View Full Version : I have Zlob DNS changer, help!
zombiepower
2008-10-22, 19:49
I did all the steps said in the "Before you post"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:33, on 22/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MFP_DELL\deMntrService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98328B91-5B35-404F-BC75-A6A559CD75D9}: NameServer = 85.255.112.179;85.255.112.78
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdump.exe
--
End of file - 13617 bytes
Hi zombiepower
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Post:
- a fresh HijackThis log
- mbam report
zombiepower
2008-10-23, 18:03
I did the scan, and restarted the computer as prompted. Here is the log
(p.s thank you for the reply!)
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1
23/10/2008 16:58:44
mbam-log-2008-10-23 (16-58-44).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 216518
Time elapsed: 1 hour(s), 1 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
zombiepower
2008-10-23, 18:06
sorry forgot to post hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:40, on 22/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MFP_DELL\deMntrService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98328B91-5B35-404F-BC75-A6A559CD75D9}: NameServer = 85.255.112.179;85.255.112.78
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdump.exe
--
End of file - 13617 bytes
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark these:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
O17 - HKLM\System\CCS\Services\Tcpip\..\{98328B91-5B35-404F-BC75-A6A559CD75D9}: NameServer = 85.255.112.179;85.255.112.78
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdump.exe
Close all windows including browser and press fix checked.
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).
Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\Windows\system32\kdump.exe
:services
Windows Tribute Service
:commands
[EmptyTemp]
Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post:
- a fresh hijackthis log
- otmoveit3 log
zombiepower
2008-10-23, 18:45
I copied the lines, and pasted under the yellow bar. Clicked the move it button, and it said i need to restart my computer. So i did, only my computer did not fully turn on. It says replace the disk then press any key to continue after the initial dell loading screen. I'm writing this on my brother's PC. Help!!
Sorry to hear that.
I see nothing which could have caused that, unfortunately.
Please see here (http://windowshelp.microsoft.com/Windows/en-US/Help/cdb4c0dd-5698-4197-b906-d6a6d413621d1033.mspx)
how to use Last Known Good Configuration and post back if it helped.
zombiepower
2008-10-23, 19:13
ok panic over. After rebooting 5 times then running a system test and rebooting another 5 times my computer turned on. Still scary though, i don't want to restart my PC anymore O_O.
I had to get the program from my brothers computer firstly then copy it on a usb stick then copy to my computer. Now when i load up the program, the log appears of before my computer restarted. Not aftwards:
========== FILES ==========
File/Folder C:\Windows\system32\kdump.exe not found.
========== SERVICES/DRIVERS ==========
Service Windows Tribute Service stopped successfully.
Service Windows Tribute Service deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\ZOMBIE~1\AppData\Local\Temp\etilqs_XH2AsW0M3PQEfS5gpMct scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\gnserv.dat scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\spserv.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10232008_173447
Files moved on Reboot...
File C:\Users\ZOMBIE~1\AppData\Local\Temp\etilqs_XH2AsW0M3PQEfS5gpMct not found!
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\urlclassifier3.sqlite scheduled to be moved on reboot.
Files moved on Reboot...
File C:\Users\ZOMBIE~1\AppData\Local\Temp\etilqs_XH2AsW0M3PQEfS5gpMct not found!
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\urlclassifier3.sqlite scheduled to be moved on reboot.
and the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:11, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\MFP_DELL\deMntrService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98328B91-5B35-404F-BC75-A6A559CD75D9}: NameServer = 85.255.112.179;85.255.112.78
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdump.exe
--
End of file - 12804 bytes
Nice to hear that it works again :)
But fix failed.
Let's try this:
Download Avenger (http://swandog46.geekstogo.com/avenger2/download.php) by Swandog and unzip it to your Desktop.
Note: This program must be run from an account with Administrator priviledges.
Open the Avenger folder and double click Avenger.exe to launch the program.
Copy the text in the code box below and Paste it into the Input script here: box.
Files to delete:
C:\Windows\system32\kdump.exe
C:\Windows\temp\921.tmp
Drivers to delete:
Windows Tribute Service
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Ensure the following:
Scan for Rootkits is checked.
Automatically disable any rootkits found is Unchecked.
Press the Execute key.
Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
Post the log back here please. (it can also be found at C:\avenger.txt)
After that, run a quick scan with mbam.
Post:
- a fresh HijackThis log
- mbam report
- C:\avenger.txt
zombiepower
2008-10-23, 19:25
thank you for the reply. However I cannot get to that link either. I had the same problem with the moveit link. Firefox says page dosn't exist, same with IE. Is there any other way I could get the file?
(maybe email?)
I think that usb stick could then be the easiest way.
zombiepower
2008-10-25, 01:25
ok i got the program. (i'll just use my bro's internet for any more programs).
Used the program, here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:53, on 25/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
--
End of file - 10554 bytes
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1
25/10/2008 00:19:07
mbam-log-2008-10-25 (00-19-07).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 216250
Time elapsed: 1 hour(s), 1 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{98328b91-5b35-404f-bc75-a6a559cd75d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.179;85.255.112.78 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\kdump.exe" deleted successfully.
Error: file "C:\Windows\temp\921.tmp" not found!
Deletion of file "C:\Windows\temp\921.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "Windows Tribute Service" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Looks much better :)
Open HijackThis, click do a system scan only and checkmark this:
O4 - HKLM\..\Run: [921.tmp] C:\Windows\temp\921.tmp
Close all windows including browser and press fix checked.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
zombiepower
2008-10-25, 22:08
here is the kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 25, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 16:08:22
Records in database: 1345978
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 226891
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:46:45
File name / Threat name / Threats count
C:\Users\Zombiepower\Documents\Azureus Downloads\PowerISO.Version4.0+KeyGen\PowerISO4_1.exe Infected: Trojan-Downloader.Win32.Agent.addc 1
C:\Users\Zombiepower\Documents\Azureus Downloads\PowerISO.Version4.0+KeyGen\PowerISO4_1.exe Infected: Trojan-Downloader.Win32.Agent.abxs 1
C:\Users\Zombiepower\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyWare2008.ag 1
D:\autorun.inf Infected: Worm.Win32.AutoRun.onp 1
The selected area was scanned.
and the new hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:26, on 25/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
--
End of file - 10479 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
zombiepower
2008-10-26, 11:44
here be the list:
7-Zip 4.57
Adobe After Effects CS3
Adobe After Effects CS3
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Animation 1.0
AoA Audio Extractor 1.0
AppCore
Apple Mobile Device Support
Apple Software Update
ArtRage 2
ASIO4ALL
AV
AVI Codec Pack
Badongo
Battlefield 2142
Bonjour
BT Yahoo! Applications
ccCommon
Cheetah IPod Video Converter
Cole2k Media - Codec Pack (Advanced) 7.1.0
Coral Reef 3D Screensaver 1.0
Dell Resource CD
Digimax Converter
DirectXInstallService
Fiesta
FL Studio 7
Free iPod Video Converter 1.26
Google Toolbar for Internet Explorer
Google Updater
Half-Life(R) 2
HijackThis 2.0.2
IL Download Manager
Intel(R) Network Connections 13.0.42.0
Intel(R) Network Connections 13.0.42.0
Intel® Matrix Storage Manager
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 4.12.3
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Maya 8.5 Personal Learning Edition
Maya 8.5 Personal Learning Edition Documentation (en_US)
MFZ0 codec (Remove Only)
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
Outspark Sharp Launcher
PDF Settings
Pen Tablet
PowerISO
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Samsung USB Driver
Satellite TV for PC
Sentinel Protection Installer 7.4.0
SigmaTel Audio
Source Dedicated Server
Source SDK
Source SDK Base
SPBBC 32bit
Spybot - Search & Destroy
Steam(TM)
Swift 3D v5.00
Videora iPod Converter 3.07
Vuze
Windows Installer Clean Up
Windows Media Player Firefox Plugin
XBCD 360 0.2.5
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire PRO 4.12.3
Vuze
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
You will need to uninstall also this as it appears not be legit:
PowerISO
Please run a new uninstall list scan when finished and post the log back here.
zombiepower
2008-10-26, 13:42
kk, uninstalled limewire, vuze and poweriso. Here's the new list:
7-Zip 4.57
Adobe After Effects CS3
Adobe After Effects CS3
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Animation 1.0
AoA Audio Extractor 1.0
AppCore
Apple Mobile Device Support
Apple Software Update
ArtRage 2
ASIO4ALL
AV
AVI Codec Pack
Badongo
Battlefield 2142
Bonjour
BT Yahoo! Applications
ccCommon
Cheetah IPod Video Converter
Cole2k Media - Codec Pack (Advanced) 7.1.0
Coral Reef 3D Screensaver 1.0
Dell Resource CD
Digimax Converter
DirectXInstallService
Fiesta
FL Studio 7
Free iPod Video Converter 1.26
Google Toolbar for Internet Explorer
Google Updater
Half-Life(R) 2
HijackThis 2.0.2
IL Download Manager
Intel(R) Network Connections 13.0.42.0
Intel(R) Network Connections 13.0.42.0
Intel® Matrix Storage Manager
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Maya 8.5 Personal Learning Edition
Maya 8.5 Personal Learning Edition Documentation (en_US)
MFZ0 codec (Remove Only)
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
Outspark Sharp Launcher
PDF Settings
Pen Tablet
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Samsung USB Driver
Satellite TV for PC
Sentinel Protection Installer 7.4.0
SigmaTel Audio
Source Dedicated Server
Source SDK
Source SDK Base
SPBBC 32bit
Spybot - Search & Destroy
Steam(TM)
Swift 3D v5.00
Videora iPod Converter 3.07
Windows Installer Clean Up
Windows Media Player Firefox Plugin
XBCD 360 0.2.5
Open HijackThis, click do a system scan only and checkmark these:
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
Close all windows including browser and press fix checked.
Reboot.
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).
Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\Users\Zombiepower\Documents\Azureus Downloads
C:\Users\Zombiepower\Downloads\setupxv.exe
D:\autorun.inf
:commands
[EmptyTemp]
Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post:
- a fresh HijackThis log
- otmoveit3 log
zombiepower
2008-10-26, 14:56
hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:18, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\notepad.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
--
End of file - 9900 bytes
move it log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:18, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\notepad.exe
C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesound.org/searchText.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://208.0.229.84/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://67.154.21.186:8002/bl_camera.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ZOMBIE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
--
End of file - 9900 bytes
zombiepower
2008-10-26, 14:58
woops just posted the hickack this log twice =P
heres the move it log:
========== FILES ==========
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\weapons\rocket moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\weapons\portalgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\weapons\physcannon moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\weapons\alyx_gun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\vo\escape moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\vo\aperture_ai moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\vo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\player moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\npc\turret_floor moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\npc moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\music moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\commentary moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\ambient\wind moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\ambient\music moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\ambient\machines moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\ambient\alarms moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound\ambient moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\sound moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\vehicles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\talker moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\screens moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\colorcorrection moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\challenges moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts\advanced_chambers moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scripts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scenes\test_chamber moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scenes\general moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scenes\escape moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scenes\chell moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\scenes moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\SAVE moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\reslists moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\particles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\vehicles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props_junk moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props_bts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props_animsigns moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\water_bottle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_wave moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_tjunc01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_terminate01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_horiz moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_corner02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_corner moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_bend03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_bend02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\wall_pipes_bend01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\vert_door moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\speaker_system01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\sign_frame02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\sign_frame01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\shelf128 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\server_wall moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\saucepan moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\rot_door moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\pc_case_open moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\pc_case02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\milk_carton moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_shelf_small moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_shelf moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_monitor_pose01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_desk05 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_desk04 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_desk03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_desk02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_desk01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\lab_chair moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\kb_mouse moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\glados_pillar moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\glados_ceiling_light moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\food_can moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\elevator_caps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\elevatorshaft_wall moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\claw moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\cake moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\bts_bed moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\autoportal_frame moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set10 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set09 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set08 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set07 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set06 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set05 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set04 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props\128_fuse_set01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\props moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\portals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\player moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\gladdysdestruction moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models\extras moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\slideshow\glados moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\slideshow moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\screens moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\medals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\chapters moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\bonusmaps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui\achievements moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\vgui moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\tile moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\sprites\hud moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\sprites moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\slides moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\skybox moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\signage\summary_sign moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\signage\indicator_lights moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\signage\clock moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\signage moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\plastic moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\particle\smoke1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\particle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\overlays moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\objects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\nature moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\weapons\w_models\portalgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\weapons\w_models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\weapons\v_models\v_portalgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\weapons\v_models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_wasteland moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_facemovie\wet_floor_sign moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_facemovie moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_canal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_c17 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_bts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props_animsigns moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\water_bottle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_wave moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_tjunc01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_terminate01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_horiz moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_corner moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_bend03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_bend02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\wall_pipes_bend01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\vert_door moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\speaker_system01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\sign_frame02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\sign_frame01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\shelf128 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\server_wall moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\saucepan moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\rot_door moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\pc_case_open moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\pc_case02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\milk_carton moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_shelf_small moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_shelf moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_monitor moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_desk05 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_desk04 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_desk03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_desk02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_desk01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\lab_chair moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\kb_mouse moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\glados_pillar moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\glados_ceiling_light moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\food_can moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\elevator_caps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\elevatorshaft_wall moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\claw moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\cake moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\bts_bed moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\autoportal_frame moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set10 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set09 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set08 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set07 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set06 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set05 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set04 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set03 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set02 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props\128_fuse_set01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\props moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\portals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\player moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\gladdysdestruction moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\flag moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models\extras moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\metal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\lights moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\glass moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\engine moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\detail moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\decals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\correction moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\console moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials\concrete moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\materials moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\maps\soundcache moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\maps\graphs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\maps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\downloadlists moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\cfg moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal\bin moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\portal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\vgui\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\vgui\hud moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\vgui\fonts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\vgui moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\steam\games moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\steam moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\servers moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\scripts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\materials\vgui moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\materials\engine moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\materials\debug moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\materials moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\Friends moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\Demo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\config moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\admin moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\spades moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\hearts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\go moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\common\cards moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\common moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\chess moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns\checkers moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform\AddOns moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\platform moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\stunstick moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\sniper moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\smg1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\slam moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\shotgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\rpg moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\pistol moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\physcannon moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\irifle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\iceaxe moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\grenade moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\fx\tink moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\fx\rics moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\fx\nearmiss moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\fx moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\flaregun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\crowbar moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\crossbow moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\cguard moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\bugbait moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\ar2 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\ar1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons\357 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vo\npc\male01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vo\npc\female01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vo\npc moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vehicles\v8 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vehicles\crane moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vehicles\apc moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\vehicles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\UI moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\player\general moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\player\footsteps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\player moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\plats moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\wood moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\surfaces moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\rubber moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\plastic moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\plaster moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\metal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\glass moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\flesh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\concrete moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\cardboard moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics\body moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\physics moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\zombie moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\turret_wall moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\turret_floor moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\overwatch\radiovoice moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\overwatch moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\metropolice\vo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\metropolice moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\headcrab moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\combine_soldier\vo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\combine_soldier moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc\attack_helicopter moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\npc moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\items moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\hl1\fvox moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\hl1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\doors moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\common moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\buttons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\water moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\materials moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\machines moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\levels\streetwar moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\levels\citadel moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\levels\canals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\levels moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\gas moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\fire moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\explosions moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\energy moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\atmosphere moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient\alarms moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound\ambient moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\sound moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\shaders\vsh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\shaders\psh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\shaders\fxc moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\shaders moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\scripts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\resource\ui moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\particles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_wasteland moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_pipes moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_lab moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_junk moved successfully.
------
continued in next post (too long for one post)
zombiepower
2008-10-26, 14:59
and the rest!
-------------
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_debris moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_canal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_c17 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\props_building_details moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\items moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\gibs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models\effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\media moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\wood moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\voice moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\vgui\servers moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\vgui\resource moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\vgui\hud moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\vgui\fonts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\vgui moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\tools moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\sun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\sprites\hud moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\sprites\flames1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\sprites moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\skybox moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\shadertest moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\scripted moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\props moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\plaster moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\vistasmokev1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\splash01 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\smoke1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\particle_ring_wave_curl moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\midsidesprites moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_particle_8 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_particle_7 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_particle_6 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_particle_4 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_particle_2 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle\fire_burning_character moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\particle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\overlays moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\nature moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_stunbaton moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_smg1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_shotgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_rocket_launcher moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_pistol moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_physics moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_package moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_missile moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_irifle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_grenade moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_bullet moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_bugbait moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_annabelle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_alyx_gun_xsi moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\w_357 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_stunbaton moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_smg2 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_smg1 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_slam moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_shotgun moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_rocket_launcher moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_pistol moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_physcannon moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_irifle moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_hand moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_grenade moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_crowbar moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_crossbow moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_bugbait moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\v_357 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\stinger_missile moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\shell moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\rifle_shell moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\pistol_shell moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons\flare moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\roller moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_wasteland moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_trainstation moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_pipes moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_lab moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_junk moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_debris moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_canal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_c17 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\props_building_details moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\player moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\items moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\healthvial moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\gibs\woodgibs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\gibs\metalgibs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\gibs\hgibs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\gibs\glass moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\gibs moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\error moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\brokenglass moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models\blackout moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\models moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\metal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\lights moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\halflife moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\environment maps moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\engine moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\effects\comball moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\dev moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\detail moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\wood moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\sand moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\metal moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\glass moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\flesh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\concrete moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\bloodyflesh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\antlion moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals\alienflesh moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\decals moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\debug moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\console moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\concrete moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\cable moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\building_template moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials\brick moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\materials moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\expressions moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2\cfg moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\hl2 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL\bin moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman]\PoRTaL moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\[PC] Portal [RIP] [dopeman] moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\The.Mist[2007]DvDrip[Eng]-aXXo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Swift 3D v5.00.628+Keygen-HeartBug\Keygen moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Swift 3D v5.00.628+Keygen-HeartBug moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Sweeney.Todd-The.Demon.Barber.Of.Fleet.Street[2007]DvDrip[Eng]-aXXo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Pokemon seasons\Pokémon Season 1 - Indigo League moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Pokemon seasons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Miss.Potter.DVDRip.XviD-PosTX\Sub moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Miss.Potter.DVDRip.XviD-PosTX\Sample moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Miss.Potter.DVDRip.XviD-PosTX moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Mirrors.[2008.Eng].DVD.R5.Rip.DivX-LTT moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Harry.Potter.And.The.Order.Of.The.Phoenix[2007]DvDrip[Eng]-aXXo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\3082 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\3076 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\2070 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\2052 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1046 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1042 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1041 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1040 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1036 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1035 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1033 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1031 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON\1028 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\WATSON moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\SHADERS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\MAPS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\CONTROLS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\CONTENT\GALLERY moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo\CONTENT moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2\Halo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo2 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\3082 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\3076 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\2070 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\2052 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1046 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1042 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1041 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1040 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1036 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1035 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1033 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1031 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON\1028 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\WATSON moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\SHADERS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\MOD BACKUPS\RAINBOW moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\MOD BACKUPS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\Weapons moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\Vehicles moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\HUD--GAME moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\eNVIROMENT moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\Effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS\bUILDINGS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS\HALO SKINS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\MAPS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\CONTROLS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\CONTENT\GALLERY moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo\CONTENT moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\Halo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo\BACKUPS moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Halo moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\FL7xxl moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins\Fruity\Generators\Fruity Wrapper moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins\Fruity\Generators moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins\Fruity\Effects\Fruity Wrapper moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins\Fruity\Effects moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins\Fruity moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Plugins moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine\Help moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Engine moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL\Crack moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\FL moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Donnie Darko Original Soundtrack+Score\Score moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Donnie Darko Original Soundtrack+Score\Original Soundtrack moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Donnie Darko Original Soundtrack+Score moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Death Note [Xvid DVDRip Complete 1-37 Jap EngSub] [polabar][h33t] moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Coral Reef 3D Screensaver Incl Serial moved successfully.
Folder move failed. C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe_Fireworks_CS3_v9 scheduled to be moved on reboot.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe CS3 crack\Adobe CS3 crack moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe CS3 crack moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\media\img moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\media\css moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\media moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\common\scripts moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\common\alert moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources\common moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\resources moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\redist moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\BridgeStartMeeting moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeXMPPanelsDVAAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeXMPPanelsAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeVideoProfilesAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeVersionCueClient3All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeTypeSupportAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobePDFL8All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeMotionPictureAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeLinguisticsAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeHelpViewerAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeFontsAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeExtendScriptToolKitAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3 moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeDeviceCentralAll\oem moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeDeviceCentralAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeDefaultLanguageCS3All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeColorPhotoshopAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeColorCommonSetAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeCMapsAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeCameraRaw4.0All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeBridge2All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeAUM5.1All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeAssetServices3All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeALMAnchorServiceAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeAfterEffects8PresetsAll moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads\AdobeAfterEffects8All moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\payloads moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\deployment moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\Crack\CRACK MKDEV TEAM ILEFX moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack\Crack moved successfully.
C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe After Effects CS3 Professional 2008 PC + Crack moved successfully.
Folder move failed. C:\Users\Zombiepower\Documents\Azureus Downloads scheduled to be moved on reboot.
C:\Users\Zombiepower\Downloads\setupxv.exe moved successfully.
File/Folder D:\autorun.inf not found.
========== COMMANDS ==========
File delete failed. C:\Users\ZOMBIE~1\AppData\Local\Temp\etilqs_GLpUDTYxLoZofmT91QQ9 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\gnserv.dat scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\spserv.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_134016
Files moved on Reboot...
Folder move failed. C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe_Fireworks_CS3_v9 scheduled to be moved on reboot.
Folder move failed. C:\Users\Zombiepower\Documents\Azureus Downloads\Adobe_Fireworks_CS3_v9 scheduled to be moved on reboot.
Folder move failed. C:\Users\Zombiepower\Documents\Azureus Downloads scheduled to be moved on reboot.
File C:\Users\ZOMBIE~1\AppData\Local\Temp\etilqs_GLpUDTYxLoZofmT91QQ9 not found!
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.
C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Zombiepower\AppData\Local\Mozilla\Firefox\Profiles\gbvgslvd.default\urlclassifier3.sqlite moved successfully.
It appears that some of your Adobe products are not legit.
So next uninstall all Adobe CS3 programs and post back a fresh uninstall list, please.
zombiepower
2008-10-26, 15:23
Do I have to uninstall all of them? The problems started way after i got them, or is it just because they're not 100% legit
Because using illegal software is against forum rules (http://forums.spybot.info/showpost.php?p=25290&postcount=4):
"We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy."
And yes, you will need to uninstall all of them if you want to continue with cleaning :)
zombiepower
2008-10-26, 16:23
ok ok, done. The new list:
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Animation 1.0
AoA Audio Extractor 1.0
AppCore
Apple Mobile Device Support
Apple Software Update
Aqua Bubble 2
ArtRage 2
ASIO4ALL
AV
AVI Codec Pack
Badongo
Battlefield 2142
Bonjour
BT Yahoo! Applications
ccCommon
Cheetah IPod Video Converter
Cole2k Media - Codec Pack (Advanced) 7.1.0
Coral Reef 3D Screensaver 1.0
Dell Resource CD
Digimax Converter
DirectXInstallService
Fiesta
FL Studio 7
Free iPod Video Converter 1.26
Google Toolbar for Internet Explorer
Google Updater
Half-Life(R) 2
HijackThis 2.0.2
IL Download Manager
Intel(R) Network Connections 13.0.42.0
Intel(R) Network Connections 13.0.42.0
Intel® Matrix Storage Manager
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Maya 8.5 Personal Learning Edition
Maya 8.5 Personal Learning Edition Documentation (en_US)
MFZ0 codec (Remove Only)
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
NVIDIA Drivers
Outspark Sharp Launcher
Pen Tablet
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Samsung USB Driver
Satellite TV for PC
Sentinel Protection Installer 7.4.0
SigmaTel Audio
Source Dedicated Server
Source SDK
Source SDK Base
SPBBC 32bit
Spybot - Search & Destroy
Steam(TM)
Swift 3D v5.00
Videora iPod Converter 3.07
Windows Installer Clean Up
Windows Media Player Firefox Plugin
XBCD 360 0.2.5
Now it looks better :)
Uninstall this:
Java(TM) 6 Update 6
Still problems?
zombiepower
2008-10-26, 21:24
actually no! My searches on google are no longer redirected, my internet is faster, I can access sites that were unavailable before (like the moveit and avenger download page) and Malwarebytes' Anti-Malware now finds no infected files!
So, no problems at all =D
I'd like to thank you lots and lots for helping me, I would have had no idea how to remove the virus by myself :)
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.