0x8004fe22 "This computer is not running genuine Windows" but it is!


  1. T1D
    Posts : 6
    Windows 7 Professional SP1 x64
       #1

    0x8004fe22 "This computer is not running genuine Windows" but it is!


    NoelDP,

    I am getting the error code "0x8004fe22" amd the popup window "This computer is not running genuine Windows" however, I do have a genuine version new from the PC manufacturer. This started yesterday after I applied all of the Microsfot Updates that came out this week. I am also getting error code 643 in Windows Update. Most of the updates installed but two did not (they were KB2742595 and KB2736428 which both are security updates that deal with .NET Framwork 4). All other updates installed and I can still instal MSE virus definition updates.

    I have done a full system scan with MSE definitions as of yesterday with no malware discovered.

    I have run CHKDSK C: /R. The log in event viewer says that it cleaned up 513 unused index entries from index $SII and $SDH of file 0x9 and 513 unused security descriptors. It also says that CHKDSK discovered free space marked as allocated in the MFT bitmap and that Windows has made corrections to the file system. No bad sectors or anything else of note.

    I have run SFC /SCANNOW. The CBS.log is attached. It does have some "Failed to internally open..." messages.

    I have checked the Software Protection Service. It is set to Automatice (Delayed Start), but is stopped. I have started the service and it starts nomrally, but then stops after a while.

    My gut feeling is that it has something to do with registry permissions. I did run a reistry cleaner (regseeker) about a month ago, but made a backup. I then thought better of that idea and restored all items. The interesting thing was that the clearner could not delete most keys. When I used regedit to look at the permissions for those keys, they did not have full control for the administor profile. I have not changed any registry keys or their permissions.

    Here is the MGAD log. It lists a tampered file. Thank you for your help.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0x8004FE22
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-XTB2F-YCF3T-BBVY3
    Windows Product Key Hash: UaN6hk/98OTFmF9XfptLmo0FmmU=
    Windows Product ID: 00371-OEM-9045683-44609
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {2875EC32-029D-430E-874E-AF648E8B64D7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: N/A, hr=0x80070002
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2875EC32-029D-430E-874E-AF648E8B64D7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBVY3</PKey><PID>00371-OEM-9045683-44609</PID><PIDType>3</PIDType><SID>S-1-5-21-286802772-3302543837-558025917</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1504</Version><SMBIOSVersion major="2" minor="7"/><Date>20120801000000.000000+000</Date></BIOS><HWID>E23A3707018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00180-456-844609-02-1033-7601.0000-2872012
    Installation ID: 003970606640648585862242790774150566686686337794436681
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: BBVY3
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 13-Jan-13 18:12:04
    Windows Activation Technologies-->
    HrOffline: 0x8004FE22
    HrOnline: N/A
    HealthStatus: 0x0000000000000800
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration

    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAIAAAADAAAAAQABAAEAHKImgoBPEsJkxwpTdMTmcT4chLiKmzKo/EVGgZZj
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC ALASKA A M I
    FACP ALASKA A M I
    HPET ALASKA A M I
    MCFG ALASKA A M I
    FPDT ALASKA A M I
    SSDT SataRe SataTabl
    SSDT SataRe SataTabl
    SSDT SataRe SataTabl
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #2

    Your immediate problem is
    Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration


    To confirm that the problem is what I think it is, please run the following commands in an Elevated Command Prompt window and post the results.

    REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S

    REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S
    REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA} /S


    Here are some instructions to make life easier :)
    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
      My Computer


  3. T1D
    Posts : 6
    Windows 7 Professional SP1 x64
    Thread Starter
       #3

    The results are below. I also opened each key and there is nothing in them. Additionally, the SYSTEM, Administrators, and Users groups only have read permissions to all three of the keys. The only group with full control to these keys is TrustedInstaller.

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.
    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Classes\TypeLib\{EE574957-4077-4AD6-
    8658-327C2C86C5AA} /S

    C:\Windows\system32>REG QUERY HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{EE57495
    7-4077-4AD6-8658-327C2C86C5AA} /S

    C:\Windows\system32>
    C:\Windows\system32>
      My Computer


  4. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #4

    Copy the text enclosed in +++++ to Notepad, and save as regwowfix.reg
    ++++++++++++++++++++++++++++++++++++++++++++++++++++
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA}\1.0]
    @="SPPUI 1.0 Type Library"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA}\1.0\0]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA}\1.0\0\win32]
    @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
    00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,6c,00,\
    75,00,69,00,2e,00,65,00,78,00,65,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EE574957-4077-4AD6-8658-327C2C86C5AA}\1.0\FLAGS]
    @="0"

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    Once saved, close all applications, then right-click on the file and select Merge
    You'll get at least one warning - accept it/them.
    You should then get a 'Success' message.
    accept that, and reboot.

    run another MGADiag report and post the results.

    If the import fails, you'll have to take ownership of each key, and grant Administrators Full access
    Remember to undo that as soon as possible afterwards!
      My Computer


  5. T1D
    Posts : 6
    Windows 7 Professional SP1 x64
    Thread Starter
       #5

    NoelDP,

    I did have to take ownership of the key (it was TrustedInstaller) and then apply Full Control to the Administrators Group. Then the merge worked. I changed the permissions back to Read for the Administrators Group, but I could not change the owner back to TrustedInstaller. When I hit Check Names, it gave an error and could not change the owner, so the owner is still Administrators, but only with Read access. The results are below. The tampered file error is gone, but I will have to wait for tomorrow to see if the Genuine Windows error message pops up again. Thank you.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-XTB2F-YCF3T-BBVY3
    Windows Product Key Hash: UaN6hk/98OTFmF9XfptLmo0FmmU=
    Windows Product ID: 00371-OEM-9045683-44609
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {2875EC32-029D-430E-874E-AF648E8B64D7}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: N/A, hr=0x80070002
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{2875EC32-029D-430E-874E-AF648E8B64D7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBVY3</PKey><PID>00371-OEM-9045683-44609</PID><PIDType>3</PIDType><SID>S-1-5-21-286802772-3302543837-558025917</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1504</Version><SMBIOSVersion major="2" minor="7"/><Date>20120801000000.000000+000</Date></BIOS><HWID>E23A3707018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00371-00180-456-844609-02-1033-7601.0000-2872012
    Installation ID: 003970606640648585862242790774150566686686337794436681
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: BBVY3
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 15-Jan-13 22:04:20
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:

    HWID Data-->
    HWID Hash Current: NgAAAAEABAABAAIAAAADAAAAAQABAAEAHKImgoBPEsJkxwpTdMTmcT4chLiKmzKo/EVGgZZj
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC ALASKA A M I
    FACP ALASKA A M I
    HPET ALASKA A M I
    MCFG ALASKA A M I
    FPDT ALASKA A M I
    SSDT SataRe SataTabl
    SSDT SataRe SataTabl
    SSDT SataRe SataTabl
      My Computer


  6. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #6

    The report shows fine, now :)
    You'll need to use the FQDN for TrustedInstaller -
    "NT SERVICE\TrustedInstaller"
    the ownership should change fine, then.
      My Computer


  7. T1D
    Posts : 6
    Windows 7 Professional SP1 x64
    Thread Starter
       #7

    That worked to get the TrustedInstaller back as owner of the key. I will reply back tomorrow if the Genuine Windows warrning stays away. So far, so good.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:33.
Find Us