How to Use FarBar Scanner to Remove Malware

Two versions, 32bit and 64bit

Works with XP, 7vISTA and 8
Free Tool
Available at BleepingComputer.com
You want to run this in a recovery environment for Vista7 from a flash drive.
Open a command prompt from safe mode, a repair CD dos box or a PE environment
Two programs are - FRST.exe and FRST64.exe programs

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Procedure

1> At the command prompt find your flash drive and location of FRST.exe
2> Run FRST.exe
3> Leave all the ticks selected on the bottom for the Whitelist
4> Press Scan
5> When completed, FRST.txt log file was stored on flash drive where FRST.exe was located.
Also a another copy FRST.txt is stored on the root of the partition you scanned.
6> Click OK and minimize FarBar window for now.
7> Navigate to your windows partition
8> cd to c:\windows\system32
9> Type in notepad.exe
10> Goto file - open and located FRST.txt on your flash drive. Open it
11> Amongst all the data are the sections that show Modified files as you scan down.
12> As you scan down you might see this for a zero access infection and all the files infected.





13> Scanning further you will see example like this. Services.exe file is infected.





14> Sometimes Zero Access creates small hidden partitions and you can remove them with this tool as well.
15> Open another notepad window notepad.exe
16> Tile the two notepad windows side by side. One is the FRST.txt and the other the new notepad window.
17> Now, if you notice in the above example for zero access the folder c:\windows\installer\{df5b1d7b-.}
All the files are located in this same folder, so copy that first line for the parent folder
18> In the new notepad window enter on the first line the word Start
19> Beneath that paste the folder you copied from the FRST.txt file
That should delete all the files listed in the parent dir and all sub dir.
20> From the example above you see another infected folder for the user
c:\users\Britec\AppData\Local\{df5b1d7b
21> Copy the parent folder ( first line) here as well and paste into the new notepad window under the previous line.
22> From the example above you see that last line for c:\windows\assembly\GAC\Desktop.ini
Copy and paste this line as well.
23> Now for the services we need to handle that differently. So minimize the new notepad window for now
24> Go back to you minimized Farbar window and run it again, but this time with the word services.exe
in the search line
25> Now scan again.
26> It will generate another log file called search.txt in the last location as the frst.txt file location.
27> Now open up another notepad window (I know lol) and open up the search.txt log file.
28> Here are the results





29> Copy that top line I highlighted and paste that into the file we were creating with all the infected foldersfiles
30> Now at the bottom of this created file we need to type the following:
replace: paste in the line we copied from the search.txt file, enter a space, then c:\windows\system32\services.exe





31> Now on the very last line type the word end and press enter. Below is what you should have.





32> Now save this file as fixlist.txt in the same location as the other .txt files we've been working with.
33> Now go back to your flash drive and run frst.exe again
34> This time you click the fix button which will scan for the fixlist.txt button and repair those items.





35> As you can see it then fixes the issues and generates another log file called FixLog.txt in the same location.
You can open that file with notepad to see what was done.





36> Notice that the files were moved into a folder for quarantine, which can be deleted later.
37> At this point you should be clean but it is wise to do another scan to be sure.
38> Notice below now that services.exe is good




And there you have it. Not for the everyday user. A lot must be inferred from this guide but I am sure you can figure out it use
from this sample scan.

Enjoy

GEGeek

Source - You can watch a video fot his same procedure here.
http:www.youtube.comwatch?v=D1iS1Vdxeeo&feature=em-uploademail