Yes.  It ran.  It took a few hours but completed its process.  Attached is the log.

Did you have any one use the system between steps, as what is strange is the MD5 for services.exe has changed from BC81150939BD52DBC7A08C245F1FB229  to E2D076F2C1239AA6C7412BA6B8B1DE4E,  but still a MD5 I don't know of.

Your system should probably use for that location MD5  934E0B7D77FF78C18D9F8891221B6DE3

Quads

OK,

On the Flash Drive that has FRST64.exe and the .txt files.   Delete them all and download a new FRST64.exe (like the first instructions) and create a new FRST.txt log for me. 

We may have to use FRST to seach and replace services.exe files and script to swap with the copy I want it to.

A stubborn one, or a re infection.

Quads

Attached is the log.  Thanks for all the help.

tart FRST like you did in Step 1, once it starts do this,

Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click Search button and post the log it makes to your reply.   Called search.txt

Quads

Attached is the log

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe or frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Quads

Attached is the log.  Thanks again for all the help.