Answered by:
problems still here

Question
-
hello there its not so long when i was posting my problem with unathorized change
http://social.microsoft.com/Forums/en-US/genuinevista/thread/938c6bcc-4ddd-451c-a9c3-d9974c26c331
i try evrythig recomended to me, restore point, system scan ad finaly reinstal.
it work for about two hours :(
then some other window pop up with error 0xC004D401
on help page it say uts casued due to my antivirus or whatever.... i dont have any of it, i restart and try genuine test and i was sucesfull.
so whatthe ____ is going on? do i have to restart every 2 hours to keep my vista running?Friday, April 17, 2009 3:39 PM
Answers
-
Hello sCZot,
Did you reinstall windows while your computer was still connected to the internet?
If so, please scan using a couple of Anti-Virus programs, of your choice, as well as with the Windows Live Safety Scan for Vista http://onecare.live.com/site/en-us/center/whatsnew.htm
The error 0xC004D401 indicate a In Memory Mod-Auth tamper. That's the tecnical name for either:
a) an incompatible program is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
or
b) a Malware infection thst is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
Since you state that the only installed program is GOM player (which I know from experience is compatible with Vista) I can only assume it's a malware infection. In addition, I've seen a number of people in these forums that got an infection right as they installed Vista (which makes sense since Windows is at it's most vulnerable till all it's Security Updates and an Anti-Virus program are installed).
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Friday, April 24, 2009 10:36 PM
Friday, April 17, 2009 10:01 PM
All replies
-
just to be sure after restart i run this
Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: 0x0
Cached Validation Code: N/A, hr = 0x80004005
Windows Product Key: *****-*****-786T3-RGF9F-9J7RR
Windows Product Key Hash: JUBZv4UsXidWhTiKCGAKCgLz508=
Windows Product ID: 89578-OEM-7318225-99689
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {43B661EB-88C9-4154-82AC-E69C985F5DBA}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_rtm.061101-2205
TTS Error: K:20090417172218192-M:20090417171022246-
Validation Diagnostic:
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Programs\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{43B661EB-88C9-4154-82AC-E69C985F5DBA}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9J7RR</PKey><PID>89578-OEM-7318225-99689</PID><PIDType>3</PIDType><SID>S-1-5-21-3468654551-2826137231-577129391</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0413 </Version><SMBIOSVersion major="2" minor="4"/><Date>20070801000000.000000+000</Date></BIOS><HWID>26333507018400EA</HWID><UserLCID>0405</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>˙˙˙˙˙˙</OEMID><OEMTableID>˙˙˙˙˙˙˙˙</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAO7JAQAAAAAAYWECADAgAAD3e9igbr/JARhDs/4hWdo7Xkl9D+HKpngdSPEWU1/niuNfCkNWnaWlqO48DSoN4ECwt6mYHhOeBefDvX0zCybmDilyQLttVIw6Q/GemAYnFkA/lItfReQLsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Licensing Data-->
C:\Windows\system32\slmgr.vbs(303, 9) (null): 0xC004D401
HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ8+GXCSmJNa/6p2SOTcJ+D58vRInoLtrFYqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
SLIC ˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙
OEMB A_M_I_ AMI_OEM
and just when it finish window pop up again, ive CZ version but i try to translate it
there is problem with license, no more warnings will be displayed
warnings will be no longer displayed to you, ie cutions about your license and activation
if you wanna to solve problem click on one link belove.
error: 0xC004D401
description:
Security procesor snounce error of disagreement of system files
another test no programs aded, no restart
Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Invalid License
Validation Code: 50
Online Validation Code: 0xc004d401
Cached Validation Code: N/A, hr = 0x80004005
Windows Product Key: *****-*****-786T3-RGF9F-9J7RR
Windows Product Key Hash: JUBZv4UsXidWhTiKCGAKCgLz508=
Windows Product ID: 89578-OEM-7318225-99689
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {43B661EB-88C9-4154-82AC-E69C985F5DBA}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_rtm.061101-2205
TTS Error: K:20090417172218192-M:20090417174136662-
Validation Diagnostic:
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Programs\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{43B661EB-88C9-4154-82AC-E69C985F5DBA}</UGUID><Version>1.9.0006.1</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9J7RR</PKey><PID>89578-OEM-7318225-99689</PID><PIDType>3</PIDType><SID>S-1-5-21-3468654551-2826137231-577129391</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0413 </Version><SMBIOSVersion major="2" minor="4"/><Date>20070801000000.000000+000</Date></BIOS><HWID>26333507018400EA</HWID><UserLCID>0405</UserLCID><SystemLCID>0405</SystemLCID><TimeZone>Střední Evropa (běžný čas)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>˙˙˙˙˙˙</OEMID><OEMTableID>˙˙˙˙˙˙˙˙</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: U1BMRwEAAAAAAQAABAAAAO7JAQAAAAAAYWECADAgAAD3e9igbr/JARhDs/4hWdo7Xkl9D+HKpngdSPEWU1/niuNfCkNWnaWlqO48DSoN4ECwt6mYHhOeBefDvX0zCybmDilyQLttVIw6Q/GemAYnFkA/lItfReQLsEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4mUXpUjCsQlsig04Cwc5V9nx9R+TPv0aXIno+oiKQHMjnw719Mwsm5g4pckC7bVSM/IjC1BQSidEY5REPN/5zMrBBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM
Licensing Data-->
C:\Windows\system32\slmgr.vbs(291, 5) (null): 0xC004D401
HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ8+GXCSmJNa/6p2SOTcJ+D58vRInoLtrFYqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: no, invalid SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
SLIC ˙˙˙˙˙˙ ˙˙˙˙˙˙˙˙
OEMB A_M_I_ AMI_OEM
Friday, April 17, 2009 3:48 PM -
BTW: only programs ive instal after reinstalation:
GOM player
drivers: Intel chipset inf update program
Intel(R) graphics accelerator driver
Realtek audio driver
Attansic L2 Fast ethernetFriday, April 17, 2009 3:52 PM -
Hello sCZot,
Did you reinstall windows while your computer was still connected to the internet?
If so, please scan using a couple of Anti-Virus programs, of your choice, as well as with the Windows Live Safety Scan for Vista http://onecare.live.com/site/en-us/center/whatsnew.htm
The error 0xC004D401 indicate a In Memory Mod-Auth tamper. That's the tecnical name for either:
a) an incompatible program is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
or
b) a Malware infection thst is attempting to hook or shim (i.e. modify) protected Vista system files that are running in system memory.
Since you state that the only installed program is GOM player (which I know from experience is compatible with Vista) I can only assume it's a malware infection. In addition, I've seen a number of people in these forums that got an infection right as they installed Vista (which makes sense since Windows is at it's most vulnerable till all it's Security Updates and an Anti-Virus program are installed).
Darin MS
Attention All Forum Users: Please Do Not post your issue in someone else's Thread...Create your own. If any post fixes your issue, please vote the post as Helpful. This will help us showcase the threads that best help our customers.- Marked as answer by Darin Smith MS Friday, April 24, 2009 10:36 PM
Friday, April 17, 2009 10:01 PM