Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and Hangs when trying to scan for virus [Windows 7]


  • Please log in to reply
8 replies to this topic

#1 KurosawaShirou

KurosawaShirou

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 15 July 2016 - 08:59 AM

So i did the stupidest thing for anyone browsing webs, forgetting to install anti-virus.

 

Basically the subscription ended a while back, and i uninstalled Bitdefender, replacing it with Malwarebytes. Little did i know that the two things works differently. After a while, for some reason Malwarebytes also disappeared from my computer, leaving my computer defenseless.

 

Yesterday i noticed that, and i decided to right the wrongs, by installing antivirus and Malwarebytes.

 

Malwarebytes scans found nothing, so i went and get Avast, which resulted in BSOD every time i tried to install/update it. BSOD cause is aswhwid.sys, and after several BSOD, i decided to get back to Bitdefender.

 

Installing Bitdefender itself is a challenge, with hangs and stuff.

 

After i finally installed Bitdefender (at 6am), i finally claimed victory, ran deep system scan, and went to sleep.

 

7 hours later, i find out that the scanning process is halted at 25%, with my Window freezes.

 

After a while, i tried the solutions found in this site https://forums.malwarebytes.org/topic/143834-computer-freezing-due-to-undetectable-virus/ and if i'm not wrong, it's the same Gringo here, which is why i decided to register here.

 

I probably shouldn't tried without asking, but i did, by downloading Adwcleaner, JRT, Combofix, MbAR, RogueKiller, and HijackThis, and ran all of them, except HijackThis.

 

So far, only RogueKiller and ComboFix ends up fruitless, BSOD-ing while scanning with the cause "A device driver attempting to corrupt the system have been caught" on both case.

 

At this point, i'm about to just give up and formats the whole Windows, but that would means losing several stuff if i'm not careful in backing up. Please help?

 

Thanks in advance!



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:40 PM

Posted 15 July 2016 - 11:03 AM

How to receive help diagnosing Blue Screens and Windows crashes - http://www.bleepingcomputer.com/forums/topic176011.html

 

Louis



#3 KurosawaShirou

KurosawaShirou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 15 July 2016 - 11:51 AM

New problem

 

There doesn't seems to be any crash dump. Searched the whole C:\Windows and didn't find anything with dmp extension. Already did as told, unchecked the Hide Protected Operating System Files and shown hidden files.

 

Trying to recreate the crash for now.

 

EDIT: Doesn't seem to work. I have tried editing the registry along the line of AlwaysKeepMemoryDump 1, recreated the crash caused by ComboFix, and still no dmp file found


Edited by KurosawaShirou, 15 July 2016 - 12:58 PM.


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:40 PM

Posted 15 July 2016 - 07:59 PM

DO NOT MESS WITH THE SYSTEM ANY MORE!

1)  I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.
2)  Once they give you a clean bill of health, Please run this report collecting tool so that we can provide a complete analysis: (from the pinned topic at the top of the forum)   http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

Don't worry about not finding the memory dumps at this point.  We'll deal with that when we need to.

The reports (in step 2 above) will contain a lot more info - and it may help us to figure out what's causing the BSOD's - even without the memory dumps.

 

If you're really determined, a simple search of your system for files ending in .dmp should help

The most common places for them are:

- in C:\Windows - there may be a file named MEMORY.dmp

- in C:\Windows\Minidump - there will be files with date stamps that end in .dmp

Let us know if there aren't any there
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 KurosawaShirou

KurosawaShirou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 15 July 2016 - 09:25 PM

I am very sorry for not reading the pinned topic. I was quite desperate and posted without much readings.  :bowdown:

 

That being said, there's no .dmp files anywhere in the windows folder, aside from the 3 crash dump dating back to January 2015, which is not named memory.dmp or the minidump format.

 

Also, my Chrome flared with warnings when i tried downloading sysnative BSOD dump. It is safe right?


Edited by KurosawaShirou, 15 July 2016 - 09:37 PM.


#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:40 PM

Posted 17 July 2016 - 06:57 AM

Not a problem, I understand the stress of having a system that ADR (Ain't Doing Right).

 

The Sysnative program has been used safely by hundreds (if not thousands) of user for many years.

Ensure that it's from the correct source, and (as with any download) be sure you scan it with an antivirus before opening it.

AFAIK, it's hosted here at BC, at MalwareBytes forums, at Sysnative (where it was developed), and at several other forums.


Edited by usasma, 17 July 2016 - 07:02 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 KurosawaShirou

KurosawaShirou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 17 July 2016 - 10:24 AM

· OS - Windows 7
· x64 ?
· Originally installed Windows 7. Re-installed several times due to massive slowdown and changing HDD.
· Full retail
· Age of system (hardware): Around 4 i think?
· Age of OS installation: I think 6-8 months. I kinda remember sending it for maintenance since it's slow around New Year holiday.

· CPU: Intel i7 2600k
· Video Card: Nvidia GTX 970 Zotac
· MotherBoard - Asrock Z77 Extreme4
· Power Supply: Corsair TX750M

· System Manufacturer: To be filled by OEM
· Exact model number: How to look for this?

· Desktop

 

I cannot attach the perfmon /report logs, since after the Resource and Performance Monitor windows appears it either got stuck in 'not responding' state or give me an error "An error occurred while attempting to generate the report. The interface is unknown."

Attached Files



#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:40 PM

Posted 17 July 2016 - 11:24 AM

Unfortunately it appears that the system has pirated software.
Please get a legitimate copy installed and we'll be glad to help.

Here's suggestions on how to ensure that your version is legitimate:  http://windows.microsoft.com/en-us/windows/genuine

Please be aware that we may not be able to fix it (as the hacks that were done to activate it will cause the OS to behave differently than we expect it to). If that's the case, our efforts to help may just waste your time. Secondly, the forum rules prohibit assisting with pirated software - so the topic would be closed if that is the case.

As a courtesy, I will offer an analysis of your issues using the reports you provided.
I will not answer any questions about the analysis until the system is made legitimate.
If you do make it legitimate, please submit a new set of reports for us to check.

Just FYI, sometimes the owner won't know about this.  So here's 2 scenarios that might ring a bell:
- if they had a "friend" help with the computer - and the "friend" installed a pirated copy.
- or they used a copy that they had from another OEM computer.  The OEM license is tied to the hardware that it came from - so you can't just use it on another system (that means that it's pirated).

And here's the analysis:

 

No memory dumps in the uploaded reports.

Only 317 Windows Update hotfixes installed.  Most systems with SP1 have 350-400 or more.  Please visit Windows Update and get ALL available updates (it may take several trips to get them all).
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

C: drive only has about 8% free space.  Windows likes 15% free space in order to perform stuff "behind the scenes" without adversely affecting the system's performance.  Please free up 15% on ALL hard drives (you can get away with 10% on larger drives and won't notice a large performance penalty).  Low free space can cause BSOD's - but the actual amount depends on the files being used by the system.

These devices have problems in Device Manager:

 

Teredo Tunneling Pseudo-Interface    ROOT\*TEREDO\0000    This device cannot start.
USB Root Hub    USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&1C0A308C&0&0    This device is not working properly because Windows cannot load the drivers required for this device.
Intel® USB 3.0 eXtensible Host Controller    PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0    This device is working properly.

Right click on the Teredo device and select "Uninstall".  When you reboot, the error should stay gone.

For the others, please download and install the drivers for your ASMedia and Intel USB drivers from the AsRock support website for your model motherboard.

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.
NOTE2:  The latest version has an SPTD2.sys driver - the uninstaller is on the same page as the SPTD.sys driver - just download the version for W10!

Please uninstall XFastLAN and XFastUSB as they are known to cause BSOD's on some Windows systems.

 

If using MalwareBytes Premium and BitDefender 2016 - be sure to have the latest version of BitDefender - otherwise BSOD's are to be expected.

 

MSI Afterburner and Riva Tuner (along with EVGA Precision) are known to cause BSOD's in some Windows systems (it's driver is usually RTCore64.sys).  Please un-install them immediately!

If you're overclocking, please stop the overclock while we're troubleshooting.  Feel free to resume the overclock once the system has been stabilized.

 

XXXXX


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 KurosawaShirou

KurosawaShirou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 17 July 2016 - 11:38 AM

Hrm, that might be the cause of the maintenance i mentioned earlier. The guy said it has to be formatted, so i just okayed it, since he also backups most of the files as well. When i ask if the Windows is genuine, he said yeah, and i never pursued it further than that.

 

I can't really say for sure that it's genuine, so i guess it's pirated then (._.)

 

I am very sorry for wasting your time, and thank you so much for the assistance so far, really appreciate it. I guess i need to be more careful when sending my computer for maintenance.

 

Again, really sorry for wasting your time ><






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users