Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hangs when trying to scan for virus

  • Please log in to reply
4 replies to this topic

#1 KurosawaShirou


  • Members
  • 8 posts
  • Gender:Male
  • Local time:11:34 AM

Posted 15 July 2016 - 09:30 PM

I use Windows 7


My computer was left a few months without any antivirus, because i forgot to renew the subscription for BitDefender, and the Malwarebytes suddenly disappeared.


When i realised that, and tried to get a new antivirus, there's a lot of problem suddenly popping up.


Starting with Avast can't be installed, since every attempt of installing/updating ends up with BSOD caused by aswhwid.sys


The computer freezes when installing Bitdefender, which ends up installed.


The computer freezes again when scanning for virus.


Then there's the lack of any crash dump.



Before that, the startup and load time is painstakingly slow. In comparison, after i typed in the password, i turn on my laptop, and my laptop reached desktop before my computer can reach it. After i change my VGA, the startup time is even longer. I suspect there's unintended guest from the place where i serviced my computer.


I also stupidly ran several programs found in this site, namely Adwcleaner, JRT, Combofix, MbAR, RogueKiller, with ComboFix and RogueKiller ending up in BSOD caused by "A device driver attempting to corrupt the system have been caught"


Am i paranoid to think that this is caused by virus and malware?


Initial Malwarebytes scans is clean


Bitdefender scans (after running those programs above) came up with Application.Hacktools.II in Bitdefender's folder.


I also have Soluto program since a while ago, since i get several BSOD back then. This only works around 3-5 days, then no more reports.


Thanks in advance

Edited by KurosawaShirou, 15 July 2016 - 09:47 PM.

BC AdBot (Login to Remove)


#2 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:11:34 PM

Posted 15 July 2016 - 09:51 PM

Scan & Clean With Ads Fix


  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File



  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.





Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.




9-Lab Scan.


  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

#3 KurosawaShirou

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Male
  • Local time:11:34 AM

Posted 16 July 2016 - 03:20 AM

Progress update: Was scanning using AdsFix when BItdefender decided to be a nuisance and killed the process. Apparently there's intrusion detector in Bitdefender that shuts down anything that tried to access dll file without permission or some sorts.


Now still waiting for the AdsFix to finish. It's been almost 2 hour and it's still 10%. Should i be worried?


UPDATE: It's still scanning, now at 59%. Haven't advanced since 3-4 hours ago.


UPDATE II: Almost 12 hour now, still stuck at 59%. Seems to be taking a long time scanning UserData|Components|HKLM64.


UPDATE III: Adsfix finally finished, Reset_Host has also finished. Encountered error with Pre-Scan "AutoIt error allocating memory". Will attach the other two's log as soon as i get control back.

Edited by KurosawaShirou, 16 July 2016 - 10:53 PM.

#4 KurosawaShirou

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Male
  • Local time:11:34 AM

Posted 17 July 2016 - 05:37 AM

Finally done.


Reset Host Log

-|x| RstHosts v2.0 - Rapport cree le 17/07/2016 a 09:25:03
-|x| Systeme d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : KurosawaShirou - ELIZABETH (Administrateur)
-|x|- Informations -|x|-
Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Proprietaire : Administrators - BUILTIN
Taille : 89 bytes
Date de creation : 14/07/2009 - 09:34:48
Date de modification : 17/07/2016 - 09:21:56
Date de dernier acces : 17/07/2016 - 09:21:56
-|x|- Contenu du fichier -|x|-
# Fichier Hosts cree par RstHosts       localhost
::1             localhost
-|x|- E.O.F - C:\RstHosts.txt - 630 bytes -|x|-
9Lab Log
9-lab Removal Tool BETA
Database version: 128.39590
Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.18376
KurosawaShirou :: ELIZABETH
17-Jul-16 1:18:47 PM
9lab-log-2016-07-17 (13-18-47).txt
Scan type: Full
Objects scanned: 66351
Time Elapsed: 2 h 1 m
Registry Keys detected: 7
Hack.RPL.CheatEngine.ad [HKEY_CURRENT_USER\Software\Cheat Engine]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
Adware.RPL.Gen.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}]
Registry Values detected: 1
Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]
ActiveX detected: 1
[133247D97D02F1033878D72B7DE07BE7] Risk.Win32.Gen.vb!s1 [{ED3110F3-5211-11DF-94AF-0026B977EEAA} c:\program files (x86)\common files\webm project\webmdshow\vp8decoder.dll]
Files detected: 55
[6FCB4F0DC0EDCA5AFC7B0BA6BEF42A2D] Malware.MPL.Heur.vb [c:\users\kurosawashirou\MGSV_QAR_Tool.exe]
[07A3543F438223EBEDEF9998A348987E] Adware.Win64.InstallCore.vb!n [C:\AdsFix\Quarantine\C\Users\KurosawaShirou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader.AdsFix\JDownloader 2.lnk]
[73A226799B2CE536D7DBB6AB29FFD0DB] Malware.Win32.Gen.D6E7.sm!ff [C:\AdsFix\Quarantine\C\Users\KurosawaShirou\Downloads\Smadav.9.9.1.kuyhAa.AdsFix\Smadav.9.9.1.kuyhAa\Keygen\Keygen.exe]
[4E83B8BF4060AAFDA9A24A91DDD94D14] Trojan.Win32.Gen.bot [D:\2K Games\Borderlands The Pre-Sequel\Binaries\Win32\steam_api.dll]
[68C0FE4D533C715405C3F276274928F1] Malware.Win32.Gen.cs5 [D:\Age of Mythology Extended Edition\steam_api.dll]
[F5A7D731CE75C8A5A6B6BD8F8822DCC1] Trojan.Win32.Gen.ad!i [D:\Dark Souls III\unins000.exe]
[DD4EF562B1154C5E95E5856A671C0993] Malware.Win32.Pack.1157!se [D:\Download\Windows 7 Gif Viewer.exe]
[70862A8CBAB8F360BACB6C9F61A9A48C] Malware.Win32.Gen.sm [D:\Dragons Dogma Dark Arisen\DDDA.exe]
[0AA11001187D9EF84BB5BFEE8F7F7769] Malware.Win32.Gen.cld [D:\Download\_www.gigapurbalingga.com__Activator_Bit_Defender_2015\[www.gigapurbalingga.com]_Activator Bit Defender 2015\Trial-Reset - Activator.exe]
[3AB17207717714BCA378583D147C1A7A] Malware.Win32.Gen.cld [D:\illusion\Artificial Academy 2\AA2Edit v1.0.1 FP v1.4.2.exe]
[3AB17207717714BCA378583D147C1A7A] Malware.Win32.Gen.cld [D:\illusion\Artificial Academy 2\manual\AA2Edit.exe]
[C1F860EE847FFA11F5D9244EC1256129] Malware.Win32.Gen.cld [D:\illusion\Artificial Academy 2\WIZAERD\_general\tools\IluPak.exe]
[7EDD0D551E58841589FDF180204E0554] Malware.Win32.Gen.sm [D:\KISS\CM3D2\ntlea\x86\ntleah.dll]
[AFDC8D5B38BC5D297429970776FA27EA] Malware.Win32.Gen.sm [D:\KISS\CM3D2\ntlea\x86\ntleaj.dll]
[C654E14279804C48C4A7565AF7A43F28] Malware.Win32.Heur.bot [D:\KISS\CM3D2\ReiPatcher\Patches\UnityInjector.Patcher.dll]
[F27F209D2ED892C936BFFF0E8564D87B] Malware.Win32.Gen.sm [D:\KISS\CM3D2\x86\opengl32.dll]
[5500E07920A622765A4E512F86B92380] Malware.Win32.Gen.cld [D:\Imoizi\imoizi.exe]
[4DEC317AC6B7BDBB685ACDB6D9F923B5] Malware.Win32.Gen.sm!s6 [D:\Sid Meier's Civilization V\steam_api.dll]
[575C9C6E4E64B607FBED12FF3EA35F21] Malware.Win32.Gen.1561.sm!ff [D:\Skyrim Mod Organizer\uninstall.exe]
[D3B9773EF671DA0F501D42E38BD4CD21] Malware.Win32.Gen.250D.sm!ff [D:\Steam\SteamApps\common\GarrysMod\hl2.exe]
[C938F3B95F119E522B570ED82BFEE9A9] Hack.Win64.Agent.bot [D:\Steam\SteamApps\common\MGS_TPP\steamclient64.dll]
[FE458CC3011DA891B580E0FD14471FD5] Trojan.Win64.Gen.bot [D:\Steam\SteamApps\common\MGS_TPP\_CommonRedist\3dmgame.dll]
[BFD788F56492530A89AAEF2CC3A3FC67] Malware.Win32.Gen.sm [D:\Steam\SteamApps\common\Skyborn\Utils.dll]
[92E5EF331D85A9D7063F95009DD6F9E9] Malware.Win32.Gen.3A21.sm!ff [D:\Steam\SteamApps\common\Sword of Asumi\lib\windows-i686\Sword of Asumi.exe]
[3A219BE977CE990C814236CA650046BB] Malware.Win32.Gen.sm [D:\Steam\SteamApps\common\Sword of Asumi\Sword of Asumi.exe]
[D7C19BDB968266B3E9866FBC2841E182] Malware.Win32.Gen.D7C1.sm!ff [C:\BOLOPatch4.00.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[2DBAA28BAB52CC4A3728AADF422FEEE1] Malware.Win32.Gen.sm [D:\Torrent\Movavi Video Converter 14.3.0\Movavi Video Converter 14.3.0\PATCH\Patch .exe]
[68D120C055A213871FE5FF7DE86F3C6F] Malware.Win32.Gen.cs0 [D:\[Fuwanovel] Sono Hana 5 - The Joy of Loving You\[Fuwanovel] Sono Hana 5 - The Joy of Loving You.exe]
[354C5B4CE23BF351F87683DCDB5FCE80] Malware.Win32.Gen.cs0 [D:\[Fuwanovel] Sono Hana 7 - Sweet Enchanting Kisses\[Fuwanovel] Sono Hana 7 - Sweet Enchanting Kisses.exe]
[EBAD89B3731F35C392B5A303CD370DA3] Malware.Win32.Gen.cs0 [D:\[Fuwanovel] Touhou Perfect Cherry Blossom for busy people -English-\Perfect Cherry Blossom for busy people\isoyou_p1.9\isoyou_p1.9.exe]
[133247D97D02F1033878D72B7DE07BE7] Risk.Win32.Gen.vb!s1 [C:\Program Files (x86)\Common Files\WebM Project\webmdshow\vp8decoder.dll]
[6E8CD9872E947218EC344AD5581A9FF9] Malware.Win32.Gen.6E8C.sm!ff [C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll]
[2D607078CAEA05C5C7ECCEC626821AB2] Adware.OpenCandy.vb!c [C:\Program Files (x86)\Freemake\COM\1.1\regfiles.exe]
[5C41E42699BA36C7A4F9D474E93A31DF] Adware.Win32.Toolbar.ad!n [C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe]
[30645AAB268D93872CA2F14135941543] Malware.Win32.Gen.cld [C:\Program Files (x86)\Movavi Video Converter 14\VideoConverter.exe]
[48E15D5B759425BBA3A6651B08E9D41E] Trojan.Win32.Gen.ad!i [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls III\Uninstall Dark Souls III.lnk]
[19752F184983FD66106021AA5EA587DD] Malware.Win32.Gen.sm [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen\Dragons Dogma Dark Arisen.lnk]
[1A847DE5F8A9836882F7AD50C5C2CEAE] Malware.Win32.Gen.cld [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 14\Movavi Video Converter 14.lnk]
[0EDBA52FC7FB8AB9E6C4A169D0C55713] Adware.Win64.InstallCore.vb!n [C:\Users\KurosawaShirou\AppData\Local\JDownloader 2.0\JDownloader2.exe]
[95A66FDCD05AD0F59F6C70CDF8DA1AB8] Adware.Win64.InstallCore.vb!n [C:\Users\KurosawaShirou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk]
[CE61130C7EA6AEF01EBC8520237918F5] Malware.Win32.Gen.1561.sm!ff [C:\Users\KurosawaShirou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer\Uninstall.lnk]
[19752F184983FD66106021AA5EA587DD] Malware.Win32.Gen.sm [C:\Users\KurosawaShirou\Desktop\Games\Dragons Dogma Dark Arisen.lnk]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\KurosawaShirou\Desktop\rsthosts_2.0.exe]
[95A66FDCD05AD0F59F6C70CDF8DA1AB8] Adware.Win64.InstallCore.vb!n [C:\Users\KurosawaShirou\Desktop\ShortCut\JDownloader 2.lnk]
[5160E3A2B4B50DD0379B0AD769C48940] Malware.Win32.Gen.cld [C:\Users\KurosawaShirou\Desktop\ShortCut\Movavi Video Converter 14.lnk]
[183A689E49B51547E454FD1C6E4DB93B] Malware.Win32.Gen.sm!s1 [C:\Users\KurosawaShirou\Downloads\AutoHotkey112207_Install.exe]
[C1E32B4D43CB49EEE17B3DACD423AAC0] Malware.Win32.Gen.sm [C:\Users\KurosawaShirou\Downloads\AutoMouser v5.1.exe]
[850EB84FA2ADA41E2A6C5E63B2105150] Adware.Win32.Downloader.vb!n [C:\Users\KurosawaShirou\Downloads\Compressed\G-163165\Fly! Yui.exe]
[6E8CD9872E947218EC344AD5581A9FF9] Malware.Win32.Gen.6E8C.sm!ff [C:\Users\KurosawaShirou\Downloads\DAEMON Tools Pro Advanced Final Incl. Crack [ATOM]\Crack\MSIMG32.dll]
[65F648A6B676DE4758CA389B62DA2DC7] PUP.Systweak.vb!c [C:\Users\KurosawaShirou\Downloads\Dll.Files.Fixer. Fixed Crack\setup.exe]
[D88193AE121BB62005CE0137CF3613CF] Malware.Win32.Gen.bot [C:\Users\KurosawaShirou\Downloads\Programs\CheatEngine65.exe]
[DD4EF562B1154C5E95E5856A671C0993] Malware.Win32.Pack.1157!se [C:\Users\KurosawaShirou\Downloads\Programs\Windows 7 Gif Viewer.exe]
[73749469D04AD55DF66E2642791069D7] PUP.Win32.GameHack.ad!i [C:\Users\KurosawaShirou\Downloads\Samurai.Warriors.4-II.v1.0.Plus.15.Trainer-FLiNG\Samurai Warriors 4-II v1.0 Plus 15 Trainer.exe]
[1FEDB926400C10E6808C1CD65F50163A] Malware.Win32.Gen.cld [C:\Users\KurosawaShirou\Downloads\Dll.Files.Fixer. Fixed Crack\crack.exe]
Do i need to include Adsfix logs as well?
I also can't include Pre-scan logs because it wouldn't finish, always stopping at 40% due to "Autoit Error allocating memory"
P.S. How to include attachment?

#5 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:11:34 PM

Posted 17 July 2016 - 03:19 PM

For now lets see these scans, and tell me how things are running. :)


Adware Cleaner Scan.


Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.


Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.





Hit Ok.




Hit next make sure to leave all items checked, for removal.





The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.


ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.




2. Once you have started the program, you will need to click the scanner button.


The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.


At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan



Run a full scan with Zemana AntiMalware!

Install and select deep scan.


Remove any infections found.

Then click on the icon in the pic below.


Double click on the scan log, copy and paste here in your reply

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users