Hi there I was using stuble upon when microsoft security essentials discovered win32/Tibs.IT. everything dissapeared from my desktop (except recyle bin) and my start menu shows no shortcuts. I cant use the checkdisk utility and I havent be able to do so for some time. I ran various scans (malwarebytes, spybot S&D, housecall and microsoft security essentials) but nothing seems to have had any effect. I then uninstalled mse and dowloaded Avira but without effect. Can someone help please?
I have pasted the DSS.txt below. I cant seem to be able to zip the attach.txt file (when I right click and hover over "send to" the only option is the E: drive)
also when i search for spybot S&D through the start menu now i only have the option to uninstall or update so i have been unable to disable teatimer (perhaps something to do with installing avira?
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Dave at 0:41:49 on 2012-03-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.907 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTAyNzMyMDMwLVU4NSsxLVQzLUZQOTIrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUxJQys3LVNQMSsxLVNVUCs0LUZMMTArMS1TUDFTMisxLUREVCsw"&"prod=90"&"ver=10.0.1209
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B05071D1-02D8-45DD-8F81-1E0D002F30B5} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C398C3C6-9D03-475E-8E3A-B72B4181E2A8} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D3DFD185-6AFB-45A3-B9D6-41458A82876D} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\0p53vkpy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=421&sr=0&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-19 36000]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-11-26 25896]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-19 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-19 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-19 74640]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-19 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-7 136176]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-19 187904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-7 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-19 22:14:40 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ff904c6-34ef-4e9a-8e28-0e4d3d46c797}\offreg.dll
2012-03-19 22:09:26 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ff904c6-34ef-4e9a-8e28-0e4d3d46c797}\mpengine.dll
2012-03-19 22:05:57 -------- d-----w- c:\users\dave\appdata\roaming\Avira
2012-03-19 21:59:15 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-19 21:59:15 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-19 21:59:09 -------- d-----w- c:\programdata\Avira
2012-03-19 21:59:09 -------- d-----w- c:\program files\Avira
2012-03-19 21:20:13 -------- d-----w- C:\sh4ldr
2012-03-19 21:20:13 -------- d-----w- c:\program files\Enigma Software Group
2012-03-19 21:16:31 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-19 20:52:49 -------- d-----w- c:\programdata\CA
2012-03-19 10:52:32 -------- d-----w- c:\users\dave\appdata\local\{1BC13EEC-26E8-494F-AEF5-25EA833013FB}
2012-03-19 10:52:09 -------- d-----w- c:\users\dave\appdata\local\{2B65CE4D-03DC-4495-904F-35A1108253E3}
2012-03-17 21:39:35 -------- d-----w- c:\users\dave\appdata\local\{0E9475B5-BCFB-4959-9EDB-C35E445ED3A8}
2012-03-17 21:39:12 -------- d-----w- c:\users\dave\appdata\local\{5D0F0694-B04A-4CD2-8B8B-49E282763560}
2012-03-17 04:04:25 -------- d--h--w- c:\users\dave\appdata\local\{DA26CC54-4812-45B5-BF6B-FF75F6C5898D}
2012-03-17 04:03:59 -------- d--h--w- c:\users\dave\appdata\local\{5F496AA6-DBCB-457B-8C1D-1E1F57996582}
2012-03-15 23:50:21 -------- d--h--w- c:\users\dave\appdata\local\{2C7DBBEF-F60A-4115-946A-A2D5A7C0461E}
2012-03-15 23:49:58 -------- d--h--w- c:\users\dave\appdata\local\{06FBBEE2-07CB-4202-8538-9A81274D6449}
2012-03-15 03:18:14 -------- d--h--w- c:\users\dave\appdata\local\{0D5C7FC4-890C-40B1-9105-E227A3612254}
2012-03-15 03:17:51 -------- d--h--w- c:\users\dave\appdata\local\{A23510AB-314B-40A9-89C6-1B08F99D9EFD}
2012-03-14 11:23:22 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:23:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 11:23:20 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 11:23:20 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 11:23:20 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 11:23:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:22:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 11:22:36 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:22:36 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:15:47 -------- d--h--w- c:\users\dave\appdata\local\{97B9EB11-6048-44EB-A0E1-0E97158C2ACC}
2012-03-14 11:15:24 -------- d--h--w- c:\users\dave\appdata\local\{36D168C0-DEB3-4732-B2D6-D35CC48E2B56}
2012-03-14 11:14:01 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-14 11:14:01 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 05:05:44 -------- d--h--w- c:\users\dave\appdata\local\{637640C3-7205-4210-B500-4211E4D207E0}
2012-03-13 13:49:58 -------- d--h--w- c:\users\dave\appdata\local\{03E04AA6-D3AC-47B3-A860-ECD7C7FD86AD}
2012-03-13 13:49:17 -------- d--h--w- c:\users\dave\appdata\local\{2B794DDB-933D-42BF-831B-AC7DCBB14F38}
2012-03-12 20:31:32 -------- d--h--w- c:\users\dave\appdata\local\{52A5C99F-E5F8-4DC5-B860-682C89C9047C}
2012-03-12 20:31:09 -------- d--h--w- c:\users\dave\appdata\local\{E6D1DA74-96AD-46F4-8416-AD42966FA2F7}
2012-03-12 08:30:54 -------- d--h--w- c:\users\dave\appdata\local\{7C9E6B5A-9987-4DCB-99EA-D954097FBC9D}
2012-03-12 08:30:26 -------- d--h--w- c:\users\dave\appdata\local\{129D6817-EC2A-4DD8-ABBD-FA863DA3A3AA}
2012-03-11 20:30:11 -------- d--h--w- c:\users\dave\appdata\local\{8E05C094-EAE7-4747-81B1-16B26F2AEF32}
2012-03-11 20:29:48 -------- d--h--w- c:\users\dave\appdata\local\{4A0FBA3C-50F8-47C6-A3F3-1D640BDE7600}
2012-03-11 08:29:32 -------- d--h--w- c:\users\dave\appdata\local\{189C4942-C3C1-4B92-B14F-FD0DEBF56A8D}
2012-03-11 08:29:09 -------- d--h--w- c:\users\dave\appdata\local\{844289F4-87F9-4468-961C-6039198887D8}
2012-03-08 17:30:35 -------- d--h--w- c:\users\dave\appdata\local\{ECDA783B-8663-473F-B7AA-604D75424FE4}
2012-03-08 17:30:11 -------- d--h--w- c:\users\dave\appdata\local\{9918B8BF-1D6F-4E41-812D-E350CCA061B2}
2012-03-08 05:29:57 -------- d--h--w- c:\users\dave\appdata\local\{D7B4BCDB-83ED-48C5-9735-0705B8E278D8}
2012-03-08 05:29:34 -------- d--h--w- c:\users\dave\appdata\local\{5CA2AD92-0AB9-44DB-A0ED-A9FF448C6F54}
2012-03-07 17:29:19 -------- d--h--w- c:\users\dave\appdata\local\{8EB251DF-7C4C-49F5-835A-D905BBA04EF5}
2012-03-07 17:28:55 -------- d--h--w- c:\users\dave\appdata\local\{9F1FE2DF-18B9-415A-85A1-B6E3097CA242}
2012-03-06 16:16:03 -------- d--h--w- c:\users\dave\appdata\local\{B99557F6-4B76-4E3E-9CE7-A89F8896EAC7}
2012-03-06 16:15:42 -------- d--h--w- c:\users\dave\appdata\local\{F1CF1DD3-9E4A-4E8A-B007-79A43CD66D22}
2012-03-06 00:49:15 -------- d--h--w- c:\users\dave\appdata\local\{C6E69A69-336D-4C5A-A689-8DBCD585134C}
2012-03-06 00:48:52 -------- d--h--w- c:\users\dave\appdata\local\{1CC9691F-F31B-4357-9EAF-833173AC5544}
2012-03-04 15:05:42 -------- d--h--w- c:\users\dave\appdata\local\kpnomfdm
2012-03-04 14:10:59 -------- d--h--w- c:\users\dave\appdata\local\{9F2425EF-7E97-4EB4-9A93-A07345BDDF42}
2012-03-04 14:10:36 -------- d--h--w- c:\users\dave\appdata\local\{420EFEFD-F5C9-42B4-8006-98A00A123572}
2012-03-04 01:57:41 -------- d--h--w- c:\users\dave\appdata\local\{01782B1E-5595-4A35-BA7B-32D8781858AB}
2012-03-04 01:57:18 -------- d--h--w- c:\users\dave\appdata\local\{E6AD3A87-27B6-471D-8BF3-2430E5BA9870}
2012-03-03 13:56:58 -------- d--h--w- c:\users\dave\appdata\local\{06326131-6327-48C2-9073-FCE032B11DD2}
2012-03-03 13:56:35 -------- d--h--w- c:\users\dave\appdata\local\{9C2A1188-E60E-4B3A-AB06-E4D97111F9BC}
2012-02-29 13:30:12 -------- d--h--w- c:\users\dave\appdata\local\{D0F2C65E-3183-4027-8EDA-FDA7512233FA}
2012-02-29 13:29:49 -------- d--h--w- c:\users\dave\appdata\local\{2B3493A4-35EF-4D67-9110-38727C3355EA}
2012-02-29 01:29:20 -------- d--h--w- c:\users\dave\appdata\local\{778F45C5-6C40-4905-8626-4E8A726DDDBC}
2012-02-29 01:28:54 -------- d--h--w- c:\users\dave\appdata\local\{18589A95-DD81-4D80-9426-C0FF048BE090}
2012-02-28 13:28:21 -------- d--h--w- c:\users\dave\appdata\local\{721C5EA9-BE79-412A-B4F5-3A18A4E0C5DC}
2012-02-28 13:27:59 -------- d--h--w- c:\users\dave\appdata\local\{CE87702B-BAF6-457F-B5CD-41E524D93011}
2012-02-27 21:57:49 -------- d--h--w- c:\users\dave\appdata\local\{4F7B63AC-B6AC-40C3-9E00-A227A9DCD6F0}
2012-02-27 21:57:24 -------- d--h--w- c:\users\dave\appdata\local\{11242BF4-0091-4753-9556-C539C4FD54C5}
2012-02-27 09:56:57 -------- d--h--w- c:\users\dave\appdata\local\{8707AC18-1B6C-42A3-83A6-5B0E2E585C53}
2012-02-27 09:56:35 -------- d--h--w- c:\users\dave\appdata\local\{E48A9D03-E395-43C2-AC0A-7CDF8DDE16C5}
2012-02-26 21:56:20 -------- d--h--w- c:\users\dave\appdata\local\{EF1FC201-BAC4-42A0-9209-18AF4000B862}
2012-02-26 21:55:52 -------- d--h--w- c:\users\dave\appdata\local\{15CEE049-367E-4F1A-8E59-BABB6EAC7B8D}
2012-02-24 11:46:24 -------- d--h--w- c:\users\dave\appdata\local\{80CF220E-AB07-4073-A880-5AE4B72ED5A4}
2012-02-24 11:46:01 -------- d--h--w- c:\users\dave\appdata\local\{C06FCC68-D610-4D3D-9C79-0CB80F916698}
2012-02-23 16:03:29 -------- d--h--w- c:\users\dave\appdata\local\{8E970C8A-C265-482C-A520-DB1BEE1091F3}
2012-02-23 16:03:06 -------- d--h--w- c:\users\dave\appdata\local\{E00136DA-EF51-403E-AD35-3D6904E361CB}
2012-02-22 13:04:30 -------- d--h--w- c:\users\dave\appdata\local\{A42A541D-D48D-4A34-885D-C4E0EEA1A66E}
2012-02-22 13:04:07 -------- d--h--w- c:\users\dave\appdata\local\{9FDB630E-BD28-43FF-810F-BB5646749181}
2012-02-21 20:58:02 -------- d--h--w- c:\users\dave\appdata\local\{95261E21-3B4C-4896-8748-0E9B4676460C}
2012-02-21 20:57:40 -------- d--h--w- c:\users\dave\appdata\local\{57805BF8-A605-4DC7-BC33-79A0FBF05F30}
2012-02-21 04:45:24 -------- d--h--w- c:\users\dave\appdata\local\{654ED9E3-6B44-4FBE-AE4E-CAAA7BAA21A9}
2012-02-21 04:44:47 -------- d--h--w- c:\users\dave\appdata\local\{E1C832E8-F993-4D0A-8534-985D41B73CFB}
2012-02-20 12:46:15 -------- d--h--w- c:\users\dave\appdata\local\{39305CDD-9A6B-4321-893F-534BAEF76ABC}
2012-02-20 12:45:52 -------- d--h--w- c:\users\dave\appdata\local\{8268B487-5B87-43C7-9C51-747994FFD3DF}
2012-02-19 23:49:44 -------- d--h--w- c:\users\dave\appdata\local\{0119D7FE-9A7D-4349-A048-17441AA75B5C}
2012-02-19 23:49:23 -------- d--h--w- c:\users\dave\appdata\local\{F97A2B26-3A3A-4E92-97B1-BD8ECC2B7F8F}
2012-02-19 11:48:55 -------- d--h--w- c:\users\dave\appdata\local\{2254F6FB-23E1-4D5E-A520-ED4EEF4166C2}
2012-02-19 11:48:32 -------- d--h--w- c:\users\dave\appdata\local\{B894DC5F-2A3F-44EA-8DA1-C37ED232209C}
.
==================== Find3M ====================
.
2012-03-19 10:49:15 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-19 10:49:12 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 20:57:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:43:37.74 ===============
My whole system seems to be hijacked now. Can't run or open anything without fake security software telling me its a virus and blocking it including task manager and anti virus programs. opening explorer or firefox takes me to the fake security software page. it wants me to buy the software to get rid of "viruses" by entering my card details which obviously i havent done. i had to use safe mose with networking to post this message. is there anything i can do?