Solve : Disappearing Programs Problems - Directed Here From Original T

1.	Solve : Disappearing Programs Problems - Directed Here From Original Thread?
Answer» We need to fix the Master Boot Record using aswMBR now. Double click aswMBR.exe to run it like before Once the scan finishes click FixMBR to remove the infection as illustrated below Once the scan finishes click Save log to save the log to your Desktop Copy and paste the contents of aswMBR.txt back here for review . aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-21 09:12:35 ----------------------------- 09:12:35.345 OS Version: Windows x64 6.1.7601 Service Pack 1 09:12:35.345 Number of processors: 4 586 0xA00 09:12:35.345 ComputerName: SCOTT-HP UserName: Scott 09:12:39.432 Initialize success 09:13:41.734 AVAST engine defs: 12092100 09:13:58.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f 09:13:58.770 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11 09:13:58.801 Disk 0 MBR read successfully 09:13:58.801 Disk 0 MBR scan 09:13:58.801 Disk 0 unknown MBR code 09:13:58.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 09:13:58.832 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419282 MB offset 206848 09:13:58.863 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11415 MB offset 2906896384 09:13:58.926 Disk 0 scanning C:\Windows\system32\drivers 09:14:09.268 Service scanning 09:14:29.720 Modules scanning 09:14:29.736 Disk 0 trace - called modules: 09:14:29.767 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 09:14:29.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800778f790] 09:14:29.783 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8007220ac0] 09:14:29.798 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800721c9c0] 09:14:35.789 AVAST engine scan C:\Windows 09:14:42.575 AVAST engine scan C:\Windows\system32 09:18:19.477 AVAST engine scan C:\Windows\system32\drivers 09:18:34.641 AVAST engine scan C:\Users\Scott 11:10:17.208 AVAST engine scan C:\ProgramData 11:12:20.947 Scan finished successfully 11:34:27.961 Verifying 11:34:38.023 Disk 0 Windows 601 MBR fixed successfully 11:47:31.332 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat" 11:47:31.348 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply. ******************************************************* Please download Rooter and Save it to your desktop. Double click it to start the tool.Vista and Windows7 run as administrator. Click Scan. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows 7 Home Premium Edition Windows Information:Service Pack 1 (build 7601), 64-bit Base Board Manufacturer:FOXCONN BIOS Manufacturer:American Megatrends Inc. System Manufacturer:Hewlett-Packard System Product Name:p7-1020 Logical Drives Mask:0x000101fc Kernel Drivers (total 173): 0x02C63000 \SystemRoot\system32\ntoskrnl.exe 0x02C1A000 \SystemRoot\system32\hal.dll 0x00BBB000 \SystemRoot\system32\kdcom.dll 0x00C7B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C88000 \SystemRoot\system32\PSHED.dll 0x00C9C000 \SystemRoot\system32\CLFS.SYS 0x00CFA000 \SystemRoot\system32\CI.dll 0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F49000 \SystemRoot\system32\drivers\ACPI.sys 0x00FA0000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FA9000 \SystemRoot\system32\drivers\msisadrv.sys 0x00FB3000 \SystemRoot\system32\drivers\pci.sys 0x00FE6000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E00000 \SystemRoot\System32\drivers\partmgr.sys 0x00E15000 \SystemRoot\system32\drivers\volmgr.sys 0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DBA000 \SystemRoot\System32\drivers\mountmgr.sys 0x00DD4000 \SystemRoot\system32\drivers\amd_sata.sys 0x00C00000 \SystemRoot\system32\drivers\storport.sys 0x00E86000 \SystemRoot\system32\drivers\amd_xata.sys 0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys 0x01040000 \SystemRoot\system32\drivers\fltmgr.sys 0x0108C000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS 0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys 0x012D0000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS 0x013E8000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x0142B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01200000 \SystemRoot\System32\Drivers\msrpc.sys 0x015CE000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0125E000 \SystemRoot\System32\Drivers\cng.sys 0x015E9000 \SystemRoot\System32\drivers\pcw.sys 0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016E5000 \SystemRoot\system32\drivers\ndis.sys 0x01600000 \SystemRoot\system32\drivers\NETIO.SYS 0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x0168A000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01111000 \SystemRoot\system32\drivers\volsnap.sys 0x016D4000 \SystemRoot\System32\Drivers\spldr.sys 0x0115D000 \SystemRoot\System32\drivers\rdyboost.sys 0x017D7000 \SystemRoot\System32\Drivers\mup.sys 0x017E9000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01197000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0140A000 \SystemRoot\system32\drivers\disk.sys 0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x017F2000 \SystemRoot\system32\drivers\AtiPcie64.sys 0x03E32000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03F7A000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS 0x03F8F000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 0x03FC7000 \SystemRoot\System32\Drivers\Null.SYS 0x03FD0000 \SystemRoot\System32\Drivers\Beep.SYS 0x03FD7000 \SystemRoot\System32\drivers\vga.sys 0x03E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03E5C000 \SystemRoot\System32\drivers\watchdog.sys 0x03E6C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03E75000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03E7E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x03E87000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03E92000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03EA3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03EC5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03ED2000 \SystemRoot\system32\drivers\afd.sys 0x040B0000 \SystemRoot\System32\DRIVERS\netbt.sys 0x040F5000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04100000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04109000 \SystemRoot\system32\DRIVERS\pacer.sys 0x0412F000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04145000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04154000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0416F000 \SystemRoot\system32\drivers\termdd.sys 0x04183000 \SystemRoot\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS 0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0405D000 \SystemRoot\system32\drivers\mssmbios.sys 0x0423E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120906.008\IDSvia64.sys 0x042C0000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 0x0433A000 \SystemRoot\System32\drivers\discache.sys 0x04349000 \SystemRoot\System32\Drivers\dfsc.sys 0x04367000 \SystemRoot\system32\drivers\blbdrive.sys 0x04378000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0439E000 \SystemRoot\system32\drivers\amdppm.sys 0x043B3000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x0487D000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x02CA4000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02D98000 \SystemRoot\System32\drivers\dxgmms1.sys 0x02C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04423000 \SystemRoot\system32\DRIVERS\netr28x.sys 0x04528000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04535000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x0459C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x045A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04400000 \SystemRoot\system32\drivers\usbfilter.sys 0x0440D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x02C24000 \SystemRoot\system32\drivers\wmiacpi.sys 0x02C2D000 \SystemRoot\system32\drivers\CompositeBus.sys 0x02C3D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x02C53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02C77000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04F48000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02C83000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02DDE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04F77000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04F91000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04FA0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0441E000 \SystemRoot\system32\drivers\swenum.sys 0x04FAF000 \SystemRoot\system32\drivers\ks.sys 0x04800000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04812000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04200000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x068AB000 \SystemRoot\system32\drivers\HdAudio.sys 0x06907000 \SystemRoot\system32\drivers\portcls.sys 0x06944000 \SystemRoot\system32\drivers\drmk.sys 0x06966000 \SystemRoot\system32\drivers\ksthunk.sys 0x06A70000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x06CE1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06CEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x06CF9000 \SystemRoot\System32\Drivers\dump_amd_sata.sys 0x06D0F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06D22000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x06D2E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06D30000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x06D4D000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x06D5F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06D68000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x06D76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06D8F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x06D9D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x06DAA000 \SystemRoot\system32\DRIVERS\point64.sys 0x06DBA000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x00070000 \SystemRoot\System32\win32k.sys 0x06DCB000 \SystemRoot\System32\drivers\Dxapi.sys 0x06DD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x06DF2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005C0000 \SystemRoot\System32\TSDDD.dll 0x00770000 \SystemRoot\System32\cdd.dll 0x00820000 \SystemRoot\System32\ATMFD.DLL 0x06A00000 \SystemRoot\system32\drivers\luafv.sys 0x06A23000 \??\C:\Windows\system32\drivers\mbam.sys 0x06A2D000 \SystemRoot\system32\DRIVERS\Sftvollh.sys 0x06A38000 \SystemRoot\system32\drivers\WudfPf.sys 0x06A59000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0696C000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x069BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x069D2000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x069EA000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x03A3C000 \SystemRoot\system32\drivers\HTTP.sys 0x03B05000 \SystemRoot\system32\DRIVERS\bowser.sys 0x03B23000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03B3B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03B68000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03BB6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03BDA000 \SystemRoot\System32\Drivers\adfs.SYS 0x06800000 \SystemRoot\system32\drivers\peauth.sys 0x03BF2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x07004000 \SystemRoot\system32\DRIVERS\Sftfslh.sys 0x070C5000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys 0x07112000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x07143000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07155000 \SystemRoot\System32\DRIVERS\srv2.sys 0x078CF000 \SystemRoot\System32\DRIVERS\srv.sys 0x07967000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys 0x07972000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x079A3000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x07871000 \SystemRoot\system32\DRIVERS\udfs.sys 0x0784A000 \??\C:\Users\Scott\AppData\Local\Temp\aswMBR.sys 0x079AE000 \SystemRoot\System32\Drivers\fastfat.SYS 0x079E4000 \SystemRoot\system32\DRIVERS\WSDScan.sys 0x079F0000 \SystemRoot\system32\DRIVERS\WSDPrint.sys 0x77860000 \Windows\System32\ntdll.dll 0x47FD0000 \Windows\System32\smss.exe 0xFFB80000 \Windows\System32\apisetschema.dll 0xFFD80000 \Windows\System32\autochk.exe Processes (total 70): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 420 csrss.exe 484 C:\Windows\System32\wininit.exe 520 csrss.exe 548 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 588 C:\Windows\System32\winlogon.exe 596 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\svchost.exe 800 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\atiesrxx.exe 928 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 536 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\atieclxx.exe 1156 C:\Windows\System32\svchost.exe 1400 C:\Windows\System32\spoolsv.exe 1428 C:\Windows\System32\svchost.exe 1688 C:\Windows\System32\svchost.exe 1720 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 1844 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 1872 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1904 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 1924 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 1944 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe 1976 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 348 C:\Program Files (x86)\PDF Complete\pdfsvc.exe 1292 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 2252 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 2320 C:\Windows\System32\svchost.exe 2388 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2452 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2688 C:\Windows\System32\dwm.exe 2312 C:\Windows\System32\taskhost.exe 1236 C:\Windows\explorer.exe 2780 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE 2816 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3216 WUDFHost.exe 3292 C:\Windows\System32\svchost.exe 3364 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe 3584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 3752 C:\Program Files\Windows Sidebar\sidebar.exe 3812 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 4016 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe 3644 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe 3704 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe 4040 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe 3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2716 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe 3436 C:\Windows\System32\SearchIndexer.exe 3528 C:\Program Files\Windows Media Player\wmpnetwk.exe 812 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 1808 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3580 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4456 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe 4712 C:\Program Files (x86)\MOZILLA Firefox\plugin-container.exe 3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4568 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 2304 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 324 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 1252 C:\Windows\System32\SearchProtocolHost.exe 3020 C:\Windows\System32\SearchFilterHost.exe 3332 C:\Windows\System32\audiodg.exe 1584 C:\Users\Scott\Desktop\MBRCheck.exe 3212 C:\Windows\System32\conhost.exe 4676 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000015a`87700000 (NTFS) \\.\Q: --> error 5 PhysicalDrive0 Model Number: WDCWD15EARS-60MVWB0, Rev: 51.0AB51 Size Device Name MBR Status -------------------------------------------- 1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: F37A9776F0E98E38BD78E91425829D97888CEEF C Done!Rooter.exe (v1.0.2) by Eric_71 . The token does not have the SeDebugPrivilege privilege ! (error:1300) Can not acquire SeDebugPrivilege ! Please run the tool as administrator .. . Windows 7 Home Edition (6.1.7601) Service Pack 1 [32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD . Error OpenService (wscsvc) : 6 Error OpenSCManager : 5 Error OpenService (MpsSvc) : 6 Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 8.0.7601.17514 Mozilla Firefox 15.0 (en-US) . C:\ [Fixed-NTFS] .. ( Total:1386 Go - Free:704 Go ) D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:1 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go ) . Scan : 22:09.28 Path : C:\Users\Scott\Desktop\Rooter.exe User : Scott ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) Locked smss.exe (292) Locked csrss.exe (420) Locked wininit.exe (484) Locked csrss.exe (520) Locked services.exe (548) Locked lsass.exe (572) Locked winlogon.exe (588) Locked lsm.exe (596) Locked svchost.exe (720) Locked svchost.exe (800) Locked atiesrxx.exe (892) Locked svchost.exe (928) Locked svchost.exe (964) Locked svchost.exe (1004) Locked svchost.exe (536) Locked atieclxx.exe (1088) Locked svchost.exe (1156) Locked spoolsv.exe (1400) Locked svchost.exe (1428) Locked svchost.exe (1688) Locked HPClientServices.exe (1720) Locked HPDrvMntSvc.exe (1844) Locked LSSrvc.exe (1872) Locked mbamscheduler.exe (1904) Locked mbamservice.exe (1924) Locked ccsvchst.exe (1944) Locked NOBuAgent.exe (1976) Locked pdfsvc.exe (348) Locked RNowSvc.exe (1292) Locked sftvsa.exe (2252) Locked svchost.exe (2320) Locked WLIDSVC.EXE (2388) Locked sftlist.exe (2452) Locked WLIDSVCM.EXE (2592) ______ ? (2688) ______ ? (2312) ______ ? (1236) Locked CVHSVC.EXE (2780) ______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2816) Locked WUDFHost.exe (3216) Locked svchost.exe (3292) ______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (3364) ______ ? (3584) ______ ? (3752) ______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3812) ______ C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (4016) ______ C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3644) ______ ? (3704) ______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (4040) ______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3460) ______ C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (2716) Locked SearchIndexer.exe (3436) Locked wmpnetwk.exe (3528) ______ ? (812) ______ ? (1808) Locked OSPPSVC.EXE (3580) Locked HPSA_Service.exe (4456) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4712) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3016) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4568) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2304) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (324) Locked audiodg.exe (3332) Locked WmiPrvSE.exe (5056) Locked SearchProtocolHost.exe (2636) Locked SearchFilterHost.exe (1916) ______ C:\Users\Scott\Desktop\Rooter.exe (4656) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 \| Length:104857600) \Device\Harddisk0\Partition2 (Start_Offset:105906176 \| Length:1488225042432) \Device\Harddisk0\Partition3 (Start_Offset:1488330948608 \| Length:11969495040) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\Tasks\HPCeeScheduleForScott.job C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 22:10.00 . C:\Rooter$\Rooter_1.txt - (21/09/2012 \| 22:10.00) How's your computer running now? I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the FOLLOWING link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt [emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ca2b0d6e1229be4f820757e723f09c1c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-23 12:17:42 # local_time=2012-09-22 08:17:42 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3589 16777213 100 65 0 16126428 0 0 # compatibility_mode=5893 16776574 100 82 0 99884562 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=451471 # found=1 # cleaned=1 # scan_time=18350 C:\Users\Scott\Downloads\cnet2_ashampoo_cover_studio_2_2_2_0_sm_exe.exea variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)00000000000000000000000000000000C Ok. If there are no other issues, we can do some cleanup. To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the field, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. *************************************************** Click Start> Computer> right click the C DRIVE and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) *************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

Solve : Disappearing Programs Problems - Directed Here From Original Thread?

Answer»

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 09:12:35
-----------------------------
09:12:35.345 OS Version: Windows x64 6.1.7601 Service Pack 1
09:12:35.345 Number of processors: 4 586 0xA00
09:12:35.345 ComputerName: SCOTT-HP UserName: Scott
09:12:39.432 Initialize success
09:13:41.734 AVAST engine defs: 12092100
09:13:58.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
09:13:58.770 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
09:13:58.801 Disk 0 MBR read successfully
09:13:58.801 Disk 0 MBR scan
09:13:58.801 Disk 0 unknown MBR code
09:13:58.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:13:58.832 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419282 MB offset 206848
09:13:58.863 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11415 MB offset 2906896384
09:13:58.926 Disk 0 scanning C:\Windows\system32\drivers
09:14:09.268 Service scanning
09:14:29.720 Modules scanning
09:14:29.736 Disk 0 trace - called modules:
09:14:29.767 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:14:29.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800778f790]
09:14:29.783 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8007220ac0]
09:14:29.798 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800721c9c0]
09:14:35.789 AVAST engine scan C:\Windows
09:14:42.575 AVAST engine scan C:\Windows\system32
09:18:19.477 AVAST engine scan C:\Windows\system32\drivers
09:18:34.641 AVAST engine scan C:\Users\Scott
11:10:17.208 AVAST engine scan C:\ProgramData
11:12:20.947 Scan finished successfully
11:34:27.961 Verifying
11:34:38.023 Disk 0 Windows 601 MBR fixed successfully
11:47:31.332 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
11:47:31.348 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
*********************************************************
Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:Windows 7 Home Premium Edition
Windows Information:Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:FOXCONN
BIOS Manufacturer:American Megatrends Inc.
System Manufacturer:Hewlett-Packard
System Product Name:p7-1020
Logical Drives Mask:0x000101fc

Kernel Drivers (total 173):
0x02C63000 \SystemRoot\system32\ntoskrnl.exe
0x02C1A000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C7B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C88000 \SystemRoot\system32\PSHED.dll
0x00C9C000 \SystemRoot\system32\CLFS.SYS
0x00CFA000 \SystemRoot\system32\CI.dll
0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F49000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FA9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FB3000 \SystemRoot\system32\drivers\pci.sys
0x00FE6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DBA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DD4000 \SystemRoot\system32\drivers\amd_sata.sys
0x00C00000 \SystemRoot\system32\drivers\storport.sys
0x00E86000 \SystemRoot\system32\drivers\amd_xata.sys
0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys
0x01040000 \SystemRoot\system32\drivers\fltmgr.sys
0x0108C000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys
0x012D0000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
0x013E8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0142B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01200000 \SystemRoot\System32\Drivers\msrpc.sys
0x015CE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0125E000 \SystemRoot\System32\Drivers\cng.sys
0x015E9000 \SystemRoot\System32\drivers\pcw.sys
0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E5000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0168A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01111000 \SystemRoot\system32\drivers\volsnap.sys
0x016D4000 \SystemRoot\System32\Drivers\spldr.sys
0x0115D000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D7000 \SystemRoot\System32\Drivers\mup.sys
0x017E9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01197000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0140A000 \SystemRoot\system32\drivers\disk.sys
0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x017F2000 \SystemRoot\system32\drivers\AtiPcie64.sys
0x03E32000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03F7A000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
0x03F8F000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03FC7000 \SystemRoot\System32\Drivers\Null.SYS
0x03FD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x03FD7000 \SystemRoot\System32\drivers\vga.sys
0x03E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03E5C000 \SystemRoot\System32\drivers\watchdog.sys
0x03E6C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03E75000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03E7E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03E87000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03E92000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03EA3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03EC5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03ED2000 \SystemRoot\system32\drivers\afd.sys
0x040B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040F5000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04100000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04109000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0412F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04145000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04154000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0416F000 \SystemRoot\system32\drivers\termdd.sys
0x04183000 \SystemRoot\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\drivers\mssmbios.sys
0x0423E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120906.008\IDSvia64.sys
0x042C0000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0433A000 \SystemRoot\System32\drivers\discache.sys
0x04349000 \SystemRoot\System32\Drivers\dfsc.sys
0x04367000 \SystemRoot\system32\drivers\blbdrive.sys
0x04378000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0439E000 \SystemRoot\system32\drivers\amdppm.sys
0x043B3000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0487D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02CA4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02D98000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04423000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x04528000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04535000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0459C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x045A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04400000 \SystemRoot\system32\drivers\usbfilter.sys
0x0440D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02C24000 \SystemRoot\system32\drivers\wmiacpi.sys
0x02C2D000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02C3D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02C77000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04F48000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02C83000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04F77000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04F91000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04FA0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0441E000 \SystemRoot\system32\drivers\swenum.sys
0x04FAF000 \SystemRoot\system32\drivers\ks.sys
0x04800000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04812000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04200000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x068AB000 \SystemRoot\system32\drivers\HdAudio.sys
0x06907000 \SystemRoot\system32\drivers\portcls.sys
0x06944000 \SystemRoot\system32\drivers\drmk.sys
0x06966000 \SystemRoot\system32\drivers\ksthunk.sys
0x06A70000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06CE1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06CEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x06CF9000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x06D0F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06D22000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x06D2E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06D30000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06D4D000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x06D5F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06D68000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06D76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06D8F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06D9D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06DAA000 \SystemRoot\system32\DRIVERS\point64.sys
0x06DBA000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x06DCB000 \SystemRoot\System32\drivers\Dxapi.sys
0x06DD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06DF2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x06A00000 \SystemRoot\system32\drivers\luafv.sys
0x06A23000 \??\C:\Windows\system32\drivers\mbam.sys
0x06A2D000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x06A38000 \SystemRoot\system32\drivers\WudfPf.sys
0x06A59000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0696C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x069BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x069D2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x069EA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03A3C000 \SystemRoot\system32\drivers\HTTP.sys
0x03B05000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03B23000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03B3B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03B68000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03BB6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03BDA000 \SystemRoot\System32\Drivers\adfs.SYS
0x06800000 \SystemRoot\system32\drivers\peauth.sys
0x03BF2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07004000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x070C5000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x07112000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07143000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07155000 \SystemRoot\System32\DRIVERS\srv2.sys
0x078CF000 \SystemRoot\System32\DRIVERS\srv.sys
0x07967000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x07972000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x079A3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07871000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0784A000 \??\C:\Users\Scott\AppData\Local\Temp\aswMBR.sys
0x079AE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x079E4000 \SystemRoot\system32\DRIVERS\WSDScan.sys
0x079F0000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x77860000 \Windows\System32\ntdll.dll
0x47FD0000 \Windows\System32\smss.exe
0xFFB80000 \Windows\System32\apisetschema.dll
0xFFD80000 \Windows\System32\autochk.exe

Processes (total 70):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
420 csrss.exe
484 C:\Windows\System32\wininit.exe
520 csrss.exe
548 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\winlogon.exe
596 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\atiesrxx.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
536 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\atieclxx.exe
1156 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\spoolsv.exe
1428 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1844 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1872 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1904 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
1924 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1944 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe
1976 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
348 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
1292 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2252 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2320 C:\Windows\System32\svchost.exe
2388 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2452 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2688 C:\Windows\System32\dwm.exe
2312 C:\Windows\System32\taskhost.exe
1236 C:\Windows\explorer.exe
2780 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2816 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3216 WUDFHost.exe
3292 C:\Windows\System32\svchost.exe
3364 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3752 C:\Program Files\Windows Sidebar\sidebar.exe
3812 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
4016 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
3644 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3704 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
4040 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2716 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
3436 C:\Windows\System32\SearchIndexer.exe
3528 C:\Program Files\Windows Media Player\wmpnetwk.exe
812 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1808 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3580 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4456 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
4712 C:\Program Files (x86)\MOZILLA Firefox\plugin-container.exe
3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4568 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2304 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
324 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1252 C:\Windows\System32\SearchProtocolHost.exe
3020 C:\Windows\System32\SearchFilterHost.exe
3332 C:\Windows\System32\audiodg.exe
1584 C:\Users\Scott\Desktop\MBRCheck.exe
3212 C:\Windows\System32\conhost.exe
4676 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000015a`87700000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD15EARS-60MVWB0, Rev: 51.0AB51

Size Device Name MBR Status
--------------------------------------------
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEF C

Done!Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7601.17514
Mozilla Firefox 15.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:1386 Go - Free:704 Go )
D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 22:09.28
Path : C:\Users\Scott\Desktop\Rooter.exe
User : Scott ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (292)
Locked csrss.exe (420)
Locked wininit.exe (484)
Locked csrss.exe (520)
Locked services.exe (548)
Locked lsass.exe (572)
Locked winlogon.exe (588)
Locked lsm.exe (596)
Locked svchost.exe (720)
Locked svchost.exe (800)
Locked atiesrxx.exe (892)
Locked svchost.exe (928)
Locked svchost.exe (964)
Locked svchost.exe (1004)
Locked svchost.exe (536)
Locked atieclxx.exe (1088)
Locked svchost.exe (1156)
Locked spoolsv.exe (1400)
Locked svchost.exe (1428)
Locked svchost.exe (1688)
Locked HPClientServices.exe (1720)
Locked HPDrvMntSvc.exe (1844)
Locked LSSrvc.exe (1872)
Locked mbamscheduler.exe (1904)
Locked mbamservice.exe (1924)
Locked ccsvchst.exe (1944)
Locked NOBuAgent.exe (1976)
Locked pdfsvc.exe (348)
Locked RNowSvc.exe (1292)
Locked sftvsa.exe (2252)
Locked svchost.exe (2320)
Locked WLIDSVC.EXE (2388)
Locked sftlist.exe (2452)
Locked WLIDSVCM.EXE (2592)
______ ? (2688)
______ ? (2312)
______ ? (1236)
Locked CVHSVC.EXE (2780)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2816)
Locked WUDFHost.exe (3216)
Locked svchost.exe (3292)
______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (3364)
______ ? (3584)
______ ? (3752)
______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3812)
______ C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (4016)
______ C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3644)
______ ? (3704)
______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (4040)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3460)
______ C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (2716)
Locked SearchIndexer.exe (3436)
Locked wmpnetwk.exe (3528)
______ ? (812)
______ ? (1808)
Locked OSPPSVC.EXE (3580)
Locked HPSA_Service.exe (4456)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4712)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3016)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4568)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2304)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (324)
Locked audiodg.exe (3332)
Locked WmiPrvSE.exe (5056)
Locked SearchProtocolHost.exe (2636)
Locked SearchFilterHost.exe (1916)
______ C:\Users\Scott\Desktop\Rooter.exe (4656)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:1488225042432)
\Device\Harddisk0\Partition3 (Start_Offset:1488330948608 | Length:11969495040)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\HPCeeScheduleForScott.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:10.00
.
C:\Rooter$\Rooter_1.txt - (21/09/2012 | 22:10.00)
How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the FOLLOWING link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
[emailprotected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca2b0d6e1229be4f820757e723f09c1c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 12:17:42
# local_time=2012-09-22 08:17:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 65 0 16126428 0 0
# compatibility_mode=5893 16776574 100 82 0 99884562 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=451471
# found=1
# cleaned=1
# scan_time=18350
C:\Users\Scott\Downloads\cnet2_ashampoo_cover_studio_2_2_2_0_sm_exe.exea variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)00000000000000000000000000000000C
Ok. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*******************************************************
Click Start> Computer> right click the C DRIVE and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Solve : Disappearing Programs Problems - Directed Here From Original Thread?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment