Edited by Tomk, 06 November 2009 - 09:09 AM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Repeated Infection and now Blue screen of Death - need imme
Started by
abu_jaaneb
, Oct 13 2009 02:57 PM
-
This topic is locked
39 replies to this topic
#1
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 13 October 2009 - 02:57 PM
Register to Remove
#2
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 15 October 2009 - 11:18 AM
Hi abu_jaaneb,
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
So... you are able to startup in Safe mode.
If so...
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
So... you are able to startup in Safe mode.
If so...
- Download DDS and save it to your desktop from
- Here
- here or
- here.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- We Need to check for Rootkits with RootRepeal
- Download RootRepeal from one of the following locations and save it to your desktop.
- Open
on your desktop. - Click the
tab. - Click the
button. - In the Select Scan dialog, check
- Push Ok
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- Download RootRepeal from one of the following locations and save it to your desktop.
- Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.
- Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 17 October 2009 - 08:53 AM
Dear TomK,
Thanks for responding and helping.
I tried running both the DDS and RootRepeal but no success.
DDS script keeps on running without ending. I see a pop up in between but it is the same as the startup message (the general disclaimer)
on double clicking RootRepeal - it says that it is not a valid Win32 application.
I tried in both SafeMode and SafeMode with Networking. I wasn't able to find anything in system tray to disable my Antivirus or the AntiSpyware. I have McAfee ondemand access that I am not is disabled or not as I don't see it in the system tray or task manager, program files, etc.
Please let me know how can I proceed.
#4
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 18 October 2009 - 11:49 PM
abu_jaaneb,
Let's try Malwarebytes again.
Please download Malwarebytes' Anti-Malware to your desktop.
Let's try Malwarebytes again.
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#5
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 19 October 2009 - 07:07 AM
I am not able to run .exe's in either of the Safe modes. I had tried the mbam.exe, combofix.exe, before posting and yet again with no luck.
This has already started sounding ominous for me i know....
#6
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 19 October 2009 - 08:25 AM
abu_jaaneb,
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#7
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 19 October 2009 - 05:33 PM
Hello TomK
Please find below the log from exehelper. The first one was run just in the Plain Safe mode (without networking)
I booted the system after than and ran exehelper again in the Safe Mode with Networking and it gave the 'error deleting file..." message as below.
I booted in Safe mode with networking to try and install the Malware Antispyware again and update it.
This time I was able to run the mbam setup.exe file. The installation finishes as a success but upon clicking to launch the application it gives me an error saying that it cannot find "mbam.exe" to launch the program.
I tried re-installating again but it did the same and I stopped here. I am not trying extra steps as I want to stick to your exact instructions.
----------------------------------------------
exeHelper by Raktor
Build 20091018
Run at 17:36:43 on 10/19/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\83602120\83602120.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\83602120
Deleting file C:\Documents and Settings\All Users\Application Data\12404516\12404516.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12404516
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\ppp3.dat
Deleting file C:\WINDOWS\ppp4.dat
Deleting file C:\WINDOWS\system32\AVR09.exe
Deleting file C:\WINDOWS\temp\b.exe
Deleting file C:\WINDOWS\temp\a.exe
Deleting file C:\WINDOWS\system32\sysnet.dat
Deleting file C:\WINDOWS\system32\bincd32.dat
Deleting file C:\WINDOWS\system32\winupdate.exe
Deleting file C:\WINDOWS\system32\sonhelp.htm
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\WINDOWS\system32\winhelper.dll
Deleting file C:\WINDOWS\temp\winlogon.exe
Deleting file C:\WINDOWS\system32\drivers\smss.exe
Error deleting C:\WINDOWS\system32\drivers\smss.exe
Deleting file C:\WINDOWS\system32\pump.exe
Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Deleting file C:\Documents and Settings\Tanmay\Desktop\Windows Police Pro.lnk
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20091018
Run at 17:53:34 on 10/19/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\97519031\97519031.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\97519031
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\drivers\smss.exe
Error deleting C:\WINDOWS\system32\drivers\smss.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
#8
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 19 October 2009 - 05:53 PM
abu_jaaneb,
Please run exeHelper again and then attempt to run RootRepeal
Please run exeHelper again and then attempt to run RootRepeal
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#9
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 20 October 2009 - 09:52 PM
TomK,
Sorry for the delay in response. I tried running the RootRepeal last night for a while but got errors and did not get it to end.
It gives this pop-up message everytime before running:
"Could not read the boot sector. Try adjusting the Disk Access Level in the options Dialog"
I click okay 4-5 times and it takes me to the screen where I can run the scan.
I setup the disk access in the options menu to different levels. I could not do a 'hidden files' scan in any access level. I have one running for 4 hrs but didn't seem to be doing anything..What do you want me to do next ? If it finishes before you reply - i will post the log here.
#10
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 20 October 2009 - 10:30 PM
abu_jaaneb,
Let's give this a try:
Please download the Win32kDiag.exe tool from the following location and save it to your desktop:
http://download.blee.../Win32kDiag.exe
Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.
Double-click on this file and post the contents as a reply to this topic.
Let's give this a try:
Please download the Win32kDiag.exe tool from the following location and save it to your desktop:
http://download.blee.../Win32kDiag.exe
Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.
Double-click on this file and post the contents as a reply to this topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#11
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 October 2009 - 05:26 PM
Hi TomK,
Here is the log from Win32kDiag.exe:
Thanks !
------------------------------------------------------------------------------------------------------------
Running from: C:\Documents and Settings\Tanmay\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Tanmay\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Downloaded Installations\Downloaded Installations
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\occache\occache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2004-08-04 06:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
[1] 2008-04-13 19:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2342e087142544189c3e4dbf170c3418\2342e087142544189c3e4dbf170c3418
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\3BEV3TFW\3BEV3TFW
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-4283292653-2942478987-3006737494-1003\S-1-5-21-4283292653-2942478987-3006737494-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CTF\CTF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe
[1] 2008-04-13 19:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dumprep.exe (Microsoft Corporation)
[1] 2004-08-04 06:00:00 10752 C:\WINDOWS\system32\dumprep.exe ()
[1] 2004-08-04 06:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-04 06:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-04 06:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
[1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\QuickTime\QuickTime
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\x64\x64
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe
[1] 2009-02-06 04:41:05 227840 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe (Microsoft Corporation)
[1] 2009-02-06 05:10:02 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe (Microsoft Corporation)
[1] 2009-02-06 05:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)
[1] 2004-08-04 06:00:00 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation)
[1] 2008-04-13 19:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiprvse.exe (Microsoft Corporation)
[1] 2009-02-06 11:39:29 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)
[1] 2009-02-06 11:39:29 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe ()
[1] 2004-08-04 06:00:00 218112 C:\i386\wmiprvse.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\1.tmp\1.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\10.tmp\10.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\11.tmp\11.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\12.tmp\12.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\13.tmp\13.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\14.tmp\14.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\17.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\18.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\19.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1A.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1B.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1C.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1D.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1E.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\1F.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\2.tmp\2.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\20.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\21.tmp\21.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\22.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\23.tmp\23.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\24.tmp\24.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\25.tmp\25.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\26.tmp\26.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\27.tmp\27.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\28.tmp\28.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\29.tmp\29.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2A.tmp\2A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2B.tmp\2B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2C.tmp\2C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2D.tmp\2D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2E.tmp\2E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\2F.tmp\2F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3.tmp\3.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\30.tmp\30.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\31.tmp\31.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\32.tmp\32.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\33.tmp\33.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\34.tmp\34.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\35.tmp\35.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\35A2\35A2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\36.tmp\36.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\38.tmp\38.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\39.tmp\39.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3A.tmp\3A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3B.tmp\3B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3C.tmp\3C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3D.tmp\3D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3E.tmp\3E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\3F.tmp\3F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\40.tmp\40.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\41.tmp\41.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\42.tmp\42.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\43.tmp\43.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\44.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\442B\442B
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\44F0\44F0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\45.tmp\45.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\46.tmp\46.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\47.tmp\47.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\48.tmp\48.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\49.tmp\49.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4A.tmp\4A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4B.tmp\4B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4C.tmp\4C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4D.tmp\4D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4E.tmp\4E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\4F.tmp\4F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5.tmp\5.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\50.tmp\50.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\51.tmp\51.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\52.tmp\52.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\53.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\54.tmp\54.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5458\5458
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\55.tmp\55.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\57.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\58.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\59.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\591D\591D
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5920\5920
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5A.tmp\5A.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\5B.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\5C.tmp\5C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5D.tmp\5D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5E.tmp\5E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\5F.tmp\5F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\6.tmp\6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\60.tmp\60.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\61.tmp\61.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\62.tmp\62.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\63.tmp\63.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\64.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\65.tmp\65.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\66.tmp\66.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\67.tmp\67.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\68.tmp\68.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\69.tmp\69.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\6C.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\6D.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\6E.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\7.tmp\7.tmp
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\Temp\70.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\71.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\72.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\73.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Cannot access: C:\WINDOWS\Temp\74.tmp\FI.exe
[1] 2009-10-16 23:28:26 110592 C:\WINDOWS\Temp\17.tmp\FI.exe ()
[1] 2009-10-16 23:31:47 110592 C:\WINDOWS\Temp\18.tmp\FI.exe ()
[1] 2009-10-16 23:35:27 110592 C:\WINDOWS\Temp\19.tmp\FI.exe ()
[1] 2009-10-16 23:39:06 110592 C:\WINDOWS\Temp\1A.tmp\FI.exe ()
[1] 2009-10-16 23:42:47 110592 C:\WINDOWS\Temp\1B.tmp\FI.exe ()
[1] 2009-10-16 23:45:36 110592 C:\WINDOWS\Temp\1C.tmp\FI.exe ()
[1] 2009-10-16 23:49:15 110592 C:\WINDOWS\Temp\1D.tmp\FI.exe ()
[1] 2009-10-16 23:52:58 110592 C:\WINDOWS\Temp\1E.tmp\FI.exe ()
[1] 2009-10-16 23:56:37 110592 C:\WINDOWS\Temp\1F.tmp\FI.exe ()
[1] 2009-10-17 00:00:16 110592 C:\WINDOWS\Temp\20.tmp\FI.exe ()
[1] 2009-10-17 00:03:55 110592 C:\WINDOWS\Temp\22.tmp\FI.exe ()
[1] 2009-10-16 23:07:29 110592 C:\WINDOWS\Temp\4.tmp\FI.exe ()
[1] 2009-10-17 09:42:46 110592 C:\WINDOWS\Temp\44.tmp\FI.exe ()
[1] 2009-10-19 18:01:15 110592 C:\WINDOWS\Temp\53.tmp\FI.exe ()
[1] 2009-10-19 18:06:12 110592 C:\WINDOWS\Temp\57.tmp\FI.exe ()
[1] 2009-10-19 18:09:39 110592 C:\WINDOWS\Temp\58.tmp\FI.exe ()
[1] 2009-10-19 18:13:03 110592 C:\WINDOWS\Temp\59.tmp\FI.exe ()
[1] 2009-10-20 04:34:42 110592 C:\WINDOWS\Temp\5B.tmp\FI.exe ()
[1] 2009-10-19 18:23:38 110592 C:\WINDOWS\Temp\64.tmp\FI.exe ()
[1] 2009-10-20 18:13:44 110592 C:\WINDOWS\Temp\6C.tmp\FI.exe ()
[1] 2009-10-19 18:26:36 110592 C:\WINDOWS\Temp\6D.tmp\FI.exe ()
[1] 2009-10-19 18:30:16 110592 C:\WINDOWS\Temp\6E.tmp\FI.exe ()
[1] 2009-10-19 18:33:42 110592 C:\WINDOWS\Temp\6F.tmp\FI.exe ()
[1] 2009-10-20 18:27:34 110592 C:\WINDOWS\Temp\70.tmp\FI.exe ()
[1] 2009-10-20 18:34:40 110592 C:\WINDOWS\Temp\71.tmp\FI.exe ()
[1] 2009-10-20 18:41:09 110592 C:\WINDOWS\Temp\72.tmp\FI.exe ()
[1] 2009-10-20 18:48:52 110592 C:\WINDOWS\Temp\73.tmp\FI.exe ()
[1] 2009-10-20 18:58:36 110592 C:\WINDOWS\Temp\74.tmp\FI.exe ()
Found mount point : C:\WINDOWS\Temp\74F3\74F3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\8.tmp\8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\9.tmp\9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\A.tmp\A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\B.tmp\B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\C.tmp\C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\chrome_4902\source\Chrome-bin\Dictionaries\Dictionaries
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\chrome_9722\source\Chrome-bin\Dictionaries\Dictionaries
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\D.tmp\D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\E.tmp\E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\F.tmp\F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\IXP000.TMP\IXP000.TMP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\IXP001.TMP\IXP001.TMP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\nai45\nai45
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Vbox\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Vbox\Installers\Installers
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Vbox\PackingSlips\PackingSlips
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00
Mount point destination : \Device\__max++>\^
Finished!
Attached Files
-
Win32kDiag.txt 73.91KB
213 downloads
#12
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 21 October 2009 - 06:15 PM
abu_jaaneb,
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop as Worksnow.com
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop as Worksnow.com
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#13
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 22 October 2009 - 07:34 AM
Ok. tried to run it last night. Here's what i did:
- Started my laptop in safe mode.
- Renamed Combo fix and ran it
- First message it gave was that "Combofix has detected some rootkit activity and need to reboot." Clicked OK and it rebooted
Machine rebooted, now in the normal mode.
- After startup it gave me a message in the command window: :GERP is not a recognized application
Then it waited for a while and was trying to create a system restore point.
- There was no activity after that. I don't know when the command window died or terminated as I walked away from the laptop.
- I checked in the task manager and do not see combofix running at night or in the morning.
-There is no log created in the c: drive.
Please let me know if I need to re-run or the next steps.
#14
abu_jaaneb
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 22 October 2009 - 07:40 AM
One thing though I can think of is that I might have not disabled the antispyware. It wasn't a successful installation to begin with as its missing the EXE file but can it still interfer with the tool ?
Also, as I mentioned before I do not have the Virus scan icons in the system tray or in the program files. I have the McAfee 8i On-access scan which i could not find in program files, system tray, etc. to disable as don't see it in the safe mode.
I can boot in the normal mode, trying disabling both of these and re-run CF...?
#15
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 22 October 2009 - 08:32 AM
abu_jaaneb,
Let's sneak up on it.
Please run Win32kDiag.exe again.
Let's sneak up on it.
Please run Win32kDiag.exe again.
- Download DDS and save it to your desktop from
- Here
- here or
- here.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- We Need to check for Rootkits with RootRepeal
- Download RootRepeal from one of the following locations and save it to your desktop.
- Open on your desktop.
- Click the tab.
- Click the button.
- In the Select Scan dialog, check
- Push Ok
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- Download RootRepeal from one of the following locations and save it to your desktop.
- Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.
- Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
