New
#1
ZeroAccess! Attention: cottonball
[Cottonball, thanks for directing me to the right forum. Same message and issue below.]
When I open my Toshiba external, it now shows a shortcut to the external like this:
Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting
It's never done that before. Now, when I click this new shortcut, this pops up:
Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting
I ran disk management (healthy). I skipped past WinRAR and decided to check to make sure the source wasn't my computer. This is where I could really use some help and guidance! Here's the report after I ran a scan on malware threats (ran through RogueKiller)
Quote:
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 05/11/2013 08:26:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{FD384747-C343-4AE3-B338-90B3725EC0E4} : NameServer (203.144.95.100 203.144.65.2) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\n) [-] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\n [-] --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Owner\AppData\Local\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] 9b221d57aa32fe731e936f545e8a54d3
[BSP] 48b55f46929f8f3b3a0db8344e9d9e6e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 461216 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944979968 | Size: 15420 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 06fc92b188bd3f212a572364a023fc21
[BSP] d5d076cfc99131223e5e5999a68b254c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_05112013_02d0826.txt >>
RKreport[1]_S_05112013_02d0826.txt
Is the source of my problem in this data at all? My main concern is that the issue stems from the computer and not the external!