Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Computer is so slow.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Computer is so slow.

Unread postby leon32 » July 10th, 2008, 10:19 am

Hi sir..
My computer is so slow lately.
Here is my hijackthis log.
Thanks for your help..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:53 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meridian.edu.al/
O2 - BHO: (no name) - {1FE4BFC2-60DB-461C-B734-1D40F120299A} - C:\WINDOWS\system32\rqRJdccd.dll
O2 - BHO: (no name) - {2B6DC29C-C0DF-40FF-A777-4FA78D90AA74} - (no file)
O2 - BHO: (no name) - {2BBA5162-3B92-40D3-9AD5-4C9A1DD062C6} - C:\WINDOWS\system32\iifDuuTK.dll (file missing)
O2 - BHO: (no name) - {2FC33457-94B7-4A78-903F-CCF8D50FB693} - C:\WINDOWS\system32\xxyxWPjg.dll (file missing)
O2 - BHO: (no name) - {370962E4-9468-40A8-82FB-8A9FE477E8C5} - C:\WINDOWS\system32\tuvUNfDs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {81E956D2-1105-4CC4-95C1-76B0CFFFA713} - (no file)
O2 - BHO: (no name) - {A26087C3-36C8-4B9A-A51E-CAECB6D6115D} - (no file)
O2 - BHO: (no name) - {B9C94EAC-657C-428C-B749-465249972B1F} - (no file)
O2 - BHO: (no name) - {C7A85B72-FBDD-4BB2-B5CA-14E93F0F8818} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bc3e1618] rundll32.exe "C:\WINDOWS\system32\vuljgvpk.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5529082375
O20 - Winlogon Notify: rqRJdccd - C:\WINDOWS\SYSTEM32\rqRJdccd.dll
O21 - SSODL: axrfgvek - {E66DC6AE-5631-4420-90EB-5D22D58249C4} - C:\WINDOWS\axrfgvek.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5550 bytes
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am
Advertisement
Register to Remove

Re: My Computer is so slow.

Unread postby chryssi2001 » July 10th, 2008, 2:00 pm

Hello leon32,

I will be assisting you with your malware issues.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
----------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.
----------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
----------------------------------------------
Post back:
SDFix report.
Combofix report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 11th, 2008, 5:57 am

Hi..
Here is my New Hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:39 AM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5529082375
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3872 bytes

Here is my Sdfix Txt.

SDFix: Version 1.204
Run by X on Fri 07/11/2008 at 09:36 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting

Service {DEF85C80-216A-43AB-AF70-1665EDBE2780} - Deleted
Service grande48 - Deleted

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\rqRJdccd.dll - Deleted
C:\DOCUME~1\X\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
C:\DOCUME~1\X\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\X\LOCALS~1\Temp\media.php.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 09:48:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94106550]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a94106550]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"="C:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe:*:Enabled:Voipwise"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Swapper\\swapper.exe"="C:\\Program Files\\Swapper\\swapper.exe:*:Enabled:swapper"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"="C:\\Program Files\\LowRateVoip\\LowRateVoip.exe:*:Enabled:LowRateVoip"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 12 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 18 May 2007 645,120 A..H. --- "C:\Documents and Settings\X\Desktop\KURS\English\Opportunities placement\~WRL3095.tmp"

Finished!


Here is Combo fix Txt.

ComboFix 08-07-10.1 - X 2008-07-11 11:38:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT 2:00]
Running from: G:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dadgetrb.ini
C:\WINDOWS\system32\dldadcus.ini
C:\WINDOWS\system32\gjPWxyxx.ini
C:\WINDOWS\system32\gjPWxyxx.ini2
C:\WINDOWS\system32\hbcirwql.ini
C:\WINDOWS\system32\hptvcgby.ini
C:\WINDOWS\system32\ipeigfyq.ini
C:\WINDOWS\system32\kptlhwuq.ini
C:\WINDOWS\system32\kpvgjluv.ini
C:\WINDOWS\system32\KTuuDfii.ini
C:\WINDOWS\system32\KTuuDfii.ini2
C:\WINDOWS\system32\lducycfw.dll
C:\WINDOWS\system32\lqwricbh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnmMeET.dll
C:\WINDOWS\system32\qyfgiepi.dll
C:\WINDOWS\system32\sDfNUvut.ini
C:\WINDOWS\system32\sDfNUvut.ini2
C:\WINDOWS\system32\sucdadld.dll
C:\WINDOWS\system32\TEeMmnpo.ini
C:\WINDOWS\system32\TEeMmnpo.ini2
C:\WINDOWS\system32\vfhkmqdo.ini
C:\WINDOWS\system32\wfcycudl.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{def85c80-216a-43ab-af70-1665edbe2780}


((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-11 11:41 . 2008-07-11 11:41 268 --ah----- C:\sqmdata03.sqm
2008-07-11 11:41 . 2008-07-11 11:41 244 --ah----- C:\sqmnoopt03.sqm
2008-07-11 11:28 . 2008-07-11 11:28 268 --ah----- C:\sqmdata02.sqm
2008-07-11 11:28 . 2008-07-11 11:28 244 --ah----- C:\sqmnoopt02.sqm
2008-07-11 09:25 . 2008-07-11 09:25 268 --ah----- C:\sqmdata01.sqm
2008-07-11 09:25 . 2008-07-11 09:25 244 --ah----- C:\sqmnoopt01.sqm
2008-07-11 09:16 . 2008-07-11 09:16 268 --ah----- C:\sqmdata00.sqm
2008-07-11 09:16 . 2008-07-11 09:16 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 09:14 . 2008-07-11 09:50 <DIR> d-------- C:\SDFix
2008-07-10 10:52 . 2008-07-10 10:52 <DIR> d-------- C:\VundoFix Backups
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Program Files\Avira
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 15:42 . 2008-07-07 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-05 16:30 . 2008-07-05 16:35 <DIR> d-------- C:\Documents and Settings\X\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-11 09:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-11 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 07:52 --------- d-----w C:\Program Files\LowRateVoip
2008-07-05 18:17 --------- d-----w C:\Documents and Settings\X\Application Data\Babylon
2008-07-05 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-12 20:26 --------- d-----w C:\Program Files\Paltalk Messenger
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-05-29 17:26 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-05-29 17:14 114688]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 17:19 638976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-05 14:37 3166432]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-57989841-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\DOCUME~1\X\LOCALS~1\Temp\xp.cmd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 13:08 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
--a------ 2008-01-25 16:36 8897848 C:\Program Files\LowRateVoip\LowRateVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility

S3 snp2std;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 17:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b1a596-0c6d-11dd-a4bf-00023fd00fc2}]
\Shell\AutoRun\command - G:\kxax.cmd
\Shell\explore\Command - G:\kxax.cmd
\Shell\open\Command - G:\kxax.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a77302-fce7-11dc-a472-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e01ef2b-0227-11dd-a489-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c5b6a7-24c2-11dd-a51b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1e09ba-3e94-11dd-a559-00023fd00fc2}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549252a9-0162-11dd-a487-00023fd00fc2}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfde8ee-3854-11dd-a54b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730033f-0f82-11dd-a4d0-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae892cd-2577-11dd-a51f-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f895b0-1110-11dd-a4d3-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab2ae44-4dd7-11dd-a57c-00023fd00fc2}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb9fcece-fb27-11dc-a468-00023fd00fc2}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ed57ef-2189-11dd-a517-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db9c4a-0d31-11dd-a4c2-00023fd00fc2}]
\shell\auto\command - auto.exe
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\command - d.com
\shell\open\command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c98-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c99-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c9a-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

.
- - - - ORPHANS REMOVED - - - -

BHO-{2BBA5162-3B92-40D3-9AD5-4C9A1DD062C6} - C:\WINDOWS\system32\iifDuuTK.dll
BHO-{2FC33457-94B7-4A78-903F-CCF8D50FB693} - C:\WINDOWS\system32\xxyxWPjg.dll
BHO-{370962E4-9468-40A8-82FB-8A9FE477E8C5} - C:\WINDOWS\system32\tuvUNfDs.dll
HKCU-Run-DriverUpdaterPro - C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-bc3e1618 - C:\WINDOWS\system32\lducycfw.dll
MSConfigStartUp-voipwise - C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 11:44:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-11 11:49:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 09:49:26

Pre-Run: 10,602,999,808 bytes free
Post-Run: 10,510,471,168 bytes free

208
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 11th, 2008, 9:15 am

Hello leon32,

Thanks for the reports.

I am at work now, and i can't check properly your reports, but your HijackThis log looks a lot better.

Untill i am able to check your reports and be back please download Recovery Console, and post a new HijackThis as per my instructions.

I'll be back asap.
----------------------------------------------
RECOVERY CONSOLE

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'No' to Exit.
Image
----------------------------------------------
RENAME HIJACKTHIS

There is some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 11th, 2008, 9:58 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:02 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meridian.edu.al/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5529082375
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4005 bytes


ComboFix 08-07-10.1 - X 2008-07-11 15:47:02.2 - NTFSx86
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\X\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-11 15:45 . 2008-07-11 15:45 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-11 11:41 . 2008-07-11 11:41 268 --ah----- C:\sqmdata03.sqm
2008-07-11 11:41 . 2008-07-11 11:41 244 --ah----- C:\sqmnoopt03.sqm
2008-07-11 11:28 . 2008-07-11 11:28 268 --ah----- C:\sqmdata02.sqm
2008-07-11 11:28 . 2008-07-11 11:28 244 --ah----- C:\sqmnoopt02.sqm
2008-07-11 09:25 . 2008-07-11 09:25 268 --ah----- C:\sqmdata01.sqm
2008-07-11 09:25 . 2008-07-11 09:25 244 --ah----- C:\sqmnoopt01.sqm
2008-07-11 09:16 . 2008-07-11 09:16 268 --ah----- C:\sqmdata00.sqm
2008-07-11 09:16 . 2008-07-11 09:16 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 09:14 . 2008-07-11 09:50 <DIR> d-------- C:\SDFix
2008-07-10 10:52 . 2008-07-10 10:52 <DIR> d-------- C:\VundoFix Backups
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Program Files\Avira
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 15:42 . 2008-07-07 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-05 16:30 . 2008-07-05 16:35 <DIR> d-------- C:\Documents and Settings\X\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-11 09:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-11 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 07:52 --------- d-----w C:\Program Files\LowRateVoip
2008-07-05 18:17 --------- d-----w C:\Documents and Settings\X\Application Data\Babylon
2008-07-05 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-12 20:26 --------- d-----w C:\Program Files\Paltalk Messenger
.

((((((((((((((((((((((((((((( snapshot@2008-07-11_11.48.53.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-11 13:45:21 7,188 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{789F70DE-A5C4-47C8-9435-E88BB8CD05C5}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-05-29 17:26 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-05-29 17:14 114688]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 17:19 638976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-05 14:37 3166432]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-57989841-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\DOCUME~1\X\LOCALS~1\Temp\xp.cmd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 13:08 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
--a------ 2008-01-25 16:36 8897848 C:\Program Files\LowRateVoip\LowRateVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility

S3 snp2std;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 17:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b1a596-0c6d-11dd-a4bf-00023fd00fc2}]
\Shell\AutoRun\command - G:\kxax.cmd
\Shell\explore\Command - G:\kxax.cmd
\Shell\open\Command - G:\kxax.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a77302-fce7-11dc-a472-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e01ef2b-0227-11dd-a489-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c5b6a7-24c2-11dd-a51b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1e09ba-3e94-11dd-a559-00023fd00fc2}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549252a9-0162-11dd-a487-00023fd00fc2}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfde8ee-3854-11dd-a54b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730033f-0f82-11dd-a4d0-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae892cd-2577-11dd-a51f-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f895b0-1110-11dd-a4d3-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab2ae44-4dd7-11dd-a57c-00023fd00fc2}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb9fcece-fb27-11dc-a468-00023fd00fc2}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ed57ef-2189-11dd-a517-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db9c4a-0d31-11dd-a4c2-00023fd00fc2}]
\shell\auto\command - auto.exe
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\command - d.com
\shell\open\command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c98-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c99-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c9a-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 15:50:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 15:53:03
ComboFix-quarantined-files.txt 2008-07-11 13:52:37
ComboFix2.txt 2008-07-11 09:49:54

Pre-Run: 10,445,148,160 bytes free
Post-Run: 10,393,493,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

172
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 11th, 2008, 1:18 pm

Hello leon32,

Some questions for you before we move one.

1. Did you set this site as your Start page?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meridian.edu.al/

2. Do you use any Flash Drives on this pc?
What are these? H:\ F:\ G:\

Flash Drive? External Hard Drive? Additional Hard Drive?

3. Do you know what is this program? Can you recognise the name?
C:\Documents and Settings\X\Application Data\zweitgeist
-------------------------------------------------
I see you have Paltalk Messenger messenger installed.
Have some read about the program here and decide if you will
uninstall it.
-------------------------------------------------
Please answer back to my 3 questions.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 12th, 2008, 3:03 am

Hi..
My answers to your questions.
1) http://www.meridian.edu.al I set this site as my start page.
2) I use flash drives and external hard drive. C and D are my local Disks.E is my DVD-RW Drive.When i use a flash drive in is on F.
3) I dont know what that program is.I dont have any idea about zweitgeist.
I have uninstalled Paltalk messenger.
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 12th, 2008, 9:55 am

Ok, F:\ is your Flash Drive. So what are G:\ and H:\?

All those drives are infected.
I want you to use the tool below for all of them and for all movable devices. If necessary run the tool more than once, so you will use it for every drive.
After you do that, keep them all away from the pc.

If one of them is not portable, just let me know.
----------------------------------------------
Flash_Disinfector FOR XP

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
----------------------------------------------
Run again Combofix and post back the report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 12th, 2008, 11:08 am

Hi.
I have downloaded flash disinfector and scanned my flash disks and one external hard drive.
Here is my new log.txt
ComboFix 08-07-10.1 - X 2008-07-12 17:00:23.3 - NTFSx86
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 11:41 . 2008-07-11 11:41 268 --ah----- C:\sqmdata03.sqm
2008-07-11 11:41 . 2008-07-11 11:41 244 --ah----- C:\sqmnoopt03.sqm
2008-07-11 11:28 . 2008-07-11 11:28 268 --ah----- C:\sqmdata02.sqm
2008-07-11 11:28 . 2008-07-11 11:28 244 --ah----- C:\sqmnoopt02.sqm
2008-07-11 09:25 . 2008-07-11 09:25 268 --ah----- C:\sqmdata01.sqm
2008-07-11 09:25 . 2008-07-11 09:25 244 --ah----- C:\sqmnoopt01.sqm
2008-07-11 09:16 . 2008-07-11 09:16 268 --ah----- C:\sqmdata00.sqm
2008-07-11 09:16 . 2008-07-11 09:16 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 09:14 . 2008-07-11 09:50 <DIR> d-------- C:\SDFix
2008-07-10 10:52 . 2008-07-10 10:52 <DIR> d-------- C:\VundoFix Backups
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Program Files\Avira
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 15:42 . 2008-07-07 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-05 16:30 . 2008-07-05 16:35 <DIR> d-------- C:\Documents and Settings\X\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-12 06:55 --------- d-----w C:\Program Files\Paltalk Messenger
2008-07-12 06:55 --------- d-----w C:\Documents and Settings\X\Application Data\Paltalk
2008-07-11 09:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-11 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 07:52 --------- d-----w C:\Program Files\LowRateVoip
2008-07-05 18:17 --------- d-----w C:\Documents and Settings\X\Application Data\Babylon
2008-07-05 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-11_11.48.53.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 09:43:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 06:48:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-03 21:56:50 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-03 21:56:52 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2003-07-07 12:36:00 2,058,343 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-08 10:48:00 115,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
- 2008-07-08 15:14:28 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-11 15:35:34 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-08 15:14:28 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-11 15:35:34 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-08 15:14:28 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-11 15:35:34 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-08 15:14:28 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-11 15:35:33 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-08 15:14:28 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-11 15:35:34 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-08 15:14:29 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-11 15:35:34 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-08 15:14:29 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-11 15:35:35 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-08 15:14:29 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-11 15:35:35 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-08 15:14:28 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-11 15:35:34 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-08 15:14:28 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-11 15:35:33 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-08 15:14:29 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-11 15:35:35 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-08 15:14:27 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-11 15:35:33 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-08 15:14:27 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-11 15:35:33 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-08-03 21:56:42 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-03 21:56:42 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-03 21:56:48 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-03 21:56:42 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-03 21:56:42 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-03 21:56:42 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-03 21:56:42 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-03 21:56:42 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-03 21:56:42 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-03 21:56:42 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-03 21:56:42 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-03 21:56:42 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-03 21:56:42 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-03 21:56:42 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-03 21:56:42 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2001-08-23 15:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-03 21:56:42 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-03 21:56:42 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2004-08-03 21:56:42 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-03 21:56:44 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-03 21:39:38 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
- 2004-08-03 21:56:42 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-03 21:56:42 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-03 21:56:48 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-03 21:56:42 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:09:29 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-03 21:56:42 1,016,832 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-03 21:10:38 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2004-08-03 21:56:42 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-03 21:56:42 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2004-08-03 21:56:42 150,528 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-03 21:56:42 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-08-03 21:56:42 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-03 21:56:42 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-03 21:56:42 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-03 21:56:42 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-03 21:56:42 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-03 21:56:42 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2001-08-23 15:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-03 21:56:42 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-03 21:56:42 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2004-08-03 21:56:42 1,053,696 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-03 21:56:44 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-03 21:56:44 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2004-08-03 21:56:44 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2004-08-03 21:56:44 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-03 21:56:44 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-03 21:56:44 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-22 02:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2004-08-03 21:56:44 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-03 21:56:44 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-03 21:56:44 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:39:45 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2004-08-03 21:56:44 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:20:03 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2004-08-03 21:56:50 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2004-08-03 21:56:44 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-03 21:56:44 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-03 21:56:50 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-03 20:01:20 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2001-08-23 15:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-03 21:56:44 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-08-03 21:56:52 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-03 21:56:44 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2001-08-23 15:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2004-08-03 21:56:44 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2004-08-03 21:56:52 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-03 21:56:44 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-03 21:56:44 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-03 21:56:44 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-03 21:56:44 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-08-03 20:04:52 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-03 21:56:44 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:04:27 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2004-08-03 21:56:44 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:04:27 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:47:07 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:47:07 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2004-08-03 21:56:44 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-03 21:56:44 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-03 21:56:44 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:49:30 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-03 21:56:44 983,552 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-03 22:07:50 171,776 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2004-08-03 21:56:44 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-03 21:56:44 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-03 21:56:44 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2001-08-23 15:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-03 21:56:44 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-03 21:56:52 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2004-08-03 19:58:22 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-03 21:56:44 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-03 21:56:44 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-03 21:56:44 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-03 21:56:44 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-03 21:56:44 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-03 21:56:44 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-03 21:56:44 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-03 21:56:44 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-03 20:00:58 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-03 21:56:44 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:44:21 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-03 21:56:44 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-03 21:56:44 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-03 21:56:44 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-03 21:56:44 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-03 21:56:44 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-03 21:56:44 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-03 21:56:44 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-03 21:56:44 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-03 21:56:44 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-03 21:56:44 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-03 21:56:44 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-03 21:56:44 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2005-05-04 13:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-03 21:56:44 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 08:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-03 21:56:44 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-03 21:56:44 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-03 21:56:44 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-03 21:56:44 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-03 21:56:44 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-03 21:56:44 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:12:08 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-08-03 21:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-03 21:56:44 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-03 21:56:44 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-03 21:56:44 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-03 21:56:44 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-03 21:56:44 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-03 21:56:44 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-03 21:56:46 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-03 21:56:46 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-03 21:56:46 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-03 21:56:46 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-03 21:56:46 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-08-03 21:56:46 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2004-08-03 21:56:46 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:28:27 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2004-08-03 21:56:46 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2005-08-22 18:29:46 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2004-08-03 21:56:46 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-29 14:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-08-03 20:15:10 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2001-08-23 15:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 -c--a-w C:\WINDOWS\system32\dllcache\nwapi32.dll
- 2004-08-03 21:56:46 144,384 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-08-03 20:02:24 163,584 -c--a-w C:\WINDOWS\system32\dllcache\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 -c--a-w C:\WINDOWS\system32\dllcache\nwrdr.sys
- 2004-08-03 21:56:46 64,000 -c--a-w C:\WINDOWS\system32\dllcache\nwwks.dll
+ 2006-10-13 12:35:12 65,536 -c--a-w C:\WINDOWS\system32\dllcache\nwwks.dll
- 2004-08-03 21:56:46 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-03 21:56:46 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2001-08-23 15:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:39:48 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2001-08-23 15:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2001-08-23 15:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2004-08-03 21:56:46 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-03 21:56:46 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-03 21:56:46 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:06:30 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-03 21:56:46 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-03 21:56:46 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:47:18 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-03 20:20:08 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-03 22:01:10 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-03 21:56:46 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2001-08-23 15:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-03 21:56:46 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-03 21:56:46 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:39:49 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-03 21:56:46 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2004-08-03 21:56:46 1,483,264 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-03 21:56:46 8,384,000 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-08-03 21:56:46 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-03 21:56:46 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2004-08-03 22:07:48 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c--a-w C:\WINDOWS\system32\dllcache\splitter.sys
- 2004-08-03 21:56:58 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-03 20:14:46 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-03 21:56:46 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2004-08-03 21:56:46 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-21 07:52:08 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2004-08-03 21:56:48 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-10-19 13:56:32 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2004-08-03 21:56:48 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:14:46 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-03 21:56:48 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-03 21:56:58 75,264 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-05-10 23:45:48 75,776 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2004-08-03 21:56:48 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:39:49 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-03 21:56:48 118,272 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2004-08-03 19:58:34 209,408 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-04-23 10:32:54 364,160 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
- 2004-08-03 21:56:48 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2004-08-03 21:56:48 601,088 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-03 21:56:48 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:36:28 577,536 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-03 21:56:48 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-03 21:56:48 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-03 21:56:48 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:12 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-03 21:56:48 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:12:15 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2004-08-03 22:15:06 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
- 2004-08-03 21:56:48 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:35:05 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2004-08-03 21:56:48 333,312 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2004-08-03 20:17:42 1,835,904 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-03 21:56:48 656,384 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-03 21:56:48 290,816 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:43:01 292,864 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2004-08-03 21:56:48 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 15:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-03 21:56:48 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-03 21:56:48 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-03 21:56:44 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 21:56:44 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-03 21:39:38 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2004-08-03 20:01:20 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-08-03 20:00:14 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-03 20:04:52 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-03 22:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-03 19:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-03 20:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-03 20:15:18 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-03 20:15:10 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-03 20:02:24 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
- 2004-08-03 20:20:08 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-03 22:01:10 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2001-08-23 15:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-07-17 08:36:38 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-03 22:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-03 20:14:46 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-03 19:58:34 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-03 22:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-03 21:56:44 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-22 02:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-03 21:56:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-03 21:56:44 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-03 21:56:44 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-03 21:56:44 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-03 21:56:44 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-03 21:56:44 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-03 21:56:50 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-07-07 07:55:52 251,088 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-11 15:59:27 251,088 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-23 15:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-03 21:56:44 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-08-03 21:56:44 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-23 15:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-03 21:56:44 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-08-03 21:56:44 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2004-08-03 21:56:44 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-03 21:56:44 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-03 21:56:44 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-03 21:56:44 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-03 21:56:44 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-03 21:56:44 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-23 15:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:47:07 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2001-08-23 15:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:47:07 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-03 21:56:44 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-03 21:56:44 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-03 21:56:44 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-03 21:56:44 983,552 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-03 21:56:44 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-03 21:56:44 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-03 21:56:44 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2001-08-23 15:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-03 21:56:44 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-03 21:56:44 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-03 21:56:44 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-03 21:56:44 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-03 21:56:44 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-03 21:56:44 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-03 21:56:44 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-03 21:56:44 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-03 21:56:44 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2004-08-03 21:56:44 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-03 21:56:44 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-03 21:56:44 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-03 21:56:44 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-03 21:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-03 21:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-03 21:56:44 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-03 21:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-03 21:56:44 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-05-04 13:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 21:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 08:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-03 21:56:44 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-03 21:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-03 21:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-03 21:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-03 21:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-03 21:56:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-03 21:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-03 21:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-03 21:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-03 21:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-03 21:56:44 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-03 21:56:46 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-03 21:56:46 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-03 21:56:46 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2004-08-03 21:56:46 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-03 21:56:46 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-03 21:56:46 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-03 21:56:46 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-03 21:56:46 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-03 22:05:44 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-03 20:20:00 2,180,992 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-23 15:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-08-03 21:56:46 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-03 21:56:46 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-08-03 21:56:46 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-03 21:56:46 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-23 15:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-23 15:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2001-08-23 15:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-07-09 17:39:03 59,842 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-11 16:02:17 59,842 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-09 17:39:03 395,768 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-11 16:02:17 395,768 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-03 21:56:46 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-03 21:56:46 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-03 21:56:46 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-03 21:56:46 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-03 21:56:46 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-03 21:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-03 21:56:46 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-03 21:56:46 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-03 21:56:46 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-03 21:56:46 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-03 21:56:46 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 21:56:46 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2008-03-20 12:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-03 21:56:58 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-03 21:56:46 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-03 21:56:46 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 07:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-03 21:56:48 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-03 21:56:48 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-03 21:56:48 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-03 21:56:58 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-03 21:56:48 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-03 21:56:48 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-03 21:56:48 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-03 21:56:48 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-03 21:56:48 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-03 21:56:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
- 2004-08-03 21:56:48 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-03 21:56:48 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-03 20:17:42 1,835,904 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-03 21:56:48 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-03 21:56:48 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2005-01-28 12:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 15:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-03 21:56:48 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 00:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
- 2005-01-28 12:44:28 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-03 21:56:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-05-29 17:26 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-05-29 17:14 114688]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 17:19 638976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-05 14:37 3166432]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-57989841-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\DOCUME~1\X\LOCALS~1\Temp\xp.cmd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 13:08 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
--a------ 2008-01-25 16:36 8897848 C:\Program Files\LowRateVoip\LowRateVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility

S3 snp2std;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 17:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b1a596-0c6d-11dd-a4bf-00023fd00fc2}]
\Shell\AutoRun\command - G:\kxax.cmd
\Shell\explore\Command - G:\kxax.cmd
\Shell\open\Command - G:\kxax.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a77302-fce7-11dc-a472-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e01ef2b-0227-11dd-a489-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c5b6a7-24c2-11dd-a51b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1e09ba-3e94-11dd-a559-00023fd00fc2}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549252a9-0162-11dd-a487-00023fd00fc2}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfde8ee-3854-11dd-a54b-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730033f-0f82-11dd-a4d0-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae892cd-2577-11dd-a51f-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f895b0-1110-11dd-a4d3-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab2ae44-4dd7-11dd-a57c-00023fd00fc2}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb9fcece-fb27-11dc-a468-00023fd00fc2}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ed57ef-2189-11dd-a517-00023fd00fc2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nohack.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db9c4a-0d31-11dd-a4c2-00023fd00fc2}]
\shell\auto\command - auto.exe
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\command - d.com
\shell\open\command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c98-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c99-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c9a-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 17:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 17:05:39
ComboFix-quarantined-files.txt 2008-07-12 15:05:25
ComboFix2.txt 2008-07-11 13:53:05
ComboFix3.txt 2008-07-11 09:49:54

Pre-Run: 4,950,671,360 bytes free
Post-Run: 4,975,292,416 bytes free

876 --- E O F --- 2008-07-12 14:03:58
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 12th, 2008, 12:53 pm

Hello leon32,

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\Windows\nohack.vbs
    G:\kxax.cmd
    G:\y82td3td.com
    F:\00hoeav.com
    F:\00hoeav.com
    F:\RavMon.exe
    H:\ntde1ect.com
    G:\d.com
    G:\auto.exe
    G:\wscript.exe .\.vbs
    G:\6x8be16.cmd
    F:\d.com
    F:\auto.exe
    F:\wscript.exe .\.vbs
    F:\6x8be16.cmd
    H:\d.com
    H:\auto.exe
    H:\wscript.exe .\.vbs
    H:\6x8be16.cmd
    
    Folder::
    C:\VundoFix Backups
    C:\Documents and Settings\X\Application Data\zweitgeist
    C:\Program Files\Paltalk Messenger
    C:\Documents and Settings\X\Application Data\Paltalk
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
    C:\WINDOWS\pss\PalTalk.lnkCommon Startup
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b1a596-0c6d-11dd-a4bf-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04a77302-fce7-11dc-a472-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e01ef2b-0227-11dd-a489-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c5b6a7-24c2-11dd-a51b-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1e09ba-3e94-11dd-a559-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{549252a9-0162-11dd-a487-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cfde8ee-3854-11dd-a54b-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730033f-0f82-11dd-a4d0-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aae892cd-2577-11dd-a51f-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6f895b0-1110-11dd-a4d3-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab2ae44-4dd7-11dd-a57c-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb9fcece-fb27-11dc-a468-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6ed57ef-2189-11dd-a517-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db9c4a-0d31-11dd-a4c2-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c99-4367-11dd-a55e-00023fd00fc2}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c9a-4367-11dd-a55e-00023fd00fc2}]
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------
Post back:
Combofix report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 12th, 2008, 1:24 pm

Hi
I did what u have told me.
Thanks for your help and time.

ComboFix 08-07-10.1 - X 2008-07-12 19:16:49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT 2:00]
Running from: C:\Documents and Settings\X\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\nohack.vbs
F:\00hoeav.com
F:\6x8be16.cmd
F:\auto.exe
F:\d.com
F:\RavMon.exe
F:\wscript.exe .\.vbs
G:\6x8be16.cmd
G:\auto.exe
G:\d.com
G:\kxax.cmd
G:\wscript.exe .\.vbs
G:\y82td3td.com
H:\6x8be16.cmd
H:\auto.exe
H:\d.com
H:\ntde1ect.com
H:\wscript.exe .\.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\X\Application Data\Paltalk
C:\Documents and Settings\X\Application Data\Paltalk\groups\leonar42\betaList3.txt
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\10288029_1213284833000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\10352327_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\10980701_1176009012000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\11067453_1202183954000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\11552115_1210545693000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\11591009_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\11858119_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\12536059_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\13148355_1214339631000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\13195989_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\13799195_1215336450000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\14617081_1212593938000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\14628975_1200350698000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\14889845_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\14993634_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\15146103_1205368387000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\1538509_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\15876509_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\16251252_1211128456000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\1679404_1204137114000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\17249651_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\18314498_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\1872638_1211015068000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\19693170_1192131143000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\19761491_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\19864309_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\20926317_1215325574000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\21179186_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\21235134_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\21501936_1201917186000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22024197_1209420483000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22345360_1204679973000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22582384_1214610309000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22746909_1176024706000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22782790_1202608324000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\22831594_1207730373000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\23097970_1209902402000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\23283199_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\23368172_1213775278000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24038324_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24265353_1188956437000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24432812_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24485084_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24609478_1211070619000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\24839727_1210294894000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\25738776_1179445587000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\25893518_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\25995564_1210631446000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\26252535_1209863564000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\26305326_1210975325000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\26442652_1211236231000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\26676092_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27024313_1198718194000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27106318_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27313532_1197477762000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27819477_1201102089000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27967768_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27972191_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\27995065_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\28967708_1201144454000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\29336240_1206732635000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\29453106_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\29508628_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\29583364_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\30008118_1212708962000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\30614031_1189719011000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\30884897_1214953948000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\31280789_1202341664000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\31307043_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\31325945_1213101974000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\31583025_1210904318000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\3240391_1214672804000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\32413506_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\3316352_1175998069000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\33540446_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\33564740_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\33732765_1209252286000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\33935639_1208870119000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\34125534_1213118168000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\3433238_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\34540909_1202237585000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\34696697_1214321943000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\35063699_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\35421033_1212262426000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\35427741_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\35494011_1213987479000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\35776293_1213718387000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\36329991_1198066612000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\36477307_1179663281000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\36545256_1210476472000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\36768135_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\36880475_1215094266000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37223766_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37476826_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\3747776_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37488334_1212713722000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37558833_1209221328000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37600908_1213351333000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\37815278_1209666170000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38106958_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38126370_1176111916000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38351864_1212875314000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38359911_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38548057_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\38774973_1214563796000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\39011073_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\39612425_1201492547000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\39655917_1209574116000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\39670466_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\39811195_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\3990469_1214617848000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40042691_1211535425000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40070451_1214611165000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40566834_1206637865000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40639364_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40790671_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\40954843_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41215938_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41359474_1213285901000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41405608_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41505884_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41549392_1214265030000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\41789295_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42030225_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42127219_1201421554000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42204517_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42258005_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42297629_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42429917_1176309082000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42503850_1213740695000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42857916_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42880438_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\42932216_1206719940000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43075018_1213224544000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43108555_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43145182_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43348011_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43380989_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43469301_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43573820_1203985373000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\43773647_1214481860000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44195628_1207948171000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44291853_1215266959000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44448515_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44600734_1205256346000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44604323_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44719890_1215318991000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44753222_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44854744_1214584468000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\44912203_1213828280000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\45115013_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\45220042_1198447622000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\45229120_1215197776000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\45263255_1211266462000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\45864234_1209782250000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46405720_1208634093000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46540224_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46587482_1176455012000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46592495_1203158090000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46624623_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46781693_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46893343_1209654269000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\46977329_1176460551000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\47103303_1186315481000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\47200589_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\47618210_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\47865328_1211368861000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\47937043_1176474622000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48001033_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48004515_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48139450_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48168728_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48310221_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48342874_1213458336000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48434280_1214404257000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48491341_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48649474_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48698436_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48717615_1205949665000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48808034_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48814526_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48883134_1213047586000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48908800_1209074626000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48932977_1215278483000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48950480_1206402702000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48959498_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48979209_1209521334000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\48980849_1212343386000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49063400_1207359153000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49078903_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49125089_1213529397000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49159826_1209217775000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49181903_1213756541000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49219007_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49266902_1214238274000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49354913_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49408449_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49412386_1203557848000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49414857_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49428170_1211562893000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49428384_1189289735000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49461170_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49643739_1210245782000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49707430_1213969524000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49709568_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49761618_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\49905870_1204751342000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50001590_1206744577000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50023724_1181985580000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50297267_1181512160000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50536268_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50557393_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50561261_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50634478_1215136080000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50640435_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50648136_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50709993_1214668573000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50776190_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50807552_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50902278_1210776148000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50916879_1213932501000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50936383_1208054375000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\50980729_1215307364000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51038561_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51095020_1209924422000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51125186_1211848738000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51142221_1209167873000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51185339_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51199206_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51226907_1213860658000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51232548_1213856442000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51331532_1210034162000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51342322_1214071787000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51456540_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51510699_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51515311_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51526647_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51613409_1202153750000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51631192_1191777772000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51633493_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\5165632_1209186950000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51675950_1213717788000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51742234_1203801633000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51806758_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51856082_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51883801_1212179733000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51905298_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51933378_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51945949_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51956385_1213290899000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51970701_1213631527000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51986945_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\51988187_1209780241000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52060805_1208119426000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52065174_1193521279000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52101503_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52114346_1215256489000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52128247_1211471787000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52196287_1215069830000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52223979_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52226296_1211627244000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52258656_1206375403000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52278321_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52291927_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52299521_1215132653000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52335498_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52400576_1194298514000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52430843_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52456095_1202326705000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52464634_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52499610_1212209397000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52527079_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52539094_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52539789_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52545225_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52550566_1191358815000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\5259439_1176001372000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52595348_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52620953_1213046497000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52632954_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52728312_1194564453000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52835583_1209401788000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52848172_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52856375_1199389822000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52921437_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52928693_1192986725000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52957541_1214548999000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\52978139_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53012250_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53060556_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53073690_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53151648_1208721413000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53198316_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53231202_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53294703_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53375252_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53384392_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53497944_1214686836000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53557129_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53576960_1215023515000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53587480_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53597289_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53647895_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53685902_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53790607_1213333982000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53838655_1214050838000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53850214_1212848795000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\53905401_1215118242000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54042323_1208734431000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54055037_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54055040_1214608559000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54102570_1211602445000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54109667_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54187893_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54201921_1213801007000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54204750_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54206108_1210702706000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54207483_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54226716_1213382964000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54287928_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54290574_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54293664_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54330918_1208777375000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54333623_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54336681_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54345077_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54358214_1203391850000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54418123_1202530254000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54441126_1211843811000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54475463_1207688742000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54483407_1205624639000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54487790_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54513668_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54516763_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54529932_1214351290000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54567282_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54570755_1214574526000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54604453_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54719571_1213906194000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54734225_1211066076000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54750258_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54816235_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54858088_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54870203_1207626746000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54881415_1211580469000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54887434_1212682350000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54911005_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54931970_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54932602_1201967559000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\54997425_1209933773000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55020697_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55043075_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55132411_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55148300_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55211056_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55219274_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55228423_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55249530_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55260129_1213687628000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55293734_1214150310000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55296052_1214123033000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55368974_1208237978000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55387852_1204571305000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55410889_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55436060_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55449509_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55454908_1214806599000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55480328_1204576502000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55511848_1214523968000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55535405_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\5555159_1210894251000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55557239_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55570319_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55597458_1204689432000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55611262_1210072561000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55621348_1208898351000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55634330_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55644858_1212601993000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55686488_1208717093000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\5575343_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55763181_1215306514000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55765023_1205893411000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55768683_1214254907000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55772119_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55785431_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55789600_1205549128000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55803268_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55807162_1206672627000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55821019_1206541828000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55831328_1208793265000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55839831_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55845572_1208229534000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55857370_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55868347_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55891189_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55895438_1214016807000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55915648_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55917180_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55919782_1214637009000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55953977_1206164296000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55957793_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55964486_1208802498000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55966666_1208185820000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55972988_1212364322000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\55998039_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56006377_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56012098_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56016458_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56029903_1208989001000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56035428_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56036956_1210466583000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56041444_1212403555000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56087331_1210278442000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56110304_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56117503_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56120248_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56151969_1207394346000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56161930_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56174158_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56183216_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56204402_1214231297000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56214214_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56215024_1215357607000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56216835_1209782696000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56240253_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56264249_1208061427000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56291657_1214160634000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56296393_1213139466000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56307746_1208732187000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56308513_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56322048_1208654353000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56322664_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56350043_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56352659_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56356435_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56367882_1210263465000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56380630_1214057792000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56390012_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56391697_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56411071_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56414323_1211512109000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56421920_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56433110_1214651927000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56439360_1209505981000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56440477_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56458698_1208427878000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56465514_1211009759000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56470023_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56481722_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56493405_1209338155000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56501761_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56510779_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56537750_1209597308000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56602332_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56604748_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56633520_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56644507_1214842609000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56650191_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56655683_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56662194_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56663834_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56664628_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56668553_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56676339_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56676389_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56681211_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56689932_1209315621000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56692954_1209478534000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56693849_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56697015_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56697463_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56704912_1215061128000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56707182_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56709016_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56709638_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56710149_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56713348_1209414511000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56718013_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56727053_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56732285_1212063645000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56741795_1215317707000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56743410_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56763942_1211549342000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56780699_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56795104_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56795919_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56802124_1209808241000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56809581_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56822127_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56825524_1213616925000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56830130_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56841515_1214508966000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56846932_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56850559_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56863956_1210202358000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56864400_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56891063_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56897065_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56901014_1214596605000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56904019_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56915834_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56928220_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56937249_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56937307_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56938514_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56943999_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56953260_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56964512_1213319925000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56980838_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\56983598_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57006178_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57019256_1211828854000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57023840_1210812970000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57033473_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57034857_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57036004_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57038216_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57041189_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57046450_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57056057_1215265087000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57074788_1212083443000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57076850_1211058515000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57077622_1214521322000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57084713_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57090311_1214737443000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57106612_1212047848000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57120883_1211511255000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57141520_1213126793000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57148319_1213367249000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57151153_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57151854_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57153823_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57163666_1213011147000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57164914_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57174879_1214251606000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57179145_1214587433000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57191046_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57195533_1211666905000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57197428_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57202650_1213757436000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57213983_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57214710_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57226951_1212754254000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57250356_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57254854_1212808167000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57263384_1212107943000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57280081_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57283229_1212082545000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57292427_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57297473_1213882171000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57297629_1212975302000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57300185_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57302486_1214679169000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57328376_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57328815_1215025740000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57330634_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57334230_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57337098_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57340417_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57345025_1214411740000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57345133_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57349577_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57359322_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57368765_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57371259_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57383228_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57389993_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57391313_1213305308000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57393635_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57408719_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57410107_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57411471_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57433444_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57434891_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57446535_1212696627000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57446628_1213809657000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57449846_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57455277_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57460917_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57467652_1212771969000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57482772_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57483189_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57494854_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57497589_1213574505000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57508095_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57514402_1212953842000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57515993_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57516313_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57519690_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57520798_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57523297_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57524244_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57524947_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57528522_1213269947000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57540515_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57554334_1213912995000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57565420_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57575144_1213944386000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57582884_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57587608_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57590572_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57598861_1213277629000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57599742_1213280736000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57600497_1213286019000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57601561_1213548240000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57610936_1213317936000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57616493_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57619295_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57620022_1213377751000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57620118_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57624487_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57625662_1213389840000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57643539_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57645222_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57645757_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57649245_1213485077000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57655316_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57658495_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57658859_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57667423_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57671778_1213797599000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57674556_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57677288_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57680053_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57682449_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57691534_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57693971_1213673615000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57697412_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57700091_1213789975000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57722543_1213806957000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57722583_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57723757_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57724212_1214274699000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57724660_1213813609000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57729343_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57730236_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57733759_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57737958_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57741965_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57744921_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57746735_1213904722000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57747133_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57748492_1214430271000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57750016_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57753659_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57758181_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57759054_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57761782_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57762198_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57763805_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57764959_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57766266_1214143696000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57766574_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57773628_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57774891_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57783492_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57783771_1214065980000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57788392_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57791586_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57792386_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57799629_1214131241000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57800490_1214133746000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57800690_1214133347000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57800779_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57801295_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57801461_1214971821000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57802878_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57805141_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57807496_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57813096_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57813621_1214350256000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57820812_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57820869_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57843492_1214324786000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57850036_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57856071_1215306957000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57860603_1214412080000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57861530_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57861674_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57876928_1215310319000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57881850_1214593242000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57885905_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57887266_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57887814_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57889263_1214534237000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57889725_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57890455_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57899799_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57901073_1215355381000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57901889_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57903525_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57904143_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57909249_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57914147_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57917278_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57920757_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57921748_1214670631000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57924076_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925160_1214681133000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925530_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925537_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925563_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925619_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925698_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57925860_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57926101_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57926138_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57926164_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57926242_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57927295_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57928044_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57936774_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57946813_1214800361000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57962256_1214842978000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57963819_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57978171_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57978844_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57979635_1215005912000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57982127_1214933453000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57982493_1215348105000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57982951_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\57997737_1214995995000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58000157_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58004376_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58007642_1215106612000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58021871_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58025276_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58031295_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58031642_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58034007_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58038126_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58039477_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58039655_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58042567_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58043058_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58043414_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58051073_1215263777000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58054681_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58057775_1215264544000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58058395_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58058949_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58059603_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58061427_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58066063_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58066760_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58067297_1215301008000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58069056_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58071644_1215318220000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58072810_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58073857_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58074987_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58076620_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58077140_1215346370000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58077365_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58078465_1215353662000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58079049_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58079134_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58080547_1215363275000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58080959_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\58081252_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\6735523_1176003507000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\6762263_.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\7201043_1211965793000.jpg
C:\Documents and Settings\X\Application Data\Paltalk\profile repository\8635924_.jpg
C:\Documents and Settings\X\Application Data\zweitgeist
C:\Documents and Settings\X\Application Data\zweitgeist\Hash.txt
C:\Documents and Settings\X\Application Data\zweitgeist\hook13.dll
C:\Documents and Settings\X\Application Data\zweitgeist\IdleHook.dll
C:\Documents and Settings\X\Application Data\zweitgeist\Install.log
C:\Documents and Settings\X\Application Data\zweitgeist\location.db
C:\Documents and Settings\X\Application Data\zweitgeist\uninstall.exe
C:\Documents and Settings\X\Application Data\zweitgeist\Uninstall.log
C:\Documents and Settings\X\Application Data\zweitgeist\Update.log
C:\Documents and Settings\X\Application Data\zweitgeist\weblin.log
C:\Program Files\Paltalk Messenger
C:\Program Files\Paltalk Messenger\ReceivedFiles\brq.txt
C:\VundoFix Backups
C:\WINDOWS\pss\PalTalk.lnkCommon Startup\

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 11:41 . 2008-07-11 11:41 268 --ah----- C:\sqmdata03.sqm
2008-07-11 11:41 . 2008-07-11 11:41 244 --ah----- C:\sqmnoopt03.sqm
2008-07-11 11:28 . 2008-07-11 11:28 268 --ah----- C:\sqmdata02.sqm
2008-07-11 11:28 . 2008-07-11 11:28 244 --ah----- C:\sqmnoopt02.sqm
2008-07-11 09:25 . 2008-07-11 09:25 268 --ah----- C:\sqmdata01.sqm
2008-07-11 09:25 . 2008-07-11 09:25 244 --ah----- C:\sqmnoopt01.sqm
2008-07-11 09:16 . 2008-07-11 09:16 268 --ah----- C:\sqmdata00.sqm
2008-07-11 09:16 . 2008-07-11 09:16 244 --ah----- C:\sqmnoopt00.sqm
2008-07-11 09:14 . 2008-07-11 09:50 <DIR> d-------- C:\SDFix
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Program Files\Avira
2008-07-08 17:26 . 2008-07-08 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-07 15:42 . 2008-07-07 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 17:07 --------- d-----w C:\Program Files\LowRateVoip
2008-07-12 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-11 09:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-11 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-05 18:17 --------- d-----w C:\Documents and Settings\X\Application Data\Babylon
2008-07-05 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-05-29 17:26 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-05-29 17:14 114688]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 17:19 638976]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 17:39 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 13:57 344064]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-05 14:37 3166432]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-57989841-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\DOCUME~1\X\LOCALS~1\Temp\xp.cmd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 13:08 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
--a------ 2008-01-25 16:36 8897848 C:\Program Files\LowRateVoip\LowRateVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility

S3 snp2std;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 17:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86a0c98-4367-11dd-a55e-00023fd00fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 19:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 19:21:30
ComboFix-quarantined-files.txt 2008-07-12 17:21:26
ComboFix2.txt 2008-07-12 15:05:40
ComboFix3.txt 2008-07-11 13:53:05
ComboFix4.txt 2008-07-11 09:49:54

Pre-Run: 5,839,560,704 bytes free
Post-Run: 5,863,116,800 bytes free

911 --- E O F --- 2008-07-12 14:03:58
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 12th, 2008, 2:10 pm

Hello leon32,

It looks a log better.

Sorry i missed a line let's try to remove it differently.
----------------------------------------------
Download and Run OTMoveIt2

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk
EmptyTemp

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

Post back OTMoveIt2 report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 13th, 2008, 5:50 am

Hi
< HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk >
Registry key HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk\\ not found.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_114830
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am

Re: My Computer is so slow.

Unread postby chryssi2001 » July 13th, 2008, 6:34 am

Hi can you please retry OTMoveIt2 copying the line below?
I've changed it slightly.

Code: Select all
HKLM\~\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk


Post back the results.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: My Computer is so slow.

Unread postby leon32 » July 13th, 2008, 6:42 am

hi

< HKLM\~\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk >
Registry key HKEY_LOCAL_MACHINE\~\startupfolder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_124155
leon32
Active Member
 
Posts: 11
Joined: July 10th, 2008, 3:38 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware