Inactive I have the patched b.gen virus

Sat_man01 · Sep 9, 2012

My Name is Terrell and I have the patched B.gen virus and I tried to run the frst in a repair mode but it is also having fun with me, it ran, but I am not sure if it is what you need. but here goes!

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by Terrell at 09-09-2012 18:48:37
Running from J:\
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-09-09 09:16 - 2012-09-09 09:16 - 00001069 ____A C:\Windows\WindowsUpdate.log
2012-09-09 09:13 - 2012-09-09 18:48 - 00000000 ____D C:\FRST
2012-09-09 08:15 - 2012-09-09 08:16 - 00082104 ____A C:\Users\Terrell\Documents\cc_20120909_081538.reg
2012-09-09 08:02 - 2012-09-09 08:03 - 03927560 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup322.exe
2012-09-04 16:39 - 2012-09-04 16:39 - 00894952 ____A (Oracle Corporation) C:\Users\Terrell\Downloads\jxpiinstall.exe
2012-08-29 09:09 - 2012-08-29 09:09 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-28 11:40 - 2012-08-28 11:46 - 201687040 ____A C:\Users\Terrell\Downloads\NGH1501_AllWin_English_SrdOnly.iso
2012-08-24 14:10 - 2012-08-25 22:30 - 00000000 ____D C:\Users\Terrell\Desktop\New Folder
2012-08-23 21:31 - 2012-08-24 14:12 - 00000000 ____D C:\Music for Wedding
2012-08-23 13:07 - 2012-08-23 13:07 - 00001922 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
2012-08-23 12:52 - 2012-08-23 12:52 - 04693369 ____A C:\Users\Terrell\Downloads\August 23-29 Webinars.zip
2012-08-23 11:24 - 2012-08-23 11:24 - 00099840 ____A C:\Users\Terrell\Documents\INCIDENT TELEPHONE COMMUNICATIONS PLAN.dot
2012-08-22 16:24 - 2012-08-22 16:24 - 00000969 ____A C:\Users\Public\Desktop\Express Zip.lnk
2012-08-20 12:25 - 2012-08-20 12:25 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx(1).exe
2012-08-20 12:24 - 2012-08-20 12:24 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx.exe
2012-08-20 12:11 - 2012-08-20 12:11 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(2).exe
2012-08-20 08:31 - 2012-08-20 08:31 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(1).exe
2012-08-20 08:27 - 2012-08-20 08:27 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86.exe
2012-08-20 08:23 - 2012-08-20 08:23 - 19827008 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\XPE_.NET20_SP3_x86_ENU.exe
2012-08-20 08:08 - 2012-08-20 08:08 - 00889416 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\dotNetFx40_Full_setup.exe
2012-08-16 20:48 - 2012-08-16 20:48 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Users\Terrell\AppData\Roaming\Malwarebytes
2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-16 20:48 - 2012-08-16 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-16 20:48 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-16 20:47 - 2012-08-16 20:47 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Terrell\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-16 16:14 - 2012-08-16 16:14 - 00128827 ____A C:\Users\Terrell\Documents\MY_DATA_81612_2.p2g
2012-08-16 13:30 - 2012-08-16 13:30 - 00129625 ____A C:\Users\Terrell\Documents\MY_DATA_81612_1.p2g
2012-08-16 13:05 - 2012-08-16 13:18 - 1672346710 ____A C:\Users\Terrell\Downloads\8.2.2012.zip
2012-08-14 16:23 - 2012-08-14 16:23 - 01442429 ____A (Farbar) C:\Users\Terrell\Downloads\FRST64.exe
2012-08-12 06:35 - 2012-08-12 06:35 - 00000000 ____D C:\Users\Terrell\AppData\Local\WMTools Downloaded Files
2012-08-11 20:52 - 2012-09-07 14:22 - 00000000 ____D C:\Users\Terrell\AppData\Local\Mixxx
2012-08-11 20:48 - 2012-08-11 20:48 - 00001668 ____A C:\Users\Public\Desktop\Mixxx.lnk
2012-08-11 20:45 - 2012-08-11 20:46 - 00000000 ____D C:\Program Files (x86)\Mixxx
2012-08-11 20:43 - 2012-08-11 20:43 - 20589301 ____A C:\Users\Terrell\Downloads\mixxx-1.10.1-win32.exe
2012-08-11 17:05 - 2012-08-11 17:07 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 3 Cracks
2012-08-11 17:00 - 2012-08-11 17:04 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-08-11 17:00 - 2012-08-11 17:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-11 16:57 - 2012-08-11 16:57 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 2 Cracks
2012-08-11 16:53 - 2012-08-11 16:55 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ 1 Cracks
2012-08-11 16:47 - 2012-08-12 06:49 - 00000000 ____D C:\Users\Terrell\Documents\PCDJ Cracks
2012-08-11 16:15 - 2012-08-11 19:00 - 00004905 ____A C:\Users\Public\Documents\Global.sw2
2012-08-11 16:14 - 2012-08-11 22:46 - 00000000 ____D C:\Program Files (x86)\PCDJ DEX
2012-08-11 15:59 - 2012-08-22 14:02 - 00000040 ____A C:\Windows\nero.INI
2012-08-11 15:46 - 2012-08-11 15:46 - 00000000 ____D C:\Windows\SysWOW64\78787824
2012-08-11 15:46 - 2012-08-11 15:46 - 00000000 ____D C:\Windows\SysWOW64\114727461
2012-08-11 15:45 - 2012-08-11 15:45 - 00000000 ____D C:\Windows\SysWOW64\1387411160
2012-08-11 15:44 - 2012-08-11 15:44 - 00000000 ____D C:\Windows\SysWOW64\119355433
2012-08-11 15:42 - 2012-08-11 15:46 - 00004596 ____A C:\Windows\SysWOW64\WinIo.sys
2012-08-11 15:42 - 2012-08-11 15:46 - 00004596 ____A C:\Windows\SysWOW64\Drivers\WinIo.sys
2012-08-11 15:42 - 2012-08-11 15:42 - 00000000 ____D C:\Windows\SysWOW64\74665184
2012-08-11 15:42 - 2012-08-11 15:42 - 00000000 ____D C:\Windows\SysWOW64\615310430
2012-08-11 15:38 - 2012-08-11 15:39 - 00000000 ____D C:\Program Files (x86)\DSSDJ2
2012-08-11 14:18 - 2012-08-11 19:00 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2012-08-11 14:18 - 2012-08-11 14:27 - 00000560 ____A C:\Users\Public\Documents\Global.sw
2012-08-11 14:16 - 2012-08-11 22:46 - 00000000 ____D C:\Program Files (x86)\Visiosonic

============ 3 Months Modified Files ========================

2012-09-09 18:37 - 2006-11-02 09:40 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-09 18:37 - 2006-11-02 09:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-09 18:37 - 2006-11-02 09:22 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-09 18:37 - 2006-11-02 09:22 - 00004784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-09 09:32 - 2006-11-02 06:46 - 00861030 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-09 09:28 - 2008-09-04 01:43 - 00000273 ____A C:\Users\Public\Documents\hpqp.ini
2012-09-09 09:27 - 2009-07-01 09:11 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-09 09:26 - 2009-07-01 09:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-09 09:25 - 2006-11-02 09:21 - 00445624 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-09 09:16 - 2012-09-09 09:16 - 00001069 ____A C:\Windows\WindowsUpdate.log
2012-09-09 08:23 - 2011-12-01 00:17 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000UA.job
2012-09-09 08:21 - 2012-06-07 20:06 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000UA.job
2012-09-09 08:20 - 2012-06-14 18:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-09 08:16 - 2012-09-09 08:15 - 00082104 ____A C:\Users\Terrell\Documents\cc_20120909_081538.reg
2012-09-09 08:03 - 2012-09-09 08:02 - 03927560 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup322.exe
2012-09-09 08:03 - 2011-02-01 06:36 - 00000856 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-08 23:53 - 2010-12-01 22:27 - 00271360 ____A C:\Users\Terrell\Documents\11192010 backup.pst
2012-09-08 20:23 - 2011-12-01 00:17 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000Core.job
2012-09-08 10:21 - 2012-06-07 20:06 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134200181-3873206144-2363758136-1000Core.job
2012-09-06 08:31 - 2008-11-01 15:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-09-04 16:39 - 2012-09-04 16:39 - 00894952 ____A (Oracle Corporation) C:\Users\Terrell\Downloads\jxpiinstall.exe
2012-09-03 10:00 - 2008-10-02 21:06 - 00001818 ___AH C:\Users\Terrell\Documents\Default.rdp
2012-08-29 09:09 - 2012-08-29 09:09 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-28 11:46 - 2012-08-28 11:40 - 201687040 ____A C:\Users\Terrell\Downloads\NGH1501_AllWin_English_SrdOnly.iso
2012-08-24 09:26 - 2008-11-23 00:20 - 00069120 ____A C:\Users\Terrell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-23 13:07 - 2012-08-23 13:07 - 00001922 ____A C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
2012-08-23 12:52 - 2012-08-23 12:52 - 04693369 ____A C:\Users\Terrell\Downloads\August 23-29 Webinars.zip
2012-08-23 11:24 - 2012-08-23 11:24 - 00099840 ____A C:\Users\Terrell\Documents\INCIDENT TELEPHONE COMMUNICATIONS PLAN.dot
2012-08-22 16:24 - 2012-08-22 16:24 - 00000969 ____A C:\Users\Public\Desktop\Express Zip.lnk
2012-08-22 14:02 - 2012-08-11 15:59 - 00000040 ____A C:\Windows\nero.INI
2012-08-22 05:42 - 2012-07-28 08:20 - 00001917 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-20 12:25 - 2012-08-20 12:25 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx(1).exe
2012-08-20 12:24 - 2012-08-20 12:24 - 24265736 ____A (Microsoft) C:\Users\Terrell\Downloads\dotnetfx.exe
2012-08-20 12:11 - 2012-08-20 12:11 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(2).exe
2012-08-20 08:31 - 2012-08-20 08:31 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86(1).exe
2012-08-20 08:27 - 2012-08-20 08:27 - 10703680 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\NDP1.1sp1-KB867460-X86.exe
2012-08-20 08:23 - 2012-08-20 08:23 - 19827008 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\XPE_.NET20_SP3_x86_ENU.exe
2012-08-20 08:08 - 2012-08-20 08:08 - 00889416 ____A (Microsoft Corporation) C:\Users\Terrell\Downloads\dotNetFx40_Full_setup.exe
2012-08-16 20:48 - 2012-08-16 20:48 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 20:47 - 2012-08-16 20:47 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Terrell\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-16 16:14 - 2012-08-16 16:14 - 00128827 ____A C:\Users\Terrell\Documents\MY_DATA_81612_2.p2g
2012-08-16 13:30 - 2012-08-16 13:30 - 00129625 ____A C:\Users\Terrell\Documents\MY_DATA_81612_1.p2g
2012-08-16 13:18 - 2012-08-16 13:05 - 1672346710 ____A C:\Users\Terrell\Downloads\8.2.2012.zip
2012-08-15 11:20 - 2012-04-18 16:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 11:20 - 2011-05-17 07:27 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-14 16:23 - 2012-08-14 16:23 - 01442429 ____A (Farbar) C:\Users\Terrell\Downloads\FRST64.exe
2012-08-14 16:14 - 2012-02-08 11:07 - 00001879 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
2012-08-11 20:48 - 2012-08-11 20:48 - 00001668 ____A C:\Users\Public\Desktop\Mixxx.lnk
2012-08-11 20:43 - 2012-08-11 20:43 - 20589301 ____A C:\Users\Terrell\Downloads\mixxx-1.10.1-win32.exe
2012-08-11 19:00 - 2012-08-11 16:15 - 00004905 ____A C:\Users\Public\Documents\Global.sw2
2012-08-11 15:46 - 2012-08-11 15:42 - 00004596 ____A C:\Windows\SysWOW64\WinIo.sys
2012-08-11 15:46 - 2012-08-11 15:42 - 00004596 ____A C:\Windows\SysWOW64\Drivers\WinIo.sys
2012-08-11 15:42 - 2009-11-23 18:01 - 00064512 ____A C:\Windows\SysWOW64\WinIo.dll
2012-08-11 15:41 - 2012-08-04 20:53 - 00000958 ____A C:\Users\Tman\Desktop\DSS DJ 5.lnk
2012-08-11 15:41 - 2012-08-04 20:53 - 00000958 ____A C:\Users\Terrell\Desktop\DSS DJ 5.lnk
2012-08-11 14:27 - 2012-08-11 14:18 - 00000560 ____A C:\Users\Public\Documents\Global.sw
2012-08-08 17:25 - 2012-06-24 20:33 - 00000680 ____A C:\Users\Terrell\AppData\Local\d3d9caps.dat
2012-08-04 12:49 - 2012-08-04 12:49 - 00000800 ____A C:\Users\Public\Desktop\Hurrevac.lnk
2012-08-04 12:40 - 2012-08-04 12:38 - 14920394 ____A C:\Users\Terrell\Downloads\HurrevacSetup.msi
2012-07-26 22:19 - 2012-07-26 22:19 - 03907920 ____A (Piriform Ltd) C:\Users\Terrell\Downloads\ccsetup321.exe
2012-07-26 08:35 - 2012-07-26 08:35 - 00117248 ____A C:\Users\Terrell\Downloads\e-mail and phone list.xls
2012-07-23 19:40 - 2012-07-23 19:40 - 00000860 ____A C:\Users\Public\Desktop\WS_FTP Pro.lnk
2012-07-23 19:40 - 2006-11-02 06:34 - 00000512 ____A C:\Windows\win.ini
2012-07-23 15:54 - 2012-07-23 15:54 - 00017912 ____A C:\Users\Terrell\Downloads\contacts.csv
2012-07-23 12:49 - 2012-07-23 12:49 - 00001140 ____A C:\Users\Public\Desktop\Remote Module.lnk
2012-07-18 12:23 - 2012-07-18 12:22 - 04280987 ____A C:\Users\Terrell\Downloads\cd110511.zip
2012-07-11 20:22 - 2012-07-11 20:22 - 00000693 ____A C:\Users\Terrell\Documents\Rubble Pile DIA.kmz
2012-07-11 20:21 - 2012-07-11 20:21 - 00000673 ____A C:\Users\Terrell\Documents\Pretend Town.kmz
2012-07-07 14:54 - 2012-07-07 14:53 - 45178440 ____A (MioNet ) C:\Users\Terrell\Downloads\install_MioNet_A1_x86_4_2_27.exe
2012-07-03 13:46 - 2012-08-16 20:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 06:49 - 2011-03-03 08:13 - 00016264 ____A C:\Users\Terrell\Documents\Apps on phone.xlsx
2012-06-28 14:27 - 2012-06-28 14:25 - 95443261 ____A C:\Users\Terrell\Downloads\cm-7.2.0-glacier.zip
2012-06-27 21:16 - 2012-06-27 21:10 - 251353884 ____A C:\Users\Terrell\Downloads\GDE 11-17.Roy Ray.DVDRip.avi
2012-06-26 14:05 - 2012-06-26 14:03 - 76205964 ____A C:\Users\Terrell\Downloads\Photos.zip
2012-06-26 14:03 - 2012-06-26 14:02 - 04309723 ____A C:\Users\Terrell\Downloads\Personal Folder KL.zip
2012-06-26 14:02 - 2012-06-26 14:01 - 46153534 ____A C:\Users\Terrell\Downloads\Friends Shared Folder.zip
2012-06-26 13:51 - 2012-06-26 13:48 - 97181646 ____A C:\Users\Terrell\Downloads\Camera Uploads.zip
2012-06-25 12:54 - 2012-06-25 12:54 - 04403200 ____A C:\Users\Terrell\Downloads\gSyncit_2_5_90.msi

ZeroAccess:
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@

ZeroAccess:
C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Terrell\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3836.9 MB
Available physical RAM: 3187.66 MB
Total Pagefile: 7862.18 MB
Available Pagefile: 7327.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:222.04 GB) (Free:50.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.85 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
4 Drive j: () (Removable) (Total:0.24 GB) (Free:0.08 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1024 KB
Disk 1 Online 250 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 222 GB 32 KB
Partition 2 Primary 11 GB 222 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 222 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 250 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J FAT Removable 250 MB Healthy

==================================================================================

Last Boot: 2012-09-09 09:34

======================= End Of Log ==========================

Sat_man01 · Sep 9, 2012

Ok, I have since learned that while I was trying to get it in to the repair mode the windows disk, windows installer appears to have reloaded the services file, and Esset has not come up with a trojanB alert anymore!! so I think it cured itself! any suggestions?? Let it run as is??

Broni · Sep 9, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

We need to run some checks.
You run FRST incorrectly.
Please follow these instructions...

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

Sat_man01 · Sep 11, 2012

It still won't let me get into the repair section, I have the Vista Ultimate and it is having fun with me. The hard drive ran for a bit, and I still have not had the virus show up anymore...

Broni · Sep 11, 2012

If you have Vista DVD use second option:
To enter System Recovery Options by using Windows installation disc:

If you don't have it let me know.

Inactive I have the patched b.gen virus

Sat_man01

Sat_man01

Broni

Posts: 56,041 +516

Sat_man01

Broni

Posts: 56,041 +516

Similar threads

Latest posts