HELP!

hi…

how to run boot time scan manualy?
and i got a friend he…do not use any antivirus at all, for about 1 years …and now his pc is terribly slow :-\and cannot log on…then i help him log on with safe mode and install the avast on his pc …and scan his pc…i m shocked…why?because there about 50-60 virus found include adware,and trojan i follow the avast advice to move to chest…and the avast advice me to run boot times scan because there is a dangerous virus in memory, but when i click yes to start boot times scan …it cant run…anybody help?

Personally I not in the least surprised at the number of viruses, adware, etc. that is on their system, my only surprise is that there aren’t more.

If you have enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ as you have done, I have no idea why it isn’t running.

Or use a command line, Windows, Start, Run and type, C:\Program Files\ALWIL Software\Avast4\sched.exe /A:*

If as you say they can’t boot normally, that may be the problem although avast does its scan outside of windows the normal windows boot starts (you see the windows logo) and is then interrupted to start the avast boot-time scan. So the total lack of a normal windows boot may be the cause of this failure.

After so long their system is likely to be completely compromised with password stealers, backdoors, possibly rootkits hiding much more, etc. (you really have a task in front of you) that realistically they should be considering a format and start from scratch.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. AVG anti-spyware (formerly Ewido) If using winXP. or a-Squared free if using win98/ME. Or SUPERantispyware Or Spyware Terminator
  2. Ad-Aware SE Personal Edition
  3. Spybot Search and Destroy

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm.

thank…i still cant help my friend run boot time scan…it just restart without running boot time scan even i already follow yr advice…and i scan with AVG anti spy and also blacklight found nothing…i run the avast scan in safe mode found some trojan…and i cant move to chest so i just delete it…when i log in pc with normal mode…the avast start warn me that a trojan found…they keep coming non stop…and sometimes avast have block somethings from downloading ad- ware to my friend pc…how can i find that things that download ad- ware to my pc?now his pc is faster a bit than before…but still very slow… :-\

oops!! sorry i know why i cant run oot times scan now…i just enables it but still dint run it…sorry…i m just a beginner …

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.

  2. Clean your temporary files. You can use [ur=http://www.stevengould.org/downloads/cleanup/]CleanUp[/url] or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

  5. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

What is the malware/trogan name, infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections. This may help us with what the trojan does and possibly how to combat it or if other elements are at work.

  1. So you are now able to log on normally ?
  2. This would tend to indicate that there are still undetected trojan downloaders on his system, the other two anti-spyware links I gave should also be tried, SuperAntiSpwware and SpywareTerminator.
  3. An effective firewall should be capable of blocking unauthorised outbound Internet Connections. Does he have a firewall and if so what (XP’s firewall doesn’t provide outbound protection) ?
  4. For adware I would suggest the AdAware and Spybot Search & Destroy links I gave.

So you/he might be a little further from the ultimate nuclear option. But, I fear if the other software and anti-rootkits mentioned don’t resolve it you are rapidly approaching the previously mentioned option.

After so long their system is likely to be completely compromised with password stealers, backdoors, possibly rootkits hiding much more, etc. (you really have a task in front of you) that realistically they should be considering a format and start from scratch.

And this is I believe the reason as previously mentioned (however, you have since mentioned being able to boot normally (?), so perhaps not):

If as you say they can't boot normally, that may be the problem although avast does its scan outside of windows the normal windows boot starts (you see the windows logo) and is then interrupted to start the avast boot-time scan. So the total lack of a normal windows boot may be the cause of this failure.

There are other anti-rootkits, you have only tried one of them, there are two others I gave links for and there is also the anti-rootkit, detection, removal & protection link I gave with even more. I only listed the ones which have been commonly recommended on these forums and by members with reasonable success.

I would believe that not only did your friend not have an AV, they probably didn’t have a firewall (?) and if so that is probably long ago bypassed.

Tech, Did you read that Andy can’t do a boot time scan, it fails.

I have suggested and given links to the majority of the software , with exception to SpywareBlaster, which shouldn’t be installed until the system is clean and it is a long way from there yet. I would assume the same for Windows Advanced Care dont apply immunization until you have a clean system.

Is there any error message? Or it just don’t run?
Which is the operational system of that machine?

how to Disable System Restore on Windows XP???

could yougive me the links of some free fire wall???

thank…i will follow yr advice…

http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings

Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml

Reviews:
XP: http://forum.avast.com/index.php?topic=27646.0
Vista: http://forum.avast.com/index.php?topic=27647.0

  • Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated (large download size) with trial ware. There are others, the first two used by many forum members, Comodo, PCTools Firewall Plus, Sunbelt Kerio, Jetico, etc.

2/15/2005 8:44:55 PM Personal 5692 Sign of “Win32:VB-DXJ [Trj]” has been found in “C:\WINDOWS\Temp\6.tmp[FSG]” file.
2/15/2005 8:27:31 PM Personal 5692 Sign of “Win32:VB-DXJ [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\F.tmp[FSG]” file.
2/15/2005 8:27:24 PM Personal 5692 Sign of “Win32:VB-DXJ [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\9.tmp[FSG]” file.
2/15/2005 8:27:22 PM Personal 5692 Sign of “Win32:VB-DXJ [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\17.tmp[FSG]” file.
2/15/2005 8:27:12 PM Personal 5692 Sign of “Win32:VB-DXJ [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\16.tmp[FSG]” file.
2/15/2005 8:44:15 PM Personal 5692 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\system32\sd012.exe” file.
2/15/2005 8:40:42 PM Personal 5692 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\system32\7.exe” file.
2/15/2005 8:37:53 PM Personal 5692 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0114704.dll” file.
2/15/2005 8:37:53 PM Personal 5692 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0114700.dll” file.
2/15/2005 7:42:18 PM Personal 1164 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\CNNIC\Cdn\Update\wmhlpr.dll” file.
2/15/2005 7:42:18 PM Personal 1164 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\CNNIC\Cdn\Update\imaoe.dll” file.
2/15/2005 7:42:18 PM Personal 1164 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\CNNIC\Cdn\Update\iesrch.dll” file.
2/15/2005 7:42:16 PM Personal 1164 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Program Files\CNNIC\Cdn\Update\cdncol.dll” file.
2/16/2005 4:01:16 PM SYSTEM 1660 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\7[1].exe” file.
2/16/2005 4:06:08 PM Personal 1072 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\7[1].exe” file.
2/15/2005 8:17:16 PM SYSTEM 1612 Sign of “Win32:Small-TD [Trj]” has been found in “C:\WINDOWS\downlo~1\CnsHook.dll” file.
2/15/2005 8:01:07 PM SYSTEM 1612 Sign of “Win32:Small-TD [Trj]” has been found in “C:\WINDOWS\downlo~1\CnsHook.dll” file.
2/15/2005 8:16:28 PM SYSTEM 1612 Sign of “Win32:Small-TD [Trj]” has been found in “C:\WINDOWS\downlo~1\CnsHook.dll” file.
2/15/2005 8:38:28 PM Personal 5692 Sign of “Win32:Small-TD [Trj]” has been found in “C:\WINDOWS\Downloaded Program Files\trz2E.tmp” file.
2/15/2005 8:18:54 PM Personal 2216 Sign of “Win32:Small-TD [Trj]” has been found in “c:\windows\downloaded program files\cnshook.dll” file.
2/15/2005 8:44:06 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\qiscbk.dll” file.
2/15/2005 8:44:05 P

2/15/2005 8:44:05 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\praian.dll[Petite]” file.
2/16/2005 5:21:11 PM SYSTEM 1828 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/15/2005 8:19:28 PM Personal 2216 Sign of “Win32:Small-FCC [Trj]” has been found in “c:\windows\system32\msccrt.dll[Petite]” file.
2/16/2005 9:03:29 PM SYSTEM 1632 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 9:03:30 PM SYSTEM 1632 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/15/2005 8:59:11 PM SYSTEM 1664 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/17/2005 9:36:21 PM SYSTEM 1576 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/17/2005 9:36:21 PM SYSTEM 1576 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/17/2005 9:49:11 PM SYSTEM 1624 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/17/2005 9:49:12 PM SYSTEM 1624 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/18/2005 12:09:58 PM SYSTEM 1572 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/18/2005 12:09:58 PM SYSTEM 1572 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 2:46:53 PM SYSTEM 1668 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/15/2005 8:59:11 PM SYSTEM 1664 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 10:40:42 AM SYSTEM 1648 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 10:40:42 AM SYSTEM 1648 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 2:46:53 PM SYSTEM 1668 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 3:43:27 PM SYSTEM 1624 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/15/2005 8:16:41 PM SYSTEM 1612 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 3:43:28 PM SYSTEM 1624 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 3:56:39 PM SYSTEM 1660 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 5:19:47 PM SYSTEM 1828 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/16/2005 3:56:40 PM SYSTEM 1660 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\msccrt.dll[Petite]” file.
2/15/2005 8:43:28 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\ltgdfk.dll” file.
2/15/2005 8:43:26 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\kmnmha.dll” file.
2/15/2005 8:43:26 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\klqceq.dll” file.
2/15/2005 8:42:54 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\jyhzwh.dll[Petite]” file.
2/15/2005 8:42:54 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\jkwlbt.dll” file.
2/15/2005 8:42:47 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\gbkkrd.dll” file.
2/15/2005 8:42:33 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\dnedaq.dll” file.
2/15/2005 8:40:56 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\cwykgz.dll[Petite]” file.
2/15/2005 8:40:52 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\WINDOWS\system32\chqnbz.dll” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111677.dll[Petite]” file.
2/15/2005 8:37:47 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0110674.dll[Petite]” file.
2/15/2005 8:37:46 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0109675.dll[Petite]” file.
2/15/2005 8:37:45 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108677.dll[Petite]” file.
2/15/2005 8:37:30 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108619.dll[Petite]” file.
2/15/2005 8:37:29 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108591.dll[Petite]” file.
2/15/2005 8:37:27 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108564.dll[Petite]” file.
2/15/2005 8:37:25 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0107565.dll[Petite]” file.
2/15/2005 8:37:24 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106565.dll[Petite]” file.
2/15/2005 8:37:23 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106537.dll” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106514.dll” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105510.dll” file.
2/15/2005 8:37:19 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105479.dll” file.
2/15/2005 8:37:19 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105458.dll” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105437.dll” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104431.dll” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104414.dll” file.
2/15/2005 8:37:15 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0103411.dll” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103370.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102370.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101370.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100370.dll” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099370.dll” file.

:-[2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098375.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098341.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097341.dll” file.
2/15/2005 8:27:44 PM Personal 5692 Sign of “Win32:Small-FCC [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp_avast4_\unp45742612.tmp[Petite]” file.
2/15/2005 8:42:42 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\WINDOWS\system32\drivers\usbine.sys” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111665.sys” file.
2/15/2005 8:37:47 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0110666.sys” file.
2/15/2005 8:37:46 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0109665.sys” file.
2/15/2005 8:37:45 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108666.sys” file.
2/15/2005 8:37:30 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108608.sys” file.
2/15/2005 8:37:28 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108580.sys” file.
2/15/2005 8:37:26 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108554.sys” file.
2/15/2005 8:37:25 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0107554.sys” file.
2/15/2005 8:37:23 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106554.sys” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106527.sys” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106506.sys” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105504.sys” file.
2/15/2005 8:37:19 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105473.sys” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105452.sys” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105431.sys” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105430.sys” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104430.sys” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104408.sys” file.
2/15/2005 8:37:15 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0103409.sys” file.
2/15/2005 8:37:15 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0103408.sys” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103364.sys” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103363.sys” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102364.sys” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102363.sys” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101364.sys” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101363.sys” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100364.sys” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100363.sys” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099364.sys” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099363.sys” file.
2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098369.sys” file.
2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098368.sys” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098336.sys” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098335.sys” file.
2/15/2005 8:37:08 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097336.sys” file.
2/15/2005 8:37:08 PM Personal 5692 Sign of “Win32:Small-EZD [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097327.sys” file.
2/15/2005 8:19:18 PM Personal 2216 Sign of “Win32:Small-EKC [Trj]” has been found in “c:\windows\system32\ctfnom.exe[FSG]” file.
2/15/2005 8:01:53 PM SYSTEM 1612 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\WINDOWS\system32\ctfnom.exe[FSG]” file.
2/15/2005 8:40:42 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\WINDOWS\system32\10.exe[FSG]” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111680.exe[FSG]” file.

2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111680.exe[FSG]” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105439.exe[Upack]” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103372.exe[Upack]” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101378.exe[Upack]” file.
2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098347.exe[Upack]” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097347.exe[Upack]” file.
2/15/2005 8:37:08 PM Personal 5692 Sign of “Win32:Small-EKC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097328.exe[FSG]” file.
2/15/2005 8:19:16 PM Personal 2216 Sign of “Win32:Qqhelper-J [Trj]” has been found in “c:\windows\system32\chsoj.dll” file.
2/15/2005 8:01:15 PM SYSTEM 1612 Sign of “Win32:Qqhelper-J [Trj]” has been found in “C:\windows\system32\chsoj.dll” file.
2/15/2005 8:40:49 PM Personal 5692 Sign of “Win32:QQHelper-BR [Trj]” has been found in “C:\WINDOWS\system32\bind_50201.exe” file.
2/15/2005 8:44:56 PM Personal 5692 Sign of “Win32:OnLineGames-WG [Trj]” has been found in “C:\WINDOWS\Temp\Gjzo0.dll” file.
2/15/2005 8:27:33 PM Personal 5692 Sign of “Win32:OnLineGames-WG [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\Gjzo0.dll” file.
2/15/2005 8:44:25 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\WINDOWS\system32\trz3A.tmp” file.
2/15/2005 8:19:37 PM Personal 2216 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “c:\windows\system32\servhost.dll” file.
2/15/2005 8:16:42 PM SYSTEM 1612 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\WINDOWS\system32\servhost.dll” file.
2/15/2005 8:41:00 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\WINDOWS\system32\dhlakn.dll” file.
2/15/2005 8:40:53 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\WINDOWS\system32\cmdbcs.dll” file.
2/15/2005 8:18:58 PM Personal 2216 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “c:\windows\servhost.exe” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111671.dll” file.
2/15/2005 8:37:47 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0110669.dll” file.
2/15/2005 8:37:46 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0109669.dll” file.
2/15/2005 8:37:45 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108672.dll” file.
2/15/2005 8:37:30 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108610.dll” file.
2/15/2005 8:37:29 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108582.dll” file.
2/15/2005 8:37:26 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108555.dll” file.
2/15/2005 8:37:25 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0107557.dll” file.
2/15/2005 8:37:23 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106555.dll” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106530.dll” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106509.dll” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105506.dll” file.
2/15/2005 8:37:19 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105478.dll” file.
2/15/2005 8:37:19 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105456.dll” file.
2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105435.dll” file.

2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104432.dll” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104412.dll” file.
2/15/2005 8:37:15 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0103415.dll” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103379.exe” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103368.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102378.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102368.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101376.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101367.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100376.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100368.dll” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099377.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099368.dll” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098382.exe” file.
2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098373.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098345.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098340.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097345.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-SK [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097340.dll” file.
2/15/2005 8:20:07 PM Personal 2216 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “c:\windows\wintexe.exe[Upack]” file.
2/15/2005 8:20:05 PM Personal 2216 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “c:\windows\wincdb.exe[Upack]” file.
2/15/2005 8:20:02 PM Personal 2216 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “c:\windows\system32\wintdll.dll” file.
2/15/2005 8:16:42 PM SYSTEM 1612 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\WINDOWS\system32\wintdll.dll” file.
2/15/2005 8:19:43 PM Personal 2216 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “c:\windows\system32\wincdb.dll” file.
2/15/2005 8:16:42 PM SYSTEM 1612 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\WINDOWS\system32\wincdb.dll” file.
2/15/2005 8:44:25 PM Personal 5692 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\WINDOWS\system32\trz3C.tmp” file.
2/15/2005 8:44:25 PM Personal 5692 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\WINDOWS\system32\trz3B.tmp” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111685.exe[Upack]” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:OnLineGames-PL [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111673.dll” file.

2/15/2005 8:37:18 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104434.dll” file.
2/15/2005 8:37:17 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0104411.dll” file.
2/15/2005 8:37:15 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0103412.dll” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103369.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102366.dll” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101366.dll” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100367.dll” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099365.dll” file.
2/15/2005 8:37:10 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098372.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098339.dll” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-OC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097339.dll” file.
2/15/2005 8:40:27 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\WINDOWS\mppds.exe” file.
2/15/2005 8:37:21 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105522.exe” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105492.exe” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103377.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101374.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100374.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099375.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098380.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098343.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-DC [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097343.exe” file.
2/15/2005 8:40:28 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\WINDOWS\msccrt.exe” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111674.exe” file.
2/15/2005 8:37:47 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0110672.exe” file.
2/15/2005 8:37:46 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0109672.exe” file.
2/15/2005 8:37:45 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108669.exe” file.
2/15/2005 8:37:30 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108614.exe” file.
2/15/2005 8:37:29 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108588.exe” file.
2/15/2005 8:37:27 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108561.exe” file.
2/15/2005 8:37:25 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0107561.exe” file.
2/15/2005 8:37:23 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106561.exe” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106534.exe” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106516.exe” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103380.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102379.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101377.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100377.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099378.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098383.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098346.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:OnLineGames-CP [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097346.exe” file.
2/15/2005 8:18:40 PM Personal 2216 Sign of “Win32:OnLineGames-CO [Trj]” has been found in “c:\windows\cmdbcs.exe[NsPack]” file.

2/15/2005 8:02:51 PM SYSTEM 1612 Sign of “Win32:OnLineGames-CO [Trj]” has been found in “C:\WINDOWS\cmdbcs.exe[NsPack]” file.
2/16/2005 5:20:04 PM SYSTEM 1828 Sign of “Win32:OnLineGames-BX [Trj]” has been found in “C:\WINDOWS\system32\zt.exe[NsPack]” file.
2/16/2005 5:20:04 PM SYSTEM 1828 Sign of “Win32:OnLineGames-BX [Trj]” has been found in “C:\WINDOWS\system32\zt.exe[NsPack]” file.
2/15/2005 8:25:23 PM Personal 5692 Sign of “Win32:OnLineGames-BX [Trj]” has been found in “C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\zt[1].exe[NsPack]” file.
2/15/2005 7:31:27 PM Personal 1164 Sign of “Win32:OnLineGames-BX [Trj]” has been found in “C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\zt[1].exe[NsPack]” file.
2/16/2005 5:20:04 PM SYSTEM 1828 Sign of “Win32:OnLineGames-BX [Trj]” has been found in “C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\zt[1].exe[NsPack]” file.
2/15/2005 8:27:40 PM Personal 5692 Sign of “Win32:Nilage-GB [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\trz1E.tmp” file.
2/15/2005 8:16:46 PM Personal 716 Sign of “Win32:Nilage-GB [Trj]” has been found in “c:\documents and settings\personal\local settings\temp\byetmr.exe” file.
2/15/2005 8:27:30 PM Personal 5692 Sign of “Win32:Nilage-GB [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\bd5.dll” file.
2/15/2005 8:19:14 PM Personal 2216 Sign of “Win32:Lmir-MM [Trj]” has been found in “c:\windows\system32\at2.810810.org.exe” file.
2/15/2005 8:01:02 PM SYSTEM 1612 Sign of “Win32:Lmir-MM [Trj]” has been found in “C:\WINDOWS\system32\at2.810810.org.exe” file.
2/15/2005 8:40:45 PM Personal 5692 Sign of “Win32:Lmir-MM [Trj]” has been found in “C:\WINDOWS\system32\at2.810810.org.dll” file.
2/15/2005 8:45:04 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\yuvtpb.exe” file.
2/15/2005 8:44:58 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\upxdnd.exe” file.
2/15/2005 8:40:40 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\rxeoxw.exe” file.
2/15/2005 8:40:36 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\pisvht.exe” file.
2/15/2005 8:40:07 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\lgtdqj.exe” file.
2/15/2005 8:38:21 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\WINDOWS\cnfjpx.exe” file.
2/15/2005 8:37:48 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0111668.exe” file.
2/15/2005 8:37:47 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0110670.exe” file.
2/15/2005 8:37:46 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0109671.exe” file.

2/15/2005 8:37:45 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108670.exe” file.
2/15/2005 8:37:30 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108615.exe” file.
2/15/2005 8:37:29 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108587.exe” file.
2/15/2005 8:37:27 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108560.exe” file.
2/15/2005 8:37:25 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0107558.exe” file.
2/15/2005 8:37:23 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106559.exe” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106532.exe” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106512.exe” file.
2/15/2005 8:37:22 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0106510.exe” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105513.exe” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105509.exe” file.
2/15/2005 8:37:20 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0105496.exe” file.
2/15/2005 8:37:14 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0103378.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0102377.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0101375.exe” file.
2/15/2005 8:37:13 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0100375.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0099376.exe” file.
2/15/2005 8:37:12 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098381.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0098344.exe” file.
2/15/2005 8:37:09 PM Personal 5692 Sign of “Win32:Lmir-LM [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP46\A0097344.exe” file.
2/15/2005 8:37:31 PM Personal 5692 Sign of “Win32:Lineage-545 [Trj]” has been found in “C:\System Volume Information_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP47\A0108633.exe[NsPack]” file.
2/15/2005 7:37:45 PM Personal 1164 Sign of “Win32:Lineage-545 [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\c0nime.exe[NsPack]” file.
2/15/2005 7:37:45 PM Personal 1164 Sign of “Win32:Keco-E [Wrm]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\autoexebc.bat[PECompact]” file.
2/15/2005 8:31:13 PM Personal 5692 Sign of “Win32:Detnat-AZ [Wrm]” has been found in “C:\Program Files\Eset\trz26.tmp” file.
2/15/2005 8:18:08 PM Personal 2216 Sign of “Win32:Detnat-AZ [Wrm]” has been found in “c:\program files\eset\1explore.exe” file.
2/15/2005 8:32:14 PM Personal 5692 Sign of “Win32:Delf-EQR [Trj]” has been found in “C:\Program Files\Internet Explorer\trz29.tmp” file.
2/15/2005 8:16:34 PM SYSTEM 1612 Sign of “Win32:Delf-EQR [Trj]” has been found in “C:\Program Files\Internet Explorer\IEXPLORE.Dat” file.
2/15/2005 8:16:41 PM SYSTEM 1612 Sign of “Win32:Delf-EQR [Trj]” has been found in “C:\Program Files\Internet Explorer\IEXPLORE.Dat” file.
2/15/2005 8:18:16 PM Personal 2216 Sign of “Win32:Delf-EQR [Trj]” has been found in “c:\program files\internet explorer\iexplore.dat” file.
2/15/2005 8:32:12 PM Personal 5692 Sign of “Win32:Delf-EQI [Trj]” has been found in “C:\Program Files\Internet Explorer\IEXPLORE.jmp[UPX]” file.
2/15/2005 8:27:31 PM Personal 5692 Sign of “Win32:Delf-EQI [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\ck3.exe.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp6203.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp5864.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp5482.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp411.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp4028.exe[UPX]” file.
2/15/2005 8:45:05 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS~tmp3039.exe[UPX]” file.
2/15/2005 8:40:42 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\WINDOWS\system32\11.exe[UPX]” file.
2/15/2005 8:32:13 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\Program Files\Internet Explorer\PLUGINS\system32.jmp[UPX]” file.
2/15/2005 8:27:31 PM Personal 5692 Sign of “Win32:Delf-EJU [Trj]” has been found in “C:\Documents and Settings\Personal\Local Settings\Temp\f14.exe[UPX]” file.
2/15/2005 8:01:57 PM SYSTEM 1612 Sign of “Win32:Delf-ECW [Trj]” has been found in “C:\WINDOWS\system32\winsys16_070526.dll” file.
2/15/2005 8:44:41 PM Personal 5692 Sign of “Win32:Delf-ECW [Trj]” has been found in “C:\WINDOWS\system32\winsys16_070526.dll” file.
2/15/2005 8:44:14 PM Personal 5692 Sign of “Win32:Delf-ECW [Trj]” has been found in “C:\WINDOWS\system32\scrsys16_070526.scr” file.

this all the virus found…there still a lot…