[joyof60]

OK...I unchecked the qttask..sorry ...Before I was looking for "dit.exe"...error message still there. thanks though.

[joyof60]

Thanks cookiegal, I tried the info fron the link...I have no menu to clear....have never used quicktime before in this build.. thanks for the heads up though..

[Cookiegal]

Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.

• After download, double click on the file to launch the install process.
• Choose a language, click "OK" and then click "Next".
• Read the "License Agreement" and click "I Agree".
• Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
• After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
• The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
• Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
• Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
  Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
• Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:

• Click on the "Scanner" button and choose the "Settings" tab.
  
• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
• Under "Reports" select "Do not automatically generate reports".
• Click the "Scan" tab to return to scanning options.
• Click "Complete System Scan" to start.
• When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
• You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

• Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
• Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


Please go HERE to run Panda's ActiveScan

• You need to use IE to run this scan
• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.

[joyof60]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:27 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Ahead\InCD\InCDsrv.exe
J:\WINDOWS\system32\ZoneLabs\vsmon.exe
J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Analog Devices\Core\smax4pnp.exe
J:\Program Files\Analog Devices\SoundMAX\Smax4.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
J:\PROGRA~1\Grisoft\AVG7\avgcc.exe
J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\WINDOWS\system32\ctfmon.exe
J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
J:\PROGRA~1\Grisoft\AVG7\avgemc.exe
J:\WINDOWS\System32\nvsvc32.exe
J:\WINDOWS\System32\svchost.exe
J:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
J:\WINDOWS\System32\MsPMSPSv.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
J:\WINDOWS\system32\SearchIndexer.exe
J:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
J:\WINDOWS\system32\SearchProtocolHost.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] J:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "J:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] J:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Launch Ai Booster] "J:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "J:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "J:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Fix-It AV] J:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OLYMPUS Studio.lnk = J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = J:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ymetray.lnk = J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1192505267875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - J:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - J:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - J:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8233 bytes


Panda..


Incident Status Location

Spyware:Cookie/PointRoll Not disinfected J:\Documents and Settings\Granny and Paw Paw\Cookies\granny_and_paw_paw@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected J:\Documents and Settings\Granny and Paw Paw\Cookies\granny_and_paw_paw@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected J:\Documents and Settings\Granny and Paw Paw\Cookies\granny_and_paw_paw@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected J:\Documents and Settings\Granny and Paw Paw\Cookies\granny_and_paw_paw@casalemedia[1].txt
Spyware:Cookie/Mediaplex Not disinfected J:\Documents and Settings\Granny and Paw Paw\Cookies\granny_and_paw_paw@mediaplex[1].txt
Adware:Adware/Gator Not disinfected J:\Documents and Settings\Granny and Paw Paw\My Documents\My Documents\AOL Downloads\America Online 8.0\trickler_4010.ex_[J:\Documents and Settings\Granny and Paw Paw\My Documents\My Documents\AOL Downloads\America Online 8.0\trickler_4010.exe]


I did the AVG and saved the file per instructions but cannot find on the desktop nor in the reports menu within AVG....everything was quarantined but I got no report.

[Cookiegal]

Locate and delete this file:

J:\Documents and Settings\Granny and Paw Paw\My Documents\My Documents\AOL Downloads\America Online 8.0\trickler_4010.exe


Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**

[joyof60]

ComboFix 07-11-29.1 - Granny and Paw Paw 2007-11-28 14:30:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2300 [GMT -6:00]
Running from: J:\Documents and Settings\Granny and Paw Paw\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-27 22:20 . 2007-11-28 01:01 <DIR> d-------- J:\WINDOWS\system32\ActiveScan
2007-11-27 22:20 . 2007-11-28 00:29 30,590 --a------ J:\WINDOWS\system32\pavas.ico
2007-11-27 22:20 . 2007-11-28 00:29 2,550 --a------ J:\WINDOWS\system32\Uninstall.ico
2007-11-27 22:20 . 2007-11-28 00:29 1,406 --a------ J:\WINDOWS\system32\Help.ico
2007-11-27 19:14 . 2007-11-27 19:14 <DIR> d-------- J:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-27 18:55 . 2007-11-27 18:55 <DIR> d-------- J:\Documents and Settings\Granny and Paw Paw\Application Data\Grisoft
2007-11-27 18:55 . 2007-05-30 06:10 10,872 --a------ J:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 15:27 . 2007-11-27 15:27 <DIR> d-------- J:\Program Files\Trend Micro
2007-11-27 04:11 . 2007-11-27 04:11 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\PopCap
2007-11-27 03:48 . 2007-11-27 03:48 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\OLYMPUS
2007-11-26 17:07 . 2007-11-26 17:07 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-26 17:07 . 2007-11-26 17:07 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-11-26 16:31 . 2007-11-26 16:32 <DIR> d-------- J:\Program Files\GameTap
2007-11-26 16:31 . 2007-11-26 16:31 <DIR> d-------- J:\Documents and Settings\Granny and Paw Paw\Application Data\InstallShield
2007-11-26 16:31 . 2007-11-26 16:43 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\GameTap
2007-11-26 14:52 . 2007-11-26 14:52 <DIR> d-------- J:\Program Files\Common Files\SureThing Shared
2007-11-26 14:52 . 2007-11-26 14:52 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\YAHOO
2007-11-26 14:52 . 2004-12-03 13:23 344,064 --a------ J:\WINDOWS\system32\msvcr70.dll
2007-11-26 13:38 . 2007-11-27 10:30 <DIR> d-------- J:\Program Files\PCPitstop
2007-11-26 13:23 . 2007-11-26 13:23 <DIR> d-------- J:\Program Files\EasyCapture
2007-11-26 13:18 . 2007-11-26 13:18 <DIR> d-------- J:\Program Files\MWSnap
2007-11-22 23:40 . 1998-06-17 19:08 40,960 --a------ J:\WINDOWS\system32\Mfc42loc.dll
2007-11-22 23:40 . 2006-02-28 08:50 22,472 --a------ J:\WINDOWS\system32\drivers\OlcamUsb.sys
2007-11-22 23:40 . 2006-02-28 09:23 15,968 --a------ J:\WINDOWS\system32\drivers\OlcamFir.sys
2007-11-22 23:40 . 2003-05-01 17:49 402 --a------ J:\WINDOWS\system32\msxml4.inf
2007-11-21 08:04 . 2007-11-21 08:06 <DIR> d-------- J:\Documents and Settings\Granny and Paw Paw\Application Data\Canon
2007-11-08 21:24 . 2007-11-08 21:24 <DIR> d-------- J:\Documents and Settings\Granny and Paw Paw\Application Data\ArcSoft
2007-11-08 21:08 . 2007-11-27 03:48 <DIR> d-------- J:\Documents and Settings\Granny and Paw Paw\Application Data\OLYMPUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 20:31 124,651,552 --sha-w J:\WINDOWS\system32\drivers\fidbox.dat
2007-11-28 14:00 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\AVG7
2007-11-28 06:54 --------- d-----w J:\Program Files\Windows Desktop Search
2007-11-28 01:10 1,436,744 --sha-w J:\WINDOWS\system32\drivers\fidbox.idx
2007-11-28 00:55 --------- d-----w J:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-28 00:42 --------- d-----w J:\Program Files\QuickTime
2007-11-26 22:31 --------- d--h--w J:\Program Files\InstallShield Installation Information
2007-11-26 20:53 --------- d-----w J:\Program Files\Yahoo!
2007-11-26 20:44 --------- d-----w J:\Program Files\MUSICMATCH
2007-11-26 20:33 --------- d-----w J:\Program Files\Common Files\Scanner
2007-11-23 05:40 --------- d-----w J:\Program Files\OLYMPUS
2007-11-01 01:12 --------- d-----w J:\Program Files\VCOM
2007-10-30 03:54 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\Ahead
2007-10-24 22:26 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\Windows Desktop Search
2007-10-18 01:47 --------- d-----w J:\Documents and Settings\All Users\Application Data\avg7
2007-10-17 04:04 42,058 ----a-w J:\WINDOWS\Internet Logs\GLBF_2nd_2007_10_16_22_51_22_small.dmp.zip
2007-10-17 04:03 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\Simple Star
2007-10-17 03:58 --------- d-----w J:\Program Files\Ahead
2007-10-17 03:54 --------- d-----w J:\Documents and Settings\All Users\Application Data\Ahead
2007-10-17 03:47 --------- d-----w J:\Program Files\Lavasoft
2007-10-17 03:47 --------- d-----w J:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-17 03:46 --------- d-----w J:\Program Files\Common Files\Wise Installation Wizard
2007-10-17 03:41 40,799 ----a-w J:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_16_20_27_26_small.dmp.zip
2007-10-17 03:41 40,100 ----a-w J:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_16_20_27_30_small.dmp.zip
2007-10-17 03:38 --------- d-----w J:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 02:04 --------- d-----w J:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-17 01:26 43,170 ----a-w J:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_16_20_22_55_small.dmp.zip
2007-10-17 01:26 41,172 ----a-w J:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_16_20_23_07_small.dmp.zip
2007-10-17 01:26 39,218 ----a-w J:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_16_20_19_46_small.dmp.zip
2007-10-17 01:11 0 ---ha-w J:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-17 01:11 0 ---ha-w J:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2007-10-17 00:55 --------- d-----w J:\Program Files\MSXML 6.0
2007-10-17 00:54 --------- d-----w J:\Program Files\MSBuild
2007-10-17 00:52 --------- d-----w J:\Program Files\Reference Assemblies
2007-10-16 22:30 --------- d-----w J:\Documents and Settings\All Users\Application Data\MSN6
2007-10-16 19:29 --------- d-----w J:\Documents and Settings\LocalService\Application Data\VCOM
2007-10-16 03:04 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\VCOM
2007-10-16 02:58 --------- d-----w J:\Program Files\Canon
2007-10-16 02:56 --------- d-----w J:\Program Files\ScanSoft
2007-10-16 02:56 --------- d-----w J:\Program Files\Common Files\ScanSoft Shared
2007-10-16 02:56 --------- d-----w J:\Documents and Settings\Granny and Paw Paw\Application Data\ScanSoft
2007-10-16 02:56 --------- d-----w J:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-10-16 02:56 --------- d-----w J:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-10-16 02:55 --------- d-----w J:\Program Files\ArcSoft
2007-10-16 02:50 --------- d-----w J:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-16 02:43 --------- d-----w J:\Program Files\PIXELA
2007-10-16 02:42 --------- d-----w J:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-16 01:38 --------- d-----w J:\Program Files\ASUS
2007-10-16 01:31 --------- d-----w J:\Program Files\Marvell
2007-10-16 01:17 --------- d-----w J:\Program Files\Analog Devices
2007-10-16 00:24 --------- d-----w J:\Program Files\AOD
2007-10-16 00:24 --------- d-----w J:\Program Files\AIM
2007-10-16 00:23 --------- d-----w J:\Program Files\ART Inc
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\InstallShield
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\DeskShare Shared
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\Corel
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\aolback
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\AOL
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\Ahead
2007-10-16 00:22 --------- d-----w J:\Program Files\Common Files\Adobe
2007-10-16 00:21 --------- d-----w J:\Program Files\Cool2000
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\xing shared
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\Real
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\NVIDIA Shared
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\Nullsoft
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\L&H
2007-10-16 00:21 --------- d-----w J:\Program Files\Common Files\Java
2007-10-16 00:20 --------- d-----w J:\Program Files\CyberLink
2007-10-16 00:20 --------- d-----w J:\Program Files\Corel
2007-10-16 00:19 --------- d-----w J:\Program Files\HP
2007-10-16 00:19 --------- d-----w J:\Program Files\Hewlett-Packard
2007-10-16 00:19 --------- d-----w J:\Program Files\Google
2007-10-16 00:19 --------- d-----w J:\Program Files\exPressit S.E. 2.2
2007-10-16 00:19 --------- d-----w J:\Program Files\DIFX
2007-10-16 00:19 --------- d-----w J:\Program Files\Deskshare
2007-10-16 00:18 --------- d-----w J:\Program Files\Microsoft Location Finder
2007-10-16 00:18 --------- d-----w J:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-16 00:18 --------- d-----w J:\Program Files\Microsoft ActiveSync
2007-10-16 00:18 --------- d-----w J:\Program Files\Logitech
2007-10-16 00:18 --------- d-----w J:\Program Files\LimeWire
2007-10-16 00:18 --------- d-----w J:\Program Files\Learn2.com
2007-10-16 00:18 --------- d-----w J:\Program Files\Java
2007-10-16 00:17 --------- d-----w J:\Program Files\Microsoft Streets & Trips
2007-10-16 00:16 --------- d-----w J:\Program Files\MSXML 4.0
2007-10-16 00:16 --------- d-----w J:\Program Files\Mpeg2Decoder
2007-10-16 00:15 --------- d-----w J:\Program Files\NVIDIA Corporation
2007-10-16 00:15 --------- d-----w J:\Program Files\Nero
2007-10-16 00:15 --------- d-----w J:\Program Files\MyPublisher
2007-10-16 00:14 --------- d-----w J:\Program Files\RegistryFix
2007-10-16 00:14 --------- d-----w J:\Program Files\Real
2007-10-16 00:14 --------- d-----w J:\Program Files\Pure Networks
2007-10-16 00:14 --------- d-----w J:\Program Files\Pixmantec
2007-10-16 00:13 --------- d-----w J:\Program Files\Windows Media Connect 2
2007-10-16 00:13 --------- d-----w J:\Program Files\Viewpoint
2007-10-16 00:13 --------- d-----w J:\Program Files\U.S. Robotics
2007-10-16 00:13 --------- d-----w J:\Program Files\Turtle Beach
2007-10-16 00:12 --------- d-----w J:\Program Files\WinZip Self-Extractor
2007-10-16 00:12 --------- d-----w J:\Program Files\WinTV
2007-10-15 22:47 --------- d-----w J:\Program Files\DiscWizard for Windows
2007-10-15 18:14 --------- d-----w J:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="J:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"PhotoShow Deluxe Media Manager"="J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 19:50]
"MSMSGS"="J:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="J:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 01:29]
"SoundMAX"="J:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"JMB36X Configure"="J:\WINDOWS\System32\JMRaidTool.exe" [2006-08-13 20:51]
"Launch Ai Booster"="J:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-07-13 15:32]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 J:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 22:43 J:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:56 J:\WINDOWS\system32\rundll32.exe]
"HP Component Manager"="J:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]
"HP Software Update"="J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 11:55]
"HPDJ Taskbar Utility"="J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46]
"ISUSPM Startup"="J:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"OpwareSE2"="J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"Fix-It AV"="J:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2005-06-15 19:56]
"AVG7_CC"="J:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 07:35]
"ZoneAlarm Client"="J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"NeroFilterCheck"="J:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="J:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:35]

J:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Microsoft Office.lnk - J:\Program Files\Microsoft Office\Office10\OSA.EXE [2007-10-15 18:17:48]
OLYMPUS Studio.lnk - J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe [2007-11-22 23:40:32]
Windows Desktop Search.lnk - J:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-10-15 18:13:02]
ymetray.lnk - J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 13:56:10]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= J:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
J:\Program Files\QuickTime\qttask.exe -atboottime

R2 CX23880;Video Advantage PCI;J:\WINDOWS\system32\drivers\cx88vid.sys
R2 CX88XBAR;Video Advantage PCI Crossbar;J:\WINDOWS\system32\drivers\CX88XBAR.sys
R2 X4HSX32;X4HSX32;\??\J:\Program Files\GameTap\bin\Release\X4HSX32.Sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 14:31:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 14:32:27
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:34 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Ahead\InCD\InCDsrv.exe
J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Analog Devices\Core\smax4pnp.exe
J:\Program Files\Analog Devices\SoundMAX\Smax4.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\WINDOWS\system32\ctfmon.exe
J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
J:\PROGRA~1\Grisoft\AVG7\avgemc.exe
J:\WINDOWS\System32\nvsvc32.exe
J:\WINDOWS\System32\svchost.exe
J:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
J:\WINDOWS\System32\MsPMSPSv.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
J:\WINDOWS\system32\SearchIndexer.exe
J:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\explorer.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] J:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "J:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] J:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Launch Ai Booster] "J:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "J:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "J:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Fix-It AV] J:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] J:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OLYMPUS Studio.lnk = J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = J:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ymetray.lnk = J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1192505267875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - J:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - J:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - J:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8072 bytes


Thanks again for you patience and perseverance.

[Cookiegal]

The program you're using to overclock may be the culprit but let's try this:

Go to Start – Run - type msconfig – click OK and click on the startup tab. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.

[joyof60]

I really dont need to overclock. Maybe disable that program or return to original settings?

[Cookiegal]

Try disabling just that program in msconfig and see if that solves the problem.

[joyof60]

OK.. Tried to disable the overclock program and also found that the qttask has reappeared. unchecked that as well. NO disk error still appears as before. also when I change the configuration upon restart I always get the message screen that the msconfig is in diagnostic or safe mode and am given the option to check the box not to run the msconfig or show the screen again. Is that normal and should I check the box or just allow it to run as is??

[AcaCandy]

You can check the box.

[AcaCandy]

You also have a bunch of other stuff running at startup that does not need to be starting.

[joyof60]

So do I uncheck every thing as you suggested before? will that be Ok??

[AcaCandy]

O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OLYMPUS Studio.lnk = J:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = J:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ymetray.lnk = J:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] J:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [HP Software Update] "J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"


I'd start with those, what is AI BOOSTER? and what IS MEMCHECK?

Those look like good 'zap' candidates as well.

[AcaCandy]

http://www.castlecops.com/StartupList.html

good site to check startups