Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
problems still here RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    hello there its not so long when i was posting my problem with unathorized change
    http://social.microsoft.com/Forums/en-US/genuinevista/thread/938c6bcc-4ddd-451c-a9c3-d9974c26c331
    i try evrythig recomended to me, restore point, system scan ad finaly reinstal.
    it work for about two hours :(
    then some other window pop up with error 0xC004D401
    on help page it say uts casued due to my antivirus or whatever.... i dont have any of it, i restart and try genuine test and i was  sucesfull.
    so whatthe ____ is going on? do i have to restart every 2 hours to keep my vista running?
    Friday, April 17, 2009 3:39 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote
    Hello sCZot,

    Did you reinstall windows while your computer was still connected to the internet?

    If so, please scan using a couple of Anti-Virus programs, of your choice, as well as with the Windows Live Safety Scan for Vista http://onecare.live.com/site/en-us/center/whatsnew.htm

    The error 0xC004D401 indicate a In Memory Mod-Auth tamper. That's the tecnical name for either:
    a) an incompatible program is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
    or
    b) a Malware infection thst is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.

    Since you state that the only installed program is GOM player (which I know from experience is compatible with Vista) I can only assume it's a malware infection. In addition, I've seen a number of people in these forums that got an infection right as they installed Vista (which makes sense since Windows is at it's most vulnerable till all it's Security Updates and an Anti-Virus program are installed).

    Darin MS
    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.
    Friday, April 17, 2009 10:01 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    just to be sure after restart i run this


    Diagnostic Report (1.9.0006.1):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0
    Online Validation Code: 0x0
    Cached Validation Code: N/A, hr = 0x80004005
    Windows Product Key: *****-*****-786T3-RGF9F-9J7RR
    Windows Product Key Hash: JUBZv4UsXidWhTiKCGAKCgLz508=
    Windows Product ID: 89578-OEM-7318225-99689
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    ID: {43B661EB-88C9-4154-82AC-E69C985F5DBA}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_rtm.061101-2205
    TTS Error: K:20090417172218192-M:20090417171022246-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Programs\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{43B661EB-88C9-4154-82AC-E69C985F5DBA}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9J7RR</PKey><PID>89578-OEM-7318225-99689</PID><PIDType>3</PIDType><SID>S-1-5-21-3468654551-2826137231-577129391</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0413   </Version><SMBIOSVersion major="2" minor="4"/><Date>20070801000000.000000+000</Date></BIOS><HWID>26333507018400EA</HWID><UserLCID>0405</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>˙˙˙˙˙˙</OEMID><OEMTableID>˙˙˙˙˙˙˙˙</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAO7JAQAAAAAAYWECADAgAAD3e9igbr/JARhDs/4hWdo7Xkl9D+HKpngdSPEWU1/niuNfCkNWnaWlqO48DSoN4ECwt6mYHhOeBefDvX0zCybmDilyQLttVIw6Q/GemAYnFkA/lItfReQLsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(303, 9) (null): 0xC004D401

    HWID Data-->
    HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ8+GXCSmJNa/6p2SOTcJ+D58vRInoLtrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            A_M_I_        OEMAPIC
      FACP            A_M_I_        OEMFACP
      HPET            A_M_I_        OEMHPET
      MCFG            A_M_I_        OEMMCFG
      SLIC            ˙˙˙˙˙˙        ˙˙˙˙˙˙˙˙
      OEMB            A_M_I_        AMI_OEM


    and just when it finish window pop up again, ive CZ version but i try to translate it

    there is problem with license, no more warnings will be displayed

    warnings will be no longer displayed to you, ie cutions about your license and activation
    if you wanna to solve problem click on one link belove.
    error: 0xC004D401
    description:
    Security procesor snounce error of disagreement of system files

    another test no programs aded, no restart

    Diagnostic Report (1.9.0006.1):
    -----------------------------------------
    WGA Data-->
    Validation Status: Invalid License
    Validation Code: 50
    Online Validation Code: 0xc004d401
    Cached Validation Code: N/A, hr = 0x80004005
    Windows Product Key: *****-*****-786T3-RGF9F-9J7RR
    Windows Product Key Hash: JUBZv4UsXidWhTiKCGAKCgLz508=
    Windows Product ID: 89578-OEM-7318225-99689
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.0.6000.2.00010300.0.0.003
    ID: {43B661EB-88C9-4154-82AC-E69C985F5DBA}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6000.vista_rtm.061101-2205
    TTS Error: K:20090417172218192-M:20090417174136662-
    Validation Diagnostic:
    Resolution Status: N/A

    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    WGATray.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Programs\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{43B661EB-88C9-4154-82AC-E69C985F5DBA}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9J7RR</PKey><PID>89578-OEM-7318225-99689</PID><PIDType>3</PIDType><SID>S-1-5-21-3468654551-2826137231-577129391</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0413   </Version><SMBIOSVersion major="2" minor="4"/><Date>20070801000000.000000+000</Date></BIOS><HWID>26333507018400EA</HWID><UserLCID>0405</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>˙˙˙˙˙˙</OEMID><OEMTableID>˙˙˙˙˙˙˙˙</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: U1BMRwEAAAAAAQAABAAAAO7JAQAAAAAAYWECADAgAAD3e9igbr/JARhDs/4hWdo7Xkl9D+HKpngdSPEWU1/niuNfCkNWnaWlqO48DSoN4ECwt6mYHhOeBefDvX0zCybmDilyQLttVIw6Q/GemAYnFkA/lItfReQLsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4mUXpUjCsQlsig04Cwc5V9nx9R+TPv0aXIno+oiKQHMjnw719Mwsm5g4pckC7bVSM/IjC1BQSidEY5REPN/5zMrBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM

    Licensing Data-->
    C:\Windows\system32\slmgr.vbs(291, 5) (null): 0xC004D401

    HWID Data-->
    HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ8+GXCSmJNa/6p2SOTcJ+D58vRInoLtrFYqhQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: no, invalid SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
      ACPI Table Name    OEMID Value    OEMTableID Value
      APIC            A_M_I_        OEMAPIC
      FACP            A_M_I_        OEMFACP
      HPET            A_M_I_        OEMHPET
      MCFG            A_M_I_        OEMMCFG
      SLIC            ˙˙˙˙˙˙        ˙˙˙˙˙˙˙˙
      OEMB            A_M_I_        AMI_OEM






    Friday, April 17, 2009 3:48 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    BTW: only programs ive instal after reinstalation:
    GOM player
    drivers: Intel chipset inf update program
                Intel(R) graphics accelerator driver
                Realtek audio driver
                Attansic L2 Fast ethernet                                               
    Friday, April 17, 2009 3:52 PM
  • Question
    Sign in to vote
    1
    Sign in to vote
    Hello sCZot,

    Did you reinstall windows while your computer was still connected to the internet?

    If so, please scan using a couple of Anti-Virus programs, of your choice, as well as with the Windows Live Safety Scan for Vista http://onecare.live.com/site/en-us/center/whatsnew.htm

    The error 0xC004D401 indicate a In Memory Mod-Auth tamper. That's the tecnical name for either:
    a) an incompatible program is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
    or
    b) a Malware infection thst is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.

    Since you state that the only installed program is GOM player (which I know from experience is compatible with Vista) I can only assume it's a malware infection. In addition, I've seen a number of people in these forums that got an infection right as they installed Vista (which makes sense since Windows is at it's most vulnerable till all it's Security Updates and an Anti-Virus program are installed).

    Darin MS
    Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.
    Friday, April 17, 2009 10:01 PM