Computer shuts down when doing a full scan

[onetwothreee]

Hi there,

 

I've been trying to complete a full scan but every time before the scan completes, the computer shuts down and it's taking an unusually long time to scan (i.e. on my desktop it takes 1 hour max but on this one, it takes upwards of 4 hours and even then it's still not done and then shuts down). Appreciate any help, thank you!

 

Here are the logs that I think I'm supposed to provide:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518

Run by Megan at 21:16:50 on 2014-02-21

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4037.1985 [GMT -5:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AppleOSSMgr.exe

C:\Windows\system32\AppleTimeSrv.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Box\Box Sync\BoxSync.exe

C:\Users\Megan\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\PROGRA~1\Box\BOXSYN~1\BoxSync.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

c:\Program Files\Box\Box Sync\BoxSyncMonitor.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Megan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Megan\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{ABCAF185-ED14-4AA8-8CBD-800879C4D378} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{ABCAF185-ED14-4AA8-8CBD-800879C4D378}\D4567616E6723702960586F6E656 : DHCPNameServer = 172.20.10.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe

x64-Run: [boxSync] "c:\Program Files\Box\Box Sync\BoxSync.exe" -m

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2013-6-5 73016]

R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2013-6-5 16696]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-15 20464]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]

R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2013-6-5 226144]

R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2013-6-5 94560]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2013-6-5 18232]

R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2013-6-5 23352]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-15 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-15 701512]

R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2011-4-12 9728]

R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2014-1-15 20480]

R3 AppleCamera;FaceTime HD Camera;C:\Windows\System32\drivers\AppleCamera.sys [2014-1-15 1777408]

R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2014-1-15 39424]

R3 CirrusLFD;CS42xxLowerFilter;C:\Windows\System32\drivers\CSLFD.sys [2014-1-15 53648]

R3 CirrusUFD;CS42xxUpperFilter;C:\Windows\System32\drivers\CSUFD.sys [2014-1-15 11416]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-15 368112]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-15 786416]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2014-1-15 31232]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-15 25928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-1-24 22016]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-1-15 169752]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-21 111616]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-15 442368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-15 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-15 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-15 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-15 1255736]

.

=============== Created Last 30 ================

.

2014-02-21 20:12:57 548864 ----a-w- C:\Windows\System32\vbscript.dll

2014-02-21 20:12:57 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-02-21 17:39:54 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C436D915-9156-419F-BE7A-D48103BD1DB2}\mpengine.dll

2014-02-21 17:31:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2014-02-04 18:09:58 -------- d-----w- C:\Downloads

2014-02-02 23:49:35 -------- d-----w- C:\Users\Megan\AppData\Local\Adobe

2014-02-02 23:16:34 -------- d-----w- C:\Users\Megan\AppData\Roaming\LibreOffice

2014-02-02 23:15:38 -------- d-----w- C:\Program Files (x86)\LibreOffice 4

2014-02-02 23:05:24 -------- d--h--w- C:\Users\Megan\.Box Sync

2014-02-02 23:05:10 -------- d-----w- C:\Users\Megan\Box Sync

2014-02-02 23:04:41 -------- d-----w- C:\Users\Megan\AppData\Local\Box Sync

2014-02-02 23:04:27 -------- d-----w- C:\Program Files\Box

2014-02-02 23:04:25 -------- d-----w- C:\ProgramData\Package Cache

2014-02-02 23:02:37 -------- d-----r- C:\Users\Megan\Dropbox

2014-02-02 23:01:46 -------- d-----w- C:\Users\Megan\AppData\Roaming\DropboxMaster

2014-02-02 23:00:46 -------- d-----w- C:\Users\Megan\AppData\Roaming\Dropbox

2014-01-24 20:45:02 64856 ----a-w- C:\Windows\System32\klfphc.dll

2014-01-24 20:44:50 -------- d-----w- C:\Windows\ELAMBKUP

2014-01-24 20:44:48 -------- d-----w- C:\ProgramData\Kaspersky Lab

2014-01-24 20:44:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2014-01-24 20:44:37 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys

.

==================== Find3M  ====================

.

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-01-24 22:31:01 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys

2014-01-24 22:31:01 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys

2014-01-24 22:31:00 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys

2014-01-24 22:31:00 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2014-01-24 22:31:00 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

2014-01-24 22:30:59 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys

2014-01-15 22:22:29 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys

2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

.

============= FINISH: 21:17:11.53 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume4

Install Date: 1/15/2014 7:30:03 AM

System Uptime: 2/21/2014 9:14:05 PM (0 hours ago)

.

Motherboard: Apple Inc. |  | Mac-7DF21CB3ED6977E5

Processor: Intel® Core i5-4250U CPU @ 1.30GHz | U3E1 | 798/25mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 10.271 GiB free.

D: is FIXED (HFS) - 75 GiB total, 33.246 GiB free.

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP18: 2/21/2014 3:12:50 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Reader XI (11.0.06)

Apple Software Update

Boot Camp Services

Box Sync

Dropbox

FlashGet 1.9.6.1073

Google Chrome

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® USB 3.0 eXtensible Host Controller Driver

Kaspersky Internet Security 2013

LibreOffice 4.2.0.4

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5.1

Microsoft AppLocale

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft Windows Application Compatibility Database

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

VLC media player 2.1.2

Windows Driver Package - Apple Inc. (AppleCamera) Image  (05/09/2013 5.0.12.1)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10)

Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)

Windows Driver Package - Apple Inc. Apple Keyboard (05/20/2013 5.0.6.0)

Windows Driver Package - Apple Inc. Apple Multitouch (01/30/2013 5.0.1.0)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0)

Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple System Device (01/30/2013 5.0.1.0)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0)

Windows Driver Package - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17)

Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1)

Windows Driver Package - Broadcom (BCM43XX) Net  (04/26/2013 6.30.223.75)

Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243)

Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (04/25/2013 6.6001.3.09)

Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0)

Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0)

Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0)

Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0)

Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0)

Windows Driver Package - Intel System  (07/20/2007 1.2.76.0)

WinRAR 5.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

2/21/2014 9:14:21 PM, Error: NetBT [4321]  - The name "MEGAN-PC       :0" could not be registered on the interface with IP address 192.168.0.14. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.

2/21/2014 9:14:20 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{ABCAF185-ED14-4AA8-8CBD-800879C4D378} because another computer on the network has the same name.  The server could not start.

2/21/2014 9:14:20 PM, Error: NetBT [4321]  - The name "MEGAN-PC       :20" could not be registered on the interface with IP address 192.168.0.14. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.

2/21/2014 5:27:03 PM, Error: NetBT [4321]  - The name "MEGAN-PC       :20" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.

2/21/2014 5:27:03 PM, Error: NetBT [4321]  - The name "MEGAN-PC       :0" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.

2/21/2014 3:08:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff30011d92960, 0x0000000000000001, 0xfffff80002ccbe40, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022114-11590-01.

2/21/2014 12:33:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2862973).

2/21/2014 12:33:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2909210).

2/16/2014 1:20:52 AM, Error: NetBT [4321]  - The name "MEGAN-PC       :0" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer.

2/16/2014 1:20:51 AM, Error: NetBT [4321]  - The name "MEGAN-PC       :20" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.12 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

 

 

[Maniac]

Hello onetwothreee and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here:

https://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry417944

Reboot your system, update Malwarebytes and perform a full system scan. Post your log file.

[onetwothreee]

Thanks for the reply.

 

I tried booting in safe mode and full scanning but it still shuts down in the middle of the scan. Should I proceed to Steps 2 and 3 of the guide?

[Maniac]

Yes, please.

[onetwothreee]

Alright so...

 

Did step 2 and then tried to scan but shut down.

 

Did step 3 and tried to scan afterwards, it hasn't shut down so far but it's been scanning for 5.5 hours and still going...

 

Should I just let the scan continue?

[onetwothreee]

Update: 

 

After about 9 hours of scanning, it shuts down again...

[Maniac]

Please add the following files in exceptions of Kaspersky Internet Security 2013:

http://support.kaspersky.com/8742

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

When you are done, please reboot your system, update Malwarebytes' Anti-Malware and perform a full system scan. Let me know.

[onetwothreee]

Okay so scan took 8+ hours but this time it finished. Not sure if you need the log but here it is:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.23.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Megan :: MEGAN-PC [administrator]

 

Protection: Enabled

 

2/23/2014 12:20:35 PM

mbam-log-2014-02-23 (12-20-35).txt

 

Scan type: Full scan (C:\|D:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 686092

Time elapsed: 8 hour(s), 18 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Just wondering, is it normal for the scan to take this long 'cause my drive is only 128 gb so shouldn't it be faster?

[Maniac]

Glad this time is finished successfully. Scan time depends on many factors. For example: type of files, their size and so on, but actually this is a very long time.

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[onetwothreee]

ESETscan report:

 

C:\Users\Megan\Desktop\115 DiscRobot\115 DiscRobot.exe a variant of Win32/Packed.FlyStudio potentially unwanted application deleted - quarantined

[Maniac]

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[onetwothreee]

Sorry for the late reply.

 

I've done the scan and there are no detected threats.

[Maniac]

No problem.

How are things there?

[onetwothreee]

The log is huge (~175mb) so can't attach or paste it here but it said there were no threats detected. 

[Maniac]

I mean with your problem. Any progress?

[onetwothreee]

I tried full scanning again today but it shut down again. This is the message that showed up after the shutdown:

 

Problem signature:

  Problem Event Name: BlueScreen

  OS Version: 6.1.7601.2.1.0.256.48

  Locale ID: 1033

 

Additional information about the problem:

  BCCode: 50

  BCP1: FFFFF3001C6AD580

  BCP2: 0000000000000001

  BCP3: FFFFF80002C90E40

  BCP4: 0000000000000007

  OS Version: 6_1_7601

  Service Pack: 1_0

  Product: 256_1

 

Files that help describe the problem:

  C:\Windows\Minidump\030214-7753-01.dmp

  C:\Users\Megan\AppData\Local\Temp\WER-12012-0.sysdata.xml

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

 

If the online privacy statement is not available, please read our privacy statement offline:

  C:\Windows\system32\en-US\erofflps.txt

[Maniac]

Download BlueScreenView

No installation required.

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit>Select All.

Go File>Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

[onetwothreee]

==================================================

Dump File         : 030214-7753-01.dmp

Crash Time        : 3/2/2014 12:44:20 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`1c6ad580

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02c90e40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\030214-7753-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 295,512

Dump File Time    : 3/2/2014 12:45:23 PM

==================================================

 

==================================================

Dump File         : 022214-7066-01.dmp

Crash Time        : 2/22/2014 10:21:31 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`0fd0f580

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02cd9e40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\022214-7066-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 295,512

Dump File Time    : 2/22/2014 10:23:01 PM

==================================================

 

==================================================

Dump File         : 022214-7768-01.dmp

Crash Time        : 2/22/2014 1:34:41 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`122ad9c0

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02c88e40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\022214-7768-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 295,512

Dump File Time    : 2/22/2014 1:35:25 PM

==================================================

 

==================================================

Dump File         : 022214-7659-01.dmp

Crash Time        : 2/22/2014 12:31:25 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`0a641ca0

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02091e40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\022214-7659-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 269,568

Dump File Time    : 2/22/2014 12:32:24 PM

==================================================

 

==================================================

Dump File         : 022114-11590-01.dmp

Crash Time        : 2/21/2014 3:07:47 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`11d92960

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02ccbe40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\022114-11590-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 295,512

Dump File Time    : 2/21/2014 3:08:53 PM

==================================================

 

==================================================

Dump File         : 012414-7488-01.dmp

Crash Time        : 1/24/2014 4:53:36 AM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`12e3a7f0

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02cc2e40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\012414-7488-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 324,216

Dump File Time    : 1/24/2014 5:02:49 PM

==================================================

 

==================================================

Dump File         : 011614-8143-01.dmp

Crash Time        : 1/15/2014 10:36:28 PM

Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code    : 0x00000050

Parameter 1       : fffff300`0ce6a010

Parameter 2       : 00000000`00000001

Parameter 3       : fffff800`02ccbe40

Parameter 4       : 00000000`00000007

Caused By Driver  : AppleHFS.sys

Caused By Address : AppleHFS.sys+6d64

File Description  : 

Product Name      : 

Company           : 

File Version      : 

Processor         : x64

Crash Address     : ntoskrnl.exe+75bc0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\Windows\Minidump\011614-8143-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 344,824

Dump File Time    : 1/16/2014 3:39:51 AM

==================================================

[Maniac]

Please take a look at this article:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023(v=vs.85).aspx

[onetwothreee]

I did some googling on the error and apparently since I'm running Windows on bootcamp I shouldn't scan the Mac OS partition because Windows can't read it. I've tried full scanning just the the Windows partition and it's fine now. Thank you very much for your help  .  

[Maniac]

Glad I could help!

Step 1

• Download OTL to your desktop and run it.
• Click on CleanUp button.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!