Generic Host Process for win32 Services

Yeah, restart and try again please.

I shall wait patiently.

Hi DMJ,


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

What other signs of infection are there?!

My computer take long time to start and after some time of inactivty internet doesn't work, I try to look for the net but my pc don't show me nothing.
When I turn off my pc, internet explorer is always running even if I just use google chrome.
If I open Explorer I'm redirected to shit webs....

I'm still infected or just I'm a paranoid?
.

Please open Notepad and enter in the following:

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

• Invalid Partition Table
  
• Missing Operating System
  
• Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console
• How to fix MBR in Windows XP and Vista

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

I think my MRB is damaged because the pc can not reboot the system, here you are the report. I think I have to reboot with windows cd, non?

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

Done;
Press any key to quit...

You do have a Windows CD?

Non I don't have and my pc is a notebook without cd recorder. Can I burn them in a Mac???

thank you

It can be burned on a Mac, yes.

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.