I was able to run a system restore to an earlier point to get most programs back on my desktop and some files visible. Still unable to find or view all movies, pictures and most of my document files. and I am now going to rerun all the system scans you recommended. aswMBR is what found the Win32:FakeSysdef-NT trojan. The other scans (security essentials, Malwarebytes, TDSSKiller, ESET) did not.
After after running aswMBR it has two boxes - FIXMBR (ACTIVE) and FIX (GREYED OUT NOt ACTIVE) when I clicked on FIX MBR it gave a warning. Is it safe to run the FIXMBR?
ESET was the last scan I ran and it picked up 4 versions of Win32/Toolbar.Zugo application that the other scans missed and it deleted the files. Since I did a system restore I will rerun ESET.
System Restore - seems to have gotten rid of the Win32:FakeSysdef-NT trojan as it no longer appears in the aswMBR scan and no more incidents but now I have lost access to all my media files Pictures, and Videos as well as most of my document files.
I could go back and undo the system restore and start over. Suggestions?
I LOVE BLEEPING COMPUTERS - I found the undie program on bleeping computers and it restored access to all my files (at least that I can tell for now) - Thanks for all your help!!!!
Last aswMBR scan report
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 08:04:57
08:04:57.898 OS Version: Windows x64 6.1.7601 Service Pack 1
08:04:57.898 Number of processors: 2 586 0x603
08:04:57.898 ComputerName: TOPPERHOMEOFFIC UserName:
08:04:59.708 Initialize success
08:05:07.321 AVAST engine defs: 12071301
08:10:13.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
08:10:13.702 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
08:10:13.718 Disk 0 MBR read successfully
08:10:13.718 Disk 0 MBR scan
08:10:13.827 Disk 0 Windows 7 default MBR code
08:10:13.827 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
08:10:13.858 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
08:10:13.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464550 MB offset 25372672
08:10:13.952 Disk 0 scanning C:\Windows\system32\drivers
08:10:27.900 Service scanning
08:11:09.587 Modules scanning
08:11:09.587 Disk 0 trace - called modules:
08:11:09.603 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
08:11:09.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045e8060]
08:11:09.946 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> [0xfffffa8004265500]
08:11:09.946 5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004269060]
08:11:11.022 AVAST engine scan C:\Windows
08:11:15.312 AVAST engine scan C:\Windows\system32
08:16:09.042 AVAST engine scan C:\Windows\system32\drivers
08:16:37.296 AVAST engine scan C:\Users\Topper Home Office
08:46:31.015 AVAST engine scan C:\ProgramData
08:52:31.445 Scan finished successfully
09:00:46.739 The log file has been saved successfully to "C:\Users\Topper Home Office\Documents\Computer Virus Scan Logs\aswMBR.txt"
09:02:23.959 Disk 0 MBR has been saved successfully to "C:\Users\Topper Home Office\Desktop\MBR.dat"
09:02:23.990 The log file has been saved successfully to "C:\Users\Topper Home Office\Desktop\aswMBR.txt"
Edited by Topper54, 14 July 2012 - 10:23 AM.