Application cannot be executed

[gelo]

Morning all,

Im trying to fix one of my colleagues laptop that keeps on recieving "Application cannot be executed.  The file xxxxx is infected. Do you want to activate your antivirus software now?

I am unable to plug this laptop to the company network, so what I did was transfer SuperAntiSpyware, Rkill, Hijackthis and Combofix to it via usb drive.  Last night I ran it all of them except of Combofix and removed a bunch of malware/spyware, but the problem still exist.  I also noticed that he has "Antivirus IS" which is fake.

I am currently doing the process all over again is safe mode.  Also when in normal mode, I am unable to run any scans.

Laptop is Windows 7 64bit OS

Thanks in Advance

[gelo]

here are yesterday's logs
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/30/2010 8:38:47 PM
mbam-log-2010-09-30 (20-38-47).txt

Scan type: Quick scan
Objects scanned: 120485
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\bryan\AppData\Local\Temp\0.7749867904541108.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

[gelo]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/30/2010 at 09:17 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type       : Complete Scan
Total Scan Time : 00:29:13

Memory items scanned      : 333
Memory threats detected   : 0
Registry items scanned    : 13789
Registry threats detected : 0
File items scanned        : 28070
File threats detected     : 59

Adware.Tracking Cookie
   C:\Users\bryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\bryan\AppData\Roaming\Microsoft\Windows\Cookies\bryan@media6degrees[2].txt
   .doubleclick.net [ C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .divx.112.2o7.net [ C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .surveymonkey.122.2o7.net [ C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   ia.media-imdb.com [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   media.scanscout.com [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   secure-us.imrworldwide.com [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   video.redorbit.com [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   www.naiadsystems.com [ C:\Users\bryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZFT2ZHPS ]
   C:\Users\bryan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bryan@*censored*[2].txt
   .interclick.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .interclick.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .interclick.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .moyeamedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .moyeamedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .stats.paypal.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   5.w.h.cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   5.u.h.cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   5.c.h.cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .server.cpmstar.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .server.cpmstar.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   5.m.h.cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .free-porn.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .free-porn.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .chitika.net [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   z.g.h.cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .clicksor.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .clicksor.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .clicksor.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .clicksor.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   .clicksor.com [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]
   cltomedia.info [ C:\Users\bryan\AppData\Roaming\Mozilla\Firefox\Profiles\ieiqiv6w.default\cookies.sqlite ]

Spyware.RelevantKnowledge
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLLS.DLL
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLLS64.DLL
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLPH.DLL
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLSERVICE.EXE
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLVKNLG.EXE
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLVKNLG64.EXE
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLXF.DLL
   C:\USERS\BRYAN\APPDATA\LOCAL\TEMP\~OS14A9.TMP\RLXG.DLL

[gelo]

just ran this now

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:34 AM, on 10/1/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode

Running processes:
C:\Users\bryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Performance Center] C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files (x86)\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [cfmjqggv] C:\Users\bryan\AppData\Local\yvveahoxq\dncxdasshdw.exe
O4 - HKCU\..\Run: [nbgdnbjf] C:\Users\bryan\AppData\Local\Temp\lcsdrjssa\hsiqqnflanw.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: YouTring.lnk = C:\Program Files (x86)\YouTring\YouTring.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Clearwire Con App Svc (CACLEARWIRE) - SmithMicro Inc. - C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\bryan\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAgnt Helper Service - Unknown owner - C:\windows\system32\XYNTService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11279 bytes

[gelo]

I fixed the problem.  Computer is running properly and no fake pop ups.  I manually removed Antiviris IS from the registry.

[SuperDave]

I still see some problems in the logs but, if you're happy, I'm happy.

[gelo]

yah i seen a few problems in the hjt logs. the comp is working and the user is happy.

thanks for the reply