You don't want the Trojan fservice.exe back!
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
fservice.exe
zee.exe
?ttrib.exe
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\
fservice.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\
Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM\..\Run: [Anti] C:\
zee.exe
O4 - HKCU\..\Run: [Zedyojuq] C:\WINDOWS\system32\
?ttrib.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{548465CB-8DD7-4149-A630-3834DCCCF0E2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{548465CB-8DD7-4149-A630-3834DCCCF0E2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{548465CB-8DD7-4149-A630-3834DCCCF0E2}: NameServer = 192.168.1.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Get deletefxpfiles here
http://www.deletefxpfiles.com/index2.html to get rid
of ?ttrib.exe if you can't delete it normally.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.