New
#11
Did not see the ZeroAccess entries expected in the FRST reports.
You may want to run Disk Cleanup, if possible at this stage, and remove any thumbs.db files created. The Addition.txt shows some issues with explorer.exe there.
Go to Start > All Programs > Accessories > System Tools > Disk Cleanup
In Disk Cleanup: Drive Selection make sure the (C) drive is showing
Click: OK
On the Disk Cleanup Menu make sure there's a check next to the Thumbnails entry.
Click OK, and the files selected are deleted.
Next, using another computer, you may want to download the following program to a USB pendrive, and then move it to the Desktop of the problem computer.
Download aswMBR:
http://www.bleepingcomputer.com/download/aswmbr/
Save it to the pen drive, and then move it to the Desktop of the problem computer.
Make sure your AntiVirus is temporarily disabled!!
For information on how to disable protective programs, refer to this Link:
http://www.bleepingcomputer.com/forums/topic114351.html
Right-click the aswMBR file and select: Run as Administrator
When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes
The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####
At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.
Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.
Please post the new aswMBR log in your reply.
Note that a file named MBR.dat is also created on the Desktop.
Please submit MBR.dat for analysis to the following online services that analyze suspicious files:
Jotti's virusscan
Please post the links for the file analyses in your reply.
Last edited by cottonball; 20 Sep 2013 at 11:10.