locked
Kaspersky and error 0xC004D401 RRS feed

  • Question

  • Before Christmas I recovered from this error after my Vista operating system was reinstalled.

    Yesterday I uninstalled Norton Internet Securiy trial version and installed Kaspersky Internet Security. My boot failed with the error "an unauthorized change was made to windows". I managed to get as far as the error 0xC004D401. I have tried installing both kis 0.0.125 and 0.1.321 and with both I get the same error. What is going wrong? I have contacted Kaspersky and they are passing the buck over to you. At present I cannot get onto my pc without doing a system restore.

    I hope we can get to the bottom of this one. If you have any questions Darin should have my e-mail from the last problem we had in this.

    Thanks

    Rob
    Tuesday, January 15, 2008 11:47 AM

Answers

  • You may want to look at the post from fuzzy (3rd post down) http://forum.kaspersky.com/index.php?showtopic=49266 he seems to have the same issue and it was resolved by following Lucian Bara's suggestion (2nd post down).

     

    The resolution steps are (Note: this is not a Microsoft endorsed process, but if it works...it works):

    "boot your pc into safe mode.
    open start->run->regedit
    navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klif on the left side.
    on the right side you should see a entry called "Start" with the value 1. change it's value to 2 or 3 and try booting into normal mode again."

     

    Lucian Bara says that the resolution steps "changes the time at which the kaspersky driver loads,this way it will load later, after the main drivers are loaded, so less chance for conflicts, this does not influence security."

     

    In light of this, I do not believe that it is a Home Basic only issue...I just think it's a load timing issue that just happens to occure more frequently on Home Basic.

     

    Hope this helps,

    Darin

    Thursday, January 24, 2008 10:52 PM
  • Hi

    What processor is on the Asus. Is it an AMD processor? If not then I am barking up the wrong tree.

    Darin and anyone else interested.

    Last night (Hong Kong time) I amended the value in the registry of /HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Service/KLIF/ on the left to have a start value of 3

    This appears to have sorted out the problem. I will monitor it for the next few days and confirm if it is OK

    Darin

    If you remember the original problem I had, it included a corruption on 2 dll's and I think that that corruption was not caused by Kaspersky but by the Jukebox we looked at.

    At least we have some major progress and I can use this machine.

    Rob

    P.S. I will also post a comment on the Kaspersky forum for reference.
    Tuesday, January 29, 2008 3:49 AM

All replies

  • Supplementary question

    Could it be that when I uninstalled Norton (both internet security and update) that something was left behind that now conflicts with Kaspersky Internet security 7?

    Rob
    Thursday, January 17, 2008 3:27 AM
  • Hi Rob,

     

      Sorry for the wait, for some reason I missed your post. Very sorry.

     

    Are you still experiancing the issue? and if so, are you able to follow the below steps to be able to capture a Diagnostic Report?

     

    1) Login to Vista and Click the option that brings up Internet Explorer.

    2) Type: http://go.microsoft.com/fwlink/?linkid=52012 into the browser address bar.

    3) A window will come up asking if you want to Run or Save, Select Run

    4) When the program runs, Click the Continue button, then click the Copy button.

    5) Return to this thread by typing: http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=2684002&SiteID=25 into the browser address bar.

    6) In a reply post, Paste the Diagnostic Report.

     

     

    Thanks,

    Darin

    Thursday, January 24, 2008 12:19 AM
  • Hi Darin

    Thanks for coming back. I think you have been inundated. Here is the information you requested and some information on what I have been doing while waiting for you:

    Diagnostic Report (1.7.0066.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0xc004d401
    Windows Product Key: *****-*****-GD2PK-BD3R2-44MV3
    Windows Product Key Hash: f7FPE6g/CLFmnJ4E6GbEU9Xn1sA=
    Windows Product ID: 89572-OEM-7332166-00021
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6000.2.00010300.0.0.002
    CSVLK Server: N/A
    CSVLK PID: N/A
    ID: {C7F4FE03-C8E0-4C24-9C06-EF89EE3A57B3}(1)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Basic
    Architecture: 0x00000000
    Build lab: 6000.vista_gdr.071009-1548
    TTS Error: M:20080124085505815-
    Validation Diagnostic:
    Resolution Status: N/A

    Notifications Data-->
    Cached Result: N/A
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: FCEE394C-2989-80070002_77F760FE-152-80070002_7E90FEE8-175-80070002_77F760FE-152-80070002_7E90FEE8-175-80070002

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{C7F4FE03-C8E0-4C24-9C06-EF89EE3A57B3}</UGUID><Version>1.7.0066.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-44MV3</PKey><PID>89572-OEM-7332166-00021</PID><PIDType>2</PIDType><SID>S-1-5-21-2660231403-794119772-2392660852</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Presario V6000 (GC211PA#AB5)      </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.3D    </Version><SMBIOSVersion major="2" minor="4"/><Date>20071122000000.000000+000</Date></BIOS><HWID>9B323507018400EC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAJcKAAAAAAAAYWECANPg1JNURdYtXF3IAVMWKYGB4wMcsbz+lAen7Wd4AE+phpNhC8Sp2+tsMNtz3U3suZS5D9HixZtuLJ+wFe97BuxrKcj+9gzTrUJt+r1W+P01iwXdBdxi9ZZvOOoenKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nXzNjR0bvN7XGIcvU3OqkGM8rwz/1SFcf8li1BAaAUS7vewbsaynI/vYM061Cbfq9CamRm9j9mTgEZvXYp5QA45ynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZy1mE0lDIdprB1WIUDUi6Z18WSiiSWF1C73XNUsw+vvk73sG7GspyP72DNOtQm36vZXDKhCltBwTJlUjYGGYc1Scp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7We/h7UjNZEWlxZxT6UQyZUPHEDwFwoUDrOH7wMHUouj8e97BuxrKcj+9gzTrUJt+r1zx3gINpUry8W9hCByntjSnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxTFimBgeMDHLG8/pQHp+1nf6tbtyLNQIVxKbql9JnxzpJEBUazTZNhBgwy9FcJqrLvewbsaynI/vYM061Cbfq9SHp4hUOv+MSZqchyO7UI0Jynzmb/wJgfbr5sVgAxnPwBa3Z81jvoxfHquvS0aXEokzf4xIv6YLE3ZECjhGWnZ2HiBZhxLPN/dt2hCqmle6Ps5/dOuFAt58OB+oGQjlNJyqlhbdjKLpGQf1HE3wSXA++E4CXzndS3xHVk/UG9c7ok/odPMESOW9yItB8KEWjX2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMUxYpgYHjAxyxvP6UB6ftZ/plfLwoJOtDMzaJsqIBE4z2D88RePwcPUfU0qK5Kglo73sG7GspyP72DNOtQm36vZHZwLopgPOGzoZN+5ALQPecp85m/8CYH26+bFYAMZz8AWt2fNY76MXx6rr0tGlxKJM3+MSL+mCxN2RAo4Rlp2dh4gWYcSzzf3bdoQqppXuj7Of3TrhQLefDgfqBkI5TScqpYW3Yyi6RkH9RxN8ElwPvhOAl853Ut8R1ZP1BvXO6JP6HTzBEjlvciLQfChFo19juj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDFMWKYGB4wMcsbz+lAen7Wdv064bnd8N/nFEKfSNO4EOO1A4BiKtDH9ajSx0wcy/4e97BuxrKcj+9gzTrUJt+r1EbwTXOf/c7+JtTDAC4ujcnKfOZv/AmB9uvmxWADGc/AFrdnzWO+jF8eq69LRpcSiTN/jEi/pgsTdkQKOEZadnYeIFmHEs83923aEKqaV7o+zn9064UC3nw4H6gZCOU0nKqWFt2MoukZB/UcTfBJcD74TgJfOd1LfEdWT9Qb1zuiT+h08wRI5b3Ii0HwoRaNfY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    My further information
    When I contacted Kaspersky they asked me to uninstall Spybot search and destroy as this was known to interfere with their software.

    On Tuesday I tried to reload everything. I backed up all my files, then return to factory settings. This sets up Norton Internet Security as the anti-virus etc. I then immediately switched off all the options on NIS and uninstalled it. After rebooting I was left with the Symantec update and then I tried to uninstall that I was advised that there were symantec products I had not uninstalled. These turned out to be in the /Program Files /Common files/ area. When I uninstalled the update they disappeared as well.

    All went well that day and I was logging off and on and had installed Kaspersky. At the end of the day when I switched off my pc there were 39 updates waiting and I let them all install and switched off. When I booted up the machine yesterday morning the unauthorized change to windows message was back.

    Strangely last night there was another update from microsoft. Normally I thought these were blocked when I have this error.

    I hope the extra information is helpful. If you want me to do anything, please let me know.

    Rob
    Thursday, January 24, 2008 4:44 AM
  • Hi Rob,

     

      Well, from your Diagnostic Report, you appear to have the same/simillare issue as last time. You have another program that is incompatible with Vista. 

     

      On the positive side, I had another customer that had this same issue and it was Kaspersky Anti-Virus v. 7 that was causing the problem. (see last post in thread http://forums.microsoft.com/genuine/ShowPost.aspx?PostID=2611186&SiteID=25)

     

      Strangly enough, she says that this seems to only affect Vista Home Basic. I have been unable to verify this, but when she uninstalled it from her Home Basic computer, the issue went away but her Vista Ultimate computer runs Kaspersky Anti-Virus v. 7 without issue.

     

    Thanks,

    Darin Smith

    WGA Forum Manager

     

    Thursday, January 24, 2008 10:39 PM
  • You may want to look at the post from fuzzy (3rd post down) http://forum.kaspersky.com/index.php?showtopic=49266 he seems to have the same issue and it was resolved by following Lucian Bara's suggestion (2nd post down).

     

    The resolution steps are (Note: this is not a Microsoft endorsed process, but if it works...it works):

    "boot your pc into safe mode.
    open start->run->regedit
    navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Klif on the left side.
    on the right side you should see a entry called "Start" with the value 1. change it's value to 2 or 3 and try booting into normal mode again."

     

    Lucian Bara says that the resolution steps "changes the time at which the kaspersky driver loads,this way it will load later, after the main drivers are loaded, so less chance for conflicts, this does not influence security."

     

    In light of this, I do not believe that it is a Home Basic only issue...I just think it's a load timing issue that just happens to occure more frequently on Home Basic.

     

    Hope this helps,

    Darin

    Thursday, January 24, 2008 10:52 PM
  • Darin

    I have done as Kaspersky suggested and after backing up the registry, switched into safe mode and change the value of start to 2. It has not done anything immediately. Will I have to wait for 3 days to check if this has worked? At present my plan is to wait for at least 3 days before trying to change the value to 3.

    I noticed on the post from Kaspersky that one of the other computers having this problem was an AMD processor and some of them are hp or compaq. I have a HP Compaq presario V6000 with an AMD Turion 2.0GHz processor. Windows Vista was pre-installed as was Norton Internet security.

    I am glad that both Microsoft and Kaspersky are now getting closer to this problem's solution.

    Rob
    Friday, January 25, 2008 11:10 AM
  • I have the same issue with a toshiba laptop with Home Basic.  I have Kaspersky Internet Security Version 7 and have it installed on my Asus Laptop with Vista Business and my HP home computer with Vista Home Premium.  Those two systems had no issue at all.  With the Toshiba however it keeps telling me after I install it that it is not a Valid copy of Vista.  I have tried everything on the Kaspersky forum including the regedit fix without sucess.  I have a support ticket in to them also.

    I have also used ccleaner to clean the system and disable Windows Defender before installing.  Pretty frustrating.  I've been working on this for two weeks so far.

    Monday, January 28, 2008 2:26 PM
  • Hi

    What processor is on the Asus. Is it an AMD processor? If not then I am barking up the wrong tree.

    Darin and anyone else interested.

    Last night (Hong Kong time) I amended the value in the registry of /HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Service/KLIF/ on the left to have a start value of 3

    This appears to have sorted out the problem. I will monitor it for the next few days and confirm if it is OK

    Darin

    If you remember the original problem I had, it included a corruption on 2 dll's and I think that that corruption was not caused by Kaspersky but by the Jukebox we looked at.

    At least we have some major progress and I can use this machine.

    Rob

    P.S. I will also post a comment on the Kaspersky forum for reference.
    Tuesday, January 29, 2008 3:49 AM