david64

Hi MrC Please find report below. Thanks RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: David Lee [Admin rights] Mode: Scan -- Date: 07/29/2012 10:09:10 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\David Lee\AppData\Local\{6cf5ad94-17a0-1cce-db1a-43c933610063}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{6cf5ad94-17a0-1cce-db1a-43c933610063}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{6cf5ad94-17a0-1cce-db1a-43c933610063}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{6cf5ad94-17a0-1cce-db1a-43c933610063}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\david lee\appdata\local\{6cf5ad94-17a0-1cce-db1a-43c933610063}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\david lee\appdata\local\{6cf5ad94-17a0-1cce-db1a-43c933610063}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\david lee\appdata\local\{6cf5ad94-17a0-1cce-db1a-43c933610063}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST332041 8AS SATA Disk Device +++++ --- User --- [MBR] 430a1009a8d84bbc5f20772667747f41 [bSP] c29a4338148a4d253a43b5b6046441e1 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 1325 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2715648 | Size: 10942 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25124864 | Size: 292976 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hi, I am new to this forum and have recently been infected with a Trojan ransom which I thought had been removed!!!! This was a couple of weeks a go and since then, I have been getting an increasing number of pop ups when browsing and my desktop icons keep moving back to the left every time I reboot. Also, all my folders open in the details view regardless of how they were closed down. I run Malwarebytes regularly and every time I do, it removes Trojan.Dropper.BCMiner but it is there again at start up....... Thank you for your help. Please find below files as requested. Thanks again.......... Attach.txt DDS.txt

Hi, I am new to this forum and have recently been infected with a Trojan ransom which I thought had been removed!!!! This was a couple of weeks a go and since then, I have been getting an increasing number of pop ups when browsing and my desktop icons keep moving back to the left every time I reboot. Also, all my folders open in the deails view regardless of how they were closed down. I run Malwarebytes regularly and every time I do, it removes Trojan.Dropper.BCMiner but it is there again at start up....... Can anybody help me? I am running Windows 7 X64 Home premium Service pack 1