Solved Pop Ups On Computer

[Resolved] Pop Ups On Computer

I started receiving pop ups on my computer and have posted my HJT Log Below:
Logfile of HijackThis v1.99.1
Scan saved at 12:41:11 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RECYCLERÿÿ\FrostWire.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} (PictureLoader.Helpers) - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} (GSAXCtrl2.UserControl1) - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} (Infragistics Panel Control 4.0) - https://dks.jmfamily.com/cabs/IGThreed40.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intravision Client Update Service (IVTClientUpdate) - Intravision Technologies - c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

Thanks!

 

Hi Joe,

Please remove the outdated version of HijackThis you have and post a log with version 2.0.2, as well as the main.txt log from Deckard's System Scanner. Links and instructions here.

Did you add all of those sites to the IE Trusted Zone?

 

Deckard's System Scanner

Deckard's System Scanner v20071014.68
Run by iujmheb on 2007-11-09 19:10:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2007-11-10 01:10:19 UTC - RP264 - Deckard's System Scanner Restore Point
41: 2007-11-09 06:59:12 UTC - RP263 - Installed Windows Media Player 10
40: 2007-11-07 20:19:41 UTC - RP262 - System Checkpoint
39: 2007-11-02 19:29:13 UTC - RP261 - System Checkpoint
38: 2007-10-31 03:33:36 UTC - RP260 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-08-11 00:20:57 UTC - RP223 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as iujmheb.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:41 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\iujmheb\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\iujmheb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://deckard.geekstogo.com
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: http://www.trendsecure.com
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} (PictureLoader.Helpers) - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} (GSAXCtrl2.UserControl1) - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} (Infragistics Panel Control 4.0) - https://dks.jmfamily.com/cabs/IGThreed40.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intravision Client Update Service (IVTClientUpdate) - Intravision Technologies - c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 11249 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SafeBoot - c:\windows\system32\drivers\safeboot.sys
R0 SBAlg - c:\windows\system32\drivers\sbalg.sys <Not Verified; Control Break International; SafeBoot Security System>
R0 Teefer (Teefer for NT) - c:\windows\\systemroot\system32\drivers\teefer.sys (file missing)
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 RsvLock - c:\windows\system32\drivers\rsvlock.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SBFlop - c:\windows\system32\drivers\sbflop.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SbPrcCtl - c:\windows\system32\drivers\sbprcctl.sys <Not Verified; Control Break International; SafeBoot Security System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 agnwifi (AT&T Wi-Fi Support Driver) - c:\windows\system32\drivers\agnwifi.sys <Not Verified; AT&T; AT&T Global Network Client>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S2 HIDKbFlt (HIDKbFlt.SvcDesc%) - c:\windows\system32\drivers\hidkbflt.sys (file missing)
S2 vdo_3949-48e3 - c:\windows\system32\vdo_3949-48e3.sys (file missing)
S3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys (file missing)
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S4 black - c:\windows\system32\drivers\blackdrv.sys (file missing)
S4 SysGuard - c:\windows\system32\drivers\sysguard.sys
S4 SysPlant (SysPlant for NT) - c:\windows\\systemroot\system32\drivers\sysplant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 IVTClientUpdate (Intravision Client Update Service) - c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe <Not Verified; Intravision Technologies; >
R2 NetCfgSvr (Network Configuration Service) - c:\progra~1\at&tgl~1\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SafeBootConfigurationManager (SafeBoot Configuration Manager) - c:\program files\safeboot\sbmgrnt.exe <Not Verified; Control Break International; SafeBoot Security System>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-18 20:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-09 and 2007-11-09 -----------------------------

2007-11-09 19:04:06 0 d-------- C:\Program Files\Trend Micro
2007-11-09 09:14:08 0 dr-h----- C:\Documents and Settings\iujmheb\Recent
2007-11-09 00:37:29 0 d------c- C:\HJT
2007-10-30 19:42:24 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-30 19:38:26 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-30 19:18:35 0 d-------- C:\Program Files\Free Hide Folder


-- Find3M Report ---------------------------------------------------------------

2007-11-09 18:21:21 0 d-------- C:\Program Files\Plaxo
2007-11-09 00:25:21 0 d-------- C:\Documents and Settings\iujmheb\Application Data\FrostWire
2007-11-07 11:03:21 0 d-------- C:\Program Files\Symantec AntiVirus
2007-11-02 16:01:39 0 d-------- C:\Program Files\AT&T Global Network Client
2007-10-31 11:51:18 0 d-------- C:\Program Files\SafeBoot
2007-10-07 20:08:12 0 d-------- C:\Program Files\iTunes
2007-10-07 20:08:00 0 d-------- C:\Program Files\iPod
2007-10-07 19:51:04 0 d-------- C:\Program Files\Apple Software Update
2007-09-27 14:47:52 0 d-------- C:\Program Files\Viewpoint
2007-09-27 14:43:31 0 d-------- C:\Program Files\Common Files
2007-09-27 14:43:31 0 d-------- C:\Program Files\Common Files\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RightFAX Print-to-Fax Driver "= "C:\Program Files\RightFax\Client\FaxCtrl.exe" [09/30/2005 04:34 PM]
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 12:12 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [02/22/2005 09:37 AM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [02/22/2005 09:34 AM]
"Alcmtr "= "ALCMTR.EXE" [10/13/2004 10:00 AM C:\WINDOWS\ALCMTR.EXE]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [11/07/2003 06:21 PM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [02/17/2005 08:31 AM]
"type32 "= "C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 03:46 AM]
"SBMGRNT.EXE "= "C:\PROGRA~1\SafeBoot\SBMGRNT.exe" [02/12/2007 09:04 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 06:26 PM]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 07:33 PM]
"RoxioEngineUtility "= "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 05:44 PM]
"AGNCF "= "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" [10/29/2004 07:00 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage "=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 01/18/2005 10:48 AM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=adminpassword.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2041924414-1375143614-688353862-52811\Scripts\Logon\0\0]
"Script "=compprop.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead75c28-4172-11dc-9a18-0013ce37c845}]
AutoRun\command- G:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-09 19:12:32 ------------

 

Extra.txt plus HJT Log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 510.08 MiB / 256.5 MiB
Pagefile Memory (total/avail): 1246.32 MiB / 858.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.34 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 17.73 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick or MemoryStickPro Device

\\.\PHYSICALDRIVE0 - HTS541040G9SA00 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: Symantec Protection Agent 5.1 v5.6 (Symantec Corporation.)
AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\iujmheb\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RMTJMFWXP10816
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\iujmheb
LOGONSERVER=\\DRFSDCP6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\iujmheb\LOCALS~1\Temp
TMP=C:\DOCUME~1\iujmheb\LOCALS~1\Temp
USERDNSDOMAIN=CORP.JMFAMILY.COM
USERDOMAIN=JMFAMILY
USERNAME=iujmheb
USERPROFILE=C:\Documents and Settings\iujmheb
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

iujmheb (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> Dummy
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AOL Pictures Tools (version 10.4.0.4) --> C:\Program Files\AOL Pictures\10_4_0_4a\aolpInstaller.exe /u
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
CD LabelMaker --> C:\Program Files\Memorex\CD LabelMaker\uninstall.exe CD LabelMaker
CD LabelMaker Easy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E2CD3A0-505B-11D4-867E-E56CE477E832}\setup.exe"
Curitel PC Card Software --> C:\Program Files\Alltel\PC5740\PWI_Uninstall.exe
DCleaner (remove only) --> C:\Program Files\DCleaner\Uninst-DC.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ERALink32 --> MsiExec.exe /X{34B85F58-4EA1-40F2-A658-DA3CE5D19820}
Free Hide Folder --> C:\PROGRA~1\FREEHI~1\UNWISE.EXE C:\PROGRA~1\FREEHI~1\INSTALL.LOG
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003
High Definition Audio Driver Package - KB835221 -->
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{E13AF122-FEB8-4d7b-8C66-C11F805539B1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Juice 2.2 --> C:\Program Files\Juice\uninst.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\iujmheb\Application Data\Move Networks\ie_bin\unins000.exe "
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter Simple --> C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
NVAR 2.0 Media Client --> MsiExec.exe /I{0D643F99-2D76-4071-8321-A109F7AA404C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.13.0.12\uninstall.exe
QuickLink Mobile --> C:\PROGRA~1\Alltel\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Alltel\QUICKL~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
RightFax Product Suite --> MsiExec.exe /I{37EAD3B6-15F3-4292-AA85-41CADD54E964}
Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Symantec Protection Agent 5.1 --> MsiExec.exe /X{9D89C7D4-F2A4-47A7-9F7F-0A19A9C3187B}
VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
Veo Advanced Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C44CB060-2AD1-11D6-BC84-00D0B7E10CD1}\Setup.exe"
Veo Digital Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45AEEA61-04F8-11D6-8B35-0080C8F5C4AA}\setup.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type13524 / Error
Event Submitted/Written: 11/09/2007 05:03:18 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type13523 / Error
Event Submitted/Written: 11/09/2007 08:58:15 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type13520 / Error
Event Submitted/Written: 11/08/2007 09:37:12 PM
Event ID/Source: 0 / Intravision NVAR
Event Description:
[2007-11-08 21:37:12,780][ERROR][UPDATES][Intravision.Raven.ClientUpdateService][] - Failed to query, download, or apply update.
Exception: System.Net.WebException
Message: The underlying connection was closed: The remote name could not be resolved.
Source: System
at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Intravision.Raven.UpdateWebService.ClientQueryVersion()
at Intravision.Raven.ClientUpdateService.Run()

Event Record #/Type13518 / Error
Event Submitted/Written: 11/08/2007 09:37:12 PM
Event ID/Source: 0 / Intravision NVAR
Event Description:
[2007-11-08 21:37:12,129][ERROR][UPDATES][Intravision.Raven.ClientUpdateService][] - Failed to check http://clientupdates.nvar2.intravisiontech.net/updates.asmx
Exception: System.Net.WebException
Message: The underlying connection was closed: The remote name could not be resolved.
Source: System
at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Intravision.Raven.UpdateWebService.ClientQueryVersion()
at Intravision.Raven.ClientUpdateService.Run()

Event Record #/Type13516 / Error
Event Submitted/Written: 11/08/2007 09:37:08 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type796343 / Error
Event Submitted/Written: 11/09/2007 07:06:14 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Event Record #/Type796342 / Warning
Event Submitted/Written: 11/09/2007 07:06:14 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 60 minutes.

Event Record #/Type796341 / Error
Event Submitted/Written: 11/09/2007 06:36:14 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Event Record #/Type796340 / Warning
Event Submitted/Written: 11/09/2007 06:36:14 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Event Record #/Type796339 / Error
Event Submitted/Written: 11/09/2007 06:21:09 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2007-11-09 19:12:32 ------------Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:22 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [AGNCF] "C:\Program Files\AT&T Global Network Client\MigrateFW.exe" -initonly /default=on /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://oasis
O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: dealer.jmagroup.com
O15 - Trusted Zone: *.corp.jmfamily.com
O15 - Trusted Zone: cookiepro.jmfamily.com
O15 - Trusted Zone: http://patches.jmfamily.com
O15 - Trusted Zone: *.jmfamily.com
O15 - Trusted Zone: http://*.jmfemail.com
O15 - Trusted Zone: *.jmsreporting.com
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://www.setdealerdaily.com
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: *.corp.jmfamily.com (HKLM)
O15 - Trusted Zone: *.jmfamily.com (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://www.setdealerdaily.com (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)
O16 - DPF: Launcher - http://dealer.jmagroup.com/jmfsdpweb/content/cabs/launcher.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - https://dks.jmfamily.com/cabs/SSTree.CAB
O16 - DPF: {41E6DDD6-FBD6-4718-80F7-9B160533C2F5} (Infragistics UltraToolbars Control 5.0) - https://dks.jmfamily.com/cabs/IGToolbars50.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
O16 - DPF: {B3014671-7872-4671-BE73-5D05EB5B2AF5} (Infragistics UltraGrid Control 2.0) - https://dks.jmfamily.com/cabs/IGUltraGrid20.CAB
O16 - DPF: {B63EA811-FF25-4211-A6D2-58BF767432E1} (PictureLoader.Helpers) - https://dks.jmfamily.com/cabs/pictureloader.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://performancetrac.jmfefinancial.com/reports/ss/viewers/activeXViewer/activexviewer.cab
O16 - DPF: {CB6742B9-7282-4002-A024-455466F42A18} (Intravision.Raven.AltaPlaybackClient) - https://portal.intravisiontech.com/jimray/utility/MediaClient.CAB
O16 - DPF: {E2DD00FF-38ED-11D5-8F28-00008344CD16} (GSAXCtrl2.UserControl1) - http://associatedirectory/GSAXCtrl.ocx
O16 - DPF: {EA6F44F0-AA12-406F-81D3-44078757220B} (AppLauncherToolBar.UserControlToolBar) - http://oasisapplauncher/AppLauncherToolBar.CAB
O16 - DPF: {F0D96671-A5CE-4854-AE49-6835742D232F} (Infragistics Panel Control 4.0) - https://dks.jmfamily.com/cabs/IGThreed40.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.jmfamily.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.jmfamily.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intravision Client Update Service (IVTClientUpdate) - Intravision Technologies - c:\program files\intravision technologies\nvar 2.0 media client\clientupdateservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 11228 bytes

 

Scan again with HijackThis and place a check next to the following entries, close ALL other windows then click Fix Checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O14 - IERESET.INF: START_PAGE_URL=http://oasis

I asked before but you did not respond ......... were all of the IE trusted zone entries added by you? I'm particularly interested in the following entries (I can see the others are associated with the domain the computer is a member of).

O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)

If not legitimate entries, fix those with HijackThis as well.


I see FrostWire was recently added. P2P file sharing apps are a good way to aquire infections, which can then spread to network (domain) shares. Recommend you uninstall and steer clear of them.

Reboot when done fixing those entries. If the popups persist, run an online scan with Kaspersky. Instructions are here.

Post a fresh HijackThis log please.

 

Pop Ups

The following entries were added into my trusted zone by our IT Department. This is a work laptop computer. I will remove Frostwire.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O14 - IERESET.INF: START_PAGE_URL=http://oasis


O15 - Trusted Zone: http://*.drfintranet
O15 - Trusted Zone: http://*.jaxintranet
O15 - Trusted Zone: http://*.jaxsiisp3
O15 - Trusted Zone: http://*.jaxsiisp5
O15 - Trusted Zone: http://*.mobintranet
O15 - Trusted Zone: http://*.stlintranet
O15 - Trusted Zone: http://*.drfintranet (HKLM)
O15 - Trusted Zone: http://*.jaxintranet (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp3 (HKLM)
O15 - Trusted Zone: http://*.jaxsiisp5 (HKLM)
O15 - Trusted Zone: http://*.mobintranet (HKLM)
O15 - Trusted Zone: http://*.stlintranet (HKLM)

Thanks!

 

These will do nothing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oasis

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oasis/
O14 - IERESET.INF: START_PAGE_URL=http://oasis


Paste http://oasis into your browser and you get nothing. Sure the IT dept added those like that? Does it take you somewhere when connected to the domain?

 

Pop ups

I have to dial onto my VPN and the I can get on oasis site. This is where I I access all of my work info. You cannot get onto oasis site by just pasting into browser.

 

OK, well then I see nothing in your logs to indicate a problem. What kind of popups are you getting? Regular ads, banners, etc? Associated with any 1 site, or at many/any site?

 

PopUps Have Stopped

I just wanted to let you know that the Pop Ups Have stopped

Thanks for all of your help!

 

Glad to hear that. Thanks for posting back!