Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: BOSD downloading virus removal tool and client registry error

17 Sep 2013   #1

Windows 7 Home Premium
 
 
BOSD downloading virus removal tool and client registry error

I got the BSOD while working tonight and, while trying to find the root of the problem, have narrowed the problem down to the Kaspersky virus removal tool (free download). The original BSOD wasn't caused by that program, but every instance since is only the result of downloading that file.

Upon reboot, the system said that the problem file was 1033, which corresponded with a file in Microsoft Office 2010, which I had just activated two days earlier. Uninstalling and deleting the program caused the virus removal tool to give me a client registry error and then go back to the BSOD.

Have had no problems with any other programs, including Internet Security which has been run and come up with NO threats. An sfc fixed some problems, but I've run it three times with no further improvement. A system restore did not yield any better results.

I'm hoping this isn't virus or malware, but the cause is really confusing me since I've removed the files that would seem to be the culprit.

Here's MGADT:

Code:
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {1C05E2C7-CB4A-4719-A930-7C85D1AD8D99}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1C05E2C7-CB4A-4719-A930-7C85D1AD8D99}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4292623399-2106070516-2677787799</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion g6 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.34</Version><SMBIOSVersion major="2" minor="7"/><Date>20120614000000.000000+000</Date></BIOS><HWID>ACF93A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0862012
Installation ID: 021764478892422864547604685305697350810576341421558221
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 9/16/2013 11:32:55 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:13:2013 11:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GFiZF7UalaA3bLE7o8ib+7cLnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   HP      INSYDE  
  FACP   HPQOEM  SLIC-MPC
  HPET   HP      INSYDE  
  BOOT   HP      INSYDE  
  MCFG   HP      INSYDE  
  WDAT   HP      INSYDE  
  ASF!   HP      INSYDE  
  SLIC   HPQOEM  SLIC-MPC
  MSDM   HP      INSYDE  
  SSDT   HP      INSYDE  
  ASPT   HP      INSYDE  
  SSDT   HP      INSYDE  
  SSDT   HP      INSYDE


My System SpecsSystem Spec
.

17 Sep 2013   #2

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8 Pro all 64bit
 
 

Hello and welcome sv. I run Kaspersky ISS and haven't had nay problems when using the TDSS just where did you download it from?
My System SpecsSystem Spec
17 Sep 2013   #3
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

And it is not a MGAdiag report that we need to assist you.

Post it following the Blue Screen of Death (BSOD) Posting Instructions.
My System SpecsSystem Spec
.


17 Sep 2013   #4

Windows 7 Home Premium
 
 

Here's the info you wanted:
My System SpecsSystem Spec
17 Sep 2013   #5

Windows 7 Home Premium
 
 

Quote   Quote: Originally Posted by ICit2lol View Post
Hello and welcome sv. I run Kaspersky ISS and haven't had nay problems when using the TDSS just where did you download it from?
Kaspersky runs fine. The removal tool, which I used once before with no problem, is from Kaspersky's site. I ran it as a "just to be safe" measure because my scans didn't report any viruses after the original BSOD, but it won't even get that far before tanking my system.

EDIT: It's wasn't the TDSS, that ran fine. It's the general virus removal tool.
My System SpecsSystem Spec
17 Sep 2013   #6
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Scan the system for possible virus infection with the following programs.
Code:
BugCheck 50, {fffff88003bb7ff8, 0, fffff80002ccf816, 0}

*** WARNING: Unable to verify timestamp for 0048422drv.sys
*** ERROR: Module load completed but symbols could not be loaded for 0048422drv.sys

Could not read faulting driver name
Probably caused by : 0048422drv.sys ( 0048422drv+4bc41 )

Followup: MachineOwner
---------
My System SpecsSystem Spec
17 Sep 2013   #7

Windows 7 Home Premium
 
 

Windows Defender Quick Scan came up with nothing.

TDSS found 1 threat, copied to quarantine. It was the object you pointed out. I ran this last night and it came up with nothing, but I guess that doesn't matter.

You'll have to forgive me because I have very little knowledge with computers. So, what should I do next to confirm the problem has been resolved?
My System SpecsSystem Spec
17 Sep 2013   #8
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

Do another scan with TDSSkiller, and then observe it for a few days.
My System SpecsSystem Spec
17 Sep 2013   #9

Windows 7 Home Premium
 
 

TDSS again and deleted file, another scan and reboot gave the all-clear. Should I try to run the virus removal tool again to see if it works or just leave it alone?
My System SpecsSystem Spec
17 Sep 2013   #10
Arc

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64 Bit SP 1
 
 

OK, try it
My System SpecsSystem Spec
Reply

 BOSD downloading virus removal tool and client registry error





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33