bradleyjond

One of our customers noticed our website (https://financeinsights.net) was being flagged By Malwarebytes Browser Guard on their computer. We've checked and there appears to be no issues with the website. It's looking like this is a false positive based on the Malwarebytes literature. Can you help us with this? Website blocked due to reputation Website blocked: financeinsights.net Malwarebytes Browser Guard blocks pages that come from websites with relatively light traffic and have been reported to have malicious activity. If you trust this website, please click CONTINUE TO SITE. Otherwise, choose GO BACK. We strongly recommend you do not continue. Thank you for your help! Brad

Results of screen317's Security Check version 0.99.50 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 25 Java version out of Date! Mozilla Thunderbird (3.1.10) Thunderbird out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

It didn't find anything that time. Are those two DNS entries normal?

RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : John Nicholas [Admin rights] Mode : Scan -- Date : 09/09/2012 01:00:56 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160318AS ATA Device +++++ --- User --- [MBR] ea6acb3719542c5e4aa14d17adb2750b [bSP] 29d88a6bd94bb9282499f9c0d775a976 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 142007 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291037184 | Size: 10518 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] 564565fe7246fa41a0d61cb0cd5946f2 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 1952 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

The malwarebytes quick scan didn't find anything, but RogueKiller said it found ZeroAccess Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.08.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 John Nicholas :: JOHNNICHOLAS [administrator] Protection: Enabled 9/8/2012 8:32:20 PM mbam-log-2012-09-08 (20-32-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 287980 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : John Nicholas [Admin rights] Mode : Scan -- Date : 09/08/2012 21:02:15 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160318AS ATA Device +++++ --- User --- [MBR] ea6acb3719542c5e4aa14d17adb2750b [bSP] 29d88a6bd94bb9282499f9c0d775a976 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 142007 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291037184 | Size: 10518 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] 564565fe7246fa41a0d61cb0cd5946f2 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 1952 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt

I ran it and it found one and cured it after a reboot. Then I ran it again and it didn't find it again, so it must have worked. I have included both logs as attachments. TDSSKiller.2.8.8.0_08.09.2012_20.17.37_log.txt TDSSKiller.2.8.8.0_08.09.2012_20.15.29_log.txt TDSSKiller.2.8.8.0_08.09.2012_20.20.29_log.txt

Alright. I'm restored and ready to try some more. What's next?

Using the restore won't restore the virus, right? haha. Probably a dumb question.

I wasn't trying to be a smart alec. I just want to make sure I'm doing the right thing. I rescanned with FRST.exe and I also did the search for services.exe just in case you needed that again too. Here's the info: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012 Ran by SYSTEM at 08-09-2012 18:59:52 Running from H:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [710656 2010-02-11] (Hewlett-Packard) HKLM\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard) HKLM\...\Run: [bATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard) HKLM\...\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\John Nicholas\...\Run: [Google Update] "C:\Users\John Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-08] (Google Inc.) HKU\John Nicholas\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKLM\...\Runonce: [1AFCE5B9-5C1B-4C2C-AFB6-626681D81BD8] cmd.exe /C start /D "C:\Users\JOHNNI~1\AppData\Local\Temp" /B 1AFCE5B9-5C1B-4C2C-AFB6-626681D81BD8.exe -activeimages -postboot [x] Tcpip\..\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602}: [NameServer]65.32.1.65,65.32.1.70 ==================== Services ================================ 2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [126008 2010-09-17] (Hewlett-Packard Company) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] () 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.) ==================== Drivers ================================= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM) ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-08 14:31 - 2012-09-08 14:18 - 02211928 ____A (Kaspersky Lab ZAO) C:\tdsskiller.exe 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-06 03:49 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120906-074911.backup 2012-09-06 03:47 - 2012-09-06 03:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2012-09-06 03:47 - 2012-09-06 03:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-09-06 03:45 - 2012-09-06 03:46 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:38 - 2012-09-06 02:42 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ___SD C:\32788R22FWJFW 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ____D C:\Qoobox 2012-09-06 02:17 - 2012-09-06 02:18 - 00000000 ____D C:\Windows\erdnt ============ 3 Months Modified Files ======================== 2012-09-08 14:58 - 2011-01-22 16:25 - 01540924 ____A C:\Windows\WindowsUpdate.log 2012-09-08 14:57 - 2012-08-08 06:45 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001UA.job 2012-09-08 14:50 - 2012-04-03 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-08 14:47 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-08 14:47 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-08 14:46 - 2009-07-25 04:54 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-08 14:40 - 2012-03-16 10:12 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-08 14:40 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-08 14:39 - 2009-07-13 20:53 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-08 14:39 - 2009-07-13 20:39 - 00045043 ____A C:\Windows\setupact.log 2012-09-08 14:18 - 2012-09-08 14:31 - 02211928 ____A (Kaspersky Lab ZAO) C:\tdsskiller.exe 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-06 14:27 - 2012-03-16 10:12 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-06 06:57 - 2012-08-08 06:45 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001Core.job 2012-09-06 04:19 - 2011-04-15 12:38 - 00063412 ____A C:\Windows\PFRO.log 2012-09-06 03:49 - 2009-07-13 18:04 - 00444231 ___RA C:\Windows\System32\Drivers\etc\hosts.20120906-075004.backup 2012-09-06 03:46 - 2012-09-06 03:45 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:42 - 2012-09-06 02:38 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-04 09:58 - 2012-08-08 06:46 - 00002497 ____A C:\Users\John Nicholas\Desktop\Google Chrome.lnk 2012-08-15 10:15 - 2011-07-15 10:15 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForJOHNNICHOLAS$.job 2012-08-14 10:50 - 2012-04-03 09:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-14 10:50 - 2011-05-17 04:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-08 06:02 - 2012-08-08 06:02 - 00000996 ____A C:\Users\John Nicholas\Downloads\disable-balloon-tips.reg 2012-08-08 05:06 - 2012-01-31 09:21 - 00034816 __ASH C:\Users\John Nicholas\Thumbs.db 2012-07-27 07:18 - 2012-07-27 07:18 - 00001029 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-16 05:44 - 2011-04-15 11:57 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-12 10:16 - 2009-07-13 20:33 - 00412440 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 11:33 - 2011-05-02 07:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 09:46 - 2012-07-16 05:10 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-11 18:44 - 2012-07-11 11:33 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-08 12:30:52 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4061.24 MB Available physical RAM: 3394.14 MB Total Pagefile: 4059.52 MB Available Pagefile: 3402.78 MB Total Virtual: 2047.88 MB Available Virtual: 1959.2 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:138.68 GB) (Free:85.72 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:10.27 GB) (Free:1.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (PRR #15327) (CDROM) (Total:0.29 GB) (Free:0 GB) UDF 4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 5 Drive h: (ANGELITO) (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 1952 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 138 GB 101 MB Partition 3 Primary 10 GB 138 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 138 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E HP_RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1952 MB 1024 B ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H ANGELITO FAT32 Removable 1952 MB Healthy ================================================================================== Last Boot: 2012-09-05 20:17 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x86) Version: 08-09-2012 Ran by SYSTEM at 2012-09-08 19:00:47 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\FRST\Quarantine\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search ===

Oh, I think you meant rescan. Yes, doing that now.

What do you mean by "recan the system"?

Luckily I am messaging back and forth with you via another computer that works perfectly well. =)

I just wanted to add that after the step involving running frst.exe with the fixlist.txt everything has disappeared from the desktop and I am getting errors when windows starts up like "C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location." Also at the bottom right, there is a little lock with a notification that says: "Failed to connect to a windows service" "Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond"

I have attached the log. There was 1 item found and there was no option to cure it. I skipped it. TDSSKiller.2.8.8.0_08.09.2012_18.35.11_log.txt.zip