Search engine redirects + windows 7 install "not enough free space" error bs
So I bought this computer off a friend and immediately noticed it was already infected with malwares... sometimes when I click on a search result I get redirected to a random website. If I drag the link to create another tab in Firefox it usually opens the right site though. Sometimes I get popdowns as well.
In safe, safe with networking, and regular modes I've ran ESET caught a few files and deleted them, ran Stopzilla and caught a few more files so they both saying i'm clean now. Unfortunately it didn't seem to fix much and now Stopzilla tells me that there is a 'Vundo.y' infection and when i delete the files they just show back up on the scan after every reboot. I also can't install or use Mbam. I could install it a while ago, but the desktop shortcut would stop working and say that it couldn't find the .exe file. Trying to open the mbam.exe started to load it and then did nothing.
Figured I'd just re-install Windows 7, but now when I try to install it I get a error saying "There is not enough free space to store temporary Windows installation files. Try using Disk Cleanup, uninstall old programs, or move files to an external location such as a CD, DVD, or external hard drive. "
I have an Acer Aspire 5517
running Windows 7 32-bit
140Gb HD
1.6 GHz processor
3Gb of RAM
I have access to a windows boot disc
I have no idea what else to try, I'm totally stuck! Any help that you guys could give would be very very much appreciated!
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tristan at 23:02:54.22 on Sat 06/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.2065 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\AUDIODG.EXE
C:\Users\Tristan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=RGfox000&ptb=w3qA0_9IEFZ7UlyZoLJdDQ
uSearch Bar =
BHO: {ec305789-e66e-4edd-8007-c2c77ae46dc9} - wulazibe.dll
mRun: [dahehuhola] Rundll32.exe "gadapobo.dll",s
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
AppInit_DLLs: piridupa.dll
LSA: Notification Packages = scecli piridupa.dll
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\tristan\appdata\roaming\mozilla\firefox\profiles\bswal3rg.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGfox000&ptb=w3qA0_9IEFZ7UlyZoLJdDQ&psa=&ind=2010040522&ptnrS=RGfox000&si=&st=kwd&n=77cec8ca&searchfor=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: XULRunner: {40E9BF89-6FB1-4C6E-8437-695AA8A0AB0E} - c:\users\tristan\appdata\local\{40E9BF89-6FB1-4C6E-8437-695AA8A0AB0E}
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-6-5 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-6-5 8456]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
=============== Created Last 30 ================
2010-06-06 05:10:21 853 ---ha-w- c:\windows\EPMBatch.ept
2010-06-06 04:57:39 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-06-06 04:57:39 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-06-06 04:57:39 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-06-06 04:57:39 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-06 04:57:39 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-06-06 04:57:32 0 d-----w- c:\program files\EASEUS
2010-06-06 04:00:14 0 d-----w- c:\program files\Defraggler
2010-06-05 23:47:19 296588 ----a-w- c:\windows\system32\netathr.inf
2010-06-05 23:47:19 1221632 ----a-w- c:\windows\system32\drivers\athr.sys
2010-06-05 23:47:19 1221632 ----a-w- c:\windows\system32\athr.sys
2010-06-05 23:47:19 0 d-----w- c:\windows\Options
2010-06-05 23:47:19 0 d-----w- c:\program files\Atheros
2010-06-05 22:23:39 1908 ----a-w- c:\windows\diagwrn.xml
2010-06-05 22:23:39 1908 ----a-w- c:\windows\diagerr.xml
2010-06-05 21:48:05 2080 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-06-05 21:46:57 10472 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-19 02:31:00 1630208 ---ha-w- C:\SZKGFS.dat
2010-05-17 02:07:20 0 ----a-w- C:\debug
2010-05-17 02:03:13 112 ----a-w- c:\programdata\3usrX2k.dat
2010-05-15 01:52:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 01:49:47 0 dc-h--w- c:\programdata\~1
==================== Find3M ====================
2010-05-17 05:31:50 13824 ----a-w- c:\windows\system32\slwga.dll
2010-05-17 05:31:48 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-05-17 05:31:21 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-01 04:52:08 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-30 08:41:10 11 ----a-w- C:\confin.sys
2010-04-30 08:34:05 84992 --sha-r- c:\windows\system32\sscorez.dll
2010-04-04 06:00:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-25 13:38:52 91174 --sh--w- c:\windows\system32\bakevibe.exe
2010-02-19 14:32:48 46080 --sha-w- c:\windows\system32\bavikidi.exe
2010-02-21 01:54:07 1970232 --sh--w- c:\windows\system32\begepudi.exe
2010-02-12 02:45:49 47104 --sha-w- c:\windows\system32\bezogebu.exe
2010-03-05 02:51:56 46080 --sha-w- c:\windows\system32\bifomuba.exe
2010-02-27 03:13:59 47104 --sha-w- c:\windows\system32\bihorugi.exe
2010-03-02 02:21:40 91174 --sh--w- c:\windows\system32\biwifasi.exe
2010-02-08 23:09:06 2713 --sh--w- c:\windows\system32\bodizeya.exe
2010-02-15 19:49:59 47216 --sh--w- c:\windows\system32\bovenage.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\boyowugo.exe
2010-02-26 01:38:57 91134 --sh--w- c:\windows\system32\bunanuru.exe
2010-02-06 04:07:31 2713 --sh--w- c:\windows\system32\buvujano.exe
1601-01-01 00:03:17 90112 --sha-w- c:\windows\system32\deginosu.exe
2010-02-04 13:09:32 2713 --sh--w- c:\windows\system32\demobiho.exe
2010-02-10 14:29:04 47104 --sha-w- c:\windows\system32\demohajo.exe
2010-02-20 02:32:46 91136 --sha-w- c:\windows\system32\devopaha.exe
2010-02-27 03:16:36 46484 --sh--w- c:\windows\system32\dopowihi.exe
2010-03-02 14:18:08 91136 --sha-w- c:\windows\system32\dubipoja.exe
2010-02-19 14:32:48 91136 --sha-w- c:\windows\system32\dubozome.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\dugenaba.exe
2010-02-25 01:38:38 22294 --sh--w- c:\windows\system32\dumekero.exe
1601-01-01 00:12:31 47207 --sh--w- c:\windows\system32\fawuruvo.exe
2010-03-04 14:51:39 91136 --sha-w- c:\windows\system32\fimunime.exe
2010-03-02 14:18:08 46080 --sha-w- c:\windows\system32\fonodate.exe
2010-02-24 07:20:01 46080 --sha-w- c:\windows\system32\fosahadi.exe
2010-03-05 14:51:56 46080 --sha-w- c:\windows\system32\fosuzopu.exe
2010-02-20 02:32:46 41984 --sha-w- c:\windows\system32\fuhiheje.exe
2010-02-26 15:14:11 46080 --sha-w- c:\windows\system32\gayegoka.exe
2010-03-05 02:51:56 91136 --sha-w- c:\windows\system32\gejitutu.exe
2010-02-19 00:44:06 91136 --sha-w- c:\windows\system32\giyesewu.exe
2010-02-21 01:51:31 46080 --sha-w- c:\windows\system32\gosagawe.exe
2010-02-25 01:38:36 46835 --sh--w- c:\windows\system32\gudafeki.exe
2010-02-23 14:09:52 91136 --sha-w- c:\windows\system32\gulobimu.exe
2010-02-19 00:24:42 46080 --sha-w- c:\windows\system32\hajulofi.exe
1601-01-01 00:12:31 1969641 --sh--w- c:\windows\system32\hedohudi.exe
2010-02-07 04:08:40 2713 --sh--w- c:\windows\system32\hofogiyi.exe
2010-02-12 02:48:26 47883 --sh--w- c:\windows\system32\homozoyi.exe
2010-03-05 02:54:32 46356 --sh--w- c:\windows\system32\howogadi.exe
2010-02-04 13:08:57 2713 --sh--w- c:\windows\system32\hoyozebo.exe
2010-02-19 14:35:24 46484 --sh--w- c:\windows\system32\hozifofe.exe
2010-02-19 00:24:42 91136 --sha-w- c:\windows\system32\hufemute.exe
2010-02-09 11:08:42 2713 --sh--w- c:\windows\system32\huwulita.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\japanupa.exe
2010-02-05 15:06:43 2713 --sh--w- c:\windows\system32\jejowada.exe
1601-01-01 00:12:31 88318 --sh--w- c:\windows\system32\jerahona.exe
2010-02-18 00:46:23 46484 --sh--w- c:\windows\system32\jesuvaya.exe
2010-03-03 14:51:31 91136 --sha-w- c:\windows\system32\jewerari.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\jigefuwi.exe
2010-02-24 07:20:01 91136 --sha-w- c:\windows\system32\jihofoju.exe
2010-02-23 14:09:52 46080 --sha-w- c:\windows\system32\jiweyiyi.exe
2010-02-19 00:27:18 46807 --sh--w- c:\windows\system32\jobagiyu.exe
1601-01-01 00:12:31 1285103 --sh--w- c:\windows\system32\jomizone.exe
2010-02-22 14:14:13 91136 --sha-w- c:\windows\system32\kafuneso.exe
2010-03-05 14:54:45 47114 --sh--w- c:\windows\system32\kehugutu.exe
2010-03-06 02:54:36 91446 --sh--w- c:\windows\system32\kizosewa.exe
2010-03-04 14:54:15 91174 --sh--w- c:\windows\system32\kugaluso.exe
2010-03-06 02:54:36 1315520 --sh--w- c:\windows\system32\kuvimulo.exe
2010-02-05 15:07:08 2713 --sh--w- c:\windows\system32\lahozunu.exe
1601-01-01 00:12:31 1534046 --sh--w- c:\windows\system32\lakotite.exe
2010-03-02 02:19:02 46080 --sha-w- c:\windows\system32\lasefoye.exe
2010-02-28 00:33:16 91136 --sha-w- c:\windows\system32\lehobake.exe
2010-02-05 01:10:08 2713 --sh--w- c:\windows\system32\levisaku.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\linimoto.exe
2010-02-25 13:36:11 47104 --sha-w- c:\windows\system32\lizafeka.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\logapoyi.exe
2010-03-05 02:54:30 464170 --sh--w- c:\windows\system32\lomodefi.exe
2010-03-01 23:32:07 91136 --sha-w- c:\windows\system32\lujahefo.exe
2010-02-04 01:08:44 2713 --sh--w- c:\windows\system32\lumuheze.exe
2010-03-03 02:18:06 46080 --sha-w- c:\windows\system32\mabofozu.exe
1601-01-01 00:12:31 91395 --sh--w- c:\windows\system32\maligoha.exe
2010-02-12 14:45:50 47104 --sha-w- c:\windows\system32\marowasu.exe
2010-02-12 14:48:28 47480 --sh--w- c:\windows\system32\mefuwulu.exe
2010-03-04 14:51:39 46080 --sha-w- c:\windows\system32\mifahowi.exe
1601-01-01 00:12:31 46432 --sh--w- c:\windows\system32\mijepubi.exe
2010-02-13 14:46:50 47104 --sha-w- c:\windows\system32\milemopi.exe
2010-02-25 01:38:36 1277015 --sh--w- c:\windows\system32\mipozefo.exe
2010-02-23 14:12:26 91816 --sh--w- c:\windows\system32\mohohimu.exe
2010-03-03 02:20:42 46906 --sh--w- c:\windows\system32\motatere.exe
2010-03-04 02:51:12 91136 --sha-w- c:\windows\system32\musifuhi.exe
2010-02-13 02:48:57 46502 --sh--w- c:\windows\system32\nabumami.exe
1601-01-01 00:12:31 46906 --sh--w- c:\windows\system32\nalerosa.exe
2010-02-28 00:35:58 91622 --sh--w- c:\windows\system32\nedekaje.exe
2010-02-20 02:35:23 91854 --sh--w- c:\windows\system32\nirinifi.exe
1601-01-01 00:03:16 90112 --sha-w- c:\windows\system32\nobiwuna.exe
2010-02-17 07:50:37 46906 --sh--w- c:\windows\system32\nokanoza.exe
2010-02-13 02:50:07 1712387 --sh--w- c:\windows\system32\pamarute.exe
2010-03-03 14:53:50 5947 --sh--w- c:\windows\system32\pebudure.exe
2010-03-05 14:54:45 92104 --sh--w- c:\windows\system32\pideruru.exe
2010-02-24 07:21:06 91846 --sh--w- c:\windows\system32\pisefire.exe
2010-02-19 00:44:06 46080 --sha-w- c:\windows\system32\pododome.exe
2010-03-04 02:53:48 1764924 --sh--w- c:\windows\system32\porihimi.exe
2010-02-05 15:06:13 2713 --sh--w- c:\windows\system32\poyiyele.exe
2010-03-06 02:52:00 47104 --sha-w- c:\windows\system32\pujojiwu.exe
2010-02-05 01:09:46 2713 --sh--w- c:\windows\system32\pusifore.exe
2010-02-21 01:51:30 90112 --sha-w- c:\windows\system32\refajako.exe
2010-02-11 02:29:11 47104 --sha-w- c:\windows\system32\rerumupo.exe
2010-03-05 14:51:56 90112 --sha-w- c:\windows\system32\revedelu.exe
1601-01-01 00:12:31 82326 --sh--w- c:\windows\system32\ribigode.exe
1601-01-01 00:03:17 47104 --sha-w- c:\windows\system32\rijegazo.exe
2010-02-18 12:43:51 46080 --sha-w- c:\windows\system32\roruhore.exe
2010-03-03 02:20:42 599797 --sh--w- c:\windows\system32\rowehulu.exe
2010-03-01 07:00:30 46080 --sha-w- c:\windows\system32\rowugopu.exe
1601-01-01 00:12:31 47230 --sh--w- c:\windows\system32\ruhuvosu.exe
2010-02-15 00:27:47 46080 --sha-w- c:\windows\system32\ruzamako.exe
2010-02-08 00:09:41 2713 --sh--w- c:\windows\system32\sabafiru.exe
2010-02-26 15:14:11 91136 --sha-w- c:\windows\system32\sabimofo.exe
2010-02-23 14:12:26 46502 --sh--w- c:\windows\system32\sadeyoli.exe
2010-02-16 07:47:33 46080 --sha-w- c:\windows\system32\sahuyana.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\sakazati.exe
2010-03-01 07:03:06 661312 --sh--w- c:\windows\system32\sayumisi.exe
2010-02-11 02:31:49 47559 --sh--w- c:\windows\system32\sayusizu.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\sifugodo.exe
2010-02-18 12:46:27 46484 --sh--w- c:\windows\system32\siyojode.exe
1601-01-01 00:12:31 92111 --sh--w- c:\windows\system32\sorimeha.exe
2010-02-16 07:50:08 46502 --sh--w- c:\windows\system32\sujefube.exe
2010-03-01 07:03:06 90878 --sh--w- c:\windows\system32\sunekose.exe
2010-02-04 01:09:45 2713 --sh--w- c:\windows\system32\supilime.exe
2010-02-04 13:09:53 2713 --sh--w- c:\windows\system32\susezahe.exe
2010-02-25 13:36:11 91136 --sha-w- c:\windows\system32\sutuzeze.exe
1601-01-01 00:12:31 47338 --sh--w- c:\windows\system32\suwefosa.exe
2010-02-06 16:07:10 2713 --sh--w- c:\windows\system32\taburobu.exe
2010-02-11 14:45:28 47104 --sha-w- c:\windows\system32\tagayuli.exe
2010-02-13 02:46:20 46080 --sha-w- c:\windows\system32\tahoyido.exe
2010-02-16 19:47:52 46080 --sha-w- c:\windows\system32\tavimoba.exe
2010-02-18 00:43:50 47104 --sha-w- c:\windows\system32\tewuziwe.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\tezubive.exe
2010-02-06 03:06:35 2713 --sh--w- c:\windows\system32\tigefeki.exe
2010-03-04 02:53:47 91174 --sh--w- c:\windows\system32\tizabedi.exe
2010-02-15 19:47:23 46080 --sha-w- c:\windows\system32\tupopazo.exe
2010-03-03 14:53:50 5947 --sh--w- c:\windows\system32\tuwakebi.exe
2010-02-26 01:36:18 46080 --sha-w- c:\windows\system32\vakuwizu.exe
2010-02-04 01:09:24 2713 --sh--w- c:\windows\system32\vatotosa.exe
2010-03-03 14:54:21 2713 --sh--w- c:\windows\system32\vejasoso.exe
2010-02-25 01:36:03 91136 --sha-w- c:\windows\system32\vidadori.exe
2010-03-01 23:32:07 46080 --sha-w- c:\windows\system32\viguhobu.exe
2010-02-25 01:36:03 46080 --sha-w- c:\windows\system32\vimovono.exe
2010-03-03 02:20:44 2638 --sh--w- c:\windows\system32\vitatada.exe
2010-02-18 12:43:51 91136 --sha-w- c:\windows\system32\viweyeju.exe
2010-02-26 01:38:57 1832076 --sh--w- c:\windows\system32\vomepizu.exe
2010-03-02 02:19:02 91136 --sha-w- c:\windows\system32\vonibusa.exe
2010-03-04 02:51:12 46080 --sha-w- c:\windows\system32\vubumega.exe
2010-02-19 00:46:41 1969080 --sh--w- c:\windows\system32\vuvimuwe.exe
2010-02-26 15:16:54 91174 --sh--w- c:\windows\system32\vuvowuba.exe
2010-02-19 00:46:41 46726 --sh--w- c:\windows\system32\wahewozi.exe
2010-02-14 03:00:49 46080 --sha-w- c:\windows\system32\wahotake.exe
2010-02-05 01:09:23 2713 --sh--w- c:\windows\system32\wasoteba.exe
2010-03-06 02:52:00 91136 --sha-w- c:\windows\system32\wejiwulo.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\wekinimu.exe
2010-02-21 01:54:07 46906 --sh--w- c:\windows\system32\wipoveku.exe
2010-03-04 14:54:15 448056 --sh--w- c:\windows\system32\wopiloda.exe
2010-02-17 07:48:02 47104 --sha-w- c:\windows\system32\wovahova.exe
2010-02-22 14:14:13 46080 --sha-w- c:\windows\system32\wuworoge.exe
2010-02-27 03:13:59 91136 --sha-w- c:\windows\system32\yefanopa.exe
2010-03-03 14:51:31 47104 --sha-w- c:\windows\system32\yikibaho.exe
2010-02-28 00:33:16 46080 --sha-w- c:\windows\system32\yobijile.exe
2010-03-01 07:00:30 91136 --sha-w- c:\windows\system32\yuhikezo.exe
2010-02-06 03:07:09 2713 --sh--w- c:\windows\system32\yuhodose.exe
2010-02-26 01:36:18 91136 --sha-w- c:\windows\system32\yukapopo.exe
2010-02-06 04:06:53 2713 --sh--w- c:\windows\system32\yunukino.exe
2010-03-05 02:54:32 3534 --sh--w- c:\windows\system32\yuzigowa.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\zadoguze.exe
2010-03-02 14:20:42 46484 --sh--w- c:\windows\system32\zebekeli.exe
2010-03-03 02:18:06 84992 --sha-w- c:\windows\system32\zelorogi.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\zusidebi.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:05:10.58 ===============
So I bought this computer off a friend and immediately noticed it was already infected with malwares... sometimes when I click on a search result I get redirected to a random website. If I drag the link to create another tab in Firefox it usually opens the right site though. Sometimes I get popdowns as well.
In safe, safe with networking, and regular modes I've ran ESET caught a few files and deleted them, ran Stopzilla and caught a few more files so they both saying i'm clean now. Unfortunately it didn't seem to fix much and now Stopzilla tells me that there is a 'Vundo.y' infection and when i delete the files they just show back up on the scan after every reboot. I also can't install or use Mbam. I could install it a while ago, but the desktop shortcut would stop working and say that it couldn't find the .exe file. Trying to open the mbam.exe started to load it and then did nothing.
Figured I'd just re-install Windows 7, but now when I try to install it I get a error saying "There is not enough free space to store temporary Windows installation files. Try using Disk Cleanup, uninstall old programs, or move files to an external location such as a CD, DVD, or external hard drive. "
I have an Acer Aspire 5517
running Windows 7 32-bit
140Gb HD
1.6 GHz processor
3Gb of RAM
I have access to a windows boot disc
I have no idea what else to try, I'm totally stuck! Any help that you guys could give would be very very much appreciated!
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tristan at 23:02:54.22 on Sat 06/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.2065 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\AUDIODG.EXE
C:\Users\Tristan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=RGfox000&ptb=w3qA0_9IEFZ7UlyZoLJdDQ
uSearch Bar =
BHO: {ec305789-e66e-4edd-8007-c2c77ae46dc9} - wulazibe.dll
mRun: [dahehuhola] Rundll32.exe "gadapobo.dll",s
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
AppInit_DLLs: piridupa.dll
LSA: Notification Packages = scecli piridupa.dll
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\tristan\appdata\roaming\mozilla\firefox\profiles\bswal3rg.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGfox000&ptb=w3qA0_9IEFZ7UlyZoLJdDQ&psa=&ind=2010040522&ptnrS=RGfox000&si=&st=kwd&n=77cec8ca&searchfor=
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: XULRunner: {40E9BF89-6FB1-4C6E-8437-695AA8A0AB0E} - c:\users\tristan\appdata\local\{40E9BF89-6FB1-4C6E-8437-695AA8A0AB0E}
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-6-5 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-6-5 8456]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
=============== Created Last 30 ================
2010-06-06 05:10:21 853 ---ha-w- c:\windows\EPMBatch.ept
2010-06-06 04:57:39 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-06-06 04:57:39 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-06-06 04:57:39 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-06-06 04:57:39 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-06 04:57:39 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-06-06 04:57:32 0 d-----w- c:\program files\EASEUS
2010-06-06 04:00:14 0 d-----w- c:\program files\Defraggler
2010-06-05 23:47:19 296588 ----a-w- c:\windows\system32\netathr.inf
2010-06-05 23:47:19 1221632 ----a-w- c:\windows\system32\drivers\athr.sys
2010-06-05 23:47:19 1221632 ----a-w- c:\windows\system32\athr.sys
2010-06-05 23:47:19 0 d-----w- c:\windows\Options
2010-06-05 23:47:19 0 d-----w- c:\program files\Atheros
2010-06-05 22:23:39 1908 ----a-w- c:\windows\diagwrn.xml
2010-06-05 22:23:39 1908 ----a-w- c:\windows\diagerr.xml
2010-06-05 21:48:05 2080 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-06-05 21:46:57 10472 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-19 02:31:00 1630208 ---ha-w- C:\SZKGFS.dat
2010-05-17 02:07:20 0 ----a-w- C:\debug
2010-05-17 02:03:13 112 ----a-w- c:\programdata\3usrX2k.dat
2010-05-15 01:52:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 01:49:47 0 dc-h--w- c:\programdata\~1
==================== Find3M ====================
2010-05-17 05:31:50 13824 ----a-w- c:\windows\system32\slwga.dll
2010-05-17 05:31:48 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-05-17 05:31:21 811520 ----a-w- c:\windows\system32\user32.dll
2010-05-01 04:52:08 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-30 08:41:10 11 ----a-w- C:\confin.sys
2010-04-30 08:34:05 84992 --sha-r- c:\windows\system32\sscorez.dll
2010-04-04 06:00:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-25 13:38:52 91174 --sh--w- c:\windows\system32\bakevibe.exe
2010-02-19 14:32:48 46080 --sha-w- c:\windows\system32\bavikidi.exe
2010-02-21 01:54:07 1970232 --sh--w- c:\windows\system32\begepudi.exe
2010-02-12 02:45:49 47104 --sha-w- c:\windows\system32\bezogebu.exe
2010-03-05 02:51:56 46080 --sha-w- c:\windows\system32\bifomuba.exe
2010-02-27 03:13:59 47104 --sha-w- c:\windows\system32\bihorugi.exe
2010-03-02 02:21:40 91174 --sh--w- c:\windows\system32\biwifasi.exe
2010-02-08 23:09:06 2713 --sh--w- c:\windows\system32\bodizeya.exe
2010-02-15 19:49:59 47216 --sh--w- c:\windows\system32\bovenage.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\boyowugo.exe
2010-02-26 01:38:57 91134 --sh--w- c:\windows\system32\bunanuru.exe
2010-02-06 04:07:31 2713 --sh--w- c:\windows\system32\buvujano.exe
1601-01-01 00:03:17 90112 --sha-w- c:\windows\system32\deginosu.exe
2010-02-04 13:09:32 2713 --sh--w- c:\windows\system32\demobiho.exe
2010-02-10 14:29:04 47104 --sha-w- c:\windows\system32\demohajo.exe
2010-02-20 02:32:46 91136 --sha-w- c:\windows\system32\devopaha.exe
2010-02-27 03:16:36 46484 --sh--w- c:\windows\system32\dopowihi.exe
2010-03-02 14:18:08 91136 --sha-w- c:\windows\system32\dubipoja.exe
2010-02-19 14:32:48 91136 --sha-w- c:\windows\system32\dubozome.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\dugenaba.exe
2010-02-25 01:38:38 22294 --sh--w- c:\windows\system32\dumekero.exe
1601-01-01 00:12:31 47207 --sh--w- c:\windows\system32\fawuruvo.exe
2010-03-04 14:51:39 91136 --sha-w- c:\windows\system32\fimunime.exe
2010-03-02 14:18:08 46080 --sha-w- c:\windows\system32\fonodate.exe
2010-02-24 07:20:01 46080 --sha-w- c:\windows\system32\fosahadi.exe
2010-03-05 14:51:56 46080 --sha-w- c:\windows\system32\fosuzopu.exe
2010-02-20 02:32:46 41984 --sha-w- c:\windows\system32\fuhiheje.exe
2010-02-26 15:14:11 46080 --sha-w- c:\windows\system32\gayegoka.exe
2010-03-05 02:51:56 91136 --sha-w- c:\windows\system32\gejitutu.exe
2010-02-19 00:44:06 91136 --sha-w- c:\windows\system32\giyesewu.exe
2010-02-21 01:51:31 46080 --sha-w- c:\windows\system32\gosagawe.exe
2010-02-25 01:38:36 46835 --sh--w- c:\windows\system32\gudafeki.exe
2010-02-23 14:09:52 91136 --sha-w- c:\windows\system32\gulobimu.exe
2010-02-19 00:24:42 46080 --sha-w- c:\windows\system32\hajulofi.exe
1601-01-01 00:12:31 1969641 --sh--w- c:\windows\system32\hedohudi.exe
2010-02-07 04:08:40 2713 --sh--w- c:\windows\system32\hofogiyi.exe
2010-02-12 02:48:26 47883 --sh--w- c:\windows\system32\homozoyi.exe
2010-03-05 02:54:32 46356 --sh--w- c:\windows\system32\howogadi.exe
2010-02-04 13:08:57 2713 --sh--w- c:\windows\system32\hoyozebo.exe
2010-02-19 14:35:24 46484 --sh--w- c:\windows\system32\hozifofe.exe
2010-02-19 00:24:42 91136 --sha-w- c:\windows\system32\hufemute.exe
2010-02-09 11:08:42 2713 --sh--w- c:\windows\system32\huwulita.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\japanupa.exe
2010-02-05 15:06:43 2713 --sh--w- c:\windows\system32\jejowada.exe
1601-01-01 00:12:31 88318 --sh--w- c:\windows\system32\jerahona.exe
2010-02-18 00:46:23 46484 --sh--w- c:\windows\system32\jesuvaya.exe
2010-03-03 14:51:31 91136 --sha-w- c:\windows\system32\jewerari.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\jigefuwi.exe
2010-02-24 07:20:01 91136 --sha-w- c:\windows\system32\jihofoju.exe
2010-02-23 14:09:52 46080 --sha-w- c:\windows\system32\jiweyiyi.exe
2010-02-19 00:27:18 46807 --sh--w- c:\windows\system32\jobagiyu.exe
1601-01-01 00:12:31 1285103 --sh--w- c:\windows\system32\jomizone.exe
2010-02-22 14:14:13 91136 --sha-w- c:\windows\system32\kafuneso.exe
2010-03-05 14:54:45 47114 --sh--w- c:\windows\system32\kehugutu.exe
2010-03-06 02:54:36 91446 --sh--w- c:\windows\system32\kizosewa.exe
2010-03-04 14:54:15 91174 --sh--w- c:\windows\system32\kugaluso.exe
2010-03-06 02:54:36 1315520 --sh--w- c:\windows\system32\kuvimulo.exe
2010-02-05 15:07:08 2713 --sh--w- c:\windows\system32\lahozunu.exe
1601-01-01 00:12:31 1534046 --sh--w- c:\windows\system32\lakotite.exe
2010-03-02 02:19:02 46080 --sha-w- c:\windows\system32\lasefoye.exe
2010-02-28 00:33:16 91136 --sha-w- c:\windows\system32\lehobake.exe
2010-02-05 01:10:08 2713 --sh--w- c:\windows\system32\levisaku.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\linimoto.exe
2010-02-25 13:36:11 47104 --sha-w- c:\windows\system32\lizafeka.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\logapoyi.exe
2010-03-05 02:54:30 464170 --sh--w- c:\windows\system32\lomodefi.exe
2010-03-01 23:32:07 91136 --sha-w- c:\windows\system32\lujahefo.exe
2010-02-04 01:08:44 2713 --sh--w- c:\windows\system32\lumuheze.exe
2010-03-03 02:18:06 46080 --sha-w- c:\windows\system32\mabofozu.exe
1601-01-01 00:12:31 91395 --sh--w- c:\windows\system32\maligoha.exe
2010-02-12 14:45:50 47104 --sha-w- c:\windows\system32\marowasu.exe
2010-02-12 14:48:28 47480 --sh--w- c:\windows\system32\mefuwulu.exe
2010-03-04 14:51:39 46080 --sha-w- c:\windows\system32\mifahowi.exe
1601-01-01 00:12:31 46432 --sh--w- c:\windows\system32\mijepubi.exe
2010-02-13 14:46:50 47104 --sha-w- c:\windows\system32\milemopi.exe
2010-02-25 01:38:36 1277015 --sh--w- c:\windows\system32\mipozefo.exe
2010-02-23 14:12:26 91816 --sh--w- c:\windows\system32\mohohimu.exe
2010-03-03 02:20:42 46906 --sh--w- c:\windows\system32\motatere.exe
2010-03-04 02:51:12 91136 --sha-w- c:\windows\system32\musifuhi.exe
2010-02-13 02:48:57 46502 --sh--w- c:\windows\system32\nabumami.exe
1601-01-01 00:12:31 46906 --sh--w- c:\windows\system32\nalerosa.exe
2010-02-28 00:35:58 91622 --sh--w- c:\windows\system32\nedekaje.exe
2010-02-20 02:35:23 91854 --sh--w- c:\windows\system32\nirinifi.exe
1601-01-01 00:03:16 90112 --sha-w- c:\windows\system32\nobiwuna.exe
2010-02-17 07:50:37 46906 --sh--w- c:\windows\system32\nokanoza.exe
2010-02-13 02:50:07 1712387 --sh--w- c:\windows\system32\pamarute.exe
2010-03-03 14:53:50 5947 --sh--w- c:\windows\system32\pebudure.exe
2010-03-05 14:54:45 92104 --sh--w- c:\windows\system32\pideruru.exe
2010-02-24 07:21:06 91846 --sh--w- c:\windows\system32\pisefire.exe
2010-02-19 00:44:06 46080 --sha-w- c:\windows\system32\pododome.exe
2010-03-04 02:53:48 1764924 --sh--w- c:\windows\system32\porihimi.exe
2010-02-05 15:06:13 2713 --sh--w- c:\windows\system32\poyiyele.exe
2010-03-06 02:52:00 47104 --sha-w- c:\windows\system32\pujojiwu.exe
2010-02-05 01:09:46 2713 --sh--w- c:\windows\system32\pusifore.exe
2010-02-21 01:51:30 90112 --sha-w- c:\windows\system32\refajako.exe
2010-02-11 02:29:11 47104 --sha-w- c:\windows\system32\rerumupo.exe
2010-03-05 14:51:56 90112 --sha-w- c:\windows\system32\revedelu.exe
1601-01-01 00:12:31 82326 --sh--w- c:\windows\system32\ribigode.exe
1601-01-01 00:03:17 47104 --sha-w- c:\windows\system32\rijegazo.exe
2010-02-18 12:43:51 46080 --sha-w- c:\windows\system32\roruhore.exe
2010-03-03 02:20:42 599797 --sh--w- c:\windows\system32\rowehulu.exe
2010-03-01 07:00:30 46080 --sha-w- c:\windows\system32\rowugopu.exe
1601-01-01 00:12:31 47230 --sh--w- c:\windows\system32\ruhuvosu.exe
2010-02-15 00:27:47 46080 --sha-w- c:\windows\system32\ruzamako.exe
2010-02-08 00:09:41 2713 --sh--w- c:\windows\system32\sabafiru.exe
2010-02-26 15:14:11 91136 --sha-w- c:\windows\system32\sabimofo.exe
2010-02-23 14:12:26 46502 --sh--w- c:\windows\system32\sadeyoli.exe
2010-02-16 07:47:33 46080 --sha-w- c:\windows\system32\sahuyana.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\sakazati.exe
2010-03-01 07:03:06 661312 --sh--w- c:\windows\system32\sayumisi.exe
2010-02-11 02:31:49 47559 --sh--w- c:\windows\system32\sayusizu.exe
2010-02-22 14:16:37 2713 --sh--w- c:\windows\system32\sifugodo.exe
2010-02-18 12:46:27 46484 --sh--w- c:\windows\system32\siyojode.exe
1601-01-01 00:12:31 92111 --sh--w- c:\windows\system32\sorimeha.exe
2010-02-16 07:50:08 46502 --sh--w- c:\windows\system32\sujefube.exe
2010-03-01 07:03:06 90878 --sh--w- c:\windows\system32\sunekose.exe
2010-02-04 01:09:45 2713 --sh--w- c:\windows\system32\supilime.exe
2010-02-04 13:09:53 2713 --sh--w- c:\windows\system32\susezahe.exe
2010-02-25 13:36:11 91136 --sha-w- c:\windows\system32\sutuzeze.exe
1601-01-01 00:12:31 47338 --sh--w- c:\windows\system32\suwefosa.exe
2010-02-06 16:07:10 2713 --sh--w- c:\windows\system32\taburobu.exe
2010-02-11 14:45:28 47104 --sha-w- c:\windows\system32\tagayuli.exe
2010-02-13 02:46:20 46080 --sha-w- c:\windows\system32\tahoyido.exe
2010-02-16 19:47:52 46080 --sha-w- c:\windows\system32\tavimoba.exe
2010-02-18 00:43:50 47104 --sha-w- c:\windows\system32\tewuziwe.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\tezubive.exe
2010-02-06 03:06:35 2713 --sh--w- c:\windows\system32\tigefeki.exe
2010-03-04 02:53:47 91174 --sh--w- c:\windows\system32\tizabedi.exe
2010-02-15 19:47:23 46080 --sha-w- c:\windows\system32\tupopazo.exe
2010-03-03 14:53:50 5947 --sh--w- c:\windows\system32\tuwakebi.exe
2010-02-26 01:36:18 46080 --sha-w- c:\windows\system32\vakuwizu.exe
2010-02-04 01:09:24 2713 --sh--w- c:\windows\system32\vatotosa.exe
2010-03-03 14:54:21 2713 --sh--w- c:\windows\system32\vejasoso.exe
2010-02-25 01:36:03 91136 --sha-w- c:\windows\system32\vidadori.exe
2010-03-01 23:32:07 46080 --sha-w- c:\windows\system32\viguhobu.exe
2010-02-25 01:36:03 46080 --sha-w- c:\windows\system32\vimovono.exe
2010-03-03 02:20:44 2638 --sh--w- c:\windows\system32\vitatada.exe
2010-02-18 12:43:51 91136 --sha-w- c:\windows\system32\viweyeju.exe
2010-02-26 01:38:57 1832076 --sh--w- c:\windows\system32\vomepizu.exe
2010-03-02 02:19:02 91136 --sha-w- c:\windows\system32\vonibusa.exe
2010-03-04 02:51:12 46080 --sha-w- c:\windows\system32\vubumega.exe
2010-02-19 00:46:41 1969080 --sh--w- c:\windows\system32\vuvimuwe.exe
2010-02-26 15:16:54 91174 --sh--w- c:\windows\system32\vuvowuba.exe
2010-02-19 00:46:41 46726 --sh--w- c:\windows\system32\wahewozi.exe
2010-02-14 03:00:49 46080 --sha-w- c:\windows\system32\wahotake.exe
2010-02-05 01:09:23 2713 --sh--w- c:\windows\system32\wasoteba.exe
2010-03-06 02:52:00 91136 --sha-w- c:\windows\system32\wejiwulo.exe
1601-01-01 00:03:16 91136 --sha-w- c:\windows\system32\wekinimu.exe
2010-02-21 01:54:07 46906 --sh--w- c:\windows\system32\wipoveku.exe
2010-03-04 14:54:15 448056 --sh--w- c:\windows\system32\wopiloda.exe
2010-02-17 07:48:02 47104 --sha-w- c:\windows\system32\wovahova.exe
2010-02-22 14:14:13 46080 --sha-w- c:\windows\system32\wuworoge.exe
2010-02-27 03:13:59 91136 --sha-w- c:\windows\system32\yefanopa.exe
2010-03-03 14:51:31 47104 --sha-w- c:\windows\system32\yikibaho.exe
2010-02-28 00:33:16 46080 --sha-w- c:\windows\system32\yobijile.exe
2010-03-01 07:00:30 91136 --sha-w- c:\windows\system32\yuhikezo.exe
2010-02-06 03:07:09 2713 --sh--w- c:\windows\system32\yuhodose.exe
2010-02-26 01:36:18 91136 --sha-w- c:\windows\system32\yukapopo.exe
2010-02-06 04:06:53 2713 --sh--w- c:\windows\system32\yunukino.exe
2010-03-05 02:54:32 3534 --sh--w- c:\windows\system32\yuzigowa.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\zadoguze.exe
2010-03-02 14:20:42 46484 --sh--w- c:\windows\system32\zebekeli.exe
2010-03-03 02:18:06 84992 --sha-w- c:\windows\system32\zelorogi.exe
1601-01-01 00:03:16 46080 --sha-w- c:\windows\system32\zusidebi.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:05:10.58 ===============