locked
"This computer is not running genuine Windows" Scam? Virus? RRS feed

  • Question

  • A few days ago, I began getting a "This computer is not running genuine Windows" window (see attached pic).  Initially, I thought it was probably a virus, so I ran scans with MSEssentials, Spybot, Malwarebytes, Slimcleaner, and adwcleaner.  None of these found anything.  So, I called Microsoft.  Ugh.

    The first time I called, I did a remote session with the agent, and after installing 5 optional windows updates, he told me in broken English that I'd have to pay them to remove this.  Are you kidding me?  I'd much rather just reinstall Windows from my disk partition than shell out money so they can fix an issue with Windows (that I suspect is actually a result of update conflict rather than a virus).  The whole session felt like Comcast telling me the problem was "my router."

    In any event, the options on the popup all lead to secure Microsoft sites, with additional options to pay upwards of $100 to "get a genuine version."

    I HAVE A GENUINE VERSION OF WINDOWS (see pic 2)

    Does anyone have a solution to this?

    (I tried to attach screenshots, but my account isn't "verified," so of course I can't.  My disappointment with Microsoft grows)

    Monday, March 2, 2015 6:20 PM

Answers

  • As expected...

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64 .reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, March 4, 2015 7:16 AM
    Moderator

All replies

  • MGA Diagnostic Report:

    To properly analyze and solve problems with Activation and Validation, we need to see a full copy of the diagnostic report produced by the MGADiag tool (download and save to desktop -http://go.microsoft.com/fwlink/?linkid=52012 )

    Once downloaded, run the tool.
    Click on the Continue button, after a short time, the Continue button will change to a Copy button.
    Click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your post.

    One Issue Per Thread:

    Most Activation and Validation issues look the same, on the surface, but can have many different causes and fixes. This is why we ask for a diagnostic report and this is also why we ask that you create your own thread for your issue (in other words, don't post your issue in another person's thread). 

    It just becomes too complicated to try to troubleshoot multiple different issues in the same thread.

    New to the Forums?

    Note that if you are new to these forums, you may find that you are unable to post due to a restriction on the inclusion of links and pictures.
    Simply delete the only lines that contain links -  this will allow the remainder of the report to upload (and those lines are not generally critical to the report anyhow)

      

    Also - when you post your results you can first paste into Notepad and edit out any web addresses.  That will allow you to put the results here without being Verified.  We do not need the URLs in order to diagnose the problem.


    Please do not read this sentence. Please ignore the previous sentence.

    Monday, March 2, 2015 8:22 PM
  • Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.150113-1808
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1253243333-1443067537-2861160970</SID><SYSTEM><Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer><Model>G75VW</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>G75VW.207</Version><SMBIOSVersion major="2" minor="7"/><Date>20120406000000.000000+000</Date></BIOS><HWID>52183D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
    Installation ID: 098443672563376115963820410214898466728213047734681174
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 3/2/2015 10:51:45 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 3:1:2015 16:47
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEACrZEsSJBtCSOJCQiWisWg4zh6BWWYw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC _ASUS_ Notebook
      FACP _ASUS_ Notebook
      HPET _ASUS_ Notebook
      MCFG _ASUS_ Notebook
      ECDT _ASUS_ Notebook
      SLIC _ASUS_ Notebook
      SSDT PmRef Cpu0Ist
      SSDT PmRef Cpu0Ist
      BGRT _ASUS_ Notebook
    Tuesday, March 3, 2015 4:54 AM
  • To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

     

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

     

    Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.


    Tuesday, March 3, 2015 9:53 AM
    Moderator
  • Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\classes\Wow6432Node\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2c86C5AA] /s
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
    8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>

    Tuesday, March 3, 2015 1:00 PM
  • As expected...

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64 .reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Wednesday, March 4, 2015 7:16 AM
    Moderator
  • I really appreciate the time you're putting towards this.  I can't thank you enough. 

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.150113-1808
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1253243333-1443067537-2861160970</SID><SYSTEM><Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer><Model>G75VW</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>G75VW.207</Version><SMBIOSVersion major="2" minor="7"/><Date>20120406000000.000000+000</Date></BIOS><HWID>52183D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
    Installation ID: 098443672563376115963820410214898466728213047734681174
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 9YQTR
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 3/4/2015 7:10:00 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 3:1:2015 16:47
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEACrZEsSJBtCSOJCQiWisWg4zh6BWWYw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC _ASUS_ Notebook
      FACP _ASUS_ Notebook
      HPET _ASUS_ Notebook
      MCFG _ASUS_ Notebook
      ECDT _ASUS_ Notebook
      SLIC _ASUS_ Notebook
      SSDT PmRef Cpu0Ist
      SSDT PmRef Cpu0Ist
      BGRT _ASUS_ Notebook

    Wednesday, March 4, 2015 1:12 PM
  • Looks like it's fixed, to me?

    Are you still seeing non-genuine notifications?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, March 5, 2015 9:17 AM
    Moderator
  • Nope, I'm not.  Thankyouthankyouthankyouthankyou.  If you don't mind, what was it exactly?  What were you looking for?  What did you change?  Being a new IT student, I'm interested in the "why" as much as the result.  

    Thursday, March 5, 2015 1:24 PM
  • From what I can make out, the usual cause of this problem is the use of a registry 'cleaner' - ALL such should be avoided!

    What I linked you to repaired the missing links in the registry, and allowed the Software Protection service to operate properly.

    HTH?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, March 5, 2015 11:05 PM
    Moderator