locked
Getting not running genuine WIndows error message on computer that is running genuine windows RRS feed

  • Question

  • I began getting non-genuine Windows 7 notifications several weeks ago.   I believe it started after I ran a series of malware scans
    (Malwarebytes, SUPERAntispyware, and Spybot) after seeing what I believed to be a malware infection on my PC.
    I cannot be certain that this was the trigger, but either the scans or the malware itself are the most likely culprit.  
    The specifics of the non-genuine Windows notification are as follows:
    "This computer is not running genuine Windows"
    "Resolve online now" - clicking on this link results in a "We are sorry - the page you requested cannot be found" error
    "0x8004FE22"

    The version and edition of Windows copied from the COA sticker on the side of the PC are:
    Windows 7 Home Prem OA
    HP 584037-001

    There have been no recent hardware changes in the PC.
    There have been no Windows reinstallation activities within at least the past year.

    I have attempted re-activation of Windows by running slui.exe – but I did not get the re-activation dialog upon entering this command.
    I have not attempted contacting Microsoft to do the re-activation.
    I have also run the system file checker – which reported no problems needing to be fixed.

    The results of an MGADiag run are copied below (hyperlinks edited to begin with hxxp).   Any help in resolving the problem would be appreciated.
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A544F032-89BB-4582-8D99-EE623D651DF7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr.180608-0600
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A544F032-89BB-4582-8D99-EE623D651DF7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4178587683-1704982380-3890704133</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1214</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>Ang_713</Version><SMBIOSVersion major="2" minor="7"/><Date>20111229000000.000000+000</Date></BIOS><HWID>452E3207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-2102018
    Installation ID: 017221506544637016769092228722294222111201105743222862
    Processor Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: hxxp://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 8/4/2018 4:48:36 PM

    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: 7:28:2018 18:47
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    HWID Data-->
    HWID Hash Current: LgAAAAEAAAABAAEAAQACAAAAAgABAAEA4nNGIgwJWhBUDIj/Yj2Clq6MytsgIQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC
      BGRT HPQOEM SLIC-CPC
      SSDT AMD    POWERNOW
    Sunday, August 5, 2018 6:49 PM

Answers

  • As expected - the relevant items have been ripped out (probably by some form of malware, or even a non-compliant AV)

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64.reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, August 11, 2018 8:55 AM
    Moderator
  • The new report looks fine.

    Your anti-malware programs are fine - if you are using a registry 'cleaner', then DON'T!

    Have you checked for file corruption using SFC?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by Gregory Yates Monday, September 10, 2018 11:36 AM
    Monday, September 10, 2018 8:18 AM
    Moderator

All replies

  • To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

     

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S              

    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

     

      Here are some instructions to make life easier :)

    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt. 

    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once. 

    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.     


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Thursday, August 9, 2018 7:58 AM
    Moderator
  • The result of running the requested commands is shown below:

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
    8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Windows\system32>
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S
    ERROR: The system was unable to find the specified registry key or value.

    Thursday, August 9, 2018 11:24 AM
  • As expected - the relevant items have been ripped out (probably by some form of malware, or even a non-compliant AV)

    I've uploaded a file - sluicom64.zip - to my OneDrive at  Noel's OneDrive

    Please download and save it to your desktop.

    Right-click on the saved file and select Extract all...

    Save it to the default location

    This should create a file sluicom64.reg

     right-click on the file, and select Merge

    Accept the warnings, - you should then get a 'Success' message.

    Close all windows, and reboot.

    Run another MGADiag report, and post the results.


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    Saturday, August 11, 2018 8:55 AM
    Moderator
  • The new MGADiag report follows.   Assuming that this shows the problem as corrected, thank you for the help!   Also, do you have any suggestions for how to tell whether I have completely removed any malware that may have caused this.   As mentioned in the original post, I have run MalwareBytes, SuperAntiSpyWare, and Spybot - and they all report no problems.   Finally, is there any way to tell whether there are other lingering issues that may have been created by whatever removed the registry entries?

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
    Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
    Windows Product ID: 00359-OEM-8992687-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {A544F032-89BB-4582-8D99-EE623D651DF7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr.180608-0600
    TTS Error: 
    Validation Diagnostic: 
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A544F032-89BB-4582-8D99-EE623D651DF7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4178587683-1704982380-3890704133</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>h8-1214</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>Ang_713</Version><SMBIOSVersion major="2" minor="7"/><Date>20111229000000.000000+000</Date></BIOS><HWID>452E3207018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800010-02-1033-7601.0000-2102018
    Installation ID: 017221506544637016769092228722294222111201105743222862
    Processor Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: hxxp://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: hxxp://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 3Q6C9
    License Status: Licensed
    Remaining Windows rearm count: 1
    Trusted time: 8/11/2018 8:27:23 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:4:2018 22:48
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAAABAAEAAQACAAAAAgABAAEA4nNGIgwJWhBUDIj/Yj2Clq6MytsgIQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information: 
      ACPI Table Name OEMID Value OEMTableID Value
      APIC HPQOEM SLIC-CPC
      FACP HPQOEM SLIC-CPC
      DBGP HPQOEM SLIC-CPC
      HPET HPQOEM SLIC-CPC
      MCFG HPQOEM SLIC-CPC
      SLIC HPQOEM SLIC-CPC
      BGRT HPQOEM SLIC-CPC
      SSDT AMD    POWERNOW

    Saturday, August 11, 2018 12:49 PM
  • The new report looks fine.

    Your anti-malware programs are fine - if you are using a registry 'cleaner', then DON'T!

    Have you checked for file corruption using SFC?


    Noel Paton | Nil Carborundum Illegitemi
    CrashFixPC | The Three-toed Sloth
    No - I do not work for Microsoft, or any of its contractors.

    • Marked as answer by Gregory Yates Monday, September 10, 2018 11:36 AM
    Monday, September 10, 2018 8:18 AM
    Moderator
  • Thank you for the advice.   I did run SFC before I ran the tool you supplied to restore the missing entries.   It did not find any anomalies.

    Greg Yates

    Monday, September 10, 2018 11:34 AM