Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

LOP and other things?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Kimberly » October 3rd, 2005, 2:16 pm

Hello johnmw,

The following keys are annoying me, it's looks like that someone tried to disable bad entries by recreating keys instead of using msconfig to remove startup entries.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Belt]

We will fix that but I need to know if the following files and folders are still present on the PC (I think you won't find trace of them, because the scanners should have picked them up, but I want to be sure)

Files:

C:\WINDOWS\services.exe <--- Worm, Trojan or CWS parasite - don't confond with C:\WINDOWS\system32\services.exe which is a legitimate file.
C:\WINDOWS\\Belt.exe <--- Transponder parasite

If those 2 files are still present, let them check by Jotti's scanner as I would like to know what we are dealing with.

Folders:

C:\Program Files\Messenger Plus! 2 <--- That is the app. that comes bundled with LOP
C:\Program Files\Common files\WinTools

However, fiz1 was a file not folder in \WINDOWS\SYSTEM32\. I also found files fiz10 to fiz19 in the same folder. I deleted all of the files but left them in the recycle bin just in case.

I did presume that fiz1 was a folder since it didn't have a file extension. You did very well by deleting them all. :)

Please download the Registry Search Tool from here:
http://www.billsway.com/vbspage/

Unzip it to a convienant location such as your Desktop. Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

services.exe

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

WinTools

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

gUSBSTOi.sys

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.

gUSBSTOi.sys ? Do you have any idea to what this file is related ? It's a service that runs from the temp folder ... usually not a good sign.
gUSBSTOi: \??\C:\DOCUME~1\alsly\LOCALS~1\Temp\gUSBSTOi.sys (manual start) -- Are there any USB devices on that PC like a webcam or camera ? A removable storage device that uses that file maybe ?

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Advertisement
Register to Remove

Unread postby johnmw » October 3rd, 2005, 2:33 pm

Kim,

Thanks for the latest info.

I won't be able to get access to the laptop until tomorrow as the owner is not around. I'll progress this in the morning and post the outcome tomorrow.

JMW
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby Kimberly » October 3rd, 2005, 4:45 pm

Ok, np johnmw :)
We will still be around.
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby johnmw » October 4th, 2005, 4:50 am

Right, here are the results...

services.exe does not exist in C:\WINDOWS\ but is there in C:\WINDOWS\system32\ as expected.

Belt.exe wasn't there. I also did a search and the only one I found was Belt.exe.bak in folder Spyhunter/Backup.

The Messenger Plus! 2 folder existed and I have moved it and its contents to the recycle bin but not yet deleted it completely.

Regsearch results below:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "services.exe" 04/10/2005 09:27:51

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Belt]
"service"="C:\\WINDOWS\\services.exe -serv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater]
"service"="C:\\WINDOWS\\services.exe -serv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\services.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\services.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\services.exe]

[HKEY_USERS\S-1-5-21-975526255-1935147229-556909103-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"000"="services.exe"

Second Regsearch results:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "WinTools" 04/10/2005 09:31:24

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_AD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_ES]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_IES]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_KW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Belt]
"WinTools"="C:\\Program Files\\Common files\\WinTools\\WToolsA.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater]
"WinTools"="C:\\Program Files\\Common files\\WinTools\\WToolsA.exe"


The 3rd Regsearch for gUSBSTOi.sys didn't find anything. I also searched the C: drive for this file and it didn't exist.

The only usb devices they have had attached in the past were a memory stick and a scanner. The have an HP printer attached at the moment.

I hope this info is useful and look forward to the next episode of this interesting drama.
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby Kimberly » October 4th, 2005, 1:44 pm

Hello johnmw,

services.exe does not exist in C:\WINDOWS\ but is there in C:\WINDOWS\system32\ as expected.

Belt.exe wasn't there. I also did a search and the only one I found was Belt.exe.bak in folder Spyhunter/Backup.

The Messenger Plus! 2 folder existed and I have moved it and its contents to the recycle bin but not yet deleted it completely.

Ok, well done. I suppose the person did uninstall Messenger Plus (because it does not show up in the uninstall list) but didn't remove the folder.

Let's remove those strange setup keys and we will be settled. :)

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_AD]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_ES]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_IES]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools_KW]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Belt]


Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
______________________________

It looks that the PC had quite some malware on it, I would advice you run this final scanner just to be sure. It will take a while, but it will be safer imo.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed... Hit Online Scanner again and click Start
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby johnmw » October 5th, 2005, 5:52 am

Here is the Kaspersky log. Looks like we have some more work to do....

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 05, 2005 10:49:27
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/10/2005
Kaspersky Anti-Virus database records: 152539
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
Z:\

Scan Statistics:
Total number of scanned objects: 60367
Number of viruses found: 25
Number of infected objects: 494
Number of suspicious objects: 2
Duration of the scan process: 4318 sec

Infected Object Name - Virus Name
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft\Outlook Express\Inbox.dbx/[From Mail Delivery Service <postmaster@netmail.tiscali.es>][Date Sun, 8 Aug 2004 10:28:45 +0200]/wallabac.com.zip/wallabac.com.zip/wallabac.com.html .exe Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft\Outlook Express\Inbox.dbx/[From Mail Delivery Service <postmaster@netmail.tiscali.es>][Date Sun, 8 Aug 2004 10:28:45 +0200]/wallabac.com.zip/wallabac.com.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft\Outlook Express\Inbox.dbx/[From Mail Delivery Service <postmaster@netmail.tiscali.es>][Date Sun, 8 Aug 2004 10:28:45 +0200]/wallabac.com.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Post Office" <MAILER-DAEMON@tiscali.es>][Date Fri, 6 Aug 2004 09:40:38 +0100]/mail.zip/mail.exe Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Post Office" <MAILER-DAEMON@tiscali.es>][Date Fri, 6 Aug 2004 09:40:38 +0100]/mail.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Post Office" <MAILER-DAEMON@tiscali.es>][Date Fri, 6 Aug 2004 08:58:04 +0100]/UNNAMED/vqqoaud.com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Post Office" <MAILER-DAEMON@tiscali.es>][Date Fri, 6 Aug 2004 08:58:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From victor@deboelpaep.be][Date Fri, 6 Aug 2004 08:57:45 +0100]/UNNAMED/TRANSCRIPT.EXE Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From victor@deboelpaep.be][Date Fri, 6 Aug 2004 08:57:45 +0100]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ivan@studiozamer.it][Date Tue, 24 Aug 2004 12:30:43 +0200]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ivan@studiozamer.it][Date Tue, 24 Aug 2004 12:30:43 +0200]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ivan@studiozamer.it][Date Tue, 24 Aug 2004 12:30:43 +0200]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ivan@studiozamer.it][Date Tue, 24 Aug 2004 12:30:43 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104508.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104511.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104516.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104517.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104526.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP490\A0104527.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104590.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104593.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104595.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104599.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104600.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104609.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP492\A0104610.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104658.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104661.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104663.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104667.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104668.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104678.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP493\A0104679.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104737.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104740.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104742.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104746.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104747.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104758.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP494\A0104759.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104803.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104806.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104808.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104812.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104813.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104825.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104826.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104863.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104866.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104868.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104872.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104873.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104885.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP495\A0104887.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104969.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104972.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104974.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104980.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104981.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104994.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0104996.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105057.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105060.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105062.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105066.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105067.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105080.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP497\A0105082.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105221.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105224.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105226.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105230.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105231.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105245.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105247.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105263.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105266.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105268.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105273.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105274.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105288.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP499\A0105290.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105328.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105331.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105333.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105338.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105339.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105354.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105356.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105368.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105371.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105373.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105378.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105379.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105395.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP500\A0105397.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105491.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105494.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105497.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105502.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105503.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105519.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105521.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105568.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105571.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105574.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105579.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105580.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105597.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP502\A0105599.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105644.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105647.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105651.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105652.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105671.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105673.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105684.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105687.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105690.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105695.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105696.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105714.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105716.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105737.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105740.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105743.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105748.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105749.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105769.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105771.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105788.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105791.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105794.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105799.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105800.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105821.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP503\A0105823.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105900.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105976.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105979.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105982.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105987.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0105988.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0106010.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0106012.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0106025.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP504\A0106033.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106321.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106324.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106328.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106333.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106334.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106356.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP505\A0106358.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106430.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106433.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106437.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106443.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106444.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106466.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106468.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106472.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106957.exe Infected: not-a-virus:AdWare.Win32.Lop.p
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106969.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106973.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106977.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106983.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0106995.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0107017.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP507\A0107033.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP509\A0107425.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP509\A0107427.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP510\A0107500.dll Infected: not-a-virus:AdWare.Win32.E2Give.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP510\A0108535.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP510\A0108536.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP510\A0108538.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108553.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108554.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108555.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108557.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108565.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108566.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108567.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108568.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108570.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108575.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108576.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108577.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108578.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP511\A0108579.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0109575.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0109577.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0109580.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0109581.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0110604.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0110606.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0110609.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP512\A0110610.exe Infected: not-a-virus:AdWare.Win32.Lop.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110619.dll Infected: not-a-virus:AdWare.Win32.Exact.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110620.exe Infected: not-a-virus:AdWare.Win32.Gator.3010
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110621.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Gator.1008
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110621.exe Infected: not-a-virus:AdWare.Win32.Gator.1008
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110622.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.DashBar.d
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110622.exe/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.DashBar.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110622.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.DashBar.d
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110622.exe Infected: not-a-virus:AdWare.Win32.DashBar.d
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110657.exe Infected: not-a-virus:AdWare.Win32.DashBar.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110659.exe Infected: not-a-virus:AdWare.Win32.Gator.3010
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110660.exe Infected: not-a-virus:AdWare.Win32.DashBar.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110662.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110663.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110664.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP513\A0110665.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP515\A0110703.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP515\A0110705.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0110726.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0110727.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0110729.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111734.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111735.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111736.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111737.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111742.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111752.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111753.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111754.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111755.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111756.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111757.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111765.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111774.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111775.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111776.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111777.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111778.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111779.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP516\A0111781.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112860.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112861.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112862.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112863.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112864.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112865.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112866.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112868.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112879.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112880.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112881.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112882.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112883.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112884.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112885.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112886.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112888.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP520\A0112908.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112917.exe Infected: not-a-virus:AdWare.Win32.Lop.m
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112918.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112919.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112920.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112921.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112922.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112923.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112924.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112925.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112926.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP521\A0112928.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112961.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112962.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112963.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112964.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112965.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112966.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112967.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112968.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112969.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112970.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP522\A0112972.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112990.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112991.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112992.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112993.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112994.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112995.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112996.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112997.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112998.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0112999.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0113000.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP523\A0113002.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113991.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113992.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113993.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113994.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113995.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113996.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113997.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113998.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0113999.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0114000.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0114001.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0114002.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP524\A0114004.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114034.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114035.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114036.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114037.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114038.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114039.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114040.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114041.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114042.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114043.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114044.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114045.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114046.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP525\A0114048.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118084.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118085.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118086.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118087.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118088.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118089.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118090.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118091.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118092.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118093.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118094.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118095.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118096.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118097.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118098.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118258.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118259.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118260.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118261.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118262.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118263.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118264.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118265.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118266.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118267.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118268.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118269.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118270.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118271.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118272.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118274.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118287.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118288.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118289.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118290.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118291.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118292.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118293.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118294.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118295.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118296.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118297.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118298.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118299.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118300.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118301.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118302.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP527\A0118304.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118317.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118318.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118319.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118320.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118321.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118322.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118323.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118324.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118325.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118326.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118327.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118328.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118329.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118330.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118331.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118332.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118333.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118335.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118361.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118362.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118363.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118364.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118365.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118366.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118367.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118368.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118369.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118370.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118371.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118372.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118373.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118374.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118375.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118376.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118377.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118378.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP528\A0118380.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118386.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118387.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118388.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118389.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118390.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118391.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118392.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118393.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118394.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118395.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118396.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118397.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118398.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118399.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118400.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118401.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118402.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118403.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118404.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118405.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118416.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP529\A0118431.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP530\A0118468.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP531\A0118482.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP531\A0118484.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP532\A0118498.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP532\A0118499.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP532\A0118501.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118515.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118516.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118517.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118519.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118549.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118550.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118551.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118552.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0118554.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119548.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119549.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119550.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119551.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119552.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119554.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119556.exe Infected: not-a
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby johnmw » October 5th, 2005, 8:32 am

Rest of log. It seems to have got truncated...

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119556.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP533\A0119606.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP534\A0119625.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP536\A0120640.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP539\A0121574.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP544\A0122167.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP544\A0122178.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP547\A0122378.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP547\A0122379.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP556\A0129606.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP558\A0129689.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129966.exe Infected: not-a-virus:Porn-Dialer.Win32.AsianRaw.j
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129977.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129978.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129979.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129980.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129981.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129982.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129983.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129984.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129985.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129986.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129987.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129988.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129989.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129990.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129991.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129992.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129993.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129994.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129995.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129996.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129997.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129998.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0129999.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130000.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130001.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130002.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130003.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130004.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130005.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130006.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130007.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130008.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130009.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130010.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130011.exe Infected: not-a-virus:AdWare.Win32.Lop.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130012.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP559\A0130013.exe Infected: not-a-virus:AdWare.Win32.Lop.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP560\A0130166.exe Infected: Trojan-Downloader.Win32.Swizzor.k

Scan process completed.
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby Kimberly » October 5th, 2005, 11:35 am

It's not looking bad at all. :) A lot of viruses are hinding in System Restore which we are going to reset now. Some email is still infected, we'll use the
Malicious Software Removal Tool to try to remove them otherwise we will go after them manually.
______________________________

Turn off System Restore
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
  4. Click Yes when you receive the prompt to the turn off System Restore.
Reboot your computer.

Turn System Restore back on
  1. Click Start, right-click My Computer, and then click Properties.
  2. Click the System Restore tab.
  3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
A new restore point will be created automatically.
______________________________

Download and install the Microsoft Windows Malicious Software Removal Tool
http://www.microsoft.com/downloads/deta ... laylang=en
Select the appropriate language in the dropdown box and click Change. Click the Download button. Save the file to your Desktop and install the tool and run it. It should be able to clean up the mailboxes. It looks like Outlook Express has two identities. (2 users)

The tool creates a log file named mrt.log in the c:\windows\debug folder. Post that log please and let me know how everything went.
______________________________

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby johnmw » October 6th, 2005, 7:13 am

Hi,

Thanks for the advice. All seemed to go ok. However, the MSRT didn't find anything. I've posted the log below. You will notice that it looks like it has been running a while once a month in the background.

I guess we may have to remove the items by hand. Any help gratefully received.

BTW - this is very good practice for me as I've recently registered with the MRU. I'm just at the reading in stage at the moment. Perhaps one day a long time from now I might be an MRU master.


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.2, March 2005
Started On Wed Mar 09 19:31:40 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 09 19:31:57 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.3, April 2005
Started On Fri Apr 15 10:50:55 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 15 10:52:21 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.3, April 2005
Started On Tue Apr 19 16:12:26 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 19 16:12:50 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.4, May 2005
Started On Wed May 11 11:18:24 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 11:19:05 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.5, June 2005
Started On Thu Jun 16 17:46:14 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 16 17:46:43 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.6, July 2005
Started On Wed Jul 13 18:33:59 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 18:34:22 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.7, August 2005
Started On Wed Aug 10 18:46:18 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 18:46:41 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.8, September 2005
Started On Wed Sep 14 18:27:19 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 18:27:44 2005


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.8, September 2005
Started On Thu Oct 06 12:04:01 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 06 12:05:18 2005
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby johnmw » October 6th, 2005, 7:16 am

Whoops, forgot to mention that there is now only one Windows account and one active email account on the PC. There were multiple accounts a while ago while the rest of the family were sharing the PC but these have now been removed.
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby Kimberly » October 6th, 2005, 11:05 am

Hello

Yes, that tool was running indeed. Sad that it didn't pick up anything. :(

The infection is on 2 different mail accounts. I would like to know which one is being used now and if they still need the older one (if not we could delete it instead of importing the account into OE and delete the mails) Unless they still have 2 different identities in OE and only 1 single user account on the PC ...

I would like to know the CLSID of the current user. Click Start, Run and type in Regedit, click Ok

Navigate to this key: (The registry left pane is a tree just like Windows Explorer is a tree. Clicking the + in front of each successive key will open the branch until you reach the final destination.)

HKEY_CURRENT_USER\Identities and expand the key. You will see something similar to this {7FF98345-BE92-46DB-89B2-0C774961EAF7}. Select that key, right click on it and select Copy the key name from the popup menu and post that in your reply. If the key contains different CLSID, copy them all please.

Click start> run> type cmd and hit enter.

copy this line:

cd C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\ & dir /s /a > files.txt & start notepad files.txt

Right click in cmd window and choose paste. Hit Enter.

Give it a few minuites to run search & results should come up in notepad. Please post results.

Close notepad and copy this line:

del C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\files.txt

Right click in cmd window and choose paste. Hit Enter, confirm deletion of the file and close the CMD window.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby johnmw » October 6th, 2005, 1:05 pm

Thanks for the swift response.

I know that they don't need the other email account so it will be fine to just delete it. However, not sure how I will do that as I think it might be orphaned as I checked this morning and I think I saw only one Windows account with only one OE identity.

I'll pop in and see them tomorrow and run the check to find the CLSID of the active email account and post the results back.

From memory I believe that what they did was have multiple Windows accounts (one for each family member) probably with some of the accounts having unique OE identities. I believe that the owner then deleted all the Windows accounts except his own.
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby johnmw » October 7th, 2005, 4:12 am

Hi,

Here is the first key that you mentioned:

HKEY_CURRENT_USER\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}

Here are 3 other identities that were in the same place:

HKEY_CURRENT_USER\Identities\{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}

HKEY_CURRENT_USER\Identities\{A8B45EA8-0929-4F0C-8B15-2F1647192E3E}

HKEY_CURRENT_USER\Identities\{BEC21641-D7A6-4761-9D92-1654B1762B60}

Here are the results of running the cmd file:

Volume in drive C has no label.
Volume Serial Number is 4514-5EB9

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities

07/10/2005 08:56 <DIR> .
07/10/2005 08:56 <DIR> ..
07/10/2005 08:56 0 files.txt
07/08/2004 10:03 <DIR> {154A62F2-CA53-44EF-B475-E3730EAF84DB}
06/08/2004 11:20 <DIR> {1F9F5AD5-D1C7-402B-9C21-96E095A598A8}
27/07/2004 11:49 <DIR> {7FF98345-BE92-46DB-89B2-0C774961EAF7}
04/08/2004 18:04 <DIR> {81DE6D9D-60C9-494F-9245-582455E4CD72}
21/11/2003 16:45 <DIR> {A8B45EA8-0929-4F0C-8B15-2F1647192E3E}
27/07/2004 11:52 <DIR> {BEC21641-D7A6-4761-9D92-1654B1762B60}
1 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}

07/08/2004 10:03 <DIR> .
07/08/2004 10:03 <DIR> ..
07/08/2004 10:03 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft

07/08/2004 10:03 <DIR> .
07/08/2004 10:03 <DIR> ..
23/08/2004 18:10 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}\Microsoft\Outlook Express

23/08/2004 18:10 <DIR> .
23/08/2004 18:10 <DIR> ..
17/09/2004 17:47 20,748 cleanup.log
17/09/2004 17:37 60,116 Deleted Items.dbx
17/09/2004 17:37 60,116 Drafts.dbx
17/09/2004 17:48 74,720 Folders.dbx
17/09/2004 17:48 139,376 Inbox.dbx
17/09/2004 17:48 9,656 Offline.dbx
17/09/2004 17:48 60,116 Outbox.dbx
17/09/2004 17:37 9,404 Pop3uidl.dbx
17/09/2004 17:47 139,376 Sent Items.dbx
9 File(s) 573,628 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}

06/08/2004 11:20 <DIR> .
06/08/2004 11:20 <DIR> ..
06/08/2004 11:20 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}\Microsoft

06/08/2004 11:20 <DIR> .
06/08/2004 11:20 <DIR> ..
03/09/2004 18:16 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}\Microsoft\Outlook Express

03/09/2004 18:16 <DIR> .
03/09/2004 18:16 <DIR> ..
29/09/2004 10:08 3,686 cleanup.log
22/03/2005 19:09 74,720 Folders.dbx
22/03/2005 19:08 139,376 Inbox.dbx
22/03/2005 19:09 9,656 Offline.dbx
22/03/2005 19:09 60,116 Outbox.dbx
5 File(s) 287,554 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}

27/07/2004 11:49 <DIR> .
27/07/2004 11:49 <DIR> ..
27/07/2004 11:49 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft

27/07/2004 11:49 <DIR> .
27/07/2004 11:49 <DIR> ..
14/10/2004 18:51 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}\Microsoft\Outlook Express

14/10/2004 18:51 <DIR> .
14/10/2004 18:51 <DIR> ..
15/10/2004 11:16 54,090 cleanup.log
25/01/2005 15:27 404,180 Deleted Items.dbx
15/10/2004 11:15 60,116 Drafts.dbx
15/10/2004 11:15 207,572 Europa Car.dbx
20/03/2005 15:11 74,720 Folders.dbx
20/03/2005 15:11 18,244,848 Inbox.dbx
20/03/2005 15:11 9,656 Offline.dbx
20/03/2005 15:11 60,116 Outbox.dbx
15/10/2004 11:16 9,404 Pop3uidl.dbx
15/10/2004 11:16 3,222,228 Saskia Emails.dbx
15/10/2004 11:16 19,013,744 Sent Items.dbx
15/10/2004 11:16 3,156,692 Tracy Brookes.dbx
12 File(s) 44,517,366 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{81DE6D9D-60C9-494F-9245-582455E4CD72}

04/08/2004 18:04 <DIR> .
04/08/2004 18:04 <DIR> ..
04/08/2004 18:04 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{81DE6D9D-60C9-494F-9245-582455E4CD72}\Microsoft

04/08/2004 18:04 <DIR> .
04/08/2004 18:04 <DIR> ..
21/08/2004 11:16 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{81DE6D9D-60C9-494F-9245-582455E4CD72}\Microsoft\Outlook Express

21/08/2004 11:16 <DIR> .
21/08/2004 11:16 <DIR> ..
03/09/2004 18:18 13,104 cleanup.log
03/09/2004 18:17 60,116 Deleted Items.dbx
18/09/2004 10:18 74,720 Folders.dbx
18/09/2004 10:18 7,807,088 Inbox.dbx
18/09/2004 10:18 9,656 Offline.dbx
18/09/2004 10:18 60,116 Outbox.dbx
03/09/2004 18:17 9,404 Pop3uidl.dbx
03/09/2004 18:17 7,807,088 Sent Items.dbx
8 File(s) 15,841,292 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{A8B45EA8-0929-4F0C-8B15-2F1647192E3E}

21/11/2003 16:45 <DIR> .
21/11/2003 16:45 <DIR> ..
21/11/2003 16:45 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{A8B45EA8-0929-4F0C-8B15-2F1647192E3E}\Microsoft

21/11/2003 16:45 <DIR> .
21/11/2003 16:45 <DIR> ..
01/10/2005 12:15 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{A8B45EA8-0929-4F0C-8B15-2F1647192E3E}\Microsoft\Outlook Express

01/10/2005 12:15 <DIR> .
01/10/2005 12:15 <DIR> ..
03/10/2005 00:07 142,036 a2scanner.dbx
03/10/2005 00:07 1,660,016 Alcor Issues.dbx
03/10/2005 00:07 139,376 Arantxa.dbx
25/10/2004 16:18 14,104 cleanup.log
03/10/2005 00:08 329,456 Collaborations.dbx
06/10/2005 12:19 109,337,712 Deleted Items.dbx
20/09/2005 16:37 60,116 Drafts.dbx
03/10/2005 00:07 4,511,216 Europa Rentacar.dbx
03/10/2005 00:07 4,511,216 EXHIBITIONS.dbx
03/10/2005 15:07 74,720 Folders.dbx
03/10/2005 00:07 4,891,376 Home Overseas Exhibition.dbx
06/10/2005 14:54 158,707,312 Inbox.dbx
03/10/2005 00:08 155,244,656 Lagomar.dbx
03/10/2005 00:08 139,376 Mobility.dbx
03/10/2005 00:08 772,976 Money Brokers.dbx
03/10/2005 00:08 5,905,136 No 10 Calle Alcor.dbx
03/10/2005 15:07 9,656 Offline.dbx
06/10/2005 18:25 387,796 Outbox.dbx
03/10/2005 15:07 9,404 Pop3uidl.dbx
03/10/2005 00:08 836,336 Property Enquiries.dbx
03/10/2005 00:08 139,376 Rentals & Maintenance Issues.dbx
06/10/2005 14:55 211,652,336 Sent Items.dbx
03/10/2005 00:08 5,144,816 Sharon & Alan.dbx
03/10/2005 00:08 9,389,936 Spain Issues.dbx
03/10/2005 00:08 31,185,776 Spanish Properties.dbx
25 File(s) 705,196,232 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{BEC21641-D7A6-4761-9D92-1654B1762B60}

27/07/2004 11:52 <DIR> .
27/07/2004 11:52 <DIR> ..
27/07/2004 11:52 <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{BEC21641-D7A6-4761-9D92-1654B1762B60}\Microsoft

27/07/2004 11:52 <DIR> .
27/07/2004 11:52 <DIR> ..
18/09/2004 16:04 <DIR> Outlook Express
0 File(s) 0 bytes

Directory of C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{BEC21641-D7A6-4761-9D92-1654B1762B60}\Microsoft\Outlook Express

18/09/2004 16:04 <DIR> .
18/09/2004 16:04 <DIR> ..
20/09/2004 11:16 24,838 cleanup.log
20/09/2004 11:17 60,116 Deleted Items.dbx
20/09/2004 11:17 60,116 Drafts.dbx
04/12/2004 17:40 74,720 Folders.dbx
04/12/2004 17:40 139,376 Inbox.dbx
04/12/2004 17:40 9,656 Offline.dbx
04/12/2004 17:40 60,116 Outbox.dbx
20/09/2004 11:15 9,404 Pop3uidl.dbx
20/09/2004 11:17 60,116 Sent Items.dbx
9 File(s) 498,458 bytes

Total Files Listed:
69 File(s) 766,914,530 bytes
56 Dir(s) 29,784,944,640 bytes free

The last step of deleting files.txt didn't work for some reason. So I did a DIR in the MSDOS window, checked the files in the directory and deleted the file myself.
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain

Unread postby Kimberly » October 7th, 2005, 10:33 am

The last step of deleting files.txt didn't work for some reason. So I did a DIR in the MSDOS window, checked the files in the directory and deleted the file myself.

Yes, that's my fault because it does not like long names. You've did well by deleting the file yourself.

From what I see, this CLSID - A8B45EA8-0929-4F0C-8B15-2F1647192E3E - is the active account since the last send item is dated from October 6.

Now, delete the following directories, send them to the Recycle Bin for now. The ones in blue are accounts that contain the viruses found by Kasperky.

C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{154A62F2-CA53-44EF-B475-E3730EAF84DB}
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{7FF98345-BE92-46DB-89B2-0C774961EAF7}
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{81DE6D9D-60C9-494F-9245-582455E4CD72}
C:\Documents and Settings\alsly\Local Settings\Application Data\Identities\{BEC21641-D7A6-4761-9D92-1654B1762B60}

Open regedit and navigate to this key: (The registry left pane is a tree just like Windows Explorer is a tree. Clicking the + in front of each successive key will open the branch until you reach the final destination.)

HKEY_CURRENT_USER\Identities

Select that key, go to File > Export. Click on the Desktop icon in the left pane. Under file name type BackupOEKeys.reg and Click Save. (This is a backup of the keys we are going to delete just in case something goes wrong - don't delete that file please)

Highlight (select) each of the following keys, right click on them and select delete from the popup menu.

{7FF98345-BE92-46DB-89B2-0C774961EAF7}
{1F9F5AD5-D1C7-402B-9C21-96E095A598A8}
{BEC21641-D7A6-4761-9D92-1654B1762B60}

Close regedit. Ask them to launch Outlook Express and check that you don't get any errors, make sure that everything works correctly.

Let me know how everything went please.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby johnmw » October 7th, 2005, 11:37 am

Kim,

Just followed your instructions and all seems fine. We've sent and received messages into the one active outlook express account ok.

I've asked the owner to keep an eye on the machine over the next few days. I've also asked the owner to check for downloads for Spyware Blaster, Ad-aware, AVG and Spybot weekly and run the relevant manual scans alongside the automated Microsoft Antispyware and AVG scans. I'll download one or two of the recommended online scanners next week and check all is well.

Many thanks for all your help with this. It really is much appreciated. I hope I can be as professional and helpful as you when I have studied enough at the MRU to become a helper rather than a receiver of help.

johnmw
johnmw
Regular Member
 
Posts: 209
Joined: September 18th, 2005, 7:41 am
Location: Almeria, Spain
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware