New
#1
0x8004fe22 "This computer is not running genuine Windows" but it is!
NoelDP,
I am getting the error code "0x8004fe22" amd the popup window "This computer is not running genuine Windows" however, I do have a genuine version new from the PC manufacturer. This started yesterday after I applied all of the Microsfot Updates that came out this week. I am also getting error code 643 in Windows Update. Most of the updates installed but two did not (they were KB2742595 and KB2736428 which both are security updates that deal with .NET Framwork 4). All other updates installed and I can still instal MSE virus definition updates.
I have done a full system scan with MSE definitions as of yesterday with no malware discovered.
I have run CHKDSK C: /R. The log in event viewer says that it cleaned up 513 unused index entries from index $SII and $SDH of file 0x9 and 513 unused security descriptors. It also says that CHKDSK discovered free space marked as allocated in the MFT bitmap and that Windows has made corrections to the file system. No bad sectors or anything else of note.
I have run SFC /SCANNOW. The CBS.log is attached. It does have some "Failed to internally open..." messages.
I have checked the Software Protection Service. It is set to Automatice (Delayed Start), but is stopped. I have started the service and it starts nomrally, but then stops after a while.
My gut feeling is that it has something to do with registry permissions. I did run a reistry cleaner (regseeker) about a month ago, but made a backup. I then thought better of that idea and restored all items. The interesting thing was that the clearner could not delete most keys. When I used regedit to look at the permissions for those keys, they did not have full control for the administor profile. I have not changed any registry keys or their permissions.
Here is the MGAD log. It lists a tampered file. Thank you for your help.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE22
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-XTB2F-YCF3T-BBVY3
Windows Product Key Hash: UaN6hk/98OTFmF9XfptLmo0FmmU=
Windows Product ID: 00371-OEM-9045683-44609
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {2875EC32-029D-430E-874E-AF648E8B64D7}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2875EC32-029D-430E-874E-AF648E8B64D7}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBVY3</PKey><PID>00371-OEM-9045683-44609</PID><PIDType>3</PIDType><SID>S-1-5-21-286802772-3302543837-558025917</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1504</Version><SMBIOSVersion major="2" minor="7"/><Date>20120801000000.000000+000</Date></BIOS><HWID>E23A3707018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00180-456-844609-02-1033-7601.0000-2872012
Installation ID: 003970606640648585862242790774150566686686337794436681
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: BBVY3
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 13-Jan-13 18:12:04
Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000000800
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
HWID Data-->
HWID Hash Current: NgAAAAEABAABAAIAAAADAAAAAQABAAEAHKImgoBPEsJkxwpTdMTmcT4chLiKmzKo/EVGgZZj
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl