I have the patched b.gen virus

Inactive
By Sat_man01
Sep 9, 2012
Topic Status:
Not open for further replies.
  1. My Name is Terrell and I have the patched B.gen virus and I tried to run the frst in a repair mode but it is also having fun with me, it ran, but I am not sure if it is what you need. but here goes!

    Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by Terrell at 09-09-2012 18:48:37
    Running from J:\
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-09-09 09:16 - 2012-09-09 09:16 - 00001069 ____A C:\Windows\WindowsUpdate.log
    2012-09-09 09:13 - 2012-09-09 18:48 - 00000000 ____D C:\FRST
    2012-09-09 08:15 - 2012-09-09 08:16 - 00082104 ____A C:\Users\Terrell\Documents\cc_20120909_081538.reg
    2012-09-09 08:02 - 2012-09-09 08:03 - 03927560 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup322.exe
    2012-09-04 16:39 - 2012-09-04 16:39 - 00894952 ____A (Oracle Corporation) C:\Users\Terrell\Downloads\jxpiinstall.exe
    2012-08-29 09:09 - 2012-08-29 09:09 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-28 11:40 - 2012-08-28 11:46 - 201687040 ____A C:\Users\Terrell\Downloads\NGH1501_AllWin_English_SrdOnly.iso
    2012-08-24 14:10 - 2012-08-25 22:30 - 00000000 ____D C:\Users\Terrell\Desktop\New Folder
    2012-08-23 21:31 - 2012-08-24 14:12 - 00000000 ____D C:\Music for Wedding
    2012-08-23 13:07 - 2012-08-23 13:07 - 00001922 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
    2012-08-23 12:52 - 2012-08-23 12:52 - 04693369 ____A C:\Users\Terrell\Downloads\August 23-29 Webinars.zip
    2012-08-23 11:24 - 2012-08-23 11:24 - 00099840 ____A C:\Users\Terrell\Documents\INCIDENT TELEPHONE COMMUNICATIONS PLAN.dot
    2012-08-22 16:24 - 2012-08-22 16:24 - 00000969 ____A C:\Users\Public\Desktop\Express Zip.lnk
    2012-08-20 12:25 - 2012-08-20 12:25 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx(1).exe
    2012-08-20 12:24 - 2012-08-20 12:24 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx.exe
    2012-08-20 12:11 - 2012-08-20 12:11 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(2).exe
    2012-08-20 08:31 - 2012-08-20 08:31 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(1).exe
    2012-08-20 08:27 - 2012-08-20 08:27 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86.exe
    2012-08-20 08:23 - 2012-08-20 08:23 - 19827008 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\XPE_.NET20_SP3_x86_ENU.exe
    2012-08-20 08:08 - 2012-08-20 08:08 - 00889416 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\dotNetFx40_Full_setup.exe
    2012-08-16 20:48 - 2012-08-16 20:48 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Users\Terrell\AppData\Roaming\Malwarebytes
    2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-16 20:48 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-16 20:47 - 2012-08-16 20:47 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Terrell\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-16 16:14 - 2012-08-16 16:14 - 00128827 ____A C:\Users\Terrell\Documents\MY_DATA_81612_2.p2g
    2012-08-16 13:30 - 2012-08-16 13:30 - 00129625 ____A C:\Users\Terrell\Documents\MY_DATA_81612_1.p2g
    2012-08-16 13:05 - 2012-08-16 13:18 - 1672346710 ____A C:\Users\Terrell\Downloads\8.2.2012.zip
    2012-08-14 16:23 - 2012-08-14 16:23 - 01442429 ____A (Farbar) C:\Users\Terrell\Downloads\FRST64.exe
    2012-08-12 06:35 - 2012-08-12 06:35 - 00000000 ____D C:\Users\Terrell\AppData\Local\WMTools Downloaded Files
    2012-08-11 20:52 - 2012-09-07 14:22 - 00000000 ____D C:\Users\Terrell\AppData\Local\Mixxx
    2012-08-11 20:48 - 2012-08-11 20:48 - 00001668 ____A C:\Users\Public\Desktop\Mixxx.lnk
    2012-08-11 20:45 - 2012-08-11 20:46 - 00000000 ____D C:\Program Files (x86)\Mixxx
    2012-08-11 20:43 - 2012-08-11 20:43 - 20589301 ____A C:\Users\Terrell\Downloads\mixxx-1.10.1-win32.exe
    2012-08-11 17:05 - 2012-08-11 17:07 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 3 Cracks
    2012-08-11 17:00 - 2012-08-11 17:04 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
    2012-08-11 17:00 - 2012-08-11 17:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-11 16:57 - 2012-08-11 16:57 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 2 Cracks
    2012-08-11 16:53 - 2012-08-11 16:55 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 1 Cracks
    2012-08-11 16:47 - 2012-08-12 06:49 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ Cracks
    2012-08-11 16:15 - 2012-08-11 19:00 - 00004905 ____A C:\Users\Public\Documents\Global.sw2
    2012-08-11 16:14 - 2012-08-11 22:46 - 00000000 ____D C:\Program Files (x86)\PCDJ DEX
    2012-08-11 15:59 - 2012-08-22 14:02 - 00000040 ____A C:\Windows\nero.INI
    2012-08-11 15:46 - 2012-08-11 15:46 - 00000000 ____D C:\Windows\SysWOW64\78787824
    2012-08-11 15:46 - 2012-08-11 15:46 - 00000000 ____D C:\Windows\SysWOW64\114727461
    2012-08-11 15:45 - 2012-08-11 15:45 - 00000000 ____D C:\Windows\SysWOW64\1387411160
    2012-08-11 15:44 - 2012-08-11 15:44 - 00000000 ____D C:\Windows\SysWOW64\119355433
    2012-08-11 15:42 - 2012-08-11 15:46 - 00004596 ____A C:\Windows\SysWOW64\WinIo.sys
    2012-08-11 15:42 - 2012-08-11 15:46 - 00004596 ____A C:\Windows\SysWOW64\Drivers\WinIo.sys
    2012-08-11 15:42 - 2012-08-11 15:42 - 00000000 ____D C:\Windows\SysWOW64\74665184
    2012-08-11 15:42 - 2012-08-11 15:42 - 00000000 ____D C:\Windows\SysWOW64\615310430
    2012-08-11 15:38 - 2012-08-11 15:39 - 00000000 ____D C:\Program Files (x86)\DSSDJ2
    2012-08-11 14:18 - 2012-08-11 19:00 - 00000000 ____D C:\Users\Public\Documents\Softwrap
    2012-08-11 14:18 - 2012-08-11 14:27 - 00000560 ____A C:\Users\Public\Documents\Global.sw
    2012-08-11 14:16 - 2012-08-11 22:46 - 00000000 ____D C:\Program Files (x86)\Visiosonic

    ============ 3 Months Modified Files ========================

    2012-09-09 18:37 - 2006-11-02 09:40 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-09 18:37 - 2006-11-02 09:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-09 18:37 - 2006-11-02 09:22 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-09 18:37 - 2006-11-02 09:22 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-09 09:32 - 2006-11-02 06:46 - 00861030 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-09 09:28 - 2008-09-04 01:43 - 00000273 ____A C:\Users\Public\Documents\hpqp.ini
    2012-09-09 09:27 - 2009-07-01 09:11 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-09 09:26 - 2009-07-01 09:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-09 09:25 - 2006-11-02 09:21 - 00445624 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-09 09:16 - 2012-09-09 09:16 - 00001069 ____A C:\Windows\WindowsUpdate.log
    2012-09-09 08:23 - 2011-12-01 00:17 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000UA.job
    2012-09-09 08:21 - 2012-06-07 20:06 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000UA.job
    2012-09-09 08:20 - 2012-06-14 18:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-09 08:16 - 2012-09-09 08:15 - 00082104 ____A C:\Users\Terrell\Documents\cc_20120909_081538.reg
    2012-09-09 08:03 - 2012-09-09 08:02 - 03927560 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup322.exe
    2012-09-09 08:03 - 2011-02-01 06:36 - 00000856 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-08 23:53 - 2010-12-01 22:27 - 00271360 ____A C:\Users\Terrell\Documents\11192010 backup.pst
    2012-09-08 20:23 - 2011-12-01 00:17 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000Core.job
    2012-09-08 10:21 - 2012-06-07 20:06 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000Core.job
    2012-09-06 08:31 - 2008-11-01 15:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-09-04 16:39 - 2012-09-04 16:39 - 00894952 ____A (Oracle Corporation) C:\Users\Terrell\Downloads\jxpiinstall.exe
    2012-09-03 10:00 - 2008-10-02 21:06 - 00001818 ___AH C:\Users\Terrell\Documents\Default.rdp
    2012-08-29 09:09 - 2012-08-29 09:09 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-28 11:46 - 2012-08-28 11:40 - 201687040 ____A C:\Users\Terrell\Downloads\NGH1501_AllWin_English_SrdOnly.iso
    2012-08-24 09:26 - 2008-11-23 00:20 - 00069120 ____A C:\Users\Terrell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-23 13:07 - 2012-08-23 13:07 - 00001922 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
    2012-08-23 12:52 - 2012-08-23 12:52 - 04693369 ____A C:\Users\Terrell\Downloads\August 23-29 Webinars.zip
    2012-08-23 11:24 - 2012-08-23 11:24 - 00099840 ____A C:\Users\Terrell\Documents\INCIDENT TELEPHONE COMMUNICATIONS PLAN.dot
    2012-08-22 16:24 - 2012-08-22 16:24 - 00000969 ____A C:\Users\Public\Desktop\Express Zip.lnk
    2012-08-22 14:02 - 2012-08-11 15:59 - 00000040 ____A C:\Windows\nero.INI
    2012-08-22 05:42 - 2012-07-28 08:20 - 00001917 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-08-20 12:25 - 2012-08-20 12:25 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx(1).exe
    2012-08-20 12:24 - 2012-08-20 12:24 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx.exe
    2012-08-20 12:11 - 2012-08-20 12:11 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(2).exe
    2012-08-20 08:31 - 2012-08-20 08:31 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(1).exe
    2012-08-20 08:27 - 2012-08-20 08:27 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86.exe
    2012-08-20 08:23 - 2012-08-20 08:23 - 19827008 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\XPE_.NET20_SP3_x86_ENU.exe
    2012-08-20 08:08 - 2012-08-20 08:08 - 00889416 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\dotNetFx40_Full_setup.exe
    2012-08-16 20:48 - 2012-08-16 20:48 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-16 20:47 - 2012-08-16 20:47 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Terrell\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-16 16:14 - 2012-08-16 16:14 - 00128827 ____A C:\Users\Terrell\Documents\MY_DATA_81612_2.p2g
    2012-08-16 13:30 - 2012-08-16 13:30 - 00129625 ____A C:\Users\Terrell\Documents\MY_DATA_81612_1.p2g
    2012-08-16 13:18 - 2012-08-16 13:05 - 1672346710 ____A C:\Users\Terrell\Downloads\8.2.2012.zip
    2012-08-15 11:20 - 2012-04-18 16:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 11:20 - 2011-05-17 07:27 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-14 16:23 - 2012-08-14 16:23 - 01442429 ____A (Farbar) C:\Users\Terrell\Downloads\FRST64.exe
    2012-08-14 16:14 - 2012-02-08 11:07 - 00001879 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
    2012-08-11 20:48 - 2012-08-11 20:48 - 00001668 ____A C:\Users\Public\Desktop\Mixxx.lnk
    2012-08-11 20:43 - 2012-08-11 20:43 - 20589301 ____A C:\Users\Terrell\Downloads\mixxx-1.10.1-win32.exe
    2012-08-11 19:00 - 2012-08-11 16:15 - 00004905 ____A C:\Users\Public\Documents\Global.sw2
    2012-08-11 15:46 - 2012-08-11 15:42 - 00004596 ____A C:\Windows\SysWOW64\WinIo.sys
    2012-08-11 15:46 - 2012-08-11 15:42 - 00004596 ____A C:\Windows\SysWOW64\Drivers\WinIo.sys
    2012-08-11 15:42 - 2009-11-23 18:01 - 00064512 ____A C:\Windows\SysWOW64\WinIo.dll
    2012-08-11 15:41 - 2012-08-04 20:53 - 00000958 ____A C:\Users\Tman\Desktop\DSS DJ 5.lnk
    2012-08-11 15:41 - 2012-08-04 20:53 - 00000958 ____A C:\Users\Terrell\Desktop\DSS DJ 5.lnk
    2012-08-11 14:27 - 2012-08-11 14:18 - 00000560 ____A C:\Users\Public\Documents\Global.sw
    2012-08-08 17:25 - 2012-06-24 20:33 - 00000680 ____A C:\Users\Terrell\AppData\Local\d3d9caps.dat
    2012-08-04 12:49 - 2012-08-04 12:49 - 00000800 ____A C:\Users\Public\Desktop\Hurrevac.lnk
    2012-08-04 12:40 - 2012-08-04 12:38 - 14920394 ____A C:\Users\Terrell\Downloads\HurrevacSetup.msi
    2012-07-26 22:19 - 2012-07-26 22:19 - 03907920 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup321.exe
    2012-07-26 08:35 - 2012-07-26 08:35 - 00117248 ____A C:\Users\Terrell\Downloads\e-mail and phone list.xls
    2012-07-23 19:40 - 2012-07-23 19:40 - 00000860 ____A C:\Users\Public\Desktop\WS_FTP Pro.lnk
    2012-07-23 19:40 - 2006-11-02 06:34 - 00000512 ____A C:\Windows\win.ini
    2012-07-23 15:54 - 2012-07-23 15:54 - 00017912 ____A C:\Users\Terrell\Downloads\contacts.csv
    2012-07-23 12:49 - 2012-07-23 12:49 - 00001140 ____A C:\Users\Public\Desktop\Remote Module.lnk
    2012-07-18 12:23 - 2012-07-18 12:22 - 04280987 ____A C:\Users\Terrell\Downloads\cd110511.zip
    2012-07-11 20:22 - 2012-07-11 20:22 - 00000693 ____A C:\Users\Terrell\Documents\Rubble Pile DIA.kmz
    2012-07-11 20:21 - 2012-07-11 20:21 - 00000673 ____A C:\Users\Terrell\Documents\Pretend Town.kmz
    2012-07-07 14:54 - 2012-07-07 14:53 - 45178440 ____A (MioNet ) C:\Users\Terrell\Downloads\install_MioNet_A1_x86_4_2_27.exe
    2012-07-03 13:46 - 2012-08-16 20:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 06:49 - 2011-03-03 08:13 - 00016264 ____A C:\Users\Terrell\Documents\Apps on phone.xlsx
    2012-06-28 14:27 - 2012-06-28 14:25 - 95443261 ____A C:\Users\Terrell\Downloads\cm-7.2.0-glacier.zip
    2012-06-27 21:16 - 2012-06-27 21:10 - 251353884 ____A C:\Users\Terrell\Downloads\GDE 11-17.Roy Ray.DVDRip.avi
    2012-06-26 14:05 - 2012-06-26 14:03 - 76205964 ____A C:\Users\Terrell\Downloads\Photos.zip
    2012-06-26 14:03 - 2012-06-26 14:02 - 04309723 ____A C:\Users\Terrell\Downloads\Personal Folder KL.zip
    2012-06-26 14:02 - 2012-06-26 14:01 - 46153534 ____A C:\Users\Terrell\Downloads\Friends Shared Folder.zip
    2012-06-26 13:51 - 2012-06-26 13:48 - 97181646 ____A C:\Users\Terrell\Downloads\Camera Uploads.zip
    2012-06-25 12:54 - 2012-06-25 12:54 - 04403200 ____A C:\Users\Terrell\Downloads\gSyncit_2_5_90.msi


    ZeroAccess:
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@

    ZeroAccess:
    C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
    C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3836.9 MB
    Available physical RAM: 3187.66 MB
    Total Pagefile: 7862.18 MB
    Available Pagefile: 7327.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:222.04 GB) (Free:50.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.85 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
    4 Drive j: () (Removable) (Total:0.24 GB) (Free:0.08 GB) FAT

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 1024 KB
    Disk 1 Online 250 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 222 GB 32 KB
    Partition 2 Primary 11 GB 222 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 222 GB Healthy System (partition with boot components)

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D HP_RECOVERY NTFS Partition 11 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 250 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 J FAT Removable 250 MB Healthy

    ==================================================================================

    Last Boot: 2012-09-09 09:34

    ======================= End Of Log ==========================
  2. Sat_man01

    Sat_man01 Newcomer, in training Topic Starter

    Ok, I have since learned that while I was trying to get it in to the repair mode the windows disk, windows installer appears to have reloaded the services file, and Esset has not come up with a trojanB alert anymore!! so I think it cured itself! any suggestions?? Let it run as is??
  3. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    We need to run some checks.
    You run FRST incorrectly.
    Please follow these instructions...

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  4. Sat_man01

    Sat_man01 Newcomer, in training Topic Starter

    It still won't let me get into the repair section, I have the Vista Ultimate and it is having fun with me. The hard drive ran for a bit, and I still have not had the virus show up anymore...
  5. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    If you have Vista DVD use second option:
    To enter System Recovery Options by using Windows installation disc:

    If you don't have it let me know.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.