Problems with MBAM crashing

[sugarsugar]

I seem to have difficulty running MBAM. When it reaches the file "C:\windows\system32\pintlpad.hlp", it simply crashes. And then drwatson32.exe also crashes right after. I've uninstalled and reinstalled to no avail. Is there any way to fix this? Thanks in advance!

[noknojon]

Hi and Welcome -

As I would prefer an expert to fully review this item please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You -

EDIT - Can you both Please respond to the post below from AdvancedSetup So he can do a quick check on the problem - Thank You -

[Rich`]

I am seeing a crash too with database version 4425. I have a second machine (that hasn't been used much and was not infected). I scanned it first with an older database (from 8/3) no crash. Updated to 4425, and it crashed too. I think there is a problem with 4425. It crashes with "Malwarebytes' Anti-Malware has encountered a problem and needs to close." dialog. Also in order to run again I have to kill rogue drwatsn.exe too. Latter in the day I upgraded to 4427 and still get the same crash. I am reporting it to support@malwarebytes.org as well.

[AdvancedSetup]

Please run the following scanner and post back the logs.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
   
   
2. Attach.txt
   
   

• Save both reports to your desktop
  
  
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[Rich`]

Just tried again with database 4435 and still crashes.

DDS (Ver_10-03-17.01) - NTFSx86

Run by User20 at 2:37:45.01 on 08/16/2010 Mon

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1022.478 [GMT -6:00]

AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\TEVION Multimedia\PVR Plus\TVR\Scheduled.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe

C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoSKY Call Center\USBDRAM.exe

C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe

C:\Program Files\VoSKY Call Center\USBVoSKY.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

D:\mydata\Desktop\dds.scr

C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [FWBootup] c:\program files\vosky call center\USBDRAM.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H

mRun: [PVR Agent] c:\program files\tevion multimedia\pvr plus\tvr\Scheduled.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe

mRun: [Maxtor Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\user20\startm~1\programs\startup\usrobo~1.lnk - c:\program files\u.s. robotics\u.s. robotics usb phone\U.S.RoboticsUSBPhone.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~2.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

Trusted Zone: selfip.com\rondo

Trusted Zone: musicmatch.com\online

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279470304564

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.byu.edu/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user20\applic~1\mozilla\firefox\profiles\2wfpkmf3.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-14 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-14 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-14 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-14 60936]

R2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\common files\maxtor\schedule2\schedul2.exe [2008-6-27 431384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-3-6 26137]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-1-25 120472]

S2 Nmpdrv_N;PogoProducts Nmpdrv_N USB Controller Service;c:\windows\system32\drivers\Nmpdrv_N.sys [2008-8-15 10554]

S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-3-6 157648]

S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2010-1-19 75264]

=============== Created Last 30 ================

2010-08-15 06:19:42 146 ----a-w- c:\documents and settings\user20\defogger_reenable

2010-08-15 05:52:52 0 d-----w- c:\docume~1\user20\applic~1\Avira

2010-08-15 03:59:04 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-15 03:59:04 0 d-----w- c:\program files\Avira

2010-08-15 03:59:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-08-14 23:33:19 0 d-----w- c:\program files\Sun

2010-08-14 23:33:08 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-08-14 23:33:08 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-14 23:19:03 0 d-----w- c:\windows\system32\Adobe

2010-08-14 22:33:41 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-07-21 03:50:34 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-07-21 03:50:29 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-07-21 03:49:57 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-07-21 03:18:42 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-07-21 03:18:16 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2010-07-21 03:16:55 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2010-07-21 03:16:54 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys

2010-07-21 03:15:38 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-07-21 03:15:09 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys

2010-07-21 03:13:26 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys

2010-07-21 03:12:57 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys

2010-07-21 03:12:56 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys

2010-07-21 03:11:13 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys

2010-07-21 03:10:54 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys

2010-07-21 03:10:03 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll

2010-07-21 03:10:02 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll

2010-07-21 03:09:44 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys

2010-07-21 03:09:13 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys

2010-07-21 03:09:02 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll

2010-07-21 03:08:49 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys

2010-07-21 03:08:45 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys

2010-07-21 03:08:16 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll

2010-07-21 03:08:15 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys

2010-07-21 03:08:14 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys

2010-07-21 03:08:14 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll

2010-07-21 03:06:59 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys

2010-07-21 03:06:35 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys

2010-07-21 02:49:38 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys

2010-07-21 02:49:26 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys

2010-07-21 02:49:15 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys

2010-07-21 02:49:05 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2010-07-21 02:48:49 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys

2010-07-21 02:48:15 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys

2010-07-21 02:47:52 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-07-21 02:47:41 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll

2010-07-21 02:47:41 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll

2010-07-21 02:47:21 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll

2010-07-21 02:47:18 88192 ----a-w- c:\windows\system32\dllcache\irda.sys

2010-07-21 02:47:18 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe

2010-07-21 02:46:16 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2010-07-21 02:44:55 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys

2010-07-21 02:44:50 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys

2010-07-21 02:44:43 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys

2010-07-21 02:44:42 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys

2010-07-21 02:42:15 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax

2010-07-21 02:41:55 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys

2010-07-21 02:41:51 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2010-07-21 02:40:21 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll

2010-07-21 02:40:07 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys

2010-07-21 02:40:00 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys

2010-07-21 02:39:48 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2010-07-21 02:39:34 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll

2010-07-21 02:38:47 18432 ----a-w- c:\windows\system32\dllcache\bdaplgin.ax

2010-07-21 02:38:47 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys

2010-07-21 02:38:43 14208 ----a-w- c:\windows\system32\dllcache\battc.sys

2010-07-21 02:38:38 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys

2010-07-21 02:38:37 38912 ----a-w- c:\windows\system32\dllcache\avc.sys

2010-07-21 02:38:00 48128 ----a-w- c:\windows\system32\dllcache\61883.sys

2010-07-21 02:37:59 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys

2010-07-21 02:37:57 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys

2010-07-21 01:55:04 0 d-----w- C:\i386

2010-07-18 22:37:08 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat

2010-07-18 18:32:55 0 d-----w- c:\windows\ie8updates

2010-07-18 18:25:51 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-18 18:25:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-18 18:25:50 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-18 18:25:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-18 18:25:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-18 18:25:49 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-18 18:25:47 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-18 18:17:48 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-07-18 18:17:33 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-07-18 17:06:04 0 d-----w- c:\windows\system32\scripting

2010-07-18 17:06:03 0 d-----w- c:\windows\system32\en

2010-07-18 17:06:03 0 d-----w- c:\windows\l2schemas

2010-07-18 17:06:02 0 d-----w- c:\windows\system32\bits

2010-07-18 17:03:26 0 d-----w- c:\windows\ServicePackFiles

2010-07-18 17:01:36 0 d-----w- c:\windows\network diagnostic

2010-07-18 16:36:41 73216 ----a-w- c:\windows\system32\dllcache\atintuxx.sys

2010-07-18 16:25:25 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\dllcache\msxml3.dll

2008-09-05 07:25:57 170 ---ha-w- c:\program files\Virtual ChemLab 3.0uninst.dat

2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2007-12-17 13:43:00 27648 --sha-w- c:\windows\system32\Smab0.dll

2009-12-23 05:25:40 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2010-01-26 21:10:00 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-01-26 21:10:00 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-01-26 21:10:00 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 2:38:24.46 ===============

Attach.zip