BOSD downloading virus removal tool and client registry error

sv76

New member
Local time
6:21 AM
Messages
15
I got the BSOD while working tonight and, while trying to find the root of the problem, have narrowed the problem down to the Kaspersky virus removal tool (free download). The original BSOD wasn't caused by that program, but every instance since is only the result of downloading that file.

Upon reboot, the system said that the problem file was 1033, which corresponded with a file in Microsoft Office 2010, which I had just activated two days earlier. Uninstalling and deleting the program caused the virus removal tool to give me a client registry error and then go back to the BSOD.

Have had no problems with any other programs, including Internet Security which has been run and come up with NO threats. An sfc fixed some problems, but I've run it three times with no further improvement. A system restore did not yield any better results.

I'm hoping this isn't virus or malware, but the cause is really confusing me since I've removed the files that would seem to be the culprit.

Here's MGADT:

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {1C05E2C7-CB4A-4719-A930-7C85D1AD8D99}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1C05E2C7-CB4A-4719-A930-7C85D1AD8D99}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-4292623399-2106070516-2677787799</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion g6 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.34</Version><SMBIOSVersion major="2" minor="7"/><Date>20120614000000.000000+000</Date></BIOS><HWID>ACF93A07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7601.0000-0862012
Installation ID: 021764478892422864547604685305697350810576341421558221
Processor Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88338[/URL]
Machine Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88339[/URL]
Use License URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88341[/URL]
Product Key Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88340[/URL]
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 9/16/2013 11:32:55 PM
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:13:2013 11:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GFiZF7UalaA3bLE7o8ib+7cLnM=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC   HP      INSYDE  
  FACP   HPQOEM  SLIC-MPC
  HPET   HP      INSYDE  
  BOOT   HP      INSYDE  
  MCFG   HP      INSYDE  
  WDAT   HP      INSYDE  
  ASF!   HP      INSYDE  
  SLIC   HPQOEM  SLIC-MPC
  MSDM   HP      INSYDE  
  SSDT   HP      INSYDE  
  ASPT   HP      INSYDE  
  SSDT   HP      INSYDE  
  SSDT   HP      INSYDE
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer
Hello and welcome sv. I run Kaspersky ISS and haven't had nay problems when using the TDSS just where did you download it from?
 

My Computer My Computer

At a glance

Desk1 7 Home Prem / Desk2 10 Pro / Main lap A...Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i...Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop...Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK

My Computer My Computer

At a glance

Microsoft Windows 10 Pro Insider Preview 64-bitIntel(R) Core(TM) i3-4130 CPU @ 3.40GHzCorsair Vengence 4GB x2 (8.00GB Dual-Channel ...2047MB GeForce GTS 450 (ZOTAC International)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Assembled
OS
Microsoft Windows 10 Pro Insider Preview 64-bit
CPU
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard
Gigabyte Technology Co., Ltd. B85M-D3H
Memory
Corsair Vengence 4GB x2 (8.00GB Dual-Channel DDR3 @ 798MHz)
Graphics Card(s)
2047MB GeForce GTS 450 (ZOTAC International)
Sound Card
Onboard (Realtek High Definition Audio)
Monitor(s) Displays
LG Flatron E2040T
Screen Resolution
1600x900
Hard Drives
Western Digital 1 TB
Seagate 500 GB
PSU
Corsair VS550
Case
Cooler Master K380
Cooling
Cooler Master Seidon 120V Plus
Keyboard
Logitech MK260r
Mouse
Logitech MK260r
Internet Speed
PMPL Broadband
Antivirus
Windows Defender + MBAM
Browser
Firefox
Other Info
Dell Studio 15" Laptop
Here's the info you wanted:
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer
Hello and welcome sv. I run Kaspersky ISS and haven't had nay problems when using the TDSS just where did you download it from?

Kaspersky runs fine. The removal tool, which I used once before with no problem, is from Kaspersky's site. I ran it as a "just to be safe" measure because my scans didn't report any viruses after the original BSOD, but it won't even get that far before tanking my system.

EDIT: It's wasn't the TDSS, that ran fine. It's the general virus removal tool.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer
Scan the system for possible virus infection with the following programs.

Code:
BugCheck 50, {fffff88003bb7ff8, 0, fffff80002ccf816, 0}

*** [COLOR=Red]WARNING: Unable to verify timestamp for 0048422drv.sys[/COLOR]
*** [COLOR=Red]ERROR: Module load completed but symbols could not be loaded for 0048422drv.sys[/COLOR]

Could not read faulting driver name
[COLOR=Red]Probably caused by : 0048422drv.sys [/COLOR]( 0048422drv+4bc41 )

Followup: MachineOwner
---------
 

My Computer My Computer

At a glance

Microsoft Windows 10 Pro Insider Preview 64-bitIntel(R) Core(TM) i3-4130 CPU @ 3.40GHzCorsair Vengence 4GB x2 (8.00GB Dual-Channel ...2047MB GeForce GTS 450 (ZOTAC International)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Assembled
OS
Microsoft Windows 10 Pro Insider Preview 64-bit
CPU
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard
Gigabyte Technology Co., Ltd. B85M-D3H
Memory
Corsair Vengence 4GB x2 (8.00GB Dual-Channel DDR3 @ 798MHz)
Graphics Card(s)
2047MB GeForce GTS 450 (ZOTAC International)
Sound Card
Onboard (Realtek High Definition Audio)
Monitor(s) Displays
LG Flatron E2040T
Screen Resolution
1600x900
Hard Drives
Western Digital 1 TB
Seagate 500 GB
PSU
Corsair VS550
Case
Cooler Master K380
Cooling
Cooler Master Seidon 120V Plus
Keyboard
Logitech MK260r
Mouse
Logitech MK260r
Internet Speed
PMPL Broadband
Antivirus
Windows Defender + MBAM
Browser
Firefox
Other Info
Dell Studio 15" Laptop
Windows Defender Quick Scan came up with nothing.

TDSS found 1 threat, copied to quarantine. It was the object you pointed out. I ran this last night and it came up with nothing, but I guess that doesn't matter.

You'll have to forgive me because I have very little knowledge with computers. So, what should I do next to confirm the problem has been resolved?
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer
Do another scan with TDSSkiller, and then observe it for a few days.
 

My Computer My Computer

At a glance

Microsoft Windows 10 Pro Insider Preview 64-bitIntel(R) Core(TM) i3-4130 CPU @ 3.40GHzCorsair Vengence 4GB x2 (8.00GB Dual-Channel ...2047MB GeForce GTS 450 (ZOTAC International)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Assembled
OS
Microsoft Windows 10 Pro Insider Preview 64-bit
CPU
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard
Gigabyte Technology Co., Ltd. B85M-D3H
Memory
Corsair Vengence 4GB x2 (8.00GB Dual-Channel DDR3 @ 798MHz)
Graphics Card(s)
2047MB GeForce GTS 450 (ZOTAC International)
Sound Card
Onboard (Realtek High Definition Audio)
Monitor(s) Displays
LG Flatron E2040T
Screen Resolution
1600x900
Hard Drives
Western Digital 1 TB
Seagate 500 GB
PSU
Corsair VS550
Case
Cooler Master K380
Cooling
Cooler Master Seidon 120V Plus
Keyboard
Logitech MK260r
Mouse
Logitech MK260r
Internet Speed
PMPL Broadband
Antivirus
Windows Defender + MBAM
Browser
Firefox
Other Info
Dell Studio 15" Laptop
TDSS again and deleted file, another scan and reboot gave the all-clear. Should I try to run the virus removal tool again to see if it works or just leave it alone?
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer
OK, try it :)
 

My Computer My Computer

At a glance

Microsoft Windows 10 Pro Insider Preview 64-bitIntel(R) Core(TM) i3-4130 CPU @ 3.40GHzCorsair Vengence 4GB x2 (8.00GB Dual-Channel ...2047MB GeForce GTS 450 (ZOTAC International)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Assembled
OS
Microsoft Windows 10 Pro Insider Preview 64-bit
CPU
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard
Gigabyte Technology Co., Ltd. B85M-D3H
Memory
Corsair Vengence 4GB x2 (8.00GB Dual-Channel DDR3 @ 798MHz)
Graphics Card(s)
2047MB GeForce GTS 450 (ZOTAC International)
Sound Card
Onboard (Realtek High Definition Audio)
Monitor(s) Displays
LG Flatron E2040T
Screen Resolution
1600x900
Hard Drives
Western Digital 1 TB
Seagate 500 GB
PSU
Corsair VS550
Case
Cooler Master K380
Cooling
Cooler Master Seidon 120V Plus
Keyboard
Logitech MK260r
Mouse
Logitech MK260r
Internet Speed
PMPL Broadband
Antivirus
Windows Defender + MBAM
Browser
Firefox
Other Info
Dell Studio 15" Laptop
Still Blue Screens (same error as before):
PAGE_FAULT_IN_NON-PAGED_AREA

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 50
BCP1: FFFFF88003BB0FF8
BCP2: 0000000000000000
BCP3: FFFFF80002CCD816
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\091713-24741-01.dmp
C:\Users\Steve\AppData\Local\Temp\WER-43352-0.sysdata.xml
Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium
Antivirus
Kaspersky
Browser
Internet explorer

My Computer My Computer

At a glance

Microsoft Windows 10 Pro Insider Preview 64-bitIntel(R) Core(TM) i3-4130 CPU @ 3.40GHzCorsair Vengence 4GB x2 (8.00GB Dual-Channel ...2047MB GeForce GTS 450 (ZOTAC International)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Assembled
OS
Microsoft Windows 10 Pro Insider Preview 64-bit
CPU
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Motherboard
Gigabyte Technology Co., Ltd. B85M-D3H
Memory
Corsair Vengence 4GB x2 (8.00GB Dual-Channel DDR3 @ 798MHz)
Graphics Card(s)
2047MB GeForce GTS 450 (ZOTAC International)
Sound Card
Onboard (Realtek High Definition Audio)
Monitor(s) Displays
LG Flatron E2040T
Screen Resolution
1600x900
Hard Drives
Western Digital 1 TB
Seagate 500 GB
PSU
Corsair VS550
Case
Cooler Master K380
Cooling
Cooler Master Seidon 120V Plus
Keyboard
Logitech MK260r
Mouse
Logitech MK260r
Internet Speed
PMPL Broadband
Antivirus
Windows Defender + MBAM
Browser
Firefox
Other Info
Dell Studio 15" Laptop

My Computer My Computer

At a glance

Desk1 7 Home Prem / Desk2 10 Pro / Main lap A...Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i...Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop...Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Back
Top