sfc /scannow always find corrupt file and repaired it after 3~

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #21

    The output hasn't changed - yes, please disable your AV and run the watfix again.
      My Computer


  2. Posts : 14
    windows 7 x64
    Thread Starter
       #22

    so I uninstalled Avast AV and run WAT fix for the 2nd time.
    After done and reboot,what happens always the same I got non genuine notification
    and after log in only background is showed and some minutes latter it log off by itself.
    I can log in again and use it normally but the non genuine notification is there.
    And if you restart it again without running the WAT fix again or sfc /scannow non genuine notification will be gone.

    Here is MGDiag with my AV uninstalled:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
    Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
    Windows Product ID: 00426-OEM-8992662-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110408-1631
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
    File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
    File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{598CDBE5-ADE3-40FB-BBFE-EF100DBBBAF1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1459575376-3320744764-2411850529</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire E1-451G</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>V2.14</Version><SMBIOSVersion major="2" minor="7"/><Date>20130422000000.000000+000</Date></BIOS><HWID>DC363407018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SE Asia Standard Time(GMT+07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600006-02-1033-7600.0000-2172013
    Installation ID: 019384288016670160413061073025573851729156598441037160
    Processor Certificate URL: SpcService Web Service
    Machine Certificate URL: RacService Web Service
    Use License URL: UseLicenseService Web Service
    Product Key Certificate URL: PkcService Web Service
    Partial Product Key: HYRR2
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 9/10/2015 5:06:20 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Not Registered - 0x80040154
    Admin Service: Not Registered - 0x80040154
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: OgAAAAEAAQABAAIAAQACAAAABgABAAEA6GGGSTUyngeKhrxljteN74qbIu4sdA6gcL7y3xqWBgiw3g==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC ACRSYS ACRPRDCT
    FACP ACRSYS ACRPRDCT
    HPET ACRSYS ACRPRDCT
    BOOT ACRSYS ACRPRDCT
    MCFG ACRSYS ACRPRDCT
    WDAT ACRSYS ACRPRDCT
    UEFI ACRSYS ACRPRDCT
    ASF! ACRSYS ACRPRDCT
    WDRT ACRSYS ACRPRDCT
    FPDT ACRSYS ACRPRDCT
    SSDT ACRSYS ACRPRDCT
    SSDT ACRSYS ACRPRDCT
      My Computer


  3. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #23

    OK - there's obviously something else at work here

    Open an Elevated Command Prompt, and run the following commands...

    DIR C:\Windows\System32\systemcpl.* /S
    ICACLS C:\Windows\System32\systemcpl.* /T
    DIR C:\Windows\System32\user32.* /S
    ICACLS C:\Windows\System32\user32.* /T


    Post the results...
    Here are some instructions to make life easier :)
    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
      My Computer


  4. Posts : 5,656
    Windows 7 Ultimate x64 SP1
       #24

    You could also run the commands with:
    Code:
    |clip
    and paste or
    Code:
    >>%userprofile%\desktop\icacls_output.txt
      My Computer


  5. Posts : 14
    windows 7 x64
    Thread Starter
       #25

    Here it is guys, by the way I set my UAC to never notify.
    Is it the reason that my system is vulnerable and I would not know if an app is executed?
    again thanks for the response and help.



    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\acer>DIR C:\Windows\System32\systemcpl.* /S
    Volume in drive C is Local Disk
    Volume Serial Number is DE62-C8E2

    Directory of C:\Windows\System32

    01/16/2011 07:01 AM 419,328 systemcpl.dll
    1 File(s) 419,328 bytes

    Directory of C:\Windows\System32\en-US

    07/14/2009 09:29 AM 7,680 systemcpl.dll.mui
    1 File(s) 7,680 bytes

    Total Files Listed:
    2 File(s) 427,008 bytes
    0 Dir(s) 56,443,596,800 bytes free

    C:\Users\acer>ICACLS C:\Windows\System32\systemcpl.* /T
    C:\Windows\System32\systemcpl.dll NT AUTHORITY\SYSTEM:(I)(F)
    BUILTIN\Administrators:(I)(F)
    BUILTIN\Users:(I)(RX)

    C:\Windows\System32\en-US\systemcpl.dll.mui NT SERVICE\TrustedInstaller:(F)
    BUILTIN\Administrators:(RX)
    NT AUTHORITY\SYSTEM:(RX)
    BUILTIN\Users:(RX)

    C:\Windows\System32\LogFiles\WMI\RtBackup\systemcpl.*: Access is denied.
    Successfully processed 2 files; Failed processing 1 files

    C:\Users\acer>DIR C:\Windows\System32\user32.* /S
    Volume in drive C is Local Disk
    Volume Serial Number is DE62-C8E2

    Directory of C:\Windows\System32

    01/16/2011 07:01 AM 1,008,640 user32.dll
    1 File(s) 1,008,640 bytes

    Directory of C:\Windows\System32\en-US

    11/20/2010 07:58 PM 17,920 user32.dll.mui
    1 File(s) 17,920 bytes

    Directory of C:\Windows\System32\manifeststore

    11/20/2010 04:50 PM 342,524 user32.amx
    1 File(s) 342,524 bytes

    Total Files Listed:
    3 File(s) 1,369,084 bytes
    0 Dir(s) 56,443,596,800 bytes free

    C:\Users\acer>ICACLS C:\Windows\System32\user32.* /T
    C:\Windows\System32\user32.dll NT AUTHORITY\SYSTEM:(I)(F)
    BUILTIN\Administrators:(I)(F)
    BUILTIN\Users:(I)(RX)

    C:\Windows\System32\en-US\user32.dll.mui NT SERVICE\TrustedInstaller:(F)
    BUILTIN\Administrators:(RX)
    NT AUTHORITY\SYSTEM:(RX)
    BUILTIN\Users:(RX)

    C:\Windows\System32\LogFiles\WMI\RtBackup\user32.*: Access is denied.
    Successfully processed 2 files; Failed processing 1 files

    C:\Users\acer>
      My Computer


  6. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #26

    Switching off UAC is NOT a good idea, and can produce unexpected results in terms of permissions, since some programs don't 'follow the rules'
    Surprisingly perhaps, I suspect that .NET programs are the main culprits here.

    Having said that, the problem is fairly obvious.
    Neither file has the appropriate permissions - The owner of both should be TrustedInstaller, which should have Full permissions.

    I suspect that this is not confined to these files, but is replicated throughout the OS.

    I can only recommend that you reformat and reinstall using genuine media and Key - there are enough signs present that the install is totally counterfeit that I would feel uncomfortable working further on it.
      My Computer


  7. Posts : 14
    windows 7 x64
    Thread Starter
       #27

    So basically it is counterfeit in order to get the OS working.
    Well that is exactly what is expected from it to do it's function right.
    If so then there is nothing I should be worry about right?
    I mean like possibility my system was attacked by malware? or some of my system file corrupt or lost?


    Because not just that now after I restored using backup and restore I realized there is game that used to run well but now crash in certain in-game situation which used to be fine. I install it on different driver than my system driver. I thought it was the save file stored at system drive that get corrupted so I delete it and make a new one but it appears to be not the case I still getting the crash.
    I'm also getting lag when playing youtube videos at fullscreen even at 720p60 with Mozilla(with Chrome is fine) which I'm not experience before I restore my system.
    I have already tried to reinstall Mozilla but no avail.
    Can you tell me why this is happening? since my restoration was a success. But before it I restore it twice and it fails until I used save boot.

    I would definitely want to get the genuine copy once I have the money and the timing is right. But from what I heard Windows not supporting windows 7 anymore and more windows10 still have a bunch of problems and controversy with it's new business model.
      My Computer


  8. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #28

    ALL Activation hacks reduce both the security and stability of the OS.
    That's why
    1) we always recommend a reformat and reinstall using genuine media and Key
    2) we refuse to support hacked systems except to get them genuine again.
      My Computer


  9. Posts : 14
    windows 7 x64
    Thread Starter
       #29

    Ok thanks guys for the help

    What about the backup and restoration problem? What might caused it?
      My Computer


  10. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #30

    Some of the affected files are involved in backups, I think.
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:07.
Find Us