Answered by:
Getting not running genuine WIndows error message on computer that is running genuine windows

Question
-
I began getting non-genuine Windows 7 notifications several weeks ago. I believe it started after I ran a series of malware scans
(Malwarebytes, SUPERAntispyware, and Spybot) after seeing what I believed to be a malware infection on my PC.
I cannot be certain that this was the trigger, but either the scans or the malware itself are the most likely culprit.
The specifics of the non-genuine Windows notification are as follows:
"This computer is not running genuine Windows"
"Resolve online now" - clicking on this link results in a "We are sorry - the page you requested cannot be found" error
"0x8004FE22"
The version and edition of Windows copied from the COA sticker on the side of the PC are:
Windows 7 Home Prem OA
HP 584037-001
There have been no recent hardware changes in the PC.
There have been no Windows reinstallation activities within at least the past year.
I have attempted re-activation of Windows by running slui.exe – but I did not get the re-activation dialog upon entering this command.
I have not attempted contacting Microsoft to do the re-activation.
I have also run the system file checker – which reported no problems needing to be fixed.
The results of an MGADiag run are copied below (hyperlinks edited to begin with hxxp). Any help in resolving the problem would be appreciated.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A544F032-89BB-4582-8D99-EE623D651DF7}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.180608-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A544F032-89BB-4582-8D99-EE623D651DF7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4178587683-1704982380-3890704133</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1214</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>Ang_713</Version><SMBIOSVersion major="2" minor="7"/><Date>20111229000000.000000+000</Date></BIOS><HWID>452E3207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-2102018
Installation ID: 017221506544637016769092228722294222111201105743222862
Processor Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: hxxp://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 8/4/2018 4:48:36 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: 7:28:2018 18:47
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: LgAAAAEAAAABAAEAAQACAAAAAgABAAEA4nNGIgwJWhBUDIj/Yj2Clq6MytsgIQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
BGRT HPQOEM SLIC-CPC
SSDT AMD POWERNOWSunday, August 5, 2018 6:49 PM
Answers
-
As expected - the relevant items have been ripped out (probably by some form of malware, or even a non-compliant AV)
I've uploaded a file - sluicom64.zip - to my OneDrive at Noel's OneDrive
Please download and save it to your desktop.
Right-click on the saved file and select Extract all...
Save it to the default location
This should create a file sluicom64.reg
right-click on the file, and select Merge
Accept the warnings, - you should then get a 'Success' message.
Close all windows, and reboot.
Run another MGADiag report, and post the results.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Proposed as answer by Noel D PatonModerator Monday, September 10, 2018 8:18 AM
- Marked as answer by Carey FrischMVP, Moderator Monday, September 24, 2018 5:01 PM
Saturday, August 11, 2018 8:55 AMModerator -
The new report looks fine.
Your anti-malware programs are fine - if you are using a registry 'cleaner', then DON'T!
Have you checked for file corruption using SFC?
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Marked as answer by Gregory Yates Monday, September 10, 2018 11:36 AM
Monday, September 10, 2018 8:18 AMModerator
All replies
-
To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.
REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. Thursday, August 9, 2018 7:58 AMModerator -
The result of running the requested commands is shown below:
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.
C:\Windows\system32>
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.
C:\Windows\system32>
C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
7-4077-4AD6-8658-327C2C86C5AA} /S
ERROR: The system was unable to find the specified registry key or value.Thursday, August 9, 2018 11:24 AM -
As expected - the relevant items have been ripped out (probably by some form of malware, or even a non-compliant AV)
I've uploaded a file - sluicom64.zip - to my OneDrive at Noel's OneDrive
Please download and save it to your desktop.
Right-click on the saved file and select Extract all...
Save it to the default location
This should create a file sluicom64.reg
right-click on the file, and select Merge
Accept the warnings, - you should then get a 'Success' message.
Close all windows, and reboot.
Run another MGADiag report, and post the results.
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Proposed as answer by Noel D PatonModerator Monday, September 10, 2018 8:18 AM
- Marked as answer by Carey FrischMVP, Moderator Monday, September 24, 2018 5:01 PM
Saturday, August 11, 2018 8:55 AMModerator -
The new MGADiag report follows. Assuming that this shows the problem as corrected, thank you for the help! Also, do you have any suggestions for how to tell whether I have completely removed any malware that may have caused this. As mentioned in the original post, I have run MalwareBytes, SuperAntiSpyWare, and Spybot - and they all report no problems. Finally, is there any way to tell whether there are other lingering issues that may have been created by whatever removed the registry entries?
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {A544F032-89BB-4582-8D99-EE623D651DF7}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.180608-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A544F032-89BB-4582-8D99-EE623D651DF7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4178587683-1704982380-3890704133</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1214</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>Ang_713</Version><SMBIOSVersion major="2" minor="7"/><Date>20111229000000.000000+000</Date></BIOS><HWID>452E3207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-2102018
Installation ID: 017221506544637016769092228722294222111201105743222862
Processor Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: hxxp://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 8/11/2018 8:27:23 AM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:4:2018 22:48
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: LgAAAAEAAAABAAEAAQACAAAAAgABAAEA4nNGIgwJWhBUDIj/Yj2Clq6MytsgIQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
DBGP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
BGRT HPQOEM SLIC-CPC
SSDT AMD POWERNOWSaturday, August 11, 2018 12:49 PM -
The new report looks fine.
Your anti-malware programs are fine - if you are using a registry 'cleaner', then DON'T!
Have you checked for file corruption using SFC?
Noel Paton | Nil Carborundum Illegitemi CrashFixPC | The Three-toed Sloth No - I do not work for Microsoft, or any of its contractors. - Marked as answer by Gregory Yates Monday, September 10, 2018 11:36 AM
Monday, September 10, 2018 8:18 AMModerator -
Thank you for the advice. I did run SFC before I ran the tool you supplied to restore the missing entries. It did not find any anomalies.
Greg Yates
Monday, September 10, 2018 11:34 AM