[Resolved] Repeated Infection and now Blue screen of Death - need imme

Answers to your tech questions

Computer forums for help with removing malicious software (malware) and improving computer security

Home Forums Contact

HijackThis Members

Welcome ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

3 Pages

1 2 3 >

Closed Topic

Start new topic

[Resolved] Repeated Infection and now Blue screen of Death - need imme, Windows Police Malaware Infection

abu_jaaneb View Member Profile	Oct 13 2009, 02:57 PM Post #1
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	Hi I am in need some immediate help as I think I have been infected pretty bad with the window police pro malaware. The infection started with the Window Antivirus Pro 2009 infection and I followed the steps as advised on Bleeping computer.com. I was able to clean up the computer and run exe's. I also cleaned up the registry entries, etc. and computer seem to be running fine. I uninstalled the Malawarebytes to upgrade my antivirus and install the spybot search and destroy software and in the process I found the my computer was infected with Windows Antivirus pro I tried the steps mentioned on the bleeping computer again but I messed up at some step and now all I see is the blue screen of death as soon as I boot my laptop in the normal mode - this happens right after windows is done loading all of the applications and as soon as the hour glass goes away the blue screen appears. I have tried reinstalling Malaware bytes in safe mode but the exe is not running in safe mode either. I am willing to start new - reformat my system and start fresh - but I need some immediate help to save the files before I can do so. Right now I am only able to access 1 partition out of the three on my harddrive. The drives appear in safe mode but the folder content are not visible or accessible. Once in safe mode I was able to see the file but the names were all garbled and strange character. If attempt to copy i get the error message saying cannot read from the source file or disk. I no longer know if this a windows police pro infection or some more serious damage. Your time will be greatly apprecaited. Thanks. Abu This post has been edited by Tomk: Nov 6 2009, 09:09 AM

Tomk View Member Profile	Oct 15 2009, 11:18 AM Post #2
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi abu_jaaneb, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. So... you are able to startup in Safe mode. If so... Download DDS and save it to your desktop from Here here or here. Disable any script blocking protection (How to Disable your Security Programs) Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. We Need to check for Rootkits with RootRepeal Download RootRepeal from one of the following locations and save it to your desktop. Here Here or Here Open on your desktop. Click the tab. Click the button. In the Select Scan dialog, check Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post. Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post. *Attach* the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

abu_jaaneb View Member Profile	Oct 17 2009, 08:53 AM Post #3
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	Dear TomK, Thanks for responding and helping. I tried running both the DDS and RootRepeal but no success. DDS script keeps on running without ending. I see a pop up in between but it is the same as the startup message (the general disclaimer) on double clicking RootRepeal - it says that it is not a valid Win32 application. I tried in both SafeMode and SafeMode with Networking. I wasn't able to find anything in system tray to disable my Antivirus or the AntiSpyware. I have McAfee ondemand access that I am not is disabled or not as I don't see it in the system tray or task manager, program files, etc. Please let me know how can I proceed.

Tomk View Member Profile	Oct 18 2009, 11:49 PM Post #4
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Let's try Malwarebytes again. Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

abu_jaaneb View Member Profile	Oct 19 2009, 07:07 AM Post #5
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	I am not able to run .exe's in either of the Safe modes. I had tried the mbam.exe, combofix.exe, before posting and yet again with no luck. This has already started sounding ominous for me i know....

Tomk View Member Profile	Oct 19 2009, 08:25 AM Post #6
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

abu_jaaneb View Member Profile	Oct 19 2009, 05:33 PM Post #7
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	Hello TomK Please find below the log from exehelper. The first one was run just in the Plain Safe mode (without networking) I booted the system after than and ran exehelper again in the Safe Mode with Networking and it gave the 'error deleting file..." message as below. I booted in Safe mode with networking to try and install the Malware Antispyware again and update it. This time I was able to run the mbam setup.exe file. The installation finishes as a success but upon clicking to launch the application it gives me an error saying that it cannot find "mbam.exe" to launch the program. I tried re-installating again but it did the same and I stopped here. I am not trying extra steps as I want to stick to your exact instructions. ---------------------------------------------- exeHelper by Raktor Build 20091018 Run at 17:36:43 on 10/19/09 Now searching... Checking for numerical processes... Deleting file C:\Documents and Settings\All Users\Application Data\83602120\83602120.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\83602120 Deleting file C:\Documents and Settings\All Users\Application Data\12404516\12404516.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12404516 Checking for bad processes... Checking for bad files... Deleting file C:\WINDOWS\ppp3.dat Deleting file C:\WINDOWS\ppp4.dat Deleting file C:\WINDOWS\system32\AVR09.exe Deleting file C:\WINDOWS\temp\b.exe Deleting file C:\WINDOWS\temp\a.exe Deleting file C:\WINDOWS\system32\sysnet.dat Deleting file C:\WINDOWS\system32\bincd32.dat Deleting file C:\WINDOWS\system32\winupdate.exe Deleting file C:\WINDOWS\system32\sonhelp.htm Deleting file C:\WINDOWS\system32\41.exe Deleting file C:\WINDOWS\system32\winhelper.dll Deleting file C:\WINDOWS\temp\winlogon.exe Deleting file C:\WINDOWS\system32\drivers\smss.exe Error deleting C:\WINDOWS\system32\drivers\smss.exe Deleting file C:\WINDOWS\system32\pump.exe Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe Deleting file C:\Documents and Settings\Tanmay\Desktop\Windows Police Pro.lnk Checking for bad registry entries... Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20091018 Run at 17:53:34 on 10/19/09 Now searching... Checking for numerical processes... Deleting file C:\Documents and Settings\All Users\Application Data\97519031\97519031.exe Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\97519031 Checking for bad processes... Checking for bad files... Deleting file C:\WINDOWS\system32\drivers\smss.exe Error deleting C:\WINDOWS\system32\drivers\smss.exe Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

Tomk View Member Profile	Oct 19 2009, 05:53 PM Post #8
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Please run exeHelper again and then attempt to run RootRepeal

abu_jaaneb View Member Profile	Oct 20 2009, 09:52 PM Post #9
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	TomK, Sorry for the delay in response. I tried running the RootRepeal last night for a while but got errors and did not get it to end. It gives this pop-up message everytime before running: "Could not read the boot sector. Try adjusting the Disk Access Level in the options Dialog" I click okay 4-5 times and it takes me to the screen where I can run the scan. I setup the disk access in the options menu to different levels. I could not do a 'hidden files' scan in any access level. I have one running for 4 hrs but didn't seem to be doing anything..What do you want me to do next ? If it finishes before you reply - i will post the log here.

Tomk View Member Profile	Oct 20 2009, 10:30 PM Post #10
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Let's give this a try: Please download the Win32kDiag.exe tool from the following location and save it to your desktop: http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt. Double-click on this file and post the contents as a reply to this topic.

abu_jaaneb View Member Profile	Oct 21 2009, 05:26 PM Post #11
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	Hi TomK, Here is the log from Win32kDiag.exe: Thanks ! ------------------------------------------------------------------------------------------------------------ Running from: C:\Documents and Settings\Tanmay\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Tanmay\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\cache\cache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Downloaded Installations\Downloaded Installations Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\occache\occache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe [1] 2004-08-04 06:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe () [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2342e087142544189c3e4dbf170c3418\2342e087142544189c3e4dbf170c3418 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\3BEV3TFW\3BEV3TFW Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B} Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CTF\CTF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 06:00:00 10752 C:\WINDOWS\system32\dumprep.exe () [1] 2004-08-04 06:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 06:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\QuickTime\QuickTime Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\x64\x64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe [1] 2009-02-06 04:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation) [1] 2009-02-06 05:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation) [1] 2009-02-06 05:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation) [1] 2004-08-04 06:00:00 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation) [1] 2008-04-13 19:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiprvse.exe (Microsoft Corporation) [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation) [1] 2009-02-06 11:39:29 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe () [1] 2004-08-04 06:00:00 218112 C:\i386\wmiprvse.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\1.tmp\1.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\10.tmp\10.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\11.tmp\11.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\12.tmp\12.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\13.tmp\13.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\14.tmp\14.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\17.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\18.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\19.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1A.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1B.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1C.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1D.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1E.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\1F.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\2.tmp\2.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\20.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\21.tmp\21.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\22.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\23.tmp\23.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\24.tmp\24.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\25.tmp\25.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\26.tmp\26.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\27.tmp\27.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\28.tmp\28.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\29.tmp\29.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2A.tmp\2A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2B.tmp\2B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2C.tmp\2C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2D.tmp\2D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2E.tmp\2E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\2F.tmp\2F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3.tmp\3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\30.tmp\30.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\31.tmp\31.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\32.tmp\32.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\33.tmp\33.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\34.tmp\34.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\35.tmp\35.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\35A2\35A2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\36.tmp\36.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\38.tmp\38.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\39.tmp\39.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3A.tmp\3A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3B.tmp\3B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3C.tmp\3C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3D.tmp\3D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3E.tmp\3E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\3F.tmp\3F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\40.tmp\40.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\41.tmp\41.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\42.tmp\42.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\43.tmp\43.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\44.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\442B\442B Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\44F0\44F0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\45.tmp\45.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\46.tmp\46.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\47.tmp\47.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\48.tmp\48.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\49.tmp\49.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4A.tmp\4A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4B.tmp\4B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4C.tmp\4C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4D.tmp\4D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4E.tmp\4E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\4F.tmp\4F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5.tmp\5.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\50.tmp\50.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\51.tmp\51.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\52.tmp\52.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\53.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\54.tmp\54.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5458\5458 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\55.tmp\55.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\57.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\58.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\59.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\591D\591D Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5920\5920 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5A.tmp\5A.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\5B.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\5C.tmp\5C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5D.tmp\5D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5E.tmp\5E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\5F.tmp\5F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\6.tmp\6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\60.tmp\60.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\61.tmp\61.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\62.tmp\62.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\63.tmp\63.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\64.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\65.tmp\65.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\66.tmp\66.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\67.tmp\67.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\68.tmp\68.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\69.tmp\69.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\6C.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\6D.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\6E.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\7.tmp\7.tmp Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\Temp\70.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\71.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\72.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\73.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Cannot access: C:\WINDOWS\Temp\74.tmp\FI.exe [1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe () [1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe () [1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe () [1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe () [1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe () [1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe () [1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe () [1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe () [1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe () [1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe () [1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe () [1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe () [1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe () [1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe () [1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe () [1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe () [1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe () [1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe () [1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe () [1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe () [1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe () [1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe () [1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe () [1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe () [1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe () [1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe () [1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe () [1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe () Found mount point : C:\WINDOWS\Temp\74F3\74F3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\8.tmp\8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\9.tmp\9.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\A.tmp\A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\B.tmp\B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\C.tmp\C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\chrome_4902\source\Chrome-bin\Dictionaries\Dictionaries Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\chrome_9722\source\Chrome-bin\Dictionaries\Dictionaries Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\D.tmp\D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\E.tmp\E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\F.tmp\F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\IXP000.TMP\IXP000.TMP Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\IXP001.TMP\IXP001.TMP Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\nai45\nai45 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Vbox\Data\Data Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Vbox\Installers\Installers Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Vbox\PackingSlips\PackingSlips Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00 Mount point destination : \Device\__max++>\^ Finished! Attached File(s) Win32kDiag.txt ( 73.91K ) Number of downloads: 6

Tomk View Member Profile	Oct 21 2009, 06:15 PM Post #12
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop as Worksnow.com Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_...ams_t96260.html Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 4. Combofix prevents autorun of ALL** CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

abu_jaaneb View Member Profile	Oct 22 2009, 07:34 AM Post #13
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	Ok. tried to run it last night. Here's what i did: - Started my laptop in safe mode. - Renamed Combo fix and ran it - First message it gave was that "Combofix has detected some rootkit activity and need to reboot." Clicked OK and it rebooted Machine rebooted, now in the normal mode. - After startup it gave me a message in the command window: :GERP is not a recognized application Then it waited for a while and was trying to create a system restore point. - There was no activity after that. I don't know when the command window died or terminated as I walked away from the laptop. - I checked in the task manager and do not see combofix running at night or in the morning. -There is no log created in the c: drive. Please let me know if I need to re-run or the next steps.

abu_jaaneb View Member Profile	Oct 22 2009, 07:40 AM Post #14
Authentic Member Group: Authentic Member Posts: 20 Joined: 13-October 09 Member No.: 88,359 Operating System: Windows XP	One thing though I can think of is that I might have not disabled the antispyware. It wasn't a successful installation to begin with as its missing the EXE file but can it still interfer with the tool ? Also, as I mentioned before I do not have the Virus scan icons in the system tray or in the program files. I have the McAfee 8i On-access scan which i could not find in program files, system tray, etc. to disable as don't see it in the safe mode. I can boot in the normal mode, trying disabling both of these and re-run CF...?

Tomk View Member Profile	Oct 22 2009, 08:32 AM Post #15
Forum God Group: Classroom Teacher Posts: 11,202 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	abu_jaaneb, Let's sneak up on it. Please run Win32kDiag.exe again. Download DDS and save it to your desktop from Here here or here. Disable any script blocking protection (How to Disable your Security Programs) Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. We Need to check for Rootkits with RootRepeal Download RootRepeal from one of the following locations and save it to your desktop. Here Here or Here Open on your desktop. Click the tab. Click the button. In the Select Scan dialog, check Push Ok Check the box for your main system drive (Usually C:), and press Ok. Allow RootRepeal to run a scan of your system. This may take some time. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post. Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post. *Attach* the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

« Next Oldest · Infections Removal · Next Newest »

3 Pages

1 2 3 >

Closed Topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		General Hardware BLUE SCREEN 123	31	kaos123	502	19 minutes ago Last post by: kaos123
		General Hardware PC's taking 5 mins to boot from log In screen (Vista 64Bit	1	Jroper	58	38 minutes ago Last post by: jephree
		Infections Removal [Resolved] Can only browse one site in IE6 12	20	Wakenaam	353	Today, 09:54 AM Last post by: Tomk
		Infections Removal [Resolved] Computer takeover 12	16	mesa215	271	Today, 12:05 AM Last post by: Raktor

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 20th November 2009 - 07:26 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2009 IPS, Inc.