Ded0

Problem with MBAM scan

21 posts in this topic

Hi, sorry if i don't post in the appropriate forum, but i've got a problem by using MBAM.

So Yesterday, i've tried do run a complete scan as i do usually each month or each two month.

When i have run MBAM, i see that there where an update, so i did the update.

Then, i have launched MBAM, and started to run a complete scan, but the scan stops automaticly after about 5 to 20 secondes.

I've tried several time, always the same outcome.

It scares me a little, because i think that i could be infected, and a virus stops the scan or something like that :/

Here is one of the scan log :

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Version de la base de données: v2012.07.28.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Ded0 :: DED0-PC [administrateur]

29/07/2012 14:54:12

mbam-log-2012-07-29 (14-54-12).txt

Type d'examen: Examen complet (C:\|E:\|)

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 2016

Temps écoulé: 17 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

(fin)

As you can see, only 17 secondes here ...

Can anyone here help me ? :)

PS : Sorry if my english is not good, i'm a 17y/o french.

Share this post


Link to post
Share on other sites

Hello and welcome to MBAM, ded0: :)

Your English is fine.

It sounds as if you recently updated MBAM to the latest program version (1.62) and now your Full scan is stopping after only 17 seconds?

Perhaps try to cleanly reinstall MBAM and see if that resolves your issue:

  • If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).
  • Download and run mbam-clean.exe from HERE.
  • It will ask to restart your computer; please allow it to do so - this is very important!
  • After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
  • If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key. If you are running MBAM Free, you can skip this step.
  • Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
  • Then go to the UPDATE tab (if not done during installation) and check for updates.
  • Restart the computer again and verify that MBAM is in the system tray (if using the PRO version).
  • Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it.

Then, let's start with a Quick scan first -- let us know how that goes.

If that doesn't work, please let us know, as there are some other things to try, :)

Thanks!

daledoc1

Share this post


Link to post
Share on other sites

Hi, thanks you to help me, but i have done all of these :

"If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).

Download and run mbam-clean.exe from HERE.

It will ask to restart your computer; please allow it to do so - this is very important!

After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)

If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key. If you are running MBAM Free, you can skip this step.

Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.

Then go to the UPDATE tab (if not done during installation) and check for updates."

Now, i'm at "Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it."

But, i'm using Avira as Anti Virus, and i don't have "any file exclusion" option in it.

What to do ? Do i have to disable Avira when doing a MBAM scan ?

Share this post


Link to post
Share on other sites

Hi:

No, you don't need to and shouldn't disable Avira during an MBAM Scan. That would be dangerous. :)

Here are the detailed steps for Avira and MBAM exclusions.

Try this, then reboot once more for good measure, and try again to run an MBAM Quick scan first.

Let us know how it goes!

Thanks,

daledoc1

Set Exclusions for Malwarebytes' Anti-Malware in Avira on 64 bit Windows Versions:

  1. Open Avira and click on Local Protection on the left
  2. Click on Realtime Protection
  3. Click on Configuration on the upper right
  4. Click the checkbox next to Expert mode on the upper left so that it is checked
  5. Under Guard, click the + next to Scan to expand the list
  6. Click on Exceptions
  7. Under Processes to be omitted by the Guard click the ... button next to the blank white box
  8. In the browse window that opens, navigate to C:\Program Files (x86)\Malwarebytes' Anti-Malware
  9. Double-click on mbam.exe then click the Add button
  10. Repeat steps 7-9 for the following files:
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Set Exclusions for Avira in Malwarebytes' Anti-Malware:

  • Click on Apply
  • Close Avira's window

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Avira and click OK
  • Close Malwarebytes' Anti-Malware

Share this post


Link to post
Share on other sites

Done ...

For a quick scan it was ... Too quick, 5 seconds :(

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Version de la base de données: v2012.07.29.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Ded0 :: DED0-PC [administrateur]

29/07/2012 16:00:48

mbam-log-2012-07-29 (16-00-48).txt

Type d'examen: Examen rapide

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 1584

Temps écoulé: 5 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

(fin)

Share this post


Link to post
Share on other sites

Hi, again:

Yes, that doesn't seem right -- too few files scanned.

OK, let's do this -- please follow the instructions below to run DDS (it's just a safe little tool, not a program that needs to be installed).

Please post back with both of the logs it will produce (they will be txt files).

One of the MBAM staff experts will review them to see why this may be happening, and advise you further.

(They may also ask you to run an MBAM developer mode scan -- they will instruct you how to do this, if needed.)

-->Download DDS from here: dds.scr or here: dds.com and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool -- on Vista or Win 7, right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:


    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thanks for your patience,

daledoc1

PS A mod will probably move this topic into the General MBAM forum. So, don't be surprised if that happens. :)

Share this post


Link to post
Share on other sites

Hi, here the two logs :

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ded0 at 17:48:19 on 2012-07-30

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.4095.2839 [GMT 2:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\HsMgr.exe

C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Windows\system\HsMgr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Users\Ded0\AppData\Local\Temp\{34D21284-3CC2-4194-91FC-50B222586F23}\ISBEW64.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Ded0\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Xpadder] "C:\Users\Ded0\Desktop\Xpadder 5.7\Xpadder [5.7].exe" /m

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [uTorrent] "E:\Programmes\uTorrent\uTorrent.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - E:\Programmes\PokerStars\PokerStarsUpdate.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 212.27.40.241 212.27.40.240

TCP: Interfaces\{CD0761AA-31A4-4533-93E8-4DE38AC2EF15} : DhcpNameServer = 212.27.40.241 212.27.40.240

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

IE-X64: {90EAE591-7E7E-434a-8E28-ECFD00071806} - E:\Programmes\PokerStars\PokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ded0\AppData\Roaming\Mozilla\Firefox\Profiles\pfj5nz3y.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Ded0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AntiVirSchedulerService;Avira Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-6 86224]

R2 AntiVirService;Avira Protection temps réel;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-6 110032]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 cmudaxp;ASUS Xonar D1 Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]

R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

R3 RTL8167;Pilote Realtek 8167 NT;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-2 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-3-17 135584]

S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-2 116648]

S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-11-14 311928]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 tizekdrv;tizekdrv;C:\Users\Ded0\AppData\Roaming\TZAC\tizek64.sys [2012-4-20 241848]

S3 tizeqdrv;tizeqdrv;C:\Users\Ded0\AppData\Roaming\TZAC\tizeq64.sys [2012-4-20 498872]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-29 13:30:56 -------- d-----w- C:\Users\Ded0\AppData\Roaming\Malwarebytes

2012-07-29 13:30:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-29 13:30:49 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-29 13:30:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-29 11:56:58 -------- d-----w- C:\Users\Ded0\AppData\Local\{8675308B-7C04-4A41-8788-F44B88EE168F}

2012-07-29 11:56:42 -------- d-----w- C:\Users\Ded0\AppData\Local\{36E4355C-19B6-4B41-B60D-6C02264D5A50}

2012-07-28 23:54:13 -------- d-----w- C:\Users\Ded0\AppData\Local\{35A67462-071C-401A-805B-0CFFB2378E6D}

2012-07-28 23:54:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{E690CB25-B135-49C9-8DF4-3025FEF97BC3}

2012-07-28 11:53:48 -------- d-----w- C:\Users\Ded0\AppData\Local\{9C247C23-4E00-4DC0-A084-01C328D7AA07}

2012-07-28 11:53:37 -------- d-----w- C:\Users\Ded0\AppData\Local\{5975FDFA-ED6A-4B88-A621-D5966CDC8F50}

2012-07-27 21:32:27 -------- d-----w- C:\Users\Ded0\AppData\Local\{C57CEE36-B105-44EF-AB7B-A693F3D7A9C7}

2012-07-27 21:32:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{32B543A6-383A-45E5-939E-E7C8360417A2}

2012-07-27 18:00:58 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-07-27 18:00:58 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-07-27 18:00:57 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-07-27 18:00:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-07-27 18:00:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-07-27 18:00:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-07-27 18:00:56 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-07-27 18:00:55 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-07-27 09:31:49 -------- d-----w- C:\Users\Ded0\AppData\Local\{CAF3A126-2316-4E08-BAF6-5BC13961584F}

2012-07-27 09:31:36 -------- d-----w- C:\Users\Ded0\AppData\Local\{C2B1A0C5-203B-4296-B89E-44B57614BC8A}

2012-07-27 09:31:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{804938DC-7E32-4F08-A1A1-AC61044316A9}\mpengine.dll

2012-07-26 20:43:03 -------- d-----w- C:\Users\Ded0\AppData\Roaming\WindSolutions

2012-07-26 20:33:17 -------- d-----w- C:\ProgramData\WindSolutions

2012-07-26 08:49:11 -------- d-----w- C:\Users\Ded0\AppData\Local\{1C13694F-224A-460A-8762-43BF20AB213B}

2012-07-26 08:48:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{2663B87D-925B-41BD-9140-714BF71C3E79}

2012-07-25 16:48:03 -------- d-----w- C:\Users\Ded0\AppData\Local\{7498DD6F-566C-45B3-853E-7915D7D16043}

2012-07-25 16:47:51 -------- d-----w- C:\Users\Ded0\AppData\Local\{87D4D880-22AB-478D-B7E5-415CE1A116C0}

2012-07-25 04:47:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{AC7260CA-BC59-4237-8609-995118591E53}

2012-07-25 04:47:00 -------- d-----w- C:\Users\Ded0\AppData\Local\{EF467421-8805-4749-856E-264181380E82}

2012-07-24 11:49:15 -------- d-----w- C:\Users\Ded0\AppData\Local\{F2A0BC8F-AB37-457A-8E10-5F5798C0878F}

2012-07-24 11:48:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{A3E10F0E-3991-4038-A5A9-9726C8316446}

2012-07-23 19:18:35 -------- d-----w- C:\Users\Ded0\AppData\Local\{5FC0197D-D30B-4B83-91E8-F1B97B718077}

2012-07-23 19:18:23 -------- d-----w- C:\Users\Ded0\AppData\Local\{832B11C8-1B3F-4CF8-B792-0B4C62978865}

2012-07-23 07:17:55 -------- d-----w- C:\Users\Ded0\AppData\Local\{91ADE8A0-2CB6-4F64-AC6F-439DE0291D82}

2012-07-23 07:17:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{C12DC4B0-ED02-4266-B7F3-65CE5AC53B32}

2012-07-22 16:43:59 -------- d-----w- C:\Program Files (x86)\LinuxLive USB Creator

2012-07-22 07:28:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{CAA09E8A-E48D-48C2-87DC-570653CABBC6}

2012-07-22 07:28:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{CC9A63CE-9589-4AE7-8EC4-511D2251DCD3}

2012-07-21 19:17:45 -------- d-----w- C:\Users\Ded0\AppData\Local\{178AC2A0-8414-44F7-9BEE-817C74020AA1}

2012-07-21 19:17:33 -------- d-----w- C:\Users\Ded0\AppData\Local\{193DEF21-D303-4CCC-802D-06B0D0A940EC}

2012-07-21 07:17:08 -------- d-----w- C:\Users\Ded0\AppData\Local\{B0F2105A-F503-47AA-9725-5D1C8DFC86A3}

2012-07-21 07:16:54 -------- d-----w- C:\Users\Ded0\AppData\Local\{5649B9CD-456D-4BE1-9CB6-BB99511CC11D}

2012-07-20 18:11:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{2F111792-39BE-42EB-B824-42210C0A1DF6}

2012-07-20 18:10:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{51B4D2C0-0E41-4B26-861F-C8A8AD5C5293}

2012-07-20 06:10:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{B7F3B83F-2819-4F55-8778-10C85ABB89A4}

2012-07-20 06:10:09 -------- d-----w- C:\Users\Ded0\AppData\Local\{B49B62D7-5358-40F1-8BC6-B17934A20E3B}

2012-07-19 10:24:39 -------- d-----w- C:\Users\Ded0\AppData\Local\{C8BF6069-9497-402B-B066-4BB0DE29006E}

2012-07-19 10:24:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{BEDCEBB6-B615-4EA5-8510-B1FF938295B7}

2012-07-18 22:24:02 -------- d-----w- C:\Users\Ded0\AppData\Local\{606B8C25-F306-4CD9-954F-FEC4747CE169}

2012-07-18 22:23:50 -------- d-----w- C:\Users\Ded0\AppData\Local\{6464FEDE-22E5-43EF-857B-37CB19B168A4}

2012-07-18 10:23:20 -------- d-----w- C:\Users\Ded0\AppData\Local\{3A506426-3188-40B9-9240-AB7D7AD10839}

2012-07-18 10:23:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{24445301-62AC-4063-8FD6-ADB247EF9D3F}

2012-07-17 19:04:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{99CF30C1-2298-4422-A804-C9BBE99F3B7B}

2012-07-17 19:04:44 -------- d-----w- C:\Users\Ded0\AppData\Local\{F367D7CA-3141-4781-843B-D230D364FB06}

2012-07-17 07:04:15 -------- d-----w- C:\Users\Ded0\AppData\Local\{81A650BC-B17D-409C-B6F4-862CE685EA49}

2012-07-17 07:04:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{844CC5A9-8DE4-45F2-9817-2B35E31743FE}

2012-07-16 08:59:21 -------- d-----w- C:\Users\Ded0\AppData\Local\{0F0E71C8-1138-4860-9633-4712538295FC}

2012-07-16 08:59:06 -------- d-----w- C:\Users\Ded0\AppData\Local\{525B3D95-11F9-4C44-9BA9-AF51553F1804}

2012-07-15 11:34:17 -------- d-----w- C:\Users\Ded0\AppData\Local\{5894DD15-AD2B-47B0-B2F7-65E1B96F4BC7}

2012-07-15 11:34:06 -------- d-----w- C:\Users\Ded0\AppData\Local\{418F0FCA-8928-4B3B-968C-7C4C1A05A8E2}

2012-07-14 09:43:28 -------- d-----w- C:\Users\Ded0\AppData\Local\{5E22E30F-E728-4B20-AF55-E0E2CD158EE2}

2012-07-14 09:43:17 -------- d-----w- C:\Users\Ded0\AppData\Local\{B6B48597-FA9F-496A-A149-342F119F4188}

2012-07-13 21:43:04 -------- d-----w- C:\Users\Ded0\AppData\Local\{0AD2DBFE-DB10-40C7-9FC7-D9A83CFB72FA}

2012-07-13 21:42:52 -------- d-----w- C:\Users\Ded0\AppData\Local\{45E6D2EE-CA7C-4D32-8169-65E6C720BD26}

2012-07-13 09:42:22 -------- d-----w- C:\Users\Ded0\AppData\Local\{AC5C6C9F-8CEC-40F6-84A6-9CA1FC16B583}

2012-07-13 09:42:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{D195398B-C227-48CD-9D8A-7D9055AB8C3F}

2012-07-12 21:10:50 -------- d-----w- C:\Users\Ded0\AppData\Local\{9ACF4502-4E4B-41D3-B42D-158F17598C41}

2012-07-12 21:10:38 -------- d-----w- C:\Users\Ded0\AppData\Local\{809378E1-A0AB-49E8-8341-E6426C9D72A5}

2012-07-12 09:10:13 -------- d-----w- C:\Users\Ded0\AppData\Local\{AEBF183C-BC40-40EF-8EC1-5ABA35115C94}

2012-07-12 09:10:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{7ED7F717-0F29-4DB5-8D57-9EE4EEA76EA4}

2012-07-11 21:09:36 -------- d-----w- C:\Users\Ded0\AppData\Local\{2802BA67-D2F6-4C87-9E39-30C973764B7C}

2012-07-11 21:09:24 -------- d-----w- C:\Users\Ded0\AppData\Local\{C12F3255-C59D-425B-B892-0AF4F5D0A70B}

2012-07-11 09:09:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{D29DADE4-C891-4D42-BBE5-025BF369F87F}

2012-07-11 09:08:56 -------- d-----w- C:\Users\Ded0\AppData\Local\{1F5E2A66-080D-4FD2-AB80-29DC3379BF42}

2012-07-11 00:08:56 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 00:04:50 -------- d-----w- C:\Users\Ded0\AppData\Local\Macromedia

2012-07-10 23:57:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-10 23:57:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-10 23:44:21 -------- d-----w- C:\Program Files (x86)\UnH Solutions

2012-07-10 18:08:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{27635BC4-F70C-4174-B72A-C255B0F7ABFF}

2012-07-10 18:08:01 -------- d-----w- C:\Users\Ded0\AppData\Local\{B41851F8-5085-40DC-A157-E240A818FF5D}

2012-07-09 20:49:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{24147487-7AC9-4B1B-99B0-7292990C5EA2}

2012-07-09 20:48:58 -------- d-----w- C:\Users\Ded0\AppData\Local\{140D3705-2605-4FE0-9438-F334000856E6}

2012-07-09 08:48:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{25000830-DE20-4BF2-98B2-3A41E38B1020}

2012-07-09 08:48:31 -------- d-----w- C:\Users\Ded0\AppData\Local\{E2F1281E-1032-4747-AFDE-90A521D41683}

2012-07-08 18:32:43 -------- d-----w- C:\Users\Ded0\AppData\Local\{2FCB2BF3-491B-44CE-AF7C-1D11F5FB4A9E}

2012-07-08 18:32:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{2CFA3976-6560-4BD1-A87B-F802324566EB}

2012-07-07 10:22:31 -------- d-----w- C:\Users\Ded0\AppData\Local\{68578BBA-C673-45B6-8DC2-46E83146FA06}

2012-07-07 10:22:16 -------- d-----w- C:\Users\Ded0\AppData\Local\{C2761796-E625-4CF1-AAC3-7F63163A69F3}

2012-07-06 21:52:22 -------- d-----w- C:\Users\Ded0\AppData\Local\{F60947DB-A089-4B11-961F-9665AC469BC6}

2012-07-06 21:52:10 -------- d-----w- C:\Users\Ded0\AppData\Local\{652533E6-EDC6-45B6-9670-BE13730E0015}

2012-07-06 09:51:57 -------- d-----w- C:\Users\Ded0\AppData\Local\{1991766C-D357-4856-BE76-C70821A2BCAF}

2012-07-06 09:51:45 -------- d-----w- C:\Users\Ded0\AppData\Local\{B2FDE7E4-C30C-4277-85FA-ACB5EAE5B0C0}

2012-07-05 21:13:26 -------- d-----w- C:\Users\Ded0\AppData\Local\{17285ACD-29E0-4216-A59A-14C2FB9A9A4D}

2012-07-05 21:13:14 -------- d-----w- C:\Users\Ded0\AppData\Local\{8E7B967B-9F23-41D0-B732-A39FFD01912F}

2012-07-05 09:12:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{D9B6396B-141E-4A0D-8E5E-6EBA1FCB9143}

2012-07-05 09:12:46 -------- d-----w- C:\Users\Ded0\AppData\Local\{6ABBB3F5-21CD-49A3-A05D-9AECFD4C1BAF}

2012-07-04 20:20:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{62368CF8-630F-4029-A9F4-A4186F8A61E1}

2012-07-04 20:20:18 -------- d-----w- C:\Users\Ded0\AppData\Local\{555BB387-FFFC-4E3F-855D-9B5CE5CFA6F7}

2012-07-04 08:20:03 -------- d-----w- C:\Users\Ded0\AppData\Local\{62981A90-BBA1-4AF4-BBC0-0EB674C3B3FC}

2012-07-04 08:19:47 -------- d-----w- C:\Users\Ded0\AppData\Local\{C0116670-3064-4B0E-973A-ADEF3E51F956}

2012-07-03 17:56:09 -------- d-----w- C:\Users\Ded0\AppData\Local\{378486FF-548C-4B14-8F6F-F8720CFA14CB}

2012-07-03 17:55:56 -------- d-----w- C:\Users\Ded0\AppData\Local\{58B4B682-003B-4C0D-9F5B-82177BEBFDDC}

2012-07-03 05:55:30 -------- d-----w- C:\Users\Ded0\AppData\Local\{0E784FF4-2699-45A3-B834-1EBC1226FD81}

2012-07-03 05:55:18 -------- d-----w- C:\Users\Ded0\AppData\Local\{E4D9B19F-BCDD-4D09-867B-502362AC7C2B}

2012-07-02 12:18:00 -------- d-----w- C:\Users\Ded0\AppData\Local\{0F1AD59A-C47B-4585-AFEA-0750FF8DE2E9}

2012-07-02 12:17:49 -------- d-----w- C:\Users\Ded0\AppData\Local\{40D5E6F8-FE41-4F78-9720-68301AB9D21A}

2012-07-02 00:17:23 -------- d-----w- C:\Users\Ded0\AppData\Local\{9215C7AA-56E0-492A-A2E3-42DDE6F3A19A}

2012-07-02 00:17:12 -------- d-----w- C:\Users\Ded0\AppData\Local\{A25C8444-7330-4A23-8810-4336DC363D58}

2012-07-01 12:16:46 -------- d-----w- C:\Users\Ded0\AppData\Local\{331CAE47-A552-48AD-B242-ED1D0D187193}

2012-07-01 12:16:34 -------- d-----w- C:\Users\Ded0\AppData\Local\{C7B8776F-3D8E-42D4-AE8B-933A1FABED1B}

2012-07-01 00:16:12 -------- d-----w- C:\Users\Ded0\AppData\Local\{C0B3A93C-D5CA-448E-9DB9-92B4659DBDA8}

2012-07-01 00:15:59 -------- d-----w- C:\Users\Ded0\AppData\Local\{4215CF96-E1EF-49E9-A3BF-DE4B04C9A3A2}

.

==================== Find3M ====================

.

2012-06-19 22:47:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-06-19 22:47:04 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-19 22:47:04 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-19 22:43:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 10:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-27 13:01:40 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-05-27 13:01:40 839112 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-25 15:10:49 57 ----a-w- C:\Users\Ded0\computer_gender.vbs

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2010-01-26 09:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 17:48:32,68 ===============

And

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professionnel

Boot Device: \Device\HarddiskVolume2

Install Date: 06/03/2012 11:04:57

System Uptime: 30/07/2012 13:39:46 (4 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | GF615M-P33 (MS-7597)

Processor: AMD Phenom™ II X4 925 Processor | CPU1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 145,138 GiB free.

E: is FIXED (NTFS) - 699 GiB total, 510,613 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP124: 29/07/2012 14:40:23 - Point de contrôle planifié

RP125: 30/07/2012 14:54:38 - Supprimé Grand Theft Auto IV

.

==== Installed Programs ======================

.

3DMark 11

Adobe After Effects CS5.5 Third Party Content

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5.5 Production Premium

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2) - Français

Adobe Story

adsl TV

AION Free-To-Play

AMD VISION Engine Control Center

APB Reloaded

Apple Application Support

Apple Software Update

Assassin's Creed II

µTorrent

Auslogics Disk Defrag Professional

Avira Free Antivirus

Battlefield 3™

Battlelog Web Plugins

CamStudio OSS Desktop Recorder

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

D3DX10

DAEMON Tools Lite

Diablo III

DiRT 3

Everest Poker.fr (Remove Only)

FIFA 12 © EA version 1

FileZilla Client 3.5.3

Fraps (remove only)

Futuremark SystemInfo

GhostMouse

Google Chrome

Google Update Helper

Google Earth

Grand Theft Auto IV

Grand Theft Auto IV - Episodes From Liberty City

GTA San Andreas

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 31

JDownloader 0.9

LinuxLive USB Creator

Livestream Procaster

Ma-Config.com

Mafia II

Malwarebytes Anti-Malware version 1.62.0.1300

ManyCam 3.0.79 (remove only)

Max Payne 3

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 13.0.1 (x86 fr)

Mozilla Maintenance Service

MSVCRT

Mumble 1.2.3

MX vs ATV Reflex

NC Launcher (GameForge)

Notepad++

NVIDIA PhysX

OCCT 4.1.1

OpenAL

OpenOffice.org 3.3

Origin

Outil de téléchargement USB/DVD Windows 7

PDF Settings CS5

PokerStars.fr

PulsPlayer

PxMergeModule

Quake Live Mozilla Plugin

QuickTime

Rapture3D 2.4.8 Game

Razer Mamba

Rockstar Games Social Club

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)

Skype Click to Call

Skype™ 5.8

SpeedFan (remove only)

Steam

SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil

SWF Opener

System Requirements Lab CYRI

TZAC ANTICHEAT

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VDownloader 3.6.924

VLC media player 2.0.1

Windows Live

Windows Live Communications Platform

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinPcap 4.1.1

WinRAR 4.11 (32-bit)

WinSCP 4.0.6

Wolfenstein - Enemy Territory

.

==== End Of File ===========================

(I've tried to post them as attached files, but it doesn't worked)

Share this post


Link to post
Share on other sites

Hi:

Thanks for the update.

I've asked one of the moderators to review your logs and assist you further.

Thanks again for your patience,

daledoc1

Share this post


Link to post
Share on other sites

Greetings :)

Please do the following:

Create a Process Monitor Log:

  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on Filter and select Filter...
  • Click on the first drop-down menu and select Process Name
  • Click on the second drop-down menu and select is
  • In the white box next to is, type mbam.exe
  • Make certain that in the last drop-down menu, Include is selected and click on Add
  • Click on Apply and then OK
  • Run a Quick Scan with Malwarebytes Anti-Malware
  • Once the scan completes, in Process Monitor, click on File and choose Save...
  • Make certain that the following are selected:
    • Events displayed using the current filter
    • Native Process Monitor Format (PML)

    [*]For Path:, click on the ... button and browse to your desktop and save the file as mbam.pml and click on OK

    [*]Close Process Monitor

    [*]Right-click on the mbam.pml file now located on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Please attach the mbam.zip file you just created to your next reply

Share this post


Link to post
Share on other sites

mbam.rar

Hi, exile360, thank you to taking the time to help me.

Enclosed, the mbam.pml

Share this post


Link to post
Share on other sites

Excellent, thanks :)

Now, please open Malwarebytes Anti-Malware and click on the Ignore List tab and then press Alt+Print Screen on your keyboard.

Once that is done, open Microsoft Paint by clicking Start and typing paint and pressing Enter.

Once Paint opens, press Ctrl+V on your keyboard, you should now see a screenshot of Malwarebytes Anti-Malware.

Save the picture you just created in Paint to your desktop or another convenient location and then attach the picture to your next post.

Thanks :)

Share this post


Link to post
Share on other sites

Great, thanks :)

Now, please do the following:

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      1. Right-click on Autoruns.exe and select Properties
      2. Click on the Compatibility tab
      3. Under Privilege Level check the box next to Run this program as an administrator
      4. Click on Apply then click OK

    [*]Double-click Autoruns.exe to run it.

    [*]Once it starts, please press the Esc key on your keyboard.

    [*]Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

    [*]In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

    • Include empty locations
    • Hide Microsoft entries
    • Hide Windows entries

    [*]Verify that the following is checked, if it is unchecked, check it:

    • Verify code signatures

    [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

    [*]When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

    [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Attach the Autoruns.zip folder you just created to your next reply

Share this post


Link to post
Share on other sites

I don't know if its okay because even when i had unchecked all entries to only left the "verify code signature" one, at the bottom center of Autoruns, there were written "no filters"

AutoRuns.zip

Share this post


Link to post
Share on other sites

I see this entry:

Xpadder c:\users\ded0\desktop\xpadder 5.7\xpadder [5.7].exe

I suspect it might be causing an issue. Could you try uninstalling that program or at least removing its startup entry temporarily to test?

If you just want to remove the startup entry, do the following:

Delete Autostart Entries Using Autoruns:

Please open Autoruns.exe again and allow it to perform its scan. Once it finishes please proceed with the following:

  • Click on the Logon tab and right click each of the following entry and select Delete:
    • Under HKCU\Software\Microsoft\Windows\CurrentVersion\Run:
      • Xpadder c:\users\ded0\desktop\xpadder 5.7\xpadder [5.7].exe

    [*]Once that is complete, restart your computer.

Now, run another Quick scan with Malwarebytes Anti-Malware and post the scan log in your next reply.

Thanks :)

Share this post


Link to post
Share on other sites

Done,

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Version de la base de données: v2012.07.29.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Ded0 :: DED0-PC [administrateur]

31/07/2012 19:46:00

mbam-log-2012-07-31 (19-46-00).txt

Type d'examen: Examen rapide

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 189038

Temps écoulé: 4 minute(s), 31 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

(fin)

4 minutes, is that a correct scan ?

Share this post


Link to post
Share on other sites

Yes, that scan looks correct. You'll notice it scanned 189038 objects instead of around 2000 objects like it was before.

It looks like that startup entry was the problem. What I would suggest, if you'd like to keep using xpadder would be to simply rename the file from xpadder [5.7].exe to xpadder 5.7.exe as that should resolve the problem. You can then have it re-add its startup entry which, using the new filename, shouldn't create any problems and Malwarebytes Anti-Malware should continue to work correctly.

Share this post


Link to post
Share on other sites

@ Exile360: Thanks for sorting that out!

@ Ded0: It looks as if the mystery is solved. Thanks for your patience!

daledoc1

Share this post


Link to post
Share on other sites

Hi guys, sorry for not awnsering for 1+ week , i was in vacations.

Thanks a lot for your help daledoc1 & exile360, it look like the problem is fixed, this afternoon im going to try a full scan.

Share this post


Link to post
Share on other sites

Hello again :)

Excellent, please let us know if you have any further issues.

Share this post


Link to post
Share on other sites

Hi guys, sorry for not awnsering for 1+ week , i was in vacations.

Thanks a lot for your help daledoc1 & exile360, it look like the problem is fixed, this afternoon im going to try a full scan.

Excellent!

Thanks for letting us know!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.