New
#41
Hello and thx for following up. Will do this in the morning after some shut eye. :)
Hello and thx for following up. Will do this in the morning after some shut eye. :)
No problem, drmax.
Going to get some Zzzzsss also.
Might not het back to you until tomorrow afternoon. Having lunch with a couple of friends.
Here you go. Does this ck more than just the operating systems drive? I have another storage drive that pretty big. I'd like this looked over.
drmax,
Let’s check the Master Boot Record; another location where Rootkits hide.
In the clean computer with the USB flash drive plugged in...
Please download MBRFix:
Download MBRFix 1.3.0.0 Free - Fix or create Master Boot Record (MBR) on harddisks - Softpedia
Save to the Desktop.
Right-click the file and select: Extract here…
Once extracted, there are three files in the folder that is created.
Copy only the MBRFix64 application to the USB drive.
Now, open Notepad: (Start > All Programs > Accessories > Notepad).
Copy the entire contents of the code box below.
Save this info on the flashdrive as fixlist.txtCode:HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess SaveMbr: Drive=0
Once again, please enter System Recovery Options and select: Command Prompt
Run FRST and press the Fix button just once, and wait.
When done, the tool makes a log on the flashdrive called Fixlog.txt.
Please post its contents in your reply.
Another file, MBRDUMP.txt also appear on the flash drive.
It may look a text file, but it is not. It is a hex file! (Don't open it, it will be all gibberish.)
Please attach the MBRDUMP.txt in your reply.
Last edited by cottonball; 27 Jan 2013 at 20:54.
will get to this asap, hopefully within an hour or 2
2 of the 3 app files are mbrfix and mbrfix64? my machine is a 64 bit. you asked me to use the mbrfix. double checking before you ask me to do over. thx dm
Here you go...and also, I thought since mbrfix64 is an exe program, i would have type that at comand prompt, rather that the frst64? (unless those too work together in frst64) Anyway's I did what you asked.
I gotta go work now. Thx for all your help....DM
Got the MBRDump.txt, and will be looking at it.
Also provide the last Fixlog.txt
FRST64 produced it also on the USB flash drive.