i installed a bootskin program and i think it might be the problem.. i cant change my boot skin back to the default windows xp skin.. my computer runs slow.. it takes long from the time i click turn off my computer to the time the pop up shows with the shutdown options.. below is a hijack this file.. any help would be greatly appreciated...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:40 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144060445843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144300007921
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5897 bytes

Hello Hayan453,

Welcome to Geekstogo.

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Now

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next

Please download Runscanner to your desktop and run it.

• When the first page comes up select Beginner Mode
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
• On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
• Call the .run file after your forum name and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

Thanks alot for your help.. i did exactly what you said and here is the runscanner logfile:

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : LAPTOP
Creation time : 10/7/2008 5:07:12 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
* C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
* C:\DOCUME~1\CHADKA~1\LOCALS~1\Temp\~AceTemp\runscanner\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
* C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation)
* C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)

Unrated items
-------------
002 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
002 C:\Program Files\HPQ\Default Settings\cpqset.exe
002 C:\Program Files\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
010 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010 C:\Program Files\HPQ\SHARED\HPQWMI.exe (HP WMI Interface)
010 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService Direct Disc Labeling Service)
010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)
011 c:\windows\System32\drivers\vidstub.sys (BootScreen)
011 * C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR CDRom Filter)
011 C:\WINDOWS\system32\DRIVERS\mamotou.sys (mamotou)
011 C:\WINDOWS\system32\DRIVERS\MaVc2K.sys (MaVctrl)
011 C:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Motorola USB Modem Driver for MPT)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
042 GUID / CLSID not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
052 GUID / CLSID not found {201f27d4-3704-41d6-89c1-aa35e39143ed}
061 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}
061 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
061 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D25-7BD0-11D1-BFB7-00AA00262A11}
061 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D23-7BD0-11D1-BFB7-00AA00262A11}
066 C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
069 C:\WINDOWS\system32\CNMLM75.DLL (CANON INC.)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
100 ShellNext HKCU : http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
100 Start Page HKCU : http://myspace.com/
104 GUID / CLSID not found {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
105 &AOL Toolbar search : res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
170 {3a2c222c-cc34-11da-809b-0014a5238e78} : E:\setupSNK.exe
173 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
221 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
227 C:\Program Files\WinAce\arcext.dll (e-merge GmbH) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11}

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 c:\windows\system32\DRIVERS\motodrv.sys
011 c:\windows\system32\DRIVERS\motccgp.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
063 SsiEfr.e
073 C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

for some reason i cant get rid of TuneUp Utilities, even after i uninstalled it... could this be part of the problem? and after doing what you said some websites (including this one looks like the page doesn't have "style".. im using firefox if that helps... thanks again for taking the time out and helping me with this!

Ok nevermind the website thing it went back to normal.. haha

Hey hayan453,

Can you upload that .run file? Should have been saved it to your desktop in accordance with my earlier instructions.

This is how to do it if you are unsure.

To attach a file, do the following:

* Click Add Reply
* Under the reply panel is the Attachments Editor
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.

 hayan453.run ( 149.48K ) Number of downloads: 2

Hello hayan453,

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

• Save it to your desktop then double click the runscanner icon this will run the program.
• You will notice several entries in red and in blue.
• Click the button at the top called Fix selected items
• Accept the warning(s) and repeat until they are all gone.
• Reboot your PC

Now

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  * Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  * Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  * Now click on the Save as Text button:
• Save the file to your desktop.

Copy and paste that information in your next post.

Lastly in this post

• Download random's system information tool (RSIT) by random/random from here.
• It is important that is saved to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So when you return please post

• MBAM log
• Kaspersky scan results
• RSIT logs - Log.txt and info.log

If the reports don't fit on one post just use as many posts as you need, that's fine.
 hayan453fix.run ( 150.92K ) Number of downloads: 1

emeraldnzl i saved the fixed run file to my desktop and double clicked it but a "open with" box apeared asking me to choose a program to open it with.. and i dont know which one.. there isnt a runscanner option.. i'll try to download the programs like you requested in the mean time..

Logfile of random's system information tool 1.04 (written by random/random)
Run by Chad Kam at 2008-10-08 15:59:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (48%) free of 57 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:08 PM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Chad Kam\Desktop\RSIT.exe
C:\Program Files\trend micro\Chad Kam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144060445843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144300007921
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5950 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"LogonStudio"=C:\Program Files\LogonStudio\logonstudio.exe [2002-09-03 987187]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lanmanserver"=2
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1145342711\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1145342711\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a2c222c-cc34-11da-809b-0014a5238e78}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-10-08 15:59:41 ----D---- C:\Program Files\trend micro
2008-10-08 15:59:38 ----D---- C:\rsit
2008-10-07 17:02:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-07 17:02:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-07 17:02:20 ----A---- C:\WINDOWS\system32\java.exe
2008-10-05 23:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-05 18:51:07 ----D---- C:\Program Files\Stardock
2008-10-05 16:46:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-03 21:31:07 ----D---- C:\Documents and Settings\Chad Kam\Application Data\GlarySoft
2008-10-03 20:02:07 ----D---- C:\Documents and Settings\Chad Kam\Application Data\Malwarebytes
2008-10-03 20:02:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-03 20:02:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 06:25:33 ----D---- C:\Program Files\Common Files\Stardock
2008-10-03 06:25:32 ----D---- C:\Program Files\BootSkin
2008-10-03 06:25:30 ----D---- C:\Program Files\muvee Technologies
2008-10-03 06:25:05 ----D---- C:\Program Files\Pure Networks
2008-10-03 06:25:05 ----D---- C:\Program Files\MSN Encarta Plus
2008-10-03 06:25:05 ----D---- C:\Program Files\MSN
2008-10-03 06:24:52 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-02 20:05:12 ----D---- C:\WINDOWS\Prefetch
2008-10-02 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-02 20:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-02 20:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-02 20:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-02 20:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-02 20:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-02 20:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-02 20:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-02 20:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-02 20:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-02 20:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-02 19:59:56 ----D---- C:\WINDOWS\LastGood(2)
2008-10-02 19:55:31 ----D---- C:\WINDOWS\system32\scripting
2008-10-02 19:55:29 ----D---- C:\WINDOWS\system32\en
2008-10-02 19:55:29 ----D---- C:\WINDOWS\system32\bits
2008-10-02 19:55:29 ----D---- C:\WINDOWS\l2schemas
2008-10-02 19:55:29 ----D---- C:\Program Files\MSN(2)
2008-10-02 19:53:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-02 19:47:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-02 19:47:30 ----D---- C:\WINDOWS\EHome
2008-09-26 17:24:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-26 17:24:33 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-26 17:24:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-26 17:24:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-26 17:24:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-26 17:24:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-26 17:24:12 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-26 17:24:11 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-26 17:24:09 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-26 17:24:09 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-26 17:24:09 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-26 17:24:09 ----N---- C:\WINDOWS\slrundll.exe
2008-09-26 17:24:08 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-26 17:24:08 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-26 17:24:04 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-26 17:24:00 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-26 17:23:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-26 17:23:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-26 17:23:54 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-26 17:23:51 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-26 17:23:51 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-26 17:23:51 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-26 17:23:48 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-26 17:23:45 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-26 17:23:41 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-26 17:23:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-26 17:23:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-26 17:23:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-26 17:23:30 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-26 17:23:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-26 17:23:29 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-26 17:23:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-26 17:23:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-26 17:23:09 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-26 17:23:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-26 17:23:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-26 17:23:09 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-26 17:22:50 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-26 17:22:49 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-26 17:22:49 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-26 17:22:49 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-26 17:22:49 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-26 17:22:48 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-26 17:22:35 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-26 17:22:28 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-26 17:22:28 ----A---- C:\WINDOWS\002691_.tmp
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-26 17:22:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-26 17:22:25 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-26 17:22:25 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-26 17:22:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-26 17:22:21 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-26 17:22:21 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-26 17:22:20 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-26 17:22:17 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-26 17:22:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-26 17:22:10 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-26 17:22:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-26 17:22:08 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-26 17:22:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-26 17:22:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-17 20:10:30 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-13 22:04:19 ----D---- C:\Documents and Settings\Chad Kam\Application Data\FrostWire
2008-09-13 22:04:08 ----D---- C:\Program Files\FrostWire
2008-09-11 02:18:18 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll
2008-09-09 18:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-09 18:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 1 months======

2008-10-08 15:59:43 ----D---- C:\WINDOWS\Internet Logs
2008-10-08 15:59:41 ----RD---- C:\Program Files
2008-10-08 15:41:34 ----D---- C:\Program Files\Mozilla Firefox
2008-10-07 22:40:44 ----D---- C:\WINDOWS\Temp
2008-10-07 17:25:33 ----D---- C:\WINDOWS
2008-10-07 17:05:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 17:02:55 ----SHD---- C:\WINDOWS\Installer
2008-10-07 17:02:23 ----HD---- C:\Config.Msi
2008-10-07 17:02:20 ----D---- C:\WINDOWS\system32
2008-10-07 17:02:20 ----D---- C:\Program Files\Java
2008-10-06 20:42:03 ----A---- C:\WINDOWS\LogonStudio.ini
2008-10-06 20:40:33 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-06 19:37:02 ----ASH---- C:\boot.ini
2008-10-06 19:31:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-06 19:27:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-05 23:13:47 ----HD---- C:\WINDOWS\inf
2008-10-05 23:13:47 ----D---- C:\WINDOWS\system32\drivers
2008-10-05 23:09:29 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-05 23:06:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-05 16:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-05 16:47:23 ----D---- C:\Program Files\Lavasoft
2008-10-05 16:46:37 ----D---- C:\Program Files\Common Files
2008-10-05 16:12:00 ----D---- C:\Documents and Settings\Chad Kam\Application Data\Lavasoft
2008-10-05 13:29:48 ----A---- C:\WINDOWS\win.ini
2008-10-05 13:29:48 ----A---- C:\WINDOWS\system.ini
2008-10-04 23:00:26 ----SD---- C:\WINDOWS\Tasks
2008-10-04 21:12:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-03 21:35:09 ----D---- C:\WINDOWS\system32\config
2008-10-03 19:37:21 ----SD---- C:\Documents and Settings\Chad Kam\Application Data\Microsoft
2008-10-03 17:28:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 15:59:15 ----D---- C:\WINDOWS\system32\wbem
2008-10-03 15:59:15 ----D---- C:\WINDOWS\Registration