOW. There were no issues with the SFC.

This was definitely a virus attack.


My System SpecsSystem Spec
.

07 Oct 2015   #14
tjg79

Windows 7 Professional x64 SP1
 
 

Quote   Quote: Originally Posted by Callender View Post
I don't believe that the two are related. Your first screenshot shows UAC asking to allow:

"C:\Windows\System32\Wat\WatAdminSvc.exe"

That is a legitimate process.

ESET has detected something else.

I'm not a malware removal expert exactly but if you like you can download and run UVK then scan and create a log.

Also you could navigate to C:\Users\TJG\AppData\Roaming\Gayux\Devod.dll and check the file information.

If you decide to download UVK - install it and from the welcome screen choose "Scan and create log" then upload the result.
I'm downloading UVK now.

The UVK log file is over 2MB.

UVK - Ultra Virus Killer Log.txt

You can download the UVK log file from the file drop site on the link above.

Let me know if you see something.

Regards
My System SpecsSystem Spec
08 Oct 2015   #15
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

14 posts and NO MGADiag??
SHAME ON YOU!

ESET has been known to flag the WAT tools in the past - it's a false positive, but semi-legitimate, since the tool will phone home every so often to pick up the latest definitions.

Please follow this tutorial and post an MGADiag report - then we can see what the problem is.

Windows Genuine and Activation Issue Posting Instructions

Ignore errors produced when clicking on the Copy button - they simply mean that the tool could not create the backup files for some reason. The data is still copied to the clipboard for pasting to your response.

Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
https://www.microsoft.com/en-gb/howt...spx#PCPurchase
My System SpecsSystem Spec
08 Oct 2015   #16
tjg79

Windows 7 Professional x64 SP1
 
 

It's a virus, but I'm not sure it's been completely removed, because the system doesn't behave as if the virus is completely removed. I downloaded and ran the Microsoft Safety Scanner for my Win 7 Pro x64 system. The MS Safety Scanner detected a Trojan Dynamater virus. I'm not sure about the spelling. The symptoms were constant downloading of temp files, very sluggish system when attempting to navigate between different folders in Windows Explorer. Windows Task Manger indicated significantly higher than normal system resource utilization, cpu and memory. Presently, I'm running ESET Smart Security 8 Smart Scan. It doesn't appear to be detecting anything yet and it's been running for an hour and twenty minutes. I don't know how long it will take to complete the ESET virus scan. I'm not sure if the virus software can scan the boot sectors. I will check the scan logs when the scan completes. This is a virus issue.

From the Certificate of Authenticity Sticker:
Windows 7 Pro OEM Software
FQC-04849 (the 8 could be a 6, the print is illegible)
X16-93649
00180-451-841-077

The ESET Smart Security 8 Smart Scan completed, but the scan logs indicate that it had errors when attempting to open the boot sectors of C:\, D:\, E:\, & O:\. Therefore, I don't think ESET SS 8 successfully scanned the boot sectors and I suspect this virus is hiding in the boot sectors and will reload when I reboot.
Code:
 

 
Diagnostic Report 
(1.9.0027.0):
-----------------------------------------
Windows Validation 
Data-->

 
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product 
Key: *****-*****-9CBQQ-CBRDX-4VBW4
Windows Product Key Hash: 
4o79yMzf+5/lHKmwIiotxng2nPc=
Windows Product ID: 
00371-OEM-9045181-41077
Windows Product ID Type: 3
Windows License Type: 
OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: 
{88569B0E-21CB-4760-A2CC-9595DA52037D}(3)
Is Admin: Yes
TestCab: 
0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: 
Microsoft
Product Name: Windows 7 Professional
Architecture: 
0x00000009
Build lab: 7601.win7sp1_gdr.150722-0600
TTS Error: 

Validation Diagnostic: 
Resolution Status: N/A

 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, 
hr = 0x80070002

 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 
0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe 
Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 
0x80070002

 
OGA Notifications Data-->
Cached Result: N/A, hr = 
0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 
0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

 
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 
2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 
0x80070002
Office Diagnostics: 
77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 
(compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet 
Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download 
unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: 
Allowed
Initialize and script ActiveX controls not marked as safe: 
Disabled
Allow scripting of Internet Explorer Webbrowser control: 
Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe 
for scripting: Allowed

 
File Scan Data-->

 
Other data-->
Office Details: 
<GenuineResults><MachineData><UGUID>{88569B0E-21CB-4760-A2CC-9595DA52037D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-4VBW4</PKey><PID>00371-OEM-9045181-41077</PID><PIDType>3</PIDType><SID>S-1-5-21-764048772-141219837-185285450</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>DX58SO__</Model></SYSTEM><BIOS><Manufacturer>Intel 
Corp.</Manufacturer><Version>SOX5810J.86A.5600.2013.0729.2250</Version><SMBIOSVersion 
major="2" 
minor="5"/><Date>20130729000000.000000+000</Date></BIOS><HWID>92BD3107018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern 
Standard 
Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product 
GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft 
Office Professional 
2007</Name><Ver>12</Ver><Val>1B16FCA35E8C714</Val><Hash>Ox0izo7MjcnLKUdV4ul5G/4OhBY=</Hash><Pid>81605-906-5273533-65430</Pid><PidType>1</PidType></Product></Products><Applications><App 
Id="15" Version="12" Result="100"/><App Id="16" Version="12" 
Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" 
Version="12" Result="100"/><App Id="1A" Version="12" 
Result="100"/><App Id="1B" Version="12" 
Result="100"/></Applications></Office></Software></GenuineResults>  


 
Spsys.log Content: 0x80070002

 
Licensing Data-->
Software licensing service version: 
6.1.7601.17514

 
Name: Windows(R) 7, Professional edition
Description: Windows Operating 
System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 
e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 
55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 
00371-00180-451-841077-02-1033-7601.0000-0732015
Installation ID: 
012201651040681403614155510252839633960930028731337932
Processor Certificate 
URL: SpcService Web Service
Machine 
Certificate URL: RacService Web Service
Use 
License URL: UseLicenseService Web Service
Product 
Key Certificate URL: PkcService Web Service
Partial 
Product Key: 4VBW4
License Status: Licensed
Remaining Windows rearm count: 
3
Trusted time: 08-Oct-15 09:26:18

 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 
0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:11:2015 
06:15
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: 
Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

 

HWID Data-->
HWID Hash Current: 
MgAAAAMAAAABAAEAAQADAAAAAQABAAEACrYw0kNG2mNsQ1D3xOAOLEaUnJ+9IKaegig=

 
OEM Activation 1.0 Data-->
N/A

 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC 
table
Windows marker version: N/A
OEMID and OEMTableID Consistent: 
N/A
BIOS Information: 
  ACPI Table Name OEMID 
Value OEMTableID Value
  APIC   INTEL 
  DX58SO  
  FACP   INTEL 
  DX58SO  
  HPET   INTEL 
  DX58SO  
  MCFG   INTEL 
  DX58SO  
  WDDT   INTEL 
  DX58SO  
  ASF!   INTEL 
  DX58SO  
  SSDT   INTEL 
  SSDT  PM
  DMAR   INTEL 
  DX58SO  
  WDTT   INTEL 
  DX58SO  
  ASPT   INTEL 
  PerfTune
My System SpecsSystem Spec
08 Oct 2015   #17
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Posting the MGADiag log as Noel has requested after your security scan will let Noel see if your infection has effected your MGADiag.

Please complete the instruction Noel has given.
My System SpecsSystem Spec
08 Oct 2015   #18
tjg79

Windows 7 Professional x64 SP1
 
 

Do you need any additional information?
My System SpecsSystem Spec
08 Oct 2015   #19
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I looked at your log. Can you confirm what is in this folder?

C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
My System SpecsSystem Spec
08 Oct 2015   #20
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Will check here later!
My System SpecsSystem Spec
Reply

 Windows Activation Technologies Pop-up




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Receiving error 0x8004fe2 from Windows Activation Technologies
Recently started receiving message states not running genuine Windows 7, but this computer was purchased with the program installed. Usually only occurs when booting up Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code:...
Windows Updates & Activation
Windows Activation Technologies, computer not running Genuine Windows.
Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0x8004FE21 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-D3FF6-DBX4C-PMRVR Windows Product Key Hash: VueNuSXJuhxhHbk14QaOuTKTCxc= Windows Product ID:...
Windows Updates & Activation
Windows Activation Technologies Plugin for Mozilla
I have this plugin for Firefox (Ver: 7.1.7600.16395) enabled, but can't seem to find any information about what it does, or required, or even if it is genuine. I searched Microsoft for the answer to no avail. Can anyone shed a light on this?
Browsers & Mail
Windows Activation Technologies Update for Windows 7.
Source - Windows Activation Technologies Update for Windows 7 - Genuine Windows Blog - The Windows Blog
Windows Updates & Activation
Installed new Activation Technologies . . .
So the update was offered unticked, but I went ahead and installed it, over 4000 registry changes later, everything works . . . . After the reboot, Norton 360 needed another reboot to update itself. So 2 reboots later Windows cheerfully comes up with my copy of Windows isn't valid. Clicked get...
Windows Updates & Activation
Windows Activation Technologies Update for Windows 7
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App