Remove From My Forums

"This computer is not running genuine Windows" Scam? Virus?

Question
0

Sign in to vote

A few days ago, I began getting a "This computer is not running genuine Windows" window (see attached pic). Initially, I thought it was probably a virus, so I ran scans with MSEssentials, Spybot, Malwarebytes, Slimcleaner, and adwcleaner. None of these found anything. So, I called Microsoft. Ugh.

The first time I called, I did a remote session with the agent, and after installing 5 optional windows updates, he told me in broken English that I'd have to pay them to remove this. Are you kidding me? I'd much rather just reinstall Windows from my disk partition than shell out money so they can fix an issue with Windows (that I suspect is actually a result of update conflict rather than a virus). The whole session felt like Comcast telling me the problem was "my router."

In any event, the options on the popup all lead to secure Microsoft sites, with additional options to pay upwards of $100 to "get a genuine version."

I HAVE A GENUINE VERSION OF WINDOWS (see pic 2)

Does anyone have a solution to this?

(I tried to attach screenshots, but my account isn't "verified," so of course I can't. My disappointment with Microsoft grows)

Monday, March 2, 2015 6:20 PM

Answers

0

Sign in to vote
As expected...

I've uploaded a file - sluicom64.zip - to my OneDrive at Noel's OneDrive

Please download and save it to your desktop.

Right-click on the saved file and select Extract all...

Save it to the default location

This should create a file sluicom64 .reg

right-click on the file, and select Merge

Accept the warnings, - you should then get a 'Success' message.

Close all windows, and reboot.

Run another MGADiag report, and post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Thursday, March 5, 2015 11:06 PM
- Marked as answer by Noel D PatonModerator Thursday, March 26, 2015 5:29 PM
Wednesday, March 4, 2015 7:16 AM

Moderator

All replies

0

Sign in to vote

MGA Diagnostic Report:

To properly analyze and solve problems with Activation and Validation, we need to see a full copy of the diagnostic report produced by the MGADiag tool (download and save to desktop -http://go.microsoft.com/fwlink/?linkid=52012 )

Once downloaded, run the tool.

Click on the Continue button, after a short time, the Continue button will change to a Copy button.

Click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your post.

One Issue Per Thread:

Most Activation and Validation issues look the same, on the surface, but can have many different causes and fixes. This is why we ask for a diagnostic report and this is also why we ask that you create your own thread for your issue (in other words, don't post your issue in another person's thread).

It just becomes too complicated to try to troubleshoot multiple different issues in the same thread.

New to the Forums?

Note that if you are new to these forums, you may find that you are unable to post due to a restriction on the inclusion of links and pictures.
Simply delete the only lines that contain links - this will allow the remainder of the report to upload (and those lines are not generally critical to the report anyhow)

Also - when you post your results you can first paste into Notepad and edit out any web addresses. That will allow you to put the results here without being Verified. We do not need the URLs in order to diagnose the problem.
Please do not read this sentence. Please ignore the previous sentence.

Monday, March 2, 2015 8:22 PM
0

Sign in to vote

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150113-1808
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1253243333-1443067537-2861160970</SID><SYSTEM><Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer><Model>G75VW</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>G75VW.207</Version><SMBIOSVersion major="2" minor="7"/><Date>20120406000000.000000+000</Date></BIOS><HWID>52183D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 098443672563376115963820410214898466728213047734681174
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 3/2/2015 10:51:45 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 3:1:2015 16:47
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEACrZEsSJBtCSOJCQiWisWg4zh6BWWYw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
BGRT _ASUS_ Notebook

Tuesday, March 3, 2015 4:54 AM
0

Sign in to vote
To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

Here are some instructions to make life easier :)

1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.

2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.

3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Edited by Noel D PatonModerator Tuesday, March 3, 2015 9:53 AM formatting
Tuesday, March 3, 2015 9:53 AM

Moderator
0

Sign in to vote

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2c86C5AA] /s
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>

Tuesday, March 3, 2015 1:00 PM
0

Sign in to vote
As expected...

I've uploaded a file - sluicom64.zip - to my OneDrive at Noel's OneDrive

Please download and save it to your desktop.

Right-click on the saved file and select Extract all...

Save it to the default location

This should create a file sluicom64 .reg

right-click on the file, and select Merge

Accept the warnings, - you should then get a 'Success' message.

Close all windows, and reboot.

Run another MGADiag report, and post the results.

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.
- Proposed as answer by Noel D PatonModerator Thursday, March 5, 2015 11:06 PM
- Marked as answer by Noel D PatonModerator Thursday, March 26, 2015 5:29 PM
Wednesday, March 4, 2015 7:16 AM

Moderator
0

Sign in to vote

I really appreciate the time you're putting towards this. I can't thank you enough.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150113-1808
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FE58FAAF-D70B-4BD6-9FB7-B80771E649CA}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-1253243333-1443067537-2861160970</SID><SYSTEM><Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer><Model>G75VW</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>G75VW.207</Version><SMBIOSVersion major="2" minor="7"/><Date>20120406000000.000000+000</Date></BIOS><HWID>52183D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 098443672563376115963820410214898466728213047734681174
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 3/4/2015 7:10:00 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:1:2015 16:47
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAQABAAAAAgABAAEACrZEsSJBtCSOJCQiWisWg4zh6BWWYw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
BGRT _ASUS_ Notebook

Wednesday, March 4, 2015 1:12 PM
0

Sign in to vote

Looks like it's fixed, to me?

Are you still seeing non-genuine notifications?

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, March 5, 2015 9:17 AM

Moderator
0

Sign in to vote

Nope, I'm not. Thankyouthankyouthankyouthankyou. If you don't mind, what was it exactly? What were you looking for? What did you change? Being a new IT student, I'm interested in the "why" as much as the result.

Thursday, March 5, 2015 1:24 PM
0

Sign in to vote

From what I can make out, the usual cause of this problem is the use of a registry 'cleaner' - ALL such should be avoided!

What I linked you to repaired the missing links in the registry, and allowed the Software Protection service to operate properly.

HTH?

Noel Paton | Nil Carborundum Illegitemi

CrashFixPC | The Three-toed Sloth

No - I do not work for Microsoft, or any of its contractors.

Thursday, March 5, 2015 11:05 PM

Moderator

Answered by:

"This computer is not running genuine Windows" Scam? Virus?

Question

Answers

All replies