New
#21
The output hasn't changed - yes, please disable your AV and run the watfix again.
so I uninstalled Avast AV and run WAT fix for the 2nd time.
After done and reboot,what happens always the same I got non genuine notification
and after log in only background is showed and some minutes latter it log off by itself.
I can log in again and use it normally but the non genuine notification is there.
And if you restart it again without running the WAT fix again or sfc /scannow non genuine notification will be gone.
Here is MGDiag with my AV uninstalled:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1459575376-3320744764-2411850529</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire E1-451G</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>V2.14</Version><SMBIOSVersion major="2" minor="7"/><Date>20130422000000.000000+000</Date></BIOS><HWID>DC363407018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-2172013
Installation ID: 019384288016670160413061073025573851729156598441037160
Processor Certificate URL: SpcService Web Service
Machine Certificate URL: RacService Web Service
Use License URL: UseLicenseService Web Service
Product Key Certificate URL: PkcService Web Service
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 9/10/2015 5:06:20 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: OgAAAAEAAQABAAIAAQACAAAABgABAAEA6GGGSTUyngeKhrxljteN74qbIu4sdA6gcL7y3xqWBgiw3g==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
BOOT ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
WDAT ACRSYS ACRPRDCT
UEFI ACRSYS ACRPRDCT
ASF! ACRSYS ACRPRDCT
WDRT ACRSYS ACRPRDCT
FPDT ACRSYS ACRPRDCT
SSDT ACRSYS ACRPRDCT
SSDT ACRSYS ACRPRDCT
OK - there's obviously something else at work here
Open an Elevated Command Prompt, and run the following commands...
DIR C:\Windows\System32\systemcpl.* /S
ICACLS C:\Windows\System32\systemcpl.* /T
DIR C:\Windows\System32\user32.* /S
ICACLS C:\Windows\System32\user32.* /T
Post the results...
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
You could also run the commands with:
and paste orCode:|clip
Code:>>%userprofile%\desktop\icacls_output.txt
Here it is guys, by the way I set my UAC to never notify.
Is it the reason that my system is vulnerable and I would not know if an app is executed?
again thanks for the response and help.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\acer>DIR C:\Windows\System32\systemcpl.* /S
Volume in drive C is Local Disk
Volume Serial Number is DE62-C8E2
Directory of C:\Windows\System32
01/16/2011 07:01 AM 419,328 systemcpl.dll
1 File(s) 419,328 bytes
Directory of C:\Windows\System32\en-US
07/14/2009 09:29 AM 7,680 systemcpl.dll.mui
1 File(s) 7,680 bytes
Total Files Listed:
2 File(s) 427,008 bytes
0 Dir(s) 56,443,596,800 bytes free
C:\Users\acer>ICACLS C:\Windows\System32\systemcpl.* /T
C:\Windows\System32\systemcpl.dll NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\en-US\systemcpl.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
C:\Windows\System32\LogFiles\WMI\RtBackup\systemcpl.*: Access is denied.
Successfully processed 2 files; Failed processing 1 files
C:\Users\acer>DIR C:\Windows\System32\user32.* /S
Volume in drive C is Local Disk
Volume Serial Number is DE62-C8E2
Directory of C:\Windows\System32
01/16/2011 07:01 AM 1,008,640 user32.dll
1 File(s) 1,008,640 bytes
Directory of C:\Windows\System32\en-US
11/20/2010 07:58 PM 17,920 user32.dll.mui
1 File(s) 17,920 bytes
Directory of C:\Windows\System32\manifeststore
11/20/2010 04:50 PM 342,524 user32.amx
1 File(s) 342,524 bytes
Total Files Listed:
3 File(s) 1,369,084 bytes
0 Dir(s) 56,443,596,800 bytes free
C:\Users\acer>ICACLS C:\Windows\System32\user32.* /T
C:\Windows\System32\user32.dll NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
C:\Windows\System32\en-US\user32.dll.mui NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
C:\Windows\System32\LogFiles\WMI\RtBackup\user32.*: Access is denied.
Successfully processed 2 files; Failed processing 1 files
C:\Users\acer>
Switching off UAC is NOT a good idea, and can produce unexpected results in terms of permissions, since some programs don't 'follow the rules'
Surprisingly perhaps, I suspect that .NET programs are the main culprits here.
Having said that, the problem is fairly obvious.
Neither file has the appropriate permissions - The owner of both should be TrustedInstaller, which should have Full permissions.
I suspect that this is not confined to these files, but is replicated throughout the OS.
I can only recommend that you reformat and reinstall using genuine media and Key - there are enough signs present that the install is totally counterfeit that I would feel uncomfortable working further on it.
So basically it is counterfeit in order to get the OS working.
Well that is exactly what is expected from it to do it's function right.
If so then there is nothing I should be worry about right?
I mean like possibility my system was attacked by malware? or some of my system file corrupt or lost?
Because not just that now after I restored using backup and restore I realized there is game that used to run well but now crash in certain in-game situation which used to be fine. I install it on different driver than my system driver. I thought it was the save file stored at system drive that get corrupted so I delete it and make a new one but it appears to be not the case I still getting the crash.
I'm also getting lag when playing youtube videos at fullscreen even at 720p60 with Mozilla(with Chrome is fine) which I'm not experience before I restore my system.
I have already tried to reinstall Mozilla but no avail.
Can you tell me why this is happening? since my restoration was a success. But before it I restore it twice and it fails until I used save boot.
I would definitely want to get the genuine copy once I have the money and the timing is right. But from what I heard Windows not supporting windows 7 anymore and more windows10 still have a bunch of problems and controversy with it's new business model.
ALL Activation hacks reduce both the security and stability of the OS.
That's why
1) we always recommend a reformat and reinstall using genuine media and Key
2) we refuse to support hacked systems except to get them genuine again.
Ok thanks guys for the help
What about the backup and restoration problem? What might caused it?