• WELCOME
Welcome to the Myantispyware - free site offering help and assistance on spyware, malware and adware removal. As a guest you can only browse and view the various topics in the forums, but can not create a new topic and reply to an existing topic. If you are seeking help, you will need to be a logged into the forums with a registered account. Registering is free.
Click here to Create a free account and read How to use Spyware Removal Forum

WindowsRecovery malware issue

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Forum rules
Post a reply

WindowsRecovery malware issue

Postby aldorfc » Fri Mar 25, 2011 10:55 pm

Hi

Last night I unfortunately got this windows recovery program on my laptop. I used the instructions here to remove it : http://www.bleepingcomputer.com/virus-r ... s-recovery

the automated instructions that is. anyway it appears to have partially done the job in that it no longer pops up and appears no longer to be on my computer. however the program still seems to have messed up all my folders. for example under my documents, all my documents should ofcourse be there but they are not. However if I go into iTunes I can still play all my songs which means the files are still there and I can still go into MS Word and find all my documents.

Does anyone know how to resolve this so I can get my folders unscrambled?

Thanks.
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Fri Mar 25, 2011 11:16 pm

Hello, welcome to the Myantispyware forum.

Download TDSSKiller from here and unzip to your desktop.
Open tdsskiller folder and run TDSSKiller, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Post the contents of that file here.

Please also download OTL from here.

* Save it to your desktop.
* Double click on the icon on your desktop.
* Click the "Scan All Users" checkbox.
* Push the "Run Scan" button.
* The scan should take just a few minutes.
* Two reports will open (OTL.txt and Extra.txt).

Post both OTL logs. Post each log in separate post.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sat Mar 26, 2011 5:30 pm

Hi there

TDSSKiller found no infected files and no log file appeared


OTL logfile created on: 26/03/2011 17:20:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.15 Gb Free Space | 68.86% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.38 Gb Free Space | 43.55% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 17:19:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Downloads\OTL.exe
PRC - [2011/01/13 19:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 19:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 19:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 19:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/06/14 12:19:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/07/07 15:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 19:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/04/30 20:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 17:19:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/31 19:32:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/05/31 19:32:58 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/05/31 19:32:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 08:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/03/19 16:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 16:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/11/26 21:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/21 02:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/11 23:18:19 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdjcoms.exe -- (lxdj_device)
SRV:64bit: - [2007/06/11 23:18:05 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2011/01/13 19:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/11 23:18:00 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdjcoms.exe -- (lxdj_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/18 00:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/05/31 19:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/05/31 19:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/05/31 19:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/05/31 19:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/06/15 18:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/11 05:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 16:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 17:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/11/26 21:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/11/26 21:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/11/25 14:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/07 17:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008/09/15 17:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 17:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 17:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/21 02:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 08:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/09/18 21:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2830765
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2830765&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8c5878d0-6106-423b-aaa8-144c143dbf44}:3.3.3.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/02 10:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/26 09:59:59 | 000,000,000 | ---D | M]

[2009/12/25 06:03:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2011/03/20 16:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Bitlord 1.2 Community Toolbar) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com
[2011/03/15 12:26:48 | 000,000,925 | -H-- | M] () -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\searchplugins\conduit.xml
[2010/10/24 22:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/24 14:10:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/20 19:33:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/24 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/05/31 19:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/12 00:10:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/12 00:10:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/12 00:10:42 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/12 00:10:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100902110104.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100902110104.dll (McAfee, Inc.)
O2 - BHO: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxdjamon] C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe ()
O4:64bit: - HKLM..\Run: [lxdjmon.exe] File not found
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000..\Run: [WMPNSCFG] File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.euro.dell.com/systemprof ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 22:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/25 21:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/25 19:02:18 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\WinRAR
[2011/03/25 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/03/24 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2011/03/24 21:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/24 21:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/16 21:58:02 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/03/16 21:57:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/03/16 21:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/16 21:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/03/16 21:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/03/16 21:53:08 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/03/16 21:53:08 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/03/16 21:53:08 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/03/16 21:53:08 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/03/15 23:09:59 | 000,000,000 | -H-D | C] -- C:\Users\Alan\AppData\Roaming\Python-Eggs
[2011/03/15 23:09:56 | 000,000,000 | -H-D | C] -- C:\Users\Alan\AppData\Roaming\BitLord
[2011/03/15 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[2011/03/15 19:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/15 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Conduit
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitlord_1.2
[2011/03/15 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\BitLord
[2011/03/15 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitLord 1.2
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe
[2011/03/09 16:41:27 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 16:41:27 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 16:41:27 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/09 16:41:27 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/09 16:41:23 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 16:41:23 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 16:41:23 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/09 16:41:23 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 16:41:23 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 16:41:23 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 16:41:22 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2011/03/09 16:41:22 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/02/26 14:42:15 | 000,000,000 | -H-D | C] -- C:\Users\Alan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/24 17:41:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/02/24 17:41:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/02/24 17:38:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011/02/24 17:38:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2011/02/24 17:38:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2011/02/24 17:38:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2011/02/24 17:38:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011/02/24 17:38:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011/02/24 17:38:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2011/02/24 17:38:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011/02/24 17:38:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2011/02/24 17:38:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2011/02/24 17:38:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2011/02/24 17:38:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011/02/24 17:38:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2011/02/24 17:37:59 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2011/02/24 17:37:59 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2011/02/24 17:37:59 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2011/02/24 17:37:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011/02/24 17:37:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011/02/24 17:37:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011/02/24 17:37:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011/02/24 17:37:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011/02/24 17:37:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011/02/24 17:37:41 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2011/02/24 17:37:40 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2011/02/24 17:37:40 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011/02/24 17:37:40 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011/02/24 17:37:40 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011/02/24 17:37:38 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011/02/24 17:37:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011/02/24 17:37:37 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2011/02/24 17:37:37 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011/02/24 17:37:37 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/03/14 20:18:08 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjinpa.dll
[2010/03/14 20:18:08 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjiesc.dll
[2010/03/14 20:18:07 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpmui.dll
[2010/03/14 20:18:05 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjserv.dll
[2010/03/14 20:18:05 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjusb1.dll
[2010/03/14 20:18:04 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjppls.exe
[2010/03/14 20:18:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjprox.dll
[2010/03/14 20:18:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpplc.dll
[2010/03/14 20:18:03 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjhbn3.dll
[2010/03/14 20:18:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjlmpm.dll
[2010/03/14 20:18:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjih.exe
[2010/03/14 20:18:02 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomc.dll
[2010/03/14 20:18:02 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcoms.exe
[2010/03/14 20:18:02 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomm.dll
[2010/03/14 20:18:02 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcfg.exe
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 17:18:17 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe
[2011/03/26 16:55:50 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/03/26 16:45:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6B7571B-AD96-48CE-8888-4C1E044D2F08}.job
[2011/03/26 16:40:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 16:40:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/26 16:40:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/26 16:40:00 | 4258,115,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 00:44:47 | 000,308,090 | ---- | M] () -- C:\Users\Alan\Documents\mechengsubmit.pdf
[2011/03/25 00:40:06 | 000,300,752 | ---- | M] () -- C:\Users\Alan\Documents\mechengfinal.pdf
[2011/03/24 21:48:26 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~46456584r
[2011/03/24 21:48:26 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~46456584
[2011/03/24 21:15:22 | 000,000,392 | -H-- | M] () -- C:\ProgramData\46456584
[2011/03/20 14:04:37 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/20 14:04:37 | 000,608,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/20 14:04:37 | 000,109,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/17 17:35:42 | 000,322,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/16 01:19:25 | 000,000,218 | -H-- | M] () -- C:\Users\Alan\.recently-used.xbel
[2011/03/15 19:05:39 | 000,001,880 | ---- | M] () -- C:\Users\Alan\Desktop\BitLord.lnk
[2011/03/14 12:58:54 | 000,105,070 | -H-- | M] () -- C:\Users\Alan\Desktop\graphmince.pdf
[2011/03/14 12:56:11 | 000,086,238 | -H-- | M] () -- C:\Users\Alan\Desktop\howtowriteareport.pdf
[2011/03/14 12:54:38 | 000,232,234 | -H-- | M] () -- C:\Users\Alan\Desktop\errorcrap.pdf
[2011/03/14 12:50:59 | 000,341,109 | -H-- | M] () -- C:\Users\Alan\Desktop\MODEL.pdf
[2011/03/02 22:24:40 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 00:44:45 | 000,308,090 | ---- | C] () -- C:\Users\Alan\Documents\mechengsubmit.pdf
[2011/03/25 00:40:04 | 000,300,752 | ---- | C] () -- C:\Users\Alan\Documents\mechengfinal.pdf
[2011/03/24 21:48:26 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~46456584r
[2011/03/24 21:48:26 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~46456584
[2011/03/24 20:42:23 | 000,000,392 | -H-- | C] () -- C:\ProgramData\46456584
[2011/03/16 21:57:30 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/16 21:57:19 | 000,001,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/16 21:56:42 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/03/16 21:55:52 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/03/16 01:19:25 | 000,000,218 | -H-- | C] () -- C:\Users\Alan\.recently-used.xbel
[2011/03/15 19:05:39 | 000,001,880 | ---- | C] () -- C:\Users\Alan\Desktop\BitLord.lnk
[2011/03/14 12:58:54 | 000,105,070 | -H-- | C] () -- C:\Users\Alan\Desktop\graphmince.pdf
[2011/03/14 12:56:11 | 000,086,238 | -H-- | C] () -- C:\Users\Alan\Desktop\howtowriteareport.pdf
[2011/03/14 12:54:38 | 000,232,234 | -H-- | C] () -- C:\Users\Alan\Desktop\errorcrap.pdf
[2011/03/14 12:50:59 | 000,341,109 | -H-- | C] () -- C:\Users\Alan\Desktop\MODEL.pdf
[2011/02/24 17:37:44 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/02/24 17:37:44 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/02/24 17:37:44 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/02/24 17:37:44 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/02/24 17:37:44 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/02/24 17:37:44 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/06/04 10:18:44 | 000,000,226 | -H-- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2010/03/14 20:18:09 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\lxdjinst.dll
[2010/03/14 20:18:08 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdjcomx.dll
[2010/02/17 18:34:08 | 000,007,168 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 12:09:11 | 000,006,836 | -H-- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2010/01/06 15:57:37 | 000,000,000 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\DataSafeDotNet.exe
[2009/12/25 06:46:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/25 06:46:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/25 06:45:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/06 16:11:13 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/10/06 14:30:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/06 13:50:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/25 03:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 15:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 12:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 12:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 09:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sat Mar 26, 2011 5:31 pm

OTL Extras logfile created on: 26/03/2011 17:20:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.15 Gb Free Space | 68.86% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.38 Gb Free Space | 43.55% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = DC AA 69 F7 88 93 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{285D4ED5-A5B5-40EF-97EB-93FBF9BCB87B}" = rport=139 | protocol=6 | dir=out | app=system |
"{49C853D2-0AE3-4447-8B0B-FEB55735807E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AA590EE-ABFD-4B4F-9A5D-C72A14005A64}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{513C1CD2-E491-4253-92F8-1A94A6820AF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51B4B935-EC5B-4940-A367-75A44809A845}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{69414006-BB9E-40CF-9543-C39BFBC5639B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7917559C-43E3-43CB-BB95-1A082DC97344}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C17881E-C1B0-491F-BCD9-8297864861FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{9FEC2329-CEF1-4A80-A4BF-53A883E629AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5E855E3-4F8C-411E-A01C-73CB1CB28919}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB75C5CA-8294-44D2-9AB3-DD0CE9AAC9F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{D0A71BE7-2901-4127-BCEC-3120BAE1048D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D88AB26B-4127-4A59-8685-EB272700AFCD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E9F318FC-C96F-461C-B85F-5E28E689C1B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECE40799-39BF-4154-93A2-59FF967EF4B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0199043C-E65A-4301-B47F-736C8D10BEB1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{01FD831B-3287-44DF-8DAB-D9019ADD92A5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1B0F26E0-9705-4E47-AF71-8715B493BF40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{25869BF2-A015-44C5-BB2C-5E582EE13742}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{2D5F2A37-22B1-4B92-838C-9167CF4A0FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\app4r.exe |
"{3296E2A7-6AF1-4EE3-B89D-B0EB41A8E3C3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\app4r.exe |
"{3575FFE8-5DC9-44BE-9659-F74E7D29FD4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{362318F0-AB29-4DBE-B03B-5BB71847E7E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{36CB850E-25C6-439C-88EE-148C6E5B8409}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{40E5D421-2304-4776-A59D-D0E818189036}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{455E3D3E-2232-41CD-9B52-4618781714AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4926BCFC-63CC-4330-AAAE-A206F6D6C217}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 1.2\bitlord files\bitlord.exe |
"{4962E04C-5D25-41D1-B0DE-0E12226D6EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{58B6C54E-3A95-47F9-8CDA-53C699C754A7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{67ACFF6B-0A85-47F4-A746-1997FEB9EB8D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{6CA6583E-CF59-4E7B-B2CB-D0ACA7AE05FB}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{6DBC4337-B6E2-4446-8810-335F78ABC3E1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{703F24E2-D138-48CA-A101-1F9C86326CA7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{73C72F12-787D-49A4-8995-40B913900245}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{8F3AA2C1-4B5B-4C95-8AB8-394A86025A37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90A115F0-0858-42AB-B3C3-A20D50994DE7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{92F3144E-FBBB-4520-BB39-20BD07A21CE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{971F9141-7C42-45B5-A671-5702D06F7499}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 1.2\bitlord files\bitlord.exe |
"{AFCB7B15-BF39-4A6B-A6C3-AB07B17633EF}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B2A83342-0B60-4C0D-98B9-D0A39781C987}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{B37F5047-EA45-4C7E-8099-740D1B7B65B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B7E52EC4-A6D3-4485-BB57-0E787242BEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BC2EF899-B653-45BA-B200-AC4665B93D74}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{D64C39F2-8311-4D23-B153-042F2B04253B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D7890403-6DDC-4674-B724-C60B68F09799}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E98A2654-F9C2-4241-B044-05C86CFD83C2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{F068C96D-F556-42D7-A171-9B9683E9C6B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F74070BF-05CF-4DDF-8C68-ABA8F1A2F705}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{FF78B4EA-5E2E-41B2-8106-F5C5DBDDE08D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0AB3E41B-00C6-4095-8FC1-030950929676}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{987B64A4-363A-4650-935A-609BAB9B1DE5}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"Dell Support Center" = Dell Support Center
"Lexmark 1400 Series" = Lexmark 1400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AviSynth" = AviSynth 2.5
"BitLord" = BitLord 1.2
"Bitlord_1.2 Toolbar" = Bitlord 1.2 Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSC" = McAfee SecurityCenter
"Spotify" = Spotify
"STANDARD" = Microsoft Office Standard 2007
"Videora iPod Converter" = Videora iPod Converter 5.04
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2011 19:59:58 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 21/03/2011 20:12:48 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 21/03/2011 20:21:18 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 21/03/2011 20:47:57 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 21/03/2011 21:01:42 | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/03/2011 21:02:21 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 21/03/2011 21:17:01 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 22/03/2011 06:41:13 | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/03/2011 06:41:55 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 22/03/2011 06:44:47 | Computer Name = Alan-PC | Source = Windows Search Service | ID = 3083
Description =

[ Dell Events ]
Error - 05/10/2010 08:45:52 | Computer Name = Alan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 05/10/2010 09:00:53 | Computer Name = Alan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 05/10/2010 09:00:53 | Computer Name = Alan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/11/2010 12:31:13 | Computer Name = Alan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 25/03/2011 18:20:20 | Computer Name = Alan-PC | Source = bowser | ID = 8003
Description =

Error - 25/03/2011 18:21:27 | Computer Name = Alan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 25/03/2011 18:32:21 | Computer Name = Alan-PC | Source = bowser | ID = 8003
Description =

Error - 26/03/2011 12:41:10 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 26/03/2011 12:41:10 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/03/2011 12:45:31 | Computer Name = Alan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 26/03/2011 12:46:47 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 26/03/2011 12:49:34 | Computer Name = Alan-PC | Source = bowser | ID = 8003
Description =

Error - 26/03/2011 13:01:36 | Computer Name = Alan-PC | Source = bowser | ID = 8003
Description =

Error - 26/03/2011 13:13:39 | Computer Name = Alan-PC | Source = bowser | ID = 8003
Description =


< End of report >
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Sat Mar 26, 2011 5:48 pm

Please re-Run OTL,
Copy, and then paste the following text in "Paste Instructions for Items to be Moved/Custom Commands" window (under the blue bar):
Note: Your desktop may disappear during the clean-up, this is normal and to be expected.

Code: Select all
:Processes
killallprocesses

:OTL
IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2830765
FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2830765&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Bitlord 1.2 Community Toolbar) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com
[2011/03/15 12:26:48 | 000,000,925 | -H-- | M] () -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxdjmon.exe] File not found
O4 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O32 - AutoRun File - [2004/04/30 22:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
[2011/03/15 23:09:56 | 000,000,000 | -H-D | C] -- C:\Users\Alan\AppData\Roaming\BitLord
[2011/03/15 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[2011/03/15 19:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/15 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Conduit
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitlord_1.2
[2011/03/15 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\BitLord
[2011/03/15 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitLord 1.2
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011/03/24 21:48:26 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~46456584r
[2011/03/24 21:48:26 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~46456584
[2011/03/24 21:15:22 | 000,000,392 | -H-- | M] () -- C:\ProgramData\46456584
[2011/03/15 19:05:39 | 000,001,880 | ---- | M] () -- C:\Users\Alan\Desktop\BitLord.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[reboot]


Then click the "Run Fix" button, and let it run unhindered...
When asked to restart, click "Yes."

As I've found several new infections in your logs, I would like to analyze them further,
Please located C:\_OTL\moved files\scandate_time, zip the folder and e-mail it to: trappmanrhett@fastmail.fm

Please post the fix results in your next post.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sat Mar 26, 2011 8:32 pm

OK I now have another problem.

I followed your instruction scan OTL, then copy and paste that bit underneath the blue bar and hit fix. It said to reboot so I clicked on ok. On restart it must have had some windows updates to install and i've had the "please do not power off or unplug your machine, installing update 3 of 3" on my screen for the last 2 hrs.
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Sat Mar 26, 2011 8:45 pm

Maybe it's a service pack or something large...???
Keep me updated.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sat Mar 26, 2011 9:20 pm

Still no change.
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Sat Mar 26, 2011 9:52 pm

You may end up forcing a shutdown, upon restart see if OTL ran successfully (post the log file).
Is there any indications on your computer's tower, that it may be doing something?

You should probably temporarily disable Windows Updates, so that they do not interfere with any fixed, just make sure to re-enable when your system is clean.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sat Mar 26, 2011 10:04 pm

12056 wrote:You may end up forcing a shutdown, upon restart see if OTL ran successfully (post the log file).
Is there any indications on your computer's tower, that it may be doing something?

You should probably temporarily disable Windows Updates, so that they do not interfere with any fixed, just make sure to re-enable when your system is clean.


it's a laptop. it just seems like a standard update but it is taken aaaaaaages to do. will give it to 11ish then force a shutdown.
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sun Mar 27, 2011 1:52 pm

forced shutdown last night and started windows up as normal... log file here :

All processes killed
========== PROCESSES ==========
No active process named :OTL was found!
No active process named prxtbBitl.dll was found!
No active process named prxtbBitl.dll was found!
No active process named Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2830765 was found!
No active process named FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search" was found!
No active process named FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}" was found!
No active process named FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2830765&SearchSource=13" was found!
No active process named FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 was found!
No active process named {8c5878d0-6106-423b-aaa8-144c143dbf44} was found!
No active process named engine@conduit.com was found!
No active process named conduit.xml was found!
No active process named prxConduitEngine.dll was found!
No active process named prxtbBitl.dll was found!
No active process named prxConduitEngine.dll was found!
No active process named prxtbBitl.dll was found!
No active process named WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. was found!
No active process named Run: [lxdjmon.exe] File not found was found!
No active process named Run: [WMPNSCFG] File not found was found!
No active process named Explorer: NoActiveDesktop = 1 was found!
No active process named Explorer: NoActiveDesktopChanges = 1 was found!
No active process named O13 - gopher Prefix: missing was found!
No active process named livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found was found!
No active process named ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found was found!
No active process named ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found was found!
No active process named msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found was found!
No active process named wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found was found!
No active process named wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found was found!
No active process named AUTORUN.INF -- [ NTFS ] was found!
No active process named BitLord was found!
No active process named BitLord was found!
No active process named Conduit was found!
No active process named ConduitEngine was found!
No active process named Conduit was found!
No active process named Bitlord_1.2 was found!
No active process named BitLord was found!
No active process named BitLord 1.2 was found!
No active process named *.tmp -> ] was found!
No active process named ~46456584r was found!
No active process named ~46456584 was found!
No active process named 46456584 was found!
No active process named BitLord.lnk was found!
No active process named :Files was found!
No active process named ipconfig /flushdns /c was found!
No active process named :Commands was found!
No active process named [purity] was found!
No active process named [emptytemp] was found!
No active process named [emptyflash] was found!
No active process named [reboot] was found!

OTL by OldTimer - Version 3.2.22.3 log created on 03262011_182621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Sun Mar 27, 2011 1:54 pm

i can't find the file you wanted me to zip, the only log which is there is the one i just posted
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Sun Mar 27, 2011 8:50 pm

You can't find the file because the script I wrote hung on killing processes, try using this new script:

Please re-Run OTL,
Copy, and then paste the following text in "Paste Instructions for Items to be Moved/Custom Commands" window (under the blue bar):
Note: Your desktop may disappear during the clean-up, this is normal and to be expected.

Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2830765
FF - prefs.js..browser.search.defaultthis.engineName: "Bitlord 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2830765&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Bitlord 1.2 Community Toolbar) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2011/03/25 22:12:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com
[2011/03/15 12:26:48 | 000,000,925 | -H-- | M] () -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bitlord 1.2 Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxdjmon.exe] File not found
O4 - HKU\S-1-5-21-26524167-2490265761-1038431805-1000..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O32 - AutoRun File - [2004/04/30 22:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
[2011/03/15 23:09:56 | 000,000,000 | -H-D | C] -- C:\Users\Alan\AppData\Roaming\BitLord
[2011/03/15 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[2011/03/15 19:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/15 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Conduit
[2011/03/15 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitlord_1.2
[2011/03/15 19:03:10 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\BitLord
[2011/03/15 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitLord 1.2
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011/03/24 21:48:26 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~46456584r
[2011/03/24 21:48:26 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~46456584
[2011/03/24 21:15:22 | 000,000,392 | -H-- | M] () -- C:\ProgramData\46456584
[2011/03/15 19:05:39 | 000,001,880 | ---- | M] () -- C:\Users\Alan\Desktop\BitLord.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[reboot]


Then click the "Run Fix" button, and let it run unhindered...
When asked to restart, click "Yes."

See if the C:\_OTL file has something, hopefully the script will be successful this time! :)

Please post the fix results in your next post.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top

Re: WindowsRecovery malware issue

Postby aldorfc » Mon Mar 28, 2011 4:24 pm

hi, the same thing happened pretty much. i checked before i ran OTL that there were no updates to be installed when i restarted the computer. ran scan then ran the fixes. clicked restart and it hung on update 2 of 2 (i'm guessing these fixes are the updates it's trying to do now). forced shutdown and restarted windows as normal. log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-26524167-2490265761-1038431805-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
File C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll not found.
HKU\S-1-5-21-26524167-2490265761-1038431805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Bitlord 1.2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/?ctid=CT2830765&SearchSource=13" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\searchplugin folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\META-INF folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\lib folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\defaults folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\components folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44} folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\962e00tz.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
File C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
File C:\Program Files (x86)\Bitlord_1.2\prxtbBitl.dll not found.
Registry value HKEY_USERS\S-1-5-21-26524167-2490265761-1038431805-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxdjmon.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-26524167-2490265761-1038431805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
D:\AUTORUN.INF moved successfully.
C:\Users\Alan\AppData\Roaming\BitLord\state folder moved successfully.
C:\Users\Alan\AppData\Roaming\BitLord\plugins folder moved successfully.
C:\Users\Alan\AppData\Roaming\BitLord\ipc folder moved successfully.
C:\Users\Alan\AppData\Roaming\BitLord\icons folder moved successfully.
C:\Users\Alan\AppData\Roaming\BitLord folder moved successfully.
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Program Files (x86)\ConduitEngine folder moved successfully.
C:\Users\Alan\AppData\Local\Conduit\CT2830765 folder moved successfully.
C:\Users\Alan\AppData\Local\Conduit folder moved successfully.
C:\Program Files (x86)\Bitlord_1.2 folder moved successfully.
C:\Users\Alan\Documents\BitLord\torrents folder moved successfully.
C:\Users\Alan\Documents\BitLord\Tom Waits - Glitter and Doom folder moved successfully.
C:\Users\Alan\Documents\BitLord\The View - Bread and Circuses folder moved successfully.
C:\Users\Alan\Documents\BitLord\THE STROKES - Angles folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Smiths - The Sound Of The Smiths (The Very Best Of)\CD2 folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Smiths - The Sound Of The Smiths (The Very Best Of)\CD1 folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Smiths - The Sound Of The Smiths (The Very Best Of) folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Chemical Brothers - Singles 93-03 (Limited Edition) [2Cd][www.pctorrent.com]\CD2 folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Chemical Brothers - Singles 93-03 (Limited Edition) [2Cd][www.pctorrent.com]\CD1 folder moved successfully.
C:\Users\Alan\Documents\BitLord\The Chemical Brothers - Singles 93-03 (Limited Edition) [2Cd][www.pctorrent.com] folder moved successfully.
C:\Users\Alan\Documents\BitLord\Rolling-Stones_Forty Licks Complete[weezil420]\Rolling Stones-Forty Licks.Disk2.Mp3[weezil420] folder moved successfully.
C:\Users\Alan\Documents\BitLord\Rolling-Stones_Forty Licks Complete[weezil420]\Rolling Stones-Forty Licks.Disk1.Mp3[weezil420] folder moved successfully.
C:\Users\Alan\Documents\BitLord\Rolling-Stones_Forty Licks Complete[weezil420] folder moved successfully.
C:\Users\Alan\Documents\BitLord\Richard & Linda Thompson - Shoot Out the Lights folder moved successfully.
C:\Users\Alan\Documents\BitLord\Richard & Linda Thompson - I Want To See The Bright Lights Tonight folder moved successfully.
C:\Users\Alan\Documents\BitLord\Fleetwood Mac Rumours folder moved successfully.
C:\Users\Alan\Documents\BitLord\Bob Dylan & The Band\Before The Flood folder moved successfully.
C:\Users\Alan\Documents\BitLord\Bob Dylan & The Band folder moved successfully.
C:\Users\Alan\Documents\BitLord\Beady Eye - Different Gear Still Speeding[mp3][vbr]BLOWA-TLS folder moved successfully.
C:\Users\Alan\Documents\BitLord\arcade fire_the suburbs\The Suburbs folder moved successfully.
C:\Users\Alan\Documents\BitLord\arcade fire_the suburbs folder moved successfully.
C:\Users\Alan\Documents\BitLord\Arcade Fire - Funeral [2004] folder moved successfully.
C:\Users\Alan\Documents\BitLord folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\share\themes\MS-Windows\gtk-2.0 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\share\themes\MS-Windows folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\share\themes folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\share folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\pyopenssl-0.10-py2.6-win32.egg\OpenSSL\test folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\pyopenssl-0.10-py2.6-win32.egg\OpenSSL folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\pyopenssl-0.10-py2.6-win32.egg\EGG-INFO folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\pyopenssl-0.10-py2.6-win32.egg folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\lib\gtk-2.0\2.10.0\loaders folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\lib\gtk-2.0\2.10.0\engines folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\lib\gtk-2.0\2.10.0 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\lib\gtk-2.0 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\lib folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\etc\pango folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\etc\gtk-2.0 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\etc folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\pixmaps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\man\man1 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\man folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\scalable\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\scalable folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\96x96\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\96x96 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\72x72\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\72x72 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\64x64\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\64x64 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\48x48\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\48x48 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\36x36\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\36x36 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\32x32\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\32x32 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\256x256\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\256x256 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\24x24\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\24x24 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\22x22\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\22x22 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\192x192\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\192x192 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\16x16\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\16x16 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\128x128\apps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor\128x128 folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons\hicolor folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\icons folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share\applications folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\share folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\EGG-INFO folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\window folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\tree folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\toolbar folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\tabs folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\slider folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\sizer folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\shared folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\qtip folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\progress folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\panel folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\menu folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\grid folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\form folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\editor folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\button folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate\box folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\slate folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\window folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\toolbar folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\tabs folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\qtip folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\panel folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray\button folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\gray folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\window folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\tree folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\toolbar folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\tabs folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\slider folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\sizer folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\shared folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\qtip folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\progress folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\panel folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\menu folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\layout folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\grid folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\form folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\editor folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\dd folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\button folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default\box folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes\default folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\themes folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\render folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\js folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\images folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\icons folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web\css folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\web folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\gtkui\web folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\gtkui\glade folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\gtkui folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\console\commands folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui\console folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\ui folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\plugins folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_TW\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_TW folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_HK\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_HK folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_CN\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\zh_CN folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\vi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\vi folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\uk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\uk folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tr folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tlh\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tlh folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\tl folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\th\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\th folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ta\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ta folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sv\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sv folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sr folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sl folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\sk folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\si\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\si folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ru\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ru folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ro\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ro folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pt_BR\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pt_BR folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pt\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pt folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pms\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pms folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\pl folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nl folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nds\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nds folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nb\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\nb folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ms\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ms folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\mk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\mk folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\lv\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\lv folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\lt\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\lt folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\la\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\la folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ku\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ku folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ko\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ko folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\kn\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\kn folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\kk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\kk folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ka\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ka folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ja\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ja folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\iu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\iu folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\it\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\it folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\is\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\is folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\id\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\id folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hu folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hr folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\hi folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\he\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\he folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\gl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\gl folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fy\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fy folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fr folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fi folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fa\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\fa folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\eu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\eu folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\et\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\et folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\es\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\es folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\eo\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\eo folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_GB\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_GB folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_CA\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_CA folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_AU\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\en_AU folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\el\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\el folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\de\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\de folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\da\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\da folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\cy\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\cy folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\cs\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\cs folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ca\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ca folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bs\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bs folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bn\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bn folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bg\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\bg folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\be\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\be folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ast\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ast folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ar\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n\ar folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\i18n folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\data\pixmaps\flags folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\data\pixmaps folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\data folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge\core folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg\deluge folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files\deluge-1.2.0_66-py2.6.egg folder moved successfully.
C:\Program Files (x86)\BitLord 1.2\Bitlord files folder moved successfully.
C:\Program Files (x86)\BitLord 1.2 folder moved successfully.
C:\ProgramData\SPL2AE6.tmp deleted successfully.
C:\ProgramData\SPL2EC.tmp deleted successfully.
C:\ProgramData\SPL5F8.tmp deleted successfully.
C:\ProgramData\SPLA264.tmp deleted successfully.
C:\ProgramData\SPLC9B4.tmp deleted successfully.
C:\ProgramData\SPLF64F.tmp deleted successfully.
C:\ProgramData\SPLFAC2.tmp deleted successfully.
C:\ProgramData\~46456584r moved successfully.
C:\ProgramData\~46456584 moved successfully.
C:\ProgramData\46456584 moved successfully.
C:\Users\Alan\Desktop\BitLord.lnk moved successfully.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.22.3 log created on 03282011_145415

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
aldorfc
 
Posts: 10
Joined: Fri Mar 25, 2011 10:48 pm
Top

Re: WindowsRecovery malware issue

Postby 12056 » Mon Mar 28, 2011 9:53 pm

The script ran successfully this time, but let's also try ComboFix:

Please download ComboFix from here.
Close your browser, and Double-Click on the tiger icon.
Let ComboFix run unhindered, mouse clicks may cause it to stall.
Your computer will restart.

Please post the ComboFix log, it will appear after the restart.
Rhett Trappman
MyAntispyware.com Forum Security Team and Moderator
12056
 
Posts: 860
Joined: Sun Apr 25, 2010 9:57 pm
Top
Next
Post a reply

Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

phpBB SEO
Advertisements by Advertisement Management