Malware Issue

Hey Jack&Jill, I'm actually a bit confused as to why you saw windows defender not running properly. To be honest, I haven't touched windows defender since I got the computer up until I did the first combofix scan, in which I turned it off and turned it back on after the scan finished and the computer rebooted. It is on and the options are what they were when I first got my computer.

Secondly, I couldn't scan the server.exe file that you wanted me to scan. The reason why is the file isn't there anymore. When I went into roaming, there's no Server folder and I can view hidden files/folders. As a second note, I couldn't copy and paste the path into the white box at two of the sites you listed.

As for an anti-virus program, I had avast downloaded when you recommended it first, I just didn't install it because I didn't want it to mess with combofix. I just installed it moments ago though.

Finally, my computer is running well. I haven't been using it as much as I normally do, but a few of the problems that I was running into haven't been happening.

ComboFix 10-11-28.01 - rusty 11/28/2010 21:48:17.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2472 [GMT -5:00]
Running from: c:\users\rusty\Downloads\ComboFix.exe
Command switches used :: c:\users\rusty\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\rusty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\722f9ffc-2a63ab6a"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\rusty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\722f9ffc-2a63ab6a
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_szwcndgc


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-29 02:56 . 2010-11-29 02:59 -------- d-----w- c:\users\rusty\AppData\Local\temp
2010-11-29 02:56 . 2010-11-29 02:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-29 02:56 . 2010-11-29 02:56 -------- d-----w- c:\users\Marijan\AppData\Local\temp
2010-11-29 02:56 . 2010-11-29 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 23:15 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8BEA4A-CA6D-4A4A-9143-9C26FA5D538B}\mpengine.dll
2010-11-26 01:49 . 2008-04-28 13:26 14352 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-11-24 21:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 07:39 . 2010-11-23 07:39 -------- d-----w- c:\program files\VS Revo Group
2010-11-22 17:26 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-22 17:23 . 2010-11-22 17:23 -------- d-----w- C:\MGADiagToolOutput
2010-11-21 20:46 . 2010-11-21 20:48 -------- d-----w- C:\AdobeTemp
2010-11-11 20:53 . 2010-11-21 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 20:38 . 2010-11-11 21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-08 12:46 . 2010-11-08 12:46 -------- d-----w- c:\programdata\Alwil Software
2010-11-07 21:40 . 2010-11-07 21:41 -------- d-----w- c:\users\Public\CyberLink
2010-11-07 21:19 . 2010-11-07 21:20 -------- d-----w- c:\users\rusty\AppData\Roaming\CyberLink
2010-11-07 21:12 . 2010-11-07 21:12 -------- d-----w- c:\programdata\CyberLink
2010-11-06 21:40 . 2010-11-06 22:19 -------- d-----w- c:\programdata\Tunngle
2010-11-06 21:40 . 2009-09-16 12:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2010-11-06 01:30 . 2010-11-06 01:30 -------- d-----w- c:\users\rusty\.thumbnails
2010-11-02 14:41 . 2010-11-02 14:41 -------- d-----w- c:\users\rusty\AppData\Local\Minecraft_Tools_Team
2010-11-02 14:38 . 2010-11-02 14:38 -------- d-----w- c:\users\rusty\AppData\Roaming\mts
2010-10-31 23:20 . 2010-10-31 23:21 -------- d-----w- c:\windows\system32\world

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-02 17:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-23 00:10 . 2009-04-01 21:04 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys
2010-09-22 22:46 . 2010-09-22 22:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-13 13:56 . 2010-10-14 01:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 05:05 . 2010-09-13 03:04 2037862856 ----a-w- c:\users\Public\VindictusCBSetupV002.exe
2010-09-08 06:01 . 2010-10-14 01:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 01:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 01:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 01:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 01:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 01:57 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 01:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 01:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 01:57 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 01:57 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 01:57 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 01:57 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 01:57 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 01:57 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 01:57 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 01:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 01:57 2038272 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\world ----

2010-10-31 23:20 . 2010-10-31 23:20 1320 ----a-w- c:\windows\system32\world\0\0\c.0.0.dat
2010-10-31 23:20 . 2010-10-31 23:20 1084 ----a-w- c:\windows\system32\world\1\1m\c.1.-6.dat
2010-10-31 23:20 . 2010-10-31 23:20 1297 ----a-w- c:\windows\system32\world\1\1n\c.1.-5.dat
2010-10-31 23:20 . 2010-10-31 23:20 1223 ----a-w- c:\windows\system32\world\1\1o\c.1.-4.dat
2010-10-31 23:20 . 2010-10-31 23:21 2152 ----a-w- c:\windows\system32\world\15\10\c.-n.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 1916 ----a-w- c:\windows\system32\world\15\11\c.-n.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 1792 ----a-w- c:\windows\system32\world\15\12\c.-n.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2314 ----a-w- c:\windows\system32\world\15\13\c.-n.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2297 ----a-w- c:\windows\system32\world\15\14\c.-n.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 1825 ----a-w- c:\windows\system32\world\15\15\c.-n.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 1636 ----a-w- c:\windows\system32\world\15\16\c.-n.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2033 ----a-w- c:\windows\system32\world\15\17\c.-n.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 1949 ----a-w- c:\windows\system32\world\15\18\c.-n.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 1983 ----a-w- c:\windows\system32\world\15\19\c.-n.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 1793 ----a-w- c:\windows\system32\world\15\1a\c.-n.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2349 ----a-w- c:\windows\system32\world\15\1b\c.-n.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 1581 ----a-w- c:\windows\system32\world\15\1c\c.-n.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 1890 ----a-w- c:\windows\system32\world\15\1d\c.-n.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2214 ----a-w- c:\windows\system32\world\15\1e\c.-n.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2037 ----a-w- c:\windows\system32\world\15\1f\c.-n.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2435 ----a-w- c:\windows\system32\world\15\1g\c.-n.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1930 ----a-w- c:\windows\system32\world\15\1h\c.-n.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1841 ----a-w- c:\windows\system32\world\15\x\c.-n.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 1952 ----a-w- c:\windows\system32\world\15\y\c.-n.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2095 ----a-w- c:\windows\system32\world\15\z\c.-n.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2054 ----a-w- c:\windows\system32\world\16\10\c.-m.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2334 ----a-w- c:\windows\system32\world\16\11\c.-m.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2440 ----a-w- c:\windows\system32\world\16\12\c.-m.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 3143 ----a-w- c:\windows\system32\world\16\13\c.-m.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2855 ----a-w- c:\windows\system32\world\16\14\c.-m.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2364 ----a-w- c:\windows\system32\world\16\15\c.-m.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2667 ----a-w- c:\windows\system32\world\16\16\c.-m.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2830 ----a-w- c:\windows\system32\world\16\17\c.-m.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2207 ----a-w- c:\windows\system32\world\16\18\c.-m.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2388 ----a-w- c:\windows\system32\world\16\19\c.-m.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2753 ----a-w- c:\windows\system32\world\16\1a\c.-m.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2840 ----a-w- c:\windows\system32\world\16\1b\c.-m.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3051 ----a-w- c:\windows\system32\world\16\1c\c.-m.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 2371 ----a-w- c:\windows\system32\world\16\1d\c.-m.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2896 ----a-w- c:\windows\system32\world\16\1e\c.-m.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3056 ----a-w- c:\windows\system32\world\16\1f\c.-m.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2846 ----a-w- c:\windows\system32\world\16\1g\c.-m.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2302 ----a-w- c:\windows\system32\world\16\1h\c.-m.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 2683 ----a-w- c:\windows\system32\world\16\x\c.-m.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2680 ----a-w- c:\windows\system32\world\16\y\c.-m.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2350 ----a-w- c:\windows\system32\world\16\z\c.-m.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2235 ----a-w- c:\windows\system32\world\17\10\c.-l.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2617 ----a-w- c:\windows\system32\world\17\11\c.-l.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2428 ----a-w- c:\windows\system32\world\17\12\c.-l.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2792 ----a-w- c:\windows\system32\world\17\13\c.-l.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3178 ----a-w- c:\windows\system32\world\17\14\c.-l.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2882 ----a-w- c:\windows\system32\world\17\15\c.-l.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3211 ----a-w- c:\windows\system32\world\17\16\c.-l.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3068 ----a-w- c:\windows\system32\world\17\17\c.-l.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2538 ----a-w- c:\windows\system32\world\17\18\c.-l.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2857 ----a-w- c:\windows\system32\world\17\19\c.-l.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3171 ----a-w- c:\windows\system32\world\17\1a\c.-l.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2604 ----a-w- c:\windows\system32\world\17\1b\c.-l.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2651 ----a-w- c:\windows\system32\world\17\1c\c.-l.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 2545 ----a-w- c:\windows\system32\world\17\1d\c.-l.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2549 ----a-w- c:\windows\system32\world\17\1e\c.-l.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2727 ----a-w- c:\windows\system32\world\17\1f\c.-l.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2469 ----a-w- c:\windows\system32\world\17\1g\c.-l.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1973 ----a-w- c:\windows\system32\world\17\1h\c.-l.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 2480 ----a-w- c:\windows\system32\world\17\x\c.-l.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 3096 ----a-w- c:\windows\system32\world\17\y\c.-l.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2357 ----a-w- c:\windows\system32\world\17\z\c.-l.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2532 ----a-w- c:\windows\system32\world\18\10\c.-k.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2877 ----a-w- c:\windows\system32\world\18\11\c.-k.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2089 ----a-w- c:\windows\system32\world\18\12\c.-k.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2919 ----a-w- c:\windows\system32\world\18\13\c.-k.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3452 ----a-w- c:\windows\system32\world\18\14\c.-k.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2726 ----a-w- c:\windows\system32\world\18\15\c.-k.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2994 ----a-w- c:\windows\system32\world\18\16\c.-k.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2725 ----a-w- c:\windows\system32\world\18\17\c.-k.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2708 ----a-w- c:\windows\system32\world\18\18\c.-k.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2897 ----a-w- c:\windows\system32\world\18\19\c.-k.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3009 ----a-w- c:\windows\system32\world\18\1a\c.-k.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2590 ----a-w- c:\windows\system32\world\18\1b\c.-k.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2513 ----a-w- c:\windows\system32\world\18\1c\c.-k.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 2480 ----a-w- c:\windows\system32\world\18\1d\c.-k.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2700 ----a-w- c:\windows\system32\world\18\1e\c.-k.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2495 ----a-w- c:\windows\system32\world\18\1f\c.-k.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2098 ----a-w- c:\windows\system32\world\18\1g\c.-k.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1592 ----a-w- c:\windows\system32\world\18\1h\c.-k.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 2063 ----a-w- c:\windows\system32\world\18\x\c.-k.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2528 ----a-w- c:\windows\system32\world\18\y\c.-k.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2466 ----a-w- c:\windows\system32\world\18\z\c.-k.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2293 ----a-w- c:\windows\system32\world\19\10\c.-j.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2180 ----a-w- c:\windows\system32\world\19\11\c.-j.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2238 ----a-w- c:\windows\system32\world\19\12\c.-j.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 3021 ----a-w- c:\windows\system32\world\19\13\c.-j.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3421 ----a-w- c:\windows\system32\world\19\14\c.-j.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2212 ----a-w- c:\windows\system32\world\19\15\c.-j.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2209 ----a-w- c:\windows\system32\world\19\16\c.-j.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2374 ----a-w- c:\windows\system32\world\19\17\c.-j.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2375 ----a-w- c:\windows\system32\world\19\18\c.-j.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2883 ----a-w- c:\windows\system32\world\19\19\c.-j.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2576 ----a-w- c:\windows\system32\world\19\1a\c.-j.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2811 ----a-w- c:\windows\system32\world\19\1b\c.-j.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2836 ----a-w- c:\windows\system32\world\19\1c\c.-j.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3270 ----a-w- c:\windows\system32\world\19\1d\c.-j.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2689 ----a-w- c:\windows\system32\world\19\1e\c.-j.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2526 ----a-w- c:\windows\system32\world\19\1f\c.-j.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2591 ----a-w- c:\windows\system32\world\19\1g\c.-j.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1712 ----a-w- c:\windows\system32\world\19\1h\c.-j.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 2122 ----a-w- c:\windows\system32\world\19\x\c.-j.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2602 ----a-w- c:\windows\system32\world\19\y\c.-j.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2274 ----a-w- c:\windows\system32\world\19\z\c.-j.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2033 ----a-w- c:\windows\system32\world\1a\10\c.-i.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2132 ----a-w- c:\windows\system32\world\1a\11\c.-i.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2052 ----a-w- c:\windows\system32\world\1a\12\c.-i.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2545 ----a-w- c:\windows\system32\world\1a\13\c.-i.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3442 ----a-w- c:\windows\system32\world\1a\14\c.-i.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2594 ----a-w- c:\windows\system32\world\1a\15\c.-i.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2297 ----a-w- c:\windows\system32\world\1a\16\c.-i.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3343 ----a-w- c:\windows\system32\world\1a\17\c.-i.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 4190 ----a-w- c:\windows\system32\world\1a\18\c.-i.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3311 ----a-w- c:\windows\system32\world\1a\19\c.-i.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2695 ----a-w- c:\windows\system32\world\1a\1a\c.-i.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2988 ----a-w- c:\windows\system32\world\1a\1b\c.-i.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3167 ----a-w- c:\windows\system32\world\1a\1c\c.-i.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3519 ----a-w- c:\windows\system32\world\1a\1d\c.-i.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3005 ----a-w- c:\windows\system32\world\1a\1e\c.-i.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2678 ----a-w- c:\windows\system32\world\1a\1f\c.-i.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2833 ----a-w- c:\windows\system32\world\1a\1g\c.-i.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1977 ----a-w- c:\windows\system32\world\1a\1h\c.-i.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1467 ----a-w- c:\windows\system32\world\1a\1k\c.-i.-8.dat
2010-10-31 23:20 . 2010-10-31 23:21 1658 ----a-w- c:\windows\system32\world\1a\x\c.-i.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2326 ----a-w- c:\windows\system32\world\1a\y\c.-i.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2311 ----a-w- c:\windows\system32\world\1a\z\c.-i.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2297 ----a-w- c:\windows\system32\world\1b\10\c.-h.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2453 ----a-w- c:\windows\system32\world\1b\11\c.-h.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2120 ----a-w- c:\windows\system32\world\1b\12\c.-h.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2693 ----a-w- c:\windows\system32\world\1b\13\c.-h.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 4133 ----a-w- c:\windows\system32\world\1b\14\c.-h.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2802 ----a-w- c:\windows\system32\world\1b\15\c.-h.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2614 ----a-w- c:\windows\system32\world\1b\16\c.-h.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3699 ----a-w- c:\windows\system32\world\1b\17\c.-h.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 4234 ----a-w- c:\windows\system32\world\1b\18\c.-h.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3983 ----a-w- c:\windows\system32\world\1b\19\c.-h.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3151 ----a-w- c:\windows\system32\world\1b\1a\c.-h.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 3686 ----a-w- c:\windows\system32\world\1b\1b\c.-h.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 4213 ----a-w- c:\windows\system32\world\1b\1c\c.-h.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 4226 ----a-w- c:\windows\system32\world\1b\1d\c.-h.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 4191 ----a-w- c:\windows\system32\world\1b\1e\c.-h.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3356 ----a-w- c:\windows\system32\world\1b\1f\c.-h.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3577 ----a-w- c:\windows\system32\world\1b\1g\c.-h.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2389 ----a-w- c:\windows\system32\world\1b\1h\c.-h.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1291 ----a-w- c:\windows\system32\world\1b\1k\c.-h.-8.dat
2010-10-31 23:20 . 2010-10-31 23:21 1980 ----a-w- c:\windows\system32\world\1b\x\c.-h.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2383 ----a-w- c:\windows\system32\world\1b\y\c.-h.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2217 ----a-w- c:\windows\system32\world\1b\z\c.-h.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2855 ----a-w- c:\windows\system32\world\1c\10\c.-g.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2129 ----a-w- c:\windows\system32\world\1c\11\c.-g.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2041 ----a-w- c:\windows\system32\world\1c\12\c.-g.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2737 ----a-w- c:\windows\system32\world\1c\13\c.-g.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3033 ----a-w- c:\windows\system32\world\1c\14\c.-g.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 3167 ----a-w- c:\windows\system32\world\1c\15\c.-g.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2778 ----a-w- c:\windows\system32\world\1c\16\c.-g.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2596 ----a-w- c:\windows\system32\world\1c\17\c.-g.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2947 ----a-w- c:\windows\system32\world\1c\18\c.-g.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3504 ----a-w- c:\windows\system32\world\1c\19\c.-g.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2822 ----a-w- c:\windows\system32\world\1c\1a\c.-g.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 4037 ----a-w- c:\windows\system32\world\1c\1b\c.-g.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3985 ----a-w- c:\windows\system32\world\1c\1c\c.-g.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3932 ----a-w- c:\windows\system32\world\1c\1d\c.-g.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 4381 ----a-w- c:\windows\system32\world\1c\1e\c.-g.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 4736 ----a-w- c:\windows\system32\world\1c\1f\c.-g.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 4828 ----a-w- c:\windows\system32\world\1c\1g\c.-g.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 3176 ----a-w- c:\windows\system32\world\1c\1h\c.-g.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1450 ----a-w- c:\windows\system32\world\1c\1i\c.-g.-a.dat
2010-10-31 23:20 . 2010-10-31 23:21 2100 ----a-w- c:\windows\system32\world\1c\x\c.-g.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2876 ----a-w- c:\windows\system32\world\1c\y\c.-g.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2905 ----a-w- c:\windows\system32\world\1c\z\c.-g.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2761 ----a-w- c:\windows\system32\world\1d\10\c.-f.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2035 ----a-w- c:\windows\system32\world\1d\11\c.-f.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2038 ----a-w- c:\windows\system32\world\1d\12\c.-f.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1940 ----a-w- c:\windows\system32\world\1d\13\c.-f.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2228 ----a-w- c:\windows\system32\world\1d\14\c.-f.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2695 ----a-w- c:\windows\system32\world\1d\15\c.-f.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3271 ----a-w- c:\windows\system32\world\1d\16\c.-f.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2941 ----a-w- c:\windows\system32\world\1d\17\c.-f.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 3165 ----a-w- c:\windows\system32\world\1d\18\c.-f.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3615 ----a-w- c:\windows\system32\world\1d\19\c.-f.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2810 ----a-w- c:\windows\system32\world\1d\1a\c.-f.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2697 ----a-w- c:\windows\system32\world\1d\1b\c.-f.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2647 ----a-w- c:\windows\system32\world\1d\1c\c.-f.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3095 ----a-w- c:\windows\system32\world\1d\1d\c.-f.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 4233 ----a-w- c:\windows\system32\world\1d\1e\c.-f.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3839 ----a-w- c:\windows\system32\world\1d\1f\c.-f.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3870 ----a-w- c:\windows\system32\world\1d\1g\c.-f.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 3111 ----a-w- c:\windows\system32\world\1d\1h\c.-f.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1788 ----a-w- c:\windows\system32\world\1d\x\c.-f.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2506 ----a-w- c:\windows\system32\world\1d\y\c.-f.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2750 ----a-w- c:\windows\system32\world\1d\z\c.-f.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2693 ----a-w- c:\windows\system32\world\1e\10\c.-e.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2409 ----a-w- c:\windows\system32\world\1e\11\c.-e.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2114 ----a-w- c:\windows\system32\world\1e\12\c.-e.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2393 ----a-w- c:\windows\system32\world\1e\13\c.-e.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2527 ----a-w- c:\windows\system32\world\1e\14\c.-e.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2663 ----a-w- c:\windows\system32\world\1e\15\c.-e.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2569 ----a-w- c:\windows\system32\world\1e\16\c.-e.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2448 ----a-w- c:\windows\system32\world\1e\17\c.-e.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 3039 ----a-w- c:\windows\system32\world\1e\18\c.-e.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3720 ----a-w- c:\windows\system32\world\1e\19\c.-e.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3067 ----a-w- c:\windows\system32\world\1e\1a\c.-e.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2991 ----a-w- c:\windows\system32\world\1e\1b\c.-e.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3027 ----a-w- c:\windows\system32\world\1e\1c\c.-e.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3893 ----a-w- c:\windows\system32\world\1e\1d\c.-e.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 4152 ----a-w- c:\windows\system32\world\1e\1e\c.-e.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2963 ----a-w- c:\windows\system32\world\1e\1f\c.-e.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2921 ----a-w- c:\windows\system32\world\1e\1g\c.-e.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2556 ----a-w- c:\windows\system32\world\1e\1h\c.-e.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1528 ----a-w- c:\windows\system32\world\1e\1k\c.-e.-8.dat
2010-10-31 23:20 . 2010-10-31 23:21 1644 ----a-w- c:\windows\system32\world\1e\1n\c.-e.-5.dat
2010-10-31 23:20 . 2010-10-31 23:21 1760 ----a-w- c:\windows\system32\world\1e\x\c.-e.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2944 ----a-w- c:\windows\system32\world\1e\y\c.-e.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 3519 ----a-w- c:\windows\system32\world\1e\z\c.-e.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2433 ----a-w- c:\windows\system32\world\1f\10\c.-d.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 1962 ----a-w- c:\windows\system32\world\1f\11\c.-d.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2384 ----a-w- c:\windows\system32\world\1f\12\c.-d.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2096 ----a-w- c:\windows\system32\world\1f\13\c.-d.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2523 ----a-w- c:\windows\system32\world\1f\14\c.-d.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2468 ----a-w- c:\windows\system32\world\1f\15\c.-d.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2364 ----a-w- c:\windows\system32\world\1f\16\c.-d.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2632 ----a-w- c:\windows\system32\world\1f\17\c.-d.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 3482 ----a-w- c:\windows\system32\world\1f\18\c.-d.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 4079 ----a-w- c:\windows\system32\world\1f\19\c.-d.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2965 ----a-w- c:\windows\system32\world\1f\1a\c.-d.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2922 ----a-w- c:\windows\system32\world\1f\1b\c.-d.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2966 ----a-w- c:\windows\system32\world\1f\1c\c.-d.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3295 ----a-w- c:\windows\system32\world\1f\1d\c.-d.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3431 ----a-w- c:\windows\system32\world\1f\1e\c.-d.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3281 ----a-w- c:\windows\system32\world\1f\1f\c.-d.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3064 ----a-w- c:\windows\system32\world\1f\1g\c.-d.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2306 ----a-w- c:\windows\system32\world\1f\1h\c.-d.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1744 ----a-w- c:\windows\system32\world\1f\x\c.-d.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2194 ----a-w- c:\windows\system32\world\1f\y\c.-d.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2978 ----a-w- c:\windows\system32\world\1f\z\c.-d.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2163 ----a-w- c:\windows\system32\world\1g\10\c.-c.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 1875 ----a-w- c:\windows\system32\world\1g\11\c.-c.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 1901 ----a-w- c:\windows\system32\world\1g\12\c.-c.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2318 ----a-w- c:\windows\system32\world\1g\13\c.-c.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3540 ----a-w- c:\windows\system32\world\1g\14\c.-c.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2842 ----a-w- c:\windows\system32\world\1g\15\c.-c.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3462 ----a-w- c:\windows\system32\world\1g\16\c.-c.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3505 ----a-w- c:\windows\system32\world\1g\17\c.-c.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 3050 ----a-w- c:\windows\system32\world\1g\18\c.-c.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3308 ----a-w- c:\windows\system32\world\1g\19\c.-c.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3069 ----a-w- c:\windows\system32\world\1g\1a\c.-c.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 3222 ----a-w- c:\windows\system32\world\1g\1b\c.-c.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3018 ----a-w- c:\windows\system32\world\1g\1c\c.-c.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3414 ----a-w- c:\windows\system32\world\1g\1d\c.-c.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2633 ----a-w- c:\windows\system32\world\1g\1e\c.-c.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2983 ----a-w- c:\windows\system32\world\1g\1f\c.-c.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3614 ----a-w- c:\windows\system32\world\1g\1g\c.-c.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2653 ----a-w- c:\windows\system32\world\1g\1h\c.-c.-b.dat
2010-10-31 23:20 . 2010-10-31 23:21 1749 ----a-w- c:\windows\system32\world\1g\x\c.-c.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2275 ----a-w- c:\windows\system32\world\1g\y\c.-c.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2853 ----a-w- c:\windows\system32\world\1g\z\c.-c.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2300 ----a-w- c:\windows\system32\world\1h\10\c.-b.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 1685 ----a-w- c:\windows\system32\world\1h\11\c.-b.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 1855 ----a-w- c:\windows\system32\world\1h\12\c.-b.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1981 ----a-w- c:\windows\system32\world\1h\13\c.-b.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 3142 ----a-w- c:\windows\system32\world\1h\14\c.-b.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 3321 ----a-w- c:\windows\system32\world\1h\15\c.-b.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3472 ----a-w- c:\windows\system32\world\1h\16\c.-b.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3497 ----a-w- c:\windows\system32\world\1h\17\c.-b.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2918 ----a-w- c:\windows\system32\world\1h\18\c.-b.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 3126 ----a-w- c:\windows\system32\world\1h\19\c.-b.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2883 ----a-w- c:\windows\system32\world\1h\1a\c.-b.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 3320 ----a-w- c:\windows\system32\world\1h\1b\c.-b.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3270 ----a-w- c:\windows\system32\world\1h\1c\c.-b.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3060 ----a-w- c:\windows\system32\world\1h\1d\c.-b.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2999 ----a-w- c:\windows\system32\world\1h\1e\c.-b.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3738 ----a-w- c:\windows\system32\world\1h\1f\c.-b.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2658 ----a-w- c:\windows\system32\world\1h\1g\c.-b.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1881 ----a-w- c:\windows\system32\world\1h\1h\c.-b.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1289 ----a-w- c:\windows\system32\world\1h\1l\c.-b.-7.dat
2010-10-31 23:20 . 2010-10-31 23:20 1445 ----a-w- c:\windows\system32\world\1h\1m\c.-b.-6.dat
2010-10-31 23:20 . 2010-10-31 23:20 1663 ----a-w- c:\windows\system32\world\1h\1n\c.-b.-5.dat
2010-10-31 23:20 . 2010-10-31 23:21 1826 ----a-w- c:\windows\system32\world\1h\x\c.-b.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2405 ----a-w- c:\windows\system32\world\1h\y\c.-b.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2384 ----a-w- c:\windows\system32\world\1h\z\c.-b.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2318 ----a-w- c:\windows\system32\world\1i\10\c.-a.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 1924 ----a-w- c:\windows\system32\world\1i\11\c.-a.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 1869 ----a-w- c:\windows\system32\world\1i\12\c.-a.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1958 ----a-w- c:\windows\system32\world\1i\13\c.-a.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2143 ----a-w- c:\windows\system32\world\1i\14\c.-a.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2710 ----a-w- c:\windows\system32\world\1i\15\c.-a.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3352 ----a-w- c:\windows\system32\world\1i\16\c.-a.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3310 ----a-w- c:\windows\system32\world\1i\17\c.-a.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 3040 ----a-w- c:\windows\system32\world\1i\18\c.-a.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2919 ----a-w- c:\windows\system32\world\1i\19\c.-a.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2739 ----a-w- c:\windows\system32\world\1i\1a\c.-a.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2766 ----a-w- c:\windows\system32\world\1i\1b\c.-a.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2900 ----a-w- c:\windows\system32\world\1i\1c\c.-a.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 2826 ----a-w- c:\windows\system32\world\1i\1d\c.-a.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2650 ----a-w- c:\windows\system32\world\1i\1e\c.-a.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3194 ----a-w- c:\windows\system32\world\1i\1f\c.-a.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2600 ----a-w- c:\windows\system32\world\1i\1g\c.-a.-c.dat
2010-10-31 23:20 . 2010-10-31 23:20 2377 ----a-w- c:\windows\system32\world\1i\1h\c.-a.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1519 ----a-w- c:\windows\system32\world\1i\1i\c.-a.-a.dat
2010-10-31 23:20 . 2010-10-31 23:20 1458 ----a-w- c:\windows\system32\world\1i\1k\c.-a.-8.dat
2010-10-31 23:20 . 2010-10-31 23:21 1845 ----a-w- c:\windows\system32\world\1i\x\c.-a.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2597 ----a-w- c:\windows\system32\world\1i\y\c.-a.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2167 ----a-w- c:\windows\system32\world\1i\z\c.-a.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2381 ----a-w- c:\windows\system32\world\1j\10\c.-9.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2517 ----a-w- c:\windows\system32\world\1j\11\c.-9.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2308 ----a-w- c:\windows\system32\world\1j\12\c.-9.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1965 ----a-w- c:\windows\system32\world\1j\13\c.-9.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2226 ----a-w- c:\windows\system32\world\1j\14\c.-9.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2662 ----a-w- c:\windows\system32\world\1j\15\c.-9.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 3256 ----a-w- c:\windows\system32\world\1j\16\c.-9.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3214 ----a-w- c:\windows\system32\world\1j\17\c.-9.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2819 ----a-w- c:\windows\system32\world\1j\18\c.-9.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2362 ----a-w- c:\windows\system32\world\1j\19\c.-9.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2329 ----a-w- c:\windows\system32\world\1j\1a\c.-9.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2651 ----a-w- c:\windows\system32\world\1j\1b\c.-9.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3220 ----a-w- c:\windows\system32\world\1j\1c\c.-9.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3232 ----a-w- c:\windows\system32\world\1j\1d\c.-9.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2905 ----a-w- c:\windows\system32\world\1j\1e\c.-9.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2815 ----a-w- c:\windows\system32\world\1j\1f\c.-9.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2522 ----a-w- c:\windows\system32\world\1j\1g\c.-9.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1845 ----a-w- c:\windows\system32\world\1j\1h\c.-9.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1897 ----a-w- c:\windows\system32\world\1j\1j\c.-9.-9.dat
2010-10-31 23:20 . 2010-10-31 23:20 2054 ----a-w- c:\windows\system32\world\1j\1k\c.-9.-8.dat
2010-10-31 23:20 . 2010-10-31 23:20 1763 ----a-w- c:\windows\system32\world\1j\1l\c.-9.-7.dat
2010-10-31 23:20 . 2010-10-31 23:21 2357 ----a-w- c:\windows\system32\world\1j\x\c.-9.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2462 ----a-w- c:\windows\system32\world\1j\y\c.-9.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2847 ----a-w- c:\windows\system32\world\1j\z\c.-9.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2995 ----a-w- c:\windows\system32\world\1k\10\c.-8.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2730 ----a-w- c:\windows\system32\world\1k\11\c.-8.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2547 ----a-w- c:\windows\system32\world\1k\12\c.-8.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2065 ----a-w- c:\windows\system32\world\1k\13\c.-8.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2022 ----a-w- c:\windows\system32\world\1k\14\c.-8.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2751 ----a-w- c:\windows\system32\world\1k\15\c.-8.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2519 ----a-w- c:\windows\system32\world\1k\16\c.-8.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 3159 ----a-w- c:\windows\system32\world\1k\17\c.-8.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2394 ----a-w- c:\windows\system32\world\1k\18\c.-8.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2818 ----a-w- c:\windows\system32\world\1k\19\c.-8.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 3087 ----a-w- c:\windows\system32\world\1k\1a\c.-8.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 3746 ----a-w- c:\windows\system32\world\1k\1b\c.-8.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3181 ----a-w- c:\windows\system32\world\1k\1c\c.-8.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3537 ----a-w- c:\windows\system32\world\1k\1d\c.-8.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3033 ----a-w- c:\windows\system32\world\1k\1e\c.-8.-e.dat
2010-10-31 23:20 . 2010-10-31 23:20 3087 ----a-w- c:\windows\system32\world\1k\1f\c.-8.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3211 ----a-w- c:\windows\system32\world\1k\1g\c.-8.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2573 ----a-w- c:\windows\system32\world\1k\1h\c.-8.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1858 ----a-w- c:\windows\system32\world\1k\1j\c.-8.-9.dat
2010-10-31 23:20 . 2010-10-31 23:20 2106 ----a-w- c:\windows\system32\world\1k\1k\c.-8.-8.dat
2010-10-31 23:20 . 2010-10-31 23:21 2326 ----a-w- c:\windows\system32\world\1k\x\c.-8.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2500 ----a-w- c:\windows\system32\world\1k\y\c.-8.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 3308 ----a-w- c:\windows\system32\world\1k\z\c.-8.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 3115 ----a-w- c:\windows\system32\world\1l\10\c.-7.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 3882 ----a-w- c:\windows\system32\world\1l\11\c.-7.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 3446 ----a-w- c:\windows\system32\world\1l\12\c.-7.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2000 ----a-w- c:\windows\system32\world\1l\13\c.-7.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2143 ----a-w- c:\windows\system32\world\1l\14\c.-7.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 2315 ----a-w- c:\windows\system32\world\1l\15\c.-7.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2725 ----a-w- c:\windows\system32\world\1l\16\c.-7.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2178 ----a-w- c:\windows\system32\world\1l\17\c.-7.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2364 ----a-w- c:\windows\system32\world\1l\18\c.-7.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2101 ----a-w- c:\windows\system32\world\1l\19\c.-7.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2650 ----a-w- c:\windows\system32\world\1l\1a\c.-7.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 3171 ----a-w- c:\windows\system32\world\1l\1b\c.-7.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3112 ----a-w- c:\windows\system32\world\1l\1c\c.-7.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3002 ----a-w- c:\windows\system32\world\1l\1d\c.-7.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 2985 ----a-w- c:\windows\system32\world\1l\1e\c.-7.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 2840 ----a-w- c:\windows\system32\world\1l\1f\c.-7.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3471 ----a-w- c:\windows\system32\world\1l\1g\c.-7.-c.dat
2010-10-31 23:20 . 2010-10-31 23:20 2633 ----a-w- c:\windows\system32\world\1l\1h\c.-7.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1647 ----a-w- c:\windows\system32\world\1l\1j\c.-7.-9.dat
2010-10-31 23:20 . 2010-10-31 23:20 1365 ----a-w- c:\windows\system32\world\1l\1n\c.-7.-5.dat
2010-10-31 23:20 . 2010-10-31 23:21 2471 ----a-w- c:\windows\system32\world\1l\x\c.-7.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 2678 ----a-w- c:\windows\system32\world\1l\y\c.-7.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 3344 ----a-w- c:\windows\system32\world\1l\z\c.-7.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 5221 ----a-w- c:\windows\system32\world\1m\10\c.-6.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 3646 ----a-w- c:\windows\system32\world\1m\11\c.-6.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 2849 ----a-w- c:\windows\system32\world\1m\12\c.-6.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1771 ----a-w- c:\windows\system32\world\1m\13\c.-6.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 2099 ----a-w- c:\windows\system32\world\1m\14\c.-6.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 1911 ----a-w- c:\windows\system32\world\1m\15\c.-6.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2092 ----a-w- c:\windows\system32\world\1m\16\c.-6.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2350 ----a-w- c:\windows\system32\world\1m\17\c.-6.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2132 ----a-w- c:\windows\system32\world\1m\18\c.-6.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2227 ----a-w- c:\windows\system32\world\1m\19\c.-6.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2288 ----a-w- c:\windows\system32\world\1m\1a\c.-6.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2759 ----a-w- c:\windows\system32\world\1m\1b\c.-6.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3569 ----a-w- c:\windows\system32\world\1m\1c\c.-6.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3686 ----a-w- c:\windows\system32\world\1m\1d\c.-6.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3202 ----a-w- c:\windows\system32\world\1m\1e\c.-6.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3309 ----a-w- c:\windows\system32\world\1m\1f\c.-6.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 3208 ----a-w- c:\windows\system32\world\1m\1g\c.-6.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2594 ----a-w- c:\windows\system32\world\1m\1h\c.-6.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1796 ----a-w- c:\windows\system32\world\1m\1i\c.-6.-a.dat
2010-10-31 23:20 . 2010-10-31 23:20 1373 ----a-w- c:\windows\system32\world\1m\1j\c.-6.-9.dat
2010-10-31 23:20 . 2010-10-31 23:21 2355 ----a-w- c:\windows\system32\world\1m\x\c.-6.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 3333 ----a-w- c:\windows\system32\world\1m\y\c.-6.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 4358 ----a-w- c:\windows\system32\world\1m\z\c.-6.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 4381 ----a-w- c:\windows\system32\world\1n\10\c.-5.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 3356 ----a-w- c:\windows\system32\world\1n\11\c.-5.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 3373 ----a-w- c:\windows\system32\world\1n\12\c.-5.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1935 ----a-w- c:\windows\system32\world\1n\13\c.-5.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 1964 ----a-w- c:\windows\system32\world\1n\14\c.-5.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 1970 ----a-w- c:\windows\system32\world\1n\15\c.-5.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 2081 ----a-w- c:\windows\system32\world\1n\16\c.-5.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2178 ----a-w- c:\windows\system32\world\1n\17\c.-5.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2077 ----a-w- c:\windows\system32\world\1n\18\c.-5.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2295 ----a-w- c:\windows\system32\world\1n\19\c.-5.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2248 ----a-w- c:\windows\system32\world\1n\1a\c.-5.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2486 ----a-w- c:\windows\system32\world\1n\1b\c.-5.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3506 ----a-w- c:\windows\system32\world\1n\1c\c.-5.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3127 ----a-w- c:\windows\system32\world\1n\1d\c.-5.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3194 ----a-w- c:\windows\system32\world\1n\1e\c.-5.-e.dat
2010-10-31 23:20 . 2010-10-31 23:21 3385 ----a-w- c:\windows\system32\world\1n\1f\c.-5.-d.dat
2010-10-31 23:20 . 2010-10-31 23:20 3889 ----a-w- c:\windows\system32\world\1n\1g\c.-5.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 3278 ----a-w- c:\windows\system32\world\1n\1h\c.-5.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 2343 ----a-w- c:\windows\system32\world\1n\1i\c.-5.-a.dat
2010-10-31 23:20 . 2010-10-31 23:20 1468 ----a-w- c:\windows\system32\world\1n\1l\c.-5.-7.dat
2010-10-31 23:20 . 2010-10-31 23:20 1485 ----a-w- c:\windows\system32\world\1n\1o\c.-5.-4.dat
2010-10-31 23:20 . 2010-10-31 23:21 2463 ----a-w- c:\windows\system32\world\1n\x\c.-5.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 3673 ----a-w- c:\windows\system32\world\1n\y\c.-5.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 5116 ----a-w- c:\windows\system32\world\1n\z\c.-5.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 4472 ----a-w- c:\windows\system32\world\1o\10\c.-4.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 4150 ----a-w- c:\windows\system32\world\1o\11\c.-4.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 3373 ----a-w- c:\windows\system32\world\1o\12\c.-4.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 2271 ----a-w- c:\windows\system32\world\1o\13\c.-4.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 1990 ----a-w- c:\windows\system32\world\1o\14\c.-4.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 1896 ----a-w- c:\windows\system32\world\1o\15\c.-4.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 1854 ----a-w- c:\windows\system32\world\1o\16\c.-4.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 2013 ----a-w- c:\windows\system32\world\1o\17\c.-4.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 2159 ----a-w- c:\windows\system32\world\1o\18\c.-4.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2159 ----a-w- c:\windows\system32\world\1o\19\c.-4.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2389 ----a-w- c:\windows\system32\world\1o\1a\c.-4.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2522 ----a-w- c:\windows\system32\world\1o\1b\c.-4.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 3259 ----a-w- c:\windows\system32\world\1o\1c\c.-4.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3099 ----a-w- c:\windows\system32\world\1o\1d\c.-4.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3178 ----a-w- c:\windows\system32\world\1o\1e\c.-4.-e.dat
2010-10-31 23:20 . 2010-10-31 23:20 4466 ----a-w- c:\windows\system32\world\1o\1f\c.-4.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 4053 ----a-w- c:\windows\system32\world\1o\1g\c.-4.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 2437 ----a-w- c:\windows\system32\world\1o\1h\c.-4.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1998 ----a-w- c:\windows\system32\world\1o\1i\c.-4.-a.dat
2010-10-31 23:20 . 2010-10-31 23:20 1363 ----a-w- c:\windows\system32\world\1o\1m\c.-4.-6.dat
2010-10-31 23:20 . 2010-10-31 23:20 1350 ----a-w- c:\windows\system32\world\1o\1n\c.-4.-5.dat
2010-10-31 23:20 . 2010-10-31 23:20 1256 ----a-w- c:\windows\system32\world\1o\1q\c.-4.-2.dat
2010-10-31 23:20 . 2010-10-31 23:20 1061 ----a-w- c:\windows\system32\world\1o\1r\c.-4.-1.dat
2010-10-31 23:20 . 2010-10-31 23:21 2869 ----a-w- c:\windows\system32\world\1o\x\c.-4.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 3360 ----a-w- c:\windows\system32\world\1o\y\c.-4.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 4954 ----a-w- c:\windows\system32\world\1o\z\c.-4.-t.dat
2010-10-31 23:20 . 2010-10-31 23:21 2697 ----a-w- c:\windows\system32\world\1p\10\c.-3.-s.dat
2010-10-31 23:20 . 2010-10-31 23:21 2625 ----a-w- c:\windows\system32\world\1p\11\c.-3.-r.dat
2010-10-31 23:20 . 2010-10-31 23:21 1936 ----a-w- c:\windows\system32\world\1p\12\c.-3.-q.dat
2010-10-31 23:20 . 2010-10-31 23:21 1694 ----a-w- c:\windows\system32\world\1p\13\c.-3.-p.dat
2010-10-31 23:20 . 2010-10-31 23:21 1685 ----a-w- c:\windows\system32\world\1p\14\c.-3.-o.dat
2010-10-31 23:20 . 2010-10-31 23:21 1755 ----a-w- c:\windows\system32\world\1p\15\c.-3.-n.dat
2010-10-31 23:20 . 2010-10-31 23:21 1607 ----a-w- c:\windows\system32\world\1p\16\c.-3.-m.dat
2010-10-31 23:20 . 2010-10-31 23:21 1727 ----a-w- c:\windows\system32\world\1p\17\c.-3.-l.dat
2010-10-31 23:20 . 2010-10-31 23:21 1617 ----a-w- c:\windows\system32\world\1p\18\c.-3.-k.dat
2010-10-31 23:20 . 2010-10-31 23:21 2191 ----a-w- c:\windows\system32\world\1p\19\c.-3.-j.dat
2010-10-31 23:20 . 2010-10-31 23:21 2150 ----a-w- c:\windows\system32\world\1p\1a\c.-3.-i.dat
2010-10-31 23:20 . 2010-10-31 23:21 2456 ----a-w- c:\windows\system32\world\1p\1b\c.-3.-h.dat
2010-10-31 23:20 . 2010-10-31 23:21 2686 ----a-w- c:\windows\system32\world\1p\1c\c.-3.-g.dat
2010-10-31 23:20 . 2010-10-31 23:21 3340 ----a-w- c:\windows\system32\world\1p\1d\c.-3.-f.dat
2010-10-31 23:20 . 2010-10-31 23:21 3010 ----a-w- c:\windows\system32\world\1p\1e\c.-3.-e.dat
2010-10-31 23:20 . 2010-10-31 23:20 3626 ----a-w- c:\windows\system32\world\1p\1f\c.-3.-d.dat
2010-10-31 23:20 . 2010-10-31 23:21 2979 ----a-w- c:\windows\system32\world\1p\1g\c.-3.-c.dat
2010-10-31 23:20 . 2010-10-31 23:21 1917 ----a-w- c:\windows\system32\world\1p\1h\c.-3.-b.dat
2010-10-31 23:20 . 2010-10-31 23:20 1576 ----a-w- c:\windows\system32\world\1p\1p\c.-3.-3.dat
2010-10-31 23:20 . 2010-10-31 23:21 3139 ----a-w- c:\windows\system32\world\1p\x\c.-3.-v.dat
2010-10-31 23:20 . 2010-10-31 23:21 3631 ----a-w- c:\windows\system32\world\1p\y\c.-3.-u.dat
2010-10-31 23:20 . 2010-10-31 23:21 2768 ----a-w- c:\windows\system32\world\1p\z\c.-3.-t.dat
2010-10-31 23:20 . 2010-10-31 23:20 1044 ----a-w- c:\windows\system32\world\1q\1m\c.-2.-6.dat
2010-10-31 23:20 . 2010-10-31 23:20 1234 ----a-w- c:\windows\system32\world\1r\1q\c.-1.-2.dat
2010-10-31 23:20 . 2010-10-31 23:20 1329 ----a-w- c:\windows\system32\world\1r\1r\c.-1.-1.dat
2010-10-31 23:20 . 2010-10-31 23:21 128 ----a-w- c:\windows\system32\world\level.dat
2010-10-31 23:20 . 2010-10-31 23:21 128 ----a-w- c:\windows\system32\world\level.dat_old
2010-10-31 23:20 . 2010-10-31 23:20 8 ----a-w- c:\windows\system32\world\session.lock


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-10-28 03:40 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-08-26 03:18 16986112 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:37 13939816 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 20:37 110696 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-16 01:47 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-16 20:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-25 716272]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 870400]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Upromise TurboSaver: FFToolbar@upromise - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\extensions\FFToolbar@upromise
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 21:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

LVPrcSrv.exe [11784]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2005747108-265105218-770747461-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ad,0a,cb,11,7d,d5,61,05,c0,bb,af,e0,78,2f,dd,01,60,75,72,29,30,8c,d5,
10,2b,7c,b1,7d,2f,66,a7,54,95,e7,33,8f,24,df,db,e3,9b,68,88,6e,9f,16,f7,5a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-2005747108-265105218-770747461-1000\Software\SecuROM\License information*]
"datasecu"=hex:90,33,0e,4a,14,04,4b,f2,b1,c2,d9,61,aa,f3,ee,ea,d3,0d,52,af,4a,
ff,fa,03,f4,d0,2a,c6,9c,a5,a5,06,5a,42,50,a2,74,77,40,75,71,1e,d8,f7,18,c6,\
"rkeysecu"=hex:cc,f4,92,e9,03,43,07,a5,be,88,15,1f,a2,23,b0,4b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(8820)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nvshext.dll
c:\windows\system32\nvapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-11-28 22:05:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 03:05
ComboFix2.txt 2009-12-27 19:51

Pre-Run: 330,019,061,760 bytes free
Post-Run: 329,980,207,104 bytes free

- - End Of File - - 7CEBDCEB4F53F7F03E722863296AE468
 
I almost forgot to mention this: I'm pretty sure I know where the server.exe file came from. I'm pretty sure it was affiliated with a download I got from this site: http://minecraft.net/download.jsp

Minecraft is a game and the file that I downloaded allowed multi-player access by hosting a server. The file was coded by to work with the game and that game alone, which is why it probably came up as suspicious.
 
Last edited by a moderator:
Hello rustygun01 :),

A few more steps and we will be done.

Regarding Windows Defender, I just wanted to make sure. If it is running OK, then there is no problem.

Good to know about the server.exe file. It's location is not a very good one, thus I wanted to find out if the file is malicious or otherwise.

About this folder; c:\windows\system32\world, do you have any idea which program is using it or what the folder is for?

--------------------

FF - Extension: Upromise TurboSaver: FFToolbar@upromise - c:\users\rusty\AppData\Roaming\Mozilla\Firefox\Profiles\gkru7vam.default\extensions\FFToolbar@upromise
Click to expand...
Have a look here to see if you decide to keep this toolbar.

--------------------

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the answer to my question about the folder
2. MBAM report
 
The World folder is also associated with Minecraft.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/29/2010 2:40:47 PM
mbam-log-2010-11-29 (14-40-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 324523
Time elapsed: 1 hour(s), 19 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hello rustygun01 :),

Please update your Adobe Reader to the latest.
  • Open Adobe Reader.
  • Go to Help on the pull down menu, then select Check for Updates....
  • Continue accordingly and close it when done.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 13

  • Go to the Java SE download page. Click here.
  • Look for JDK 6 Update 22 (JDK or JRE). Click the Download JRE button to the right.
  • Select Windows from the drop-down list for Platform.
  • Check I agree to the Java SE Runtime Environment 6u22 with JavaFX License Agreement after reading it, and click Continue >>. The page will refresh.
  • Under the Windows Offline Installation title, click on the link which says jre-6u22-windows-i586.exe and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

If you no longer use the Minecraft program, you may want to remove the files or folders associated with it.

Please post a new DDS log.
 
Sorry about the late response.


DDS (Ver_10-11-27.01) - NTFSx86
Run by rusty at 18:30:10.96 on Tue 11/30/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1868 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\rusty\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Upromise TurboSaver: FFToolbar@upromise - c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\extensions\FFToolbar@upromise
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\rusty\appdata\roaming\mozilla\firefox\profiles\gkru7vam.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-11-28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-11-28 190416]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-4-1 21504]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-1 20328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-9-2 33792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-24 870400]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-11-28 99792]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-11-28 340048]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-28 50768]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-28 40384]
S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-11-28 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-28 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-4-1 21504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-30 21:00:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-30 21:00:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-30 20:46:18 -------- d-----w- c:\progra~2\McAfee Security Scan
2010-11-30 20:46:16 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-30 07:23:44 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1cafd54-5696-446c-8a49-d6f11722c769}\mpengine.dll
2010-11-29 18:20:27 -------- d-----w- c:\users\rusty\appdata\roaming\Malwarebytes
2010-11-29 18:20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 18:20:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 18:20:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 18:20:19 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-29 03:55:32 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-11-29 03:55:31 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-11-29 03:54:44 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-11-29 03:54:40 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-29 03:54:05 38848 ----a-w- c:\windows\avastSS.scr
2010-11-29 03:54:05 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-11-29 03:05:27 -------- d-----w- c:\users\rusty\appdata\local\temp
2010-11-29 02:57:53 -------- d-----w- C:\$RECYCLE.BIN
2010-11-26 01:49:00 14352 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-11-24 21:42:48 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-23 07:39:01 -------- d-----w- c:\program files\VS Revo Group
2010-11-22 17:26:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-22 17:23:28 -------- d-----w- C:\MGADiagToolOutput
2010-11-21 20:46:58 -------- d-----w- C:\AdobeTemp
2010-11-11 20:38:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-10 17:49:36 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-10 17:49:36 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-08 12:46:04 -------- d-----w- c:\progra~2\Alwil Software
2010-11-07 21:13:48 15256 ----a-w- c:\users\rusty\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-06 21:40:50 -------- d-----w- c:\progra~2\Tunngle
2010-11-06 21:40:40 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2010-11-06 01:30:34 -------- d-----w- c:\users\rusty\.thumbnails
2010-11-02 14:41:24 -------- d-----w- c:\users\rusty\appdata\local\Minecraft_Tools_Team
2010-11-02 14:38:24 -------- d-----w- c:\users\rusty\appdata\roaming\mts

==================== Find3M ====================

2010-11-08 06:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

============= FINISH: 18:30:48.04 ===============
 
Hello rustygun01 :),

I see Avast installed, but not running. Did you disable it? It is alright to have it activated now as we are done. In fact, you should keep it active always unless you are asked to disable the Antivirus when receiving help. Even so, most of the time the unprotected period would be minimal.

As you already have Avast, I suggest you to uninstall McAfee Security Scan. It must have found its way to your computer when you are updating Adobe Reader.

--------------------

For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please backup your registry with ERUNT.

Remove orphaned reg entries
  • Open Notepad. Copy and paste the following text into it:
    Code: 
    @echo off
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" /f
del %0
  • Save it as OrpDel.bat on the desktop. Make sure the Save as type: is All Files (*.*).
  • Double click on OrpDel.bat to run it. Allow if prompted by any security software.

--------------------

Re-enable CD Emulation drivers
  • Double click on DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A Finished! message will appear, then click OK.
  • DeFogger will now ask to reboot the machine, click OK.
  • Your CD Emulation drivers are now re-enabled.

If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Delete the CKScanner, GMER (s6j75x23.exe) and DeFogger files on your desktop.
  • Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows Vista to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you wish to use WinPatrol, please uninstall Spybot and Windows Defender. If you opt not to use it, you should choose one between Spybot and Windows Defender to keep, activate the real time protection and uninstall the other. Keeping only one prevents conflict and hogging of resources.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

11. Also look up PC Safety and Security - What Do I Need? By Glaswegian, How to prevent malware: By miekiemoes, So how did I get infected in the first place? By Tony Klein and Microsoft Online Safety.

Stay safe.
 
You must log in or register to reply here.
Back
Top