Fred - New to this forum, but I too recently acquired Rootkit.ZeroAccess. I have done a lot to remove what I can, enough so that I have everything working ok now, but there is a hidden subdirectory in Windows: C:\Windows\$NTUnInstallKB9121$ - I was able to remove and kill some of what was in there, but there remains a LOADER.TLB file. The structure of this is as follows: $NTUninstallKB9121$ -2726526685 U loader.tlb -1234018788 Combofix shows this hidden subdirectory. A number of files get put into the Documents and Settings\username\local settings \temp subdirectory at bootup, which I immediately delete. All antirus progams including Malwarebytes are again on and running. So from a functional standpoint, I seem to be ok, but I am worried, and I feel that I need to do more. Even considering removing the harddrive and removing this subdirectory while booting from another computer with it setup only as a slave. When I tried to run Maxlook.exe from the Recovery Console, that never got all the way there, stating the file ASC.SY_ is corrupted. Maxhandle found NOTHING. When this first came up, it wanted on online scan, and I didn't do that - was not sure that was from you or was something corrupt, so I was hesitant to proceed. thanks for any help. Do you think we can get rid of this without a whole rebuild? Reisman