Jump to content


Photo

Problem with MBAM scan

MBAM scan fail

  • Please log in to reply
20 replies to this topic

#1 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 29 July 2012 - 07:57 AM

Hi, sorry if i don't post in the appropriate forum, but i've got a problem by using MBAM.

So Yesterday, i've tried do run a complete scan as i do usually each month or each two month.
When i have run MBAM, i see that there where an update, so i did the update.

Then, i have launched MBAM, and started to run a complete scan, but the scan stops automaticly after about 5 to 20 secondes.

I've tried several time, always the same outcome.

It scares me a little, because i think that i could be infected, and a virus stops the scan or something like that :/


Here is one of the scan log :



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.28.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ded0 :: DED0-PC [administrateur]

29/07/2012 14:54:12
mbam-log-2012-07-29 (14-54-12).txt

Type d'examen: Examen complet (C:\|E:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 2016
Temps écoulé: 17 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

As you can see, only 17 secondes here ...

Can anyone here help me ? :)




PS : Sorry if my english is not good, i'm a 17y/o french.

#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 29 July 2012 - 08:13 AM

Hello and welcome to MBAM, ded0: :)

Your English is fine.
It sounds as if you recently updated MBAM to the latest program version (1.62) and now your Full scan is stopping after only 17 seconds?

Perhaps try to cleanly reinstall MBAM and see if that resolves your issue:
  • If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).
  • Download and run mbam-clean.exe from HERE.
  • It will ask to restart your computer; please allow it to do so - this is very important!
  • After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
  • If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key. If you are running MBAM Free, you can skip this step.
  • Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
  • Then go to the UPDATE tab (if not done during installation) and check for updates.
  • Restart the computer again and verify that MBAM is in the system tray (if using the PRO version).
  • Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it.
Then, let's start with a Quick scan first -- let us know how that goes.

If that doesn't work, please let us know, as there are some other things to try, :)

Thanks!

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 29 July 2012 - 08:41 AM

Hi, thanks you to help me, but i have done all of these :

"If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).
Download and run mbam-clean.exe from HERE.
It will ask to restart your computer; please allow it to do so - this is very important!
After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key. If you are running MBAM Free, you can skip this step.
Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
Then go to the UPDATE tab (if not done during installation) and check for updates."


Now, i'm at "Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it."

But, i'm using Avira as Anti Virus, and i don't have "any file exclusion" option in it.
What to do ? Do i have to disable Avira when doing a MBAM scan ?

#4 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 29 July 2012 - 08:49 AM

Hi:

No, you don't need to and shouldn't disable Avira during an MBAM Scan. That would be dangerous. :)
Here are the detailed steps for Avira and MBAM exclusions.

Try this, then reboot once more for good measure, and try again to run an MBAM Quick scan first.
Let us know how it goes!

Thanks,
daledoc1



Set Exclusions for Malwarebytes' Anti-Malware in Avira on 64 bit Windows Versions:
  • Open Avira and click on Local Protection on the left
  • Click on Realtime Protection
  • Click on Configuration on the upper right
  • Click the checkbox next to Expert mode on the upper left so that it is checked
  • Under Guard, click the + next to Scan to expand the list
  • Click on Exceptions
  • Under Processes to be omitted by the Guard click the ... button next to the blank white box
  • In the browse window that opens, navigate to C:\Program Files (x86)\Malwarebytes' Anti-Malware
  • Double-click on mbam.exe then click the Add button
  • Repeat steps 7-9 for the following files:
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe


Set Exclusions for Avira in Malwarebytes' Anti-Malware:
  • Click on Apply
  • Close Avira's window
  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Avira and click OK
  • Close Malwarebytes' Anti-Malware

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#5 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 29 July 2012 - 09:01 AM

Done ...

For a quick scan it was ... Too quick, 5 seconds :(





Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.29.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ded0 :: DED0-PC [administrateur]

29/07/2012 16:00:48
mbam-log-2012-07-29 (16-00-48).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 1584
Temps écoulé: 5 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

#6 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 29 July 2012 - 09:42 AM

Hi, again:

Yes, that doesn't seem right -- too few files scanned.

OK, let's do this -- please follow the instructions below to run DDS (it's just a safe little tool, not a program that needs to be installed).
Please post back with both of the logs it will produce (they will be txt files).

One of the MBAM staff experts will review them to see why this may be happening, and advise you further.
(They may also ask you to run an MBAM developer mode scan -- they will instruct you how to do this, if needed.)

-->Download DDS from here: dds.scr or here: dds.com and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool -- on Vista or Win 7, right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.
Thanks for your patience,

daledoc1

PS A mod will probably move this topic into the General MBAM forum. So, don't be surprised if that happens. :)

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#7 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 30 July 2012 - 10:56 AM

Hi, here the two logs :


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ded0 at 17:48:19 on 2012-07-30
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.4095.2839 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\system\HsMgr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Ded0\AppData\Local\Temp\{34D21284-3CC2-4194-91FC-50B222586F23}\ISBEW64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Ded0\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Xpadder] "C:\Users\Ded0\Desktop\Xpadder 5.7\Xpadder [5.7].exe" /m
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "E:\Programmes\uTorrent\uTorrent.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - E:\Programmes\PokerStars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{CD0761AA-31A4-4533-93E8-4DE38AC2EF15} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {90EAE591-7E7E-434a-8E28-ECFD00071806} - E:\Programmes\PokerStars\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ded0\AppData\Roaming\Mozilla\Firefox\Profiles\pfj5nz3y.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Ded0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AntiVirSchedulerService;Avira Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-6 86224]
R2 AntiVirService;Avira Protection temps réel;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-6 110032]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 cmudaxp;ASUS Xonar D1 Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 RTL8167;Pilote Realtek 8167 NT;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-2 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-3-17 135584]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-2 116648]
S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-11-14 311928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tizekdrv;tizekdrv;C:\Users\Ded0\AppData\Roaming\TZAC\tizek64.sys [2012-4-20 241848]
S3 tizeqdrv;tizeqdrv;C:\Users\Ded0\AppData\Roaming\TZAC\tizeq64.sys [2012-4-20 498872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-29 13:30:56 -------- d-----w- C:\Users\Ded0\AppData\Roaming\Malwarebytes
2012-07-29 13:30:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 13:30:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 13:30:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 11:56:58 -------- d-----w- C:\Users\Ded0\AppData\Local\{8675308B-7C04-4A41-8788-F44B88EE168F}
2012-07-29 11:56:42 -------- d-----w- C:\Users\Ded0\AppData\Local\{36E4355C-19B6-4B41-B60D-6C02264D5A50}
2012-07-28 23:54:13 -------- d-----w- C:\Users\Ded0\AppData\Local\{35A67462-071C-401A-805B-0CFFB2378E6D}
2012-07-28 23:54:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{E690CB25-B135-49C9-8DF4-3025FEF97BC3}
2012-07-28 11:53:48 -------- d-----w- C:\Users\Ded0\AppData\Local\{9C247C23-4E00-4DC0-A084-01C328D7AA07}
2012-07-28 11:53:37 -------- d-----w- C:\Users\Ded0\AppData\Local\{5975FDFA-ED6A-4B88-A621-D5966CDC8F50}
2012-07-27 21:32:27 -------- d-----w- C:\Users\Ded0\AppData\Local\{C57CEE36-B105-44EF-AB7B-A693F3D7A9C7}
2012-07-27 21:32:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{32B543A6-383A-45E5-939E-E7C8360417A2}
2012-07-27 18:00:58 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-07-27 18:00:58 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-07-27 18:00:57 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-07-27 18:00:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-07-27 18:00:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-07-27 18:00:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-07-27 18:00:56 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-07-27 18:00:55 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-07-27 09:31:49 -------- d-----w- C:\Users\Ded0\AppData\Local\{CAF3A126-2316-4E08-BAF6-5BC13961584F}
2012-07-27 09:31:36 -------- d-----w- C:\Users\Ded0\AppData\Local\{C2B1A0C5-203B-4296-B89E-44B57614BC8A}
2012-07-27 09:31:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804938DC-7E32-4F08-A1A1-AC61044316A9}\mpengine.dll
2012-07-26 20:43:03 -------- d-----w- C:\Users\Ded0\AppData\Roaming\WindSolutions
2012-07-26 20:33:17 -------- d-----w- C:\ProgramData\WindSolutions
2012-07-26 08:49:11 -------- d-----w- C:\Users\Ded0\AppData\Local\{1C13694F-224A-460A-8762-43BF20AB213B}
2012-07-26 08:48:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{2663B87D-925B-41BD-9140-714BF71C3E79}
2012-07-25 16:48:03 -------- d-----w- C:\Users\Ded0\AppData\Local\{7498DD6F-566C-45B3-853E-7915D7D16043}
2012-07-25 16:47:51 -------- d-----w- C:\Users\Ded0\AppData\Local\{87D4D880-22AB-478D-B7E5-415CE1A116C0}
2012-07-25 04:47:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{AC7260CA-BC59-4237-8609-995118591E53}
2012-07-25 04:47:00 -------- d-----w- C:\Users\Ded0\AppData\Local\{EF467421-8805-4749-856E-264181380E82}
2012-07-24 11:49:15 -------- d-----w- C:\Users\Ded0\AppData\Local\{F2A0BC8F-AB37-457A-8E10-5F5798C0878F}
2012-07-24 11:48:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{A3E10F0E-3991-4038-A5A9-9726C8316446}
2012-07-23 19:18:35 -------- d-----w- C:\Users\Ded0\AppData\Local\{5FC0197D-D30B-4B83-91E8-F1B97B718077}
2012-07-23 19:18:23 -------- d-----w- C:\Users\Ded0\AppData\Local\{832B11C8-1B3F-4CF8-B792-0B4C62978865}
2012-07-23 07:17:55 -------- d-----w- C:\Users\Ded0\AppData\Local\{91ADE8A0-2CB6-4F64-AC6F-439DE0291D82}
2012-07-23 07:17:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{C12DC4B0-ED02-4266-B7F3-65CE5AC53B32}
2012-07-22 16:43:59 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator
2012-07-22 07:28:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{CAA09E8A-E48D-48C2-87DC-570653CABBC6}
2012-07-22 07:28:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{CC9A63CE-9589-4AE7-8EC4-511D2251DCD3}
2012-07-21 19:17:45 -------- d-----w- C:\Users\Ded0\AppData\Local\{178AC2A0-8414-44F7-9BEE-817C74020AA1}
2012-07-21 19:17:33 -------- d-----w- C:\Users\Ded0\AppData\Local\{193DEF21-D303-4CCC-802D-06B0D0A940EC}
2012-07-21 07:17:08 -------- d-----w- C:\Users\Ded0\AppData\Local\{B0F2105A-F503-47AA-9725-5D1C8DFC86A3}
2012-07-21 07:16:54 -------- d-----w- C:\Users\Ded0\AppData\Local\{5649B9CD-456D-4BE1-9CB6-BB99511CC11D}
2012-07-20 18:11:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{2F111792-39BE-42EB-B824-42210C0A1DF6}
2012-07-20 18:10:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{51B4D2C0-0E41-4B26-861F-C8A8AD5C5293}
2012-07-20 06:10:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{B7F3B83F-2819-4F55-8778-10C85ABB89A4}
2012-07-20 06:10:09 -------- d-----w- C:\Users\Ded0\AppData\Local\{B49B62D7-5358-40F1-8BC6-B17934A20E3B}
2012-07-19 10:24:39 -------- d-----w- C:\Users\Ded0\AppData\Local\{C8BF6069-9497-402B-B066-4BB0DE29006E}
2012-07-19 10:24:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{BEDCEBB6-B615-4EA5-8510-B1FF938295B7}
2012-07-18 22:24:02 -------- d-----w- C:\Users\Ded0\AppData\Local\{606B8C25-F306-4CD9-954F-FEC4747CE169}
2012-07-18 22:23:50 -------- d-----w- C:\Users\Ded0\AppData\Local\{6464FEDE-22E5-43EF-857B-37CB19B168A4}
2012-07-18 10:23:20 -------- d-----w- C:\Users\Ded0\AppData\Local\{3A506426-3188-40B9-9240-AB7D7AD10839}
2012-07-18 10:23:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{24445301-62AC-4063-8FD6-ADB247EF9D3F}
2012-07-17 19:04:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{99CF30C1-2298-4422-A804-C9BBE99F3B7B}
2012-07-17 19:04:44 -------- d-----w- C:\Users\Ded0\AppData\Local\{F367D7CA-3141-4781-843B-D230D364FB06}
2012-07-17 07:04:15 -------- d-----w- C:\Users\Ded0\AppData\Local\{81A650BC-B17D-409C-B6F4-862CE685EA49}
2012-07-17 07:04:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{844CC5A9-8DE4-45F2-9817-2B35E31743FE}
2012-07-16 08:59:21 -------- d-----w- C:\Users\Ded0\AppData\Local\{0F0E71C8-1138-4860-9633-4712538295FC}
2012-07-16 08:59:06 -------- d-----w- C:\Users\Ded0\AppData\Local\{525B3D95-11F9-4C44-9BA9-AF51553F1804}
2012-07-15 11:34:17 -------- d-----w- C:\Users\Ded0\AppData\Local\{5894DD15-AD2B-47B0-B2F7-65E1B96F4BC7}
2012-07-15 11:34:06 -------- d-----w- C:\Users\Ded0\AppData\Local\{418F0FCA-8928-4B3B-968C-7C4C1A05A8E2}
2012-07-14 09:43:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{5E22E30F-E728-4B20-AF55-E0E2CD158EE2}
2012-07-14 09:43:17 -------- d-----w- C:\Users\Ded0\AppData\Local\{B6B48597-FA9F-496A-A149-342F119F4188}
2012-07-13 21:43:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{0AD2DBFE-DB10-40C7-9FC7-D9A83CFB72FA}
2012-07-13 21:42:52 -------- d-----w- C:\Users\Ded0\AppData\Local\{45E6D2EE-CA7C-4D32-8169-65E6C720BD26}
2012-07-13 09:42:22 -------- d-----w- C:\Users\Ded0\AppData\Local\{AC5C6C9F-8CEC-40F6-84A6-9CA1FC16B583}
2012-07-13 09:42:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{D195398B-C227-48CD-9D8A-7D9055AB8C3F}
2012-07-12 21:10:50 -------- d-----w- C:\Users\Ded0\AppData\Local\{9ACF4502-4E4B-41D3-B42D-158F17598C41}
2012-07-12 21:10:38 -------- d-----w- C:\Users\Ded0\AppData\Local\{809378E1-A0AB-49E8-8341-E6426C9D72A5}
2012-07-12 09:10:13 -------- d-----w- C:\Users\Ded0\AppData\Local\{AEBF183C-BC40-40EF-8EC1-5ABA35115C94}
2012-07-12 09:10:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{7ED7F717-0F29-4DB5-8D57-9EE4EEA76EA4}
2012-07-11 21:09:36 -------- d-----w- C:\Users\Ded0\AppData\Local\{2802BA67-D2F6-4C87-9E39-30C973764B7C}
2012-07-11 21:09:24 -------- d-----w- C:\Users\Ded0\AppData\Local\{C12F3255-C59D-425B-B892-0AF4F5D0A70B}
2012-07-11 09:09:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{D29DADE4-C891-4D42-BBE5-025BF369F87F}
2012-07-11 09:08:56 -------- d-----w- C:\Users\Ded0\AppData\Local\{1F5E2A66-080D-4FD2-AB80-29DC3379BF42}
2012-07-11 00:08:56 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 00:04:50 -------- d-----w- C:\Users\Ded0\AppData\Local\Macromedia
2012-07-10 23:57:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 23:57:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-10 23:44:21 -------- d-----w- C:\Program Files (x86)\UnH Solutions
2012-07-10 18:08:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{27635BC4-F70C-4174-B72A-C255B0F7ABFF}
2012-07-10 18:08:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{B41851F8-5085-40DC-A157-E240A818FF5D}
2012-07-09 20:49:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{24147487-7AC9-4B1B-99B0-7292990C5EA2}
2012-07-09 20:48:58 -------- d-----w- C:\Users\Ded0\AppData\Local\{140D3705-2605-4FE0-9438-F334000856E6}
2012-07-09 08:48:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{25000830-DE20-4BF2-98B2-3A41E38B1020}
2012-07-09 08:48:31 -------- d-----w- C:\Users\Ded0\AppData\Local\{E2F1281E-1032-4747-AFDE-90A521D41683}
2012-07-08 18:32:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{2FCB2BF3-491B-44CE-AF7C-1D11F5FB4A9E}
2012-07-08 18:32:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{2CFA3976-6560-4BD1-A87B-F802324566EB}
2012-07-07 10:22:31 -------- d-----w- C:\Users\Ded0\AppData\Local\{68578BBA-C673-45B6-8DC2-46E83146FA06}
2012-07-07 10:22:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{C2761796-E625-4CF1-AAC3-7F63163A69F3}
2012-07-06 21:52:22 -------- d-----w- C:\Users\Ded0\AppData\Local\{F60947DB-A089-4B11-961F-9665AC469BC6}
2012-07-06 21:52:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{652533E6-EDC6-45B6-9670-BE13730E0015}
2012-07-06 09:51:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{1991766C-D357-4856-BE76-C70821A2BCAF}
2012-07-06 09:51:45 -------- d-----w- C:\Users\Ded0\AppData\Local\{B2FDE7E4-C30C-4277-85FA-ACB5EAE5B0C0}
2012-07-05 21:13:26 -------- d-----w- C:\Users\Ded0\AppData\Local\{17285ACD-29E0-4216-A59A-14C2FB9A9A4D}
2012-07-05 21:13:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{8E7B967B-9F23-41D0-B732-A39FFD01912F}
2012-07-05 09:12:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{D9B6396B-141E-4A0D-8E5E-6EBA1FCB9143}
2012-07-05 09:12:46 -------- d-----w- C:\Users\Ded0\AppData\Local\{6ABBB3F5-21CD-49A3-A05D-9AECFD4C1BAF}
2012-07-04 20:20:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{62368CF8-630F-4029-A9F4-A4186F8A61E1}
2012-07-04 20:20:18 -------- d-----w- C:\Users\Ded0\AppData\Local\{555BB387-FFFC-4E3F-855D-9B5CE5CFA6F7}
2012-07-04 08:20:03 -------- d-----w- C:\Users\Ded0\AppData\Local\{62981A90-BBA1-4AF4-BBC0-0EB674C3B3FC}
2012-07-04 08:19:47 -------- d-----w- C:\Users\Ded0\AppData\Local\{C0116670-3064-4B0E-973A-ADEF3E51F956}
2012-07-03 17:56:09 -------- d-----w- C:\Users\Ded0\AppData\Local\{378486FF-548C-4B14-8F6F-F8720CFA14CB}
2012-07-03 17:55:56 -------- d-----w- C:\Users\Ded0\AppData\Local\{58B4B682-003B-4C0D-9F5B-82177BEBFDDC}
2012-07-03 05:55:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{0E784FF4-2699-45A3-B834-1EBC1226FD81}
2012-07-03 05:55:18 -------- d-----w- C:\Users\Ded0\AppData\Local\{E4D9B19F-BCDD-4D09-867B-502362AC7C2B}
2012-07-02 12:18:00 -------- d-----w- C:\Users\Ded0\AppData\Local\{0F1AD59A-C47B-4585-AFEA-0750FF8DE2E9}
2012-07-02 12:17:49 -------- d-----w- C:\Users\Ded0\AppData\Local\{40D5E6F8-FE41-4F78-9720-68301AB9D21A}
2012-07-02 00:17:23 -------- d-----w- C:\Users\Ded0\AppData\Local\{9215C7AA-56E0-492A-A2E3-42DDE6F3A19A}
2012-07-02 00:17:12 -------- d-----w- C:\Users\Ded0\AppData\Local\{A25C8444-7330-4A23-8810-4336DC363D58}
2012-07-01 12:16:46 -------- d-----w- C:\Users\Ded0\AppData\Local\{331CAE47-A552-48AD-B242-ED1D0D187193}
2012-07-01 12:16:34 -------- d-----w- C:\Users\Ded0\AppData\Local\{C7B8776F-3D8E-42D4-AE8B-933A1FABED1B}
2012-07-01 00:16:12 -------- d-----w- C:\Users\Ded0\AppData\Local\{C0B3A93C-D5CA-448E-9DB9-92B4659DBDA8}
2012-07-01 00:15:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{4215CF96-E1EF-49E9-A3BF-DE4B04C9A3A2}
.
==================== Find3M ====================
.
2012-06-19 22:47:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-19 22:47:04 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-19 22:47:04 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-19 22:43:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 10:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-27 13:01:40 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-27 13:01:40 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-25 15:10:49 57 ----a-w- C:\Users\Ded0\computer_gender.vbs
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2010-01-26 09:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 17:48:32,68 ===============























And









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 06/03/2012 11:04:57
System Uptime: 30/07/2012 13:39:46 (4 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | GF615M-P33 (MS-7597)
Processor: AMD Phenom™ II X4 925 Processor | CPU1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 145,138 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 510,613 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP124: 29/07/2012 14:40:23 - Point de contrôle planifié
RP125: 30/07/2012 14:54:38 - Supprimé Grand Theft Auto IV
.
==== Installed Programs ======================
.
3DMark 11
Adobe After Effects CS5.5 Third Party Content
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Production Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2) - Français
Adobe Story
adsl TV
AION Free-To-Play
AMD VISION Engine Control Center
APB Reloaded
Apple Application Support
Apple Software Update
Assassin's Creed II
µTorrent
Auslogics Disk Defrag Professional
Avira Free Antivirus
Battlefield 3™
Battlelog Web Plugins
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
DAEMON Tools Lite
Diablo III
DiRT 3
Everest Poker.fr (Remove Only)
FIFA 12 © EA version 1
FileZilla Client 3.5.3
Fraps (remove only)
Futuremark SystemInfo
GhostMouse
Google Chrome
Google Update Helper
Google Earth
Grand Theft Auto IV
Grand Theft Auto IV - Episodes From Liberty City
GTA San Andreas
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
JDownloader 0.9
LinuxLive USB Creator
Livestream Procaster
Ma-Config.com
Mafia II
Malwarebytes Anti-Malware version 1.62.0.1300
ManyCam 3.0.79 (remove only)
Max Payne 3
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 fr)
Mozilla Maintenance Service
MSVCRT
Mumble 1.2.3
MX vs ATV Reflex
NC Launcher (GameForge)
Notepad++
NVIDIA PhysX
OCCT 4.1.1
OpenAL
OpenOffice.org 3.3
Origin
Outil de téléchargement USB/DVD Windows 7
PDF Settings CS5
PokerStars.fr
PulsPlayer
PxMergeModule
Quake Live Mozilla Plugin
QuickTime
Rapture3D 2.4.8 Game
Razer Mamba
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Click to Call
Skype™ 5.8
SpeedFan (remove only)
Steam
SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
SWF Opener
System Requirements Lab CYRI
TZAC ANTICHEAT
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VDownloader 3.6.924
VLC media player 2.0.1
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.1
WinRAR 4.11 (32-bit)
WinSCP 4.0.6
Wolfenstein - Enemy Territory
.
==== End Of File ===========================






(I've tried to post them as attached files, but it doesn't worked)

#8 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 30 July 2012 - 01:12 PM

Hi:

Thanks for the update.
I've asked one of the moderators to review your logs and assist you further.


Thanks again for your patience,

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#9 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 30 July 2012 - 01:46 PM

Greetings :)

Please do the following:

Create a Process Monitor Log:

  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on Filter and select Filter...
  • Click on the first drop-down menu and select Process Name
  • Click on the second drop-down menu and select is
  • In the white box next to is, type mbam.exe
  • Make certain that in the last drop-down menu, Include is selected and click on Add
  • Click on Apply and then OK
  • Run a Quick Scan with Malwarebytes Anti-Malware
  • Once the scan completes, in Process Monitor, click on File and choose Save...
  • Make certain that the following are selected:

    • Events displayed using the current filter
    • Native Process Monitor Format (PML)
  • For Path:, click on the ... button and browse to your desktop and save the file as mbam.pml and click on OK
  • Close Process Monitor
  • Right-click on the mbam.pml file now located on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Please attach the mbam.zip file you just created to your next reply

Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 30 July 2012 - 04:17 PM

Attached File  mbam.rar   7.14MB   89 downloads





Hi, exile360, thank you to taking the time to help me.

Enclosed, the mbam.pml

#11 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 30 July 2012 - 10:19 PM

Excellent, thanks :)

Now, please open Malwarebytes Anti-Malware and click on the Ignore List tab and then press Alt+Print Screen on your keyboard.

Once that is done, open Microsoft Paint by clicking Start and typing paint and pressing Enter.

Once Paint opens, press Ctrl+V on your keyboard, you should now see a screenshot of Malwarebytes Anti-Malware.

Save the picture you just created in Paint to your desktop or another convenient location and then attach the picture to your next post.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 31 July 2012 - 07:51 AM

Here the screenshot.

Attached Images

  • Sans titre.png


#13 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 31 July 2012 - 09:57 AM

Great, thanks :)

Now, please do the following:

Create an Autoruns Log:
  • Please download Sysinternals Autoruns from here and save it to your desktop.

  • Note: If using Windows Vista or Windows 7 then you also need to do the following:
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK

[*]Double-click Autoruns.exe to run it.
[*]Once it starts, please press the Esc key on your keyboard.
[*]Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...
[*]In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

  • Include empty locations
  • Hide Microsoft entries
  • Hide Windows entries

[*]Verify that the following is checked, if it is unchecked, check it:

  • Verify code signatures

[*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
[*]When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
[*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
[*]Attach the Autoruns.zip folder you just created to your next reply
[/list]
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 31 July 2012 - 10:46 AM

I don't know if its okay because even when i had unchecked all entries to only left the "verify code signature" one, at the bottom center of Autoruns, there were written "no filters"

Attached Files



#15 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 31 July 2012 - 11:57 AM

I see this entry:

Xpadder c:\users\ded0\desktop\xpadder 5.7\xpadder [5.7].exe


I suspect it might be causing an issue. Could you try uninstalling that program or at least removing its startup entry temporarily to test?

If you just want to remove the startup entry, do the following:

Delete Autostart Entries Using Autoruns:

Please open Autoruns.exe again and allow it to perform its scan. Once it finishes please proceed with the following:
  • Click on the Logon tab and right click each of the following entry and select Delete:

  • Under HKCU\Software\Microsoft\Windows\CurrentVersion\Run:

  • Xpadder c:\users\ded0\desktop\xpadder 5.7\xpadder [5.7].exe

[*]Once that is complete, restart your computer.
[/list]
Now, run another Quick scan with Malwarebytes Anti-Malware and post the scan log in your next reply.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 31 July 2012 - 12:51 PM

Done,

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.29.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ded0 :: DED0-PC [administrateur]

31/07/2012 19:46:00
mbam-log-2012-07-31 (19-46-00).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 189038
Temps écoulé: 4 minute(s), 31 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


4 minutes, is that a correct scan ?

#17 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 31 July 2012 - 12:57 PM

Yes, that scan looks correct. You'll notice it scanned 189038 objects instead of around 2000 objects like it was before.

It looks like that startup entry was the problem. What I would suggest, if you'd like to keep using xpadder would be to simply rename the file from xpadder [5.7].exe to xpadder 5.7.exe as that should resolve the problem. You can then have it re-add its startup entry which, using the new filename, shouldn't create any problems and Malwarebytes Anti-Malware should continue to work correctly.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 31 July 2012 - 06:51 PM

@ Exile360: Thanks for sorting that out!

@ Ded0: It looks as if the mystery is solved. Thanks for your patience!

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#19 Ded0

Ded0

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 August 2012 - 03:26 AM

Hi guys, sorry for not awnsering for 1+ week , i was in vacations.

Thanks a lot for your help daledoc1 & exile360, it look like the problem is fixed, this afternoon im going to try a full scan.

#20 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 09 August 2012 - 05:38 AM

Hello again :)

Excellent, please let us know if you have any further issues.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users