Strange Security Dialog Box at Startup

Hello. My XP home machine here,I have a pop-up message each
time at starting the machine.I thought that it was perhaps
the firewall (ZoneAlarm),or the freebie anti-virus (AVG
7.5),as I had both disabled them from start-up through
System Configuration Utility. With the same result:
"
"Security "
The security information is invalid or has

been modified.This program will be terminated. " "

As I do not know what security. Nor wich
program this message is refering to.I do not know what is to
be the reason the message is displayed.

Where can I look to consider what this message
is for.?


From all appearances,there is nothing within
'Start-up,wich I can disable in order to alleviate the
message.Should be some place where I can see what this
message pertains to.

This is a single user,dual boot machine
with XP SP2.*

There are lots of programs on my startup.Too many perhaps.I would like to know wich the cause of this indicator.Or if there is something to do with the operating system software.
___Thanks.__________

* Note I have loaded several new programs
recently. Including IBMs 'Symphony 'suite.So I am concerned
there is something amiss somewhere,with the interaction to
the operating system.
*Note I changed my admin.password.Recently.And
installed the Microsoft 'Backup ,wich uses the Scheduled
Task utility.I used it a couple times (with backup
program).It does not work as did the W98SE scheduled task
utility. As it will not simply run a link to a music
file,for example from a shortcut pasted into it.

 

Hi Seas For Hi-Jack

That is a bit too deep for me to fish for a problem.The number of start up programs are numbered.The number of installed programs are numbered.I will rarely go to attempting 'code'research at any depth.

I find it odd that a anti-virus company would take information and put it plain public for all to see.W/O a secure type connection or relationship.That is trend micro-is it not? My thumbs out for this,I dont exactly know what trend-micro tends to do with it.

Anyway,The program within Hi-jack this wich 'uninstalls programs.It is strange that of a program wich does not uninstall a program,but makes it entirely impossible to do so.Removing only its presence within Add/Remove programs.
++ Security Message at task.
From the 'Security Error message I saw,I took a clue to the fact that the Icon within the task bar looks like a 'blue 3 cubical box.I looked at my ZoneLabs zone alarm,and 2 programs has/have that icon.Same as the security error message.Strangely being convinced to uninstall a trial version of Ulead Studio 10 from 'Hi-jack this(and as I said the unistall simply removes it from the Add/remove programs listing).
2) I went to the location of the programs instalation.A file called uvPL.exe part of the installation . I clicked on the file and the message pops up. [A 'microsoft foundation class'is is the second icon of wich is much the same as that seen within the task bar with the use of the message]

I'm not sure the reason this message is loading at start up.Since I negleted to uninstall this trial-ware program (exactly this date last year).
At present to further troubleshoot,I will have to discover how to now uninstall a program w/o the program to do so.I do not remember if the program last year was a count of usage,for the program,or a limited chronology.I only used it once,and did not uninstall it on the hopes of purchasing it.
+++This may not be the problem.But It will be a first in doing so.Hi-jack this is like I said a little deep.I would not propose publishing operating system information such as this on an open forum.As I do not wish to localize my computer with such information as it pertains to.

Here is a copy of the "Hi-Jack this" Start-up report.
drive letters stripped off.I'm going to see if I can uninstall UleadStudio10.For a starter.Thanks for your suggestion,Hi-jack this has some nifty tools.And I use Trend-Micro often.
...............Thanks for your suggestion.However I will attempt other methods...
StartupList report, 12/9/2007, 11:13:49 AM
StartupList version: 1.52.2
Started from : +\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

+\WINDOWS\System32\smss.exe
+\WINDOWS\system32\winlogon.exe
+\WINDOWS\system32\services.exe
+\WINDOWS\system32\lsass.exe
+\WINDOWS\system32\Ati2evxx.exe
+\WINDOWS\system32\svchost.exe
+\WINDOWS\System32\svchost.exe
+\WINDOWS\system32\spoolsv.exe
+\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
+\PROGRA~1\AVGFree\avgamsvr.exe
+\PROGRA~1\AVGFree\avgupsvc.exe
+\PROGRA~1\AVGFree\avgemc.exe
+\WINDOWS\system32\cisvc.exe
+\WINDOWS\system32\CTsvcCDA.exe
+\WINDOWS\system32\HPZipm12.exe
+\WINDOWS\system32\svchost.exe
+\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
+\WINDOWS\system32\MsPMSPSv.exe
+\Program Files\Canon\CAL\CALMAIN.exe
+\WINDOWS\system32\Ati2evxx.exe
+\WINDOWS\system32\wscntfy.exe
+\WINDOWS\Explorer.EXE
+\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
+\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
+\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
+\WINDOWS\system32\CTHELPER.EXE
+\Program Files II\Motherboard Monitor 5\MBM5.EXE
+\Program Files\Java\jre1.6.0_03\bin\jusched.exe
+\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
+\Program Files\ATI Technologies\ATI.ACE\cli.exe
+\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
+\Program Files\HP\hpcoretech\hpcmpmgr.exe
+\Program Files II\HP\HP Software Update\HPWuSchd2.exe
+\Program Files II\Adobe PhotoShopStarter\3.2\Apps\apdproxy.exe
+\Program Files II\iTunes\iTunesHelper.exe
+\PROGRA~1\AVGFree\avgcc.exe
+\Program Files\Rage3D\GameUtil.exe
+\Program Files II\Creative\Media Source\Detector\CTDetect.exe
+\Program Files\ATI Multimedia\main\ATIDtct.EXE
+\WINDOWS\system32\ctfmon.exe
+\Program Files II\PC Magazine Utilities\TitleBar Add-Ons\Titlebar Add-Ons.exe
+\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
+\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
+\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
+\PROGRA~1\YAHOOM~2\MESSEN~1\ymsgr_tray.exe
+\Program Files\iPod\bin\iPodService.exe
+\Program Files\ATI Technologies\ATI.ACE\cli.exe
+\Program Files\ATI Technologies\ATI.ACE\cli.exe
+\Program Files\Internet Explorer\iexplore.exe
+\WINDOWS\system32\cidaemon.exe
+\Program Files II\PC Magazine Utilities\FileSnoop\FileSnoop.exe
+\Program Files II\PC Magazine Utilities\FileSnoop\FileSnoop.exe
+\WINDOWS\system32\notepad.exe
+\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[+\Documents and Settings\Captain pickard\Start Menu\Programs\Startup]
Zone Labs Security.lnk = +\Program Files II\Zone Labs\ZoneAlarm\zlclient.exe

Shell folders Common Startup:
[+\Documents and Settings\All Users\Start Menu\Programs\Startup]
Zone Labs Security.lnk = +\Program Files II\Zone Labs\ZoneAlarm\zlclient.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = +\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DXDllRegExe = dxdllreg.exe
EM_EXEC = +\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
CTSysVol = +\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
CTDVDDet = +\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
CTHelper = CTHELPER.EXE
SBDrvDet = +\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
UpdReg = +\WINDOWS\UpdReg.EXE
MBM 5 = "+\Program Files II\Motherboard Monitor 5\MBM5.EXE "
SunJavaUpdateSched = "+\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
RoxioAudioCentral = "+\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe "
RoxioEngineUtility = "+\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
ATICCC = "+\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
RemoteControl = +\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
Logitech Utility = Logi_MwX.Exe
HP Component Manager = "+\Program Files\HP\hpcoretech\hpcmpmgr.exe "
HP Software Update = +\Program Files II\HP\HP Software Update\HPWuSchd2.exe
MimBoot = +\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
UVS10 Preload = +\Program Files II\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
Adobe Reader Speed Launcher = "+\Program Files II\Adobe\Reader 8.0\Reader\Reader_sl.exe "
Adobe Photo Downloader = "+\Program Files II\Adobe PhotoShopStarter\3.2\Apps\apdproxy.exe "
QuickTime Task = "+\Program Files II\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "+\Program Files II\iTunes\iTunesHelper.exe "
AVG7_CC = +\PROGRA~1\AVGFree\avgcc.exe /STARTUP
Game Util = +\Program Files\Rage3D\GameUtil.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

RemoteCenter =
Creative Detector = +\Program Files II\Creative\Media Source\Detector\CTDetect.exe /R
(Default) =
ATI Launchpad =
ATI DeviceDetect = +\Program Files\ATI Multimedia\main\ATIDtct.EXE
ctfmon.exe = +\WINDOWS\system32\ctfmon.exe
Titlebar Add-Ons = +\Program Files II\PC Magazine Utilities\TitleBar Add-Ons\Titlebar Add-Ons.exe
Yahoo! Pager = "+\PROGRA~1\YAHOOM~2\MESSEN~1\YAHOOM~1.EXE" -quiet

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = +\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = +\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = +\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /+/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /+U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = +\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = +\WINDOWS\system32\Rundll32.exe +\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Load/Run keys from +\WINDOWS\WIN.IN+

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= zert_ani.dll

--------------------------------------------------

Shell & screensaver key from +\WINDOWS\SYSTEM.IN+

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

+\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
+\WINDOWS\Explorer\Explorer.exe: not present
+\WINDOWS\System\Explorer.exe: not present
+\WINDOWS\System32\Explorer.exe: not present
+\WINDOWS\Command\Explorer.exe: not present
+\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - +\PROGRA~1\YAHOOM~2\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - +\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - +\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - +\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Calculator.job
Progress Toolbx Bcup.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = +\Program Files II\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[HouseCall Control]
InProcServer32 = +\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[Creative Software AutoUpdate]
InProcServer32 = +\WINDOWS\DOWNLO~1\CTSUEng.ocx
CODEBASE = http://www.creative.com/su/ocx/15015/CTSUEng.cab

[DjVuCtl Class]
InProcServer32 = +\Program Files\LizardTech\DjVuControl\DjVuCntl.dll
CODEBASE = http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

[Hewlett-Packard Online Support Services]
InProcServer32 = +\WINDOWS\Downloaded Program Files\HPISDataManager.dll
CODEBASE = https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

[Shockwave ActiveX Control]
InProcServer32 = +\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = +\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab

[Installation Support]
InProcServer32 = +\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = +\Program Files\Yahoo!\Common\Yinsthelper.dll

[PSFormX Control]
InProcServer32 = +\WINDOWS\DOWNLO~1\PESTSC~1.OCX
CODEBASE = http://www.pestpatrol.com/pestscan/pestscan.cab

[WUWebControl Class]
InProcServer32 = +\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120188110157

[HpProductDetection Class]
InProcServer32 = +\Program Files\HP\Common\HPDeviceDetection.dll
CODEBASE = http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

[MUWebControl Class]
InProcServer32 = +\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120189214625

[Housecall ActiveX 6.5]
InProcServer32 = +\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[ParallelGraphics Cortona Control]
InProcServer32 = +\WINDOWS\Downloaded Program Files\cortona_control.dll
CODEBASE = http://www.parallelgraphics.com/bin/cortvrml.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[Webshots Photo Uploader]
InProcServer32 = +\WINDOWS\DOWNLO~1\WSPHOT~1.OCX
CODEBASE = http://community.webshots.com/html/WSPhotoUploader.CAB

[get_atlcom Class]
InProcServer32 = +\WINDOWS\Downloaded Program Files\gp.ocx
CODEBASE = http://www.adobe.com/products/acrobat/nos/gp.cab

[Shockwave Flash Object]
InProcServer32 = +\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[McFreeScan Class]
InProcServer32 = +\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4999/mcfscan.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = +\WINDOWS\DOWNLO~1\CTPID.ocx
CODEBASE = http://www.creative.com/su/ocx/15014/CTPID.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Apple Mobile Device: "+\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: +\WINDOWS\system32\ati2sgag.exe (autostart)
ATI TV Wonder Video Capture: system32\drivers\atibtcap.sys (autostart)
ATI TV Wonder Video Crossbar: system32\drivers\atibtxbr.sys (autostart)
ATI TV Wonder TV Tuner: system32\drivers\ativtutw.sys (autostart)
ATI TV Wonder Audio Crossbar: system32\drivers\ativxstw.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AVG7 Alert Manager Server: +\PROGRA~1\AVGFree\avgamsvr.exe (autostart)
AVG7 Update Service: +\PROGRA~1\AVGFree\avgupsvc.exe (autostart)
AVG E-mail Scanner: +\PROGRA~1\AVGFree\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Canon Camera Access Library 8: +\Program Files\Canon\CAL\CALMAIN.exe (autostart)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
Creative Service for CDROM Access: +\WINDOWS\system32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IMAPI CD-Burning COM Service: +\WINDOWS\system32\imapi.exe (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
HP Pci Information: \??\+\DOCUME~1\MRF476~1.MIK\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys (autostart)
PfModNT: \??\+\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
PMEM: \??\+\WINDOWS\system32\drivers\pmemnt.sys (autostart)
Pml Driver HPZ12: +\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\+\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Ulead Burning Helper: +\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: +\WINDOWS\system32\MsPMSPSv.exe (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: +\WINDOWS\system32\SHELL32.dll
CDBurn: +\WINDOWS\system32\SHELL32.dll
WebCheck: +\WINDOWS\system32\webcheck.dll
SysTray: +\WINDOWS\system32\stobject.dll
WPDShServiceOb+ +\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 19,386 bytes
Report generated in 0.191 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Ulead Studio 10 Uninstall...

...seem to do the trick.The file within Ulead Studio10s' instalation files "uvPL.exe "did pop up the message if I was to click on it.

Corel.com has within its troubleshooting section,an instruction on how to uninstall manually Ulead Studio 11. It is not UleadStudio 10. But it is the same sort of hack.

Registry keys for the program uninstallled.Common files within the root directory with the directory of the same program name.And then the programs files themselves uninstalled (deleted)within the directories themselves.

I only restarted once with success...so looks like this was the problem. There should be more detail for those indicators. It could have said something denoting its location.And program.

...ULead left a decoder and something else on the drive....fun...
I'm having a difficult time turning my .AVIs from my Canon Camera to something that works on DVD. Avi to MPEG2- only thing plays in the living room.
Ulead works well ...

 

This was the culprit.I deleted this from the entries seen in HiJack This.... "uvpl.exe ",and ulead studio 10 entries.

04-HKLM\..\Run:[UVS10 Preload] <x> Program Files II\Ulead Systems\Ulead VideoStudio 10\uvpL.exe


023-Service: Ulead Burning Helper(UleadBurningHelper)-Ulead Systems,Inc. <x> Program Files\Common Files\Ulead Systems\DVD\ULCDRsvr.exe
Yes I will use Hijack this.I was looking for a Windows angle.As even as I am knowledgable about how to run programs.The tools (example Computer Management Console)are not readily familiar from example.
Norton system works does something such as this,to discern 'run'entries for a computer.There are several other nifty programs to do 'Registry Scans- "TweakNow Registry'distiller" for one.
Regedit is a Windows utility for looking at that aspect of Windows.
In my opinion there is no reason to put your personal drive information in open forum to make assessment without great discretion in doing so.
Frankly its just nobodies business.No matter how belittling computer troubleshooting is.Usually there is either a 'closed session'(say messaging),or you are actually speaking with someone on a one-to-one basis.What Hijack this does can mean real trouble,in real time for example to a computer wich is itself involved in real time business.Making real time trouble.
I wouldn't for example,back-up my registry and post the file on a forum link.Lol.A different troubleshooting method will have to do.The composition of your hardrive,its layout,is your own business.Use descretion.Do something different than posting drive information in open public forum.You are making a mistake doing so.
Like I mentioned I'm looking for a Windows angle.
I miss being reminded of what Utilities are hidden in the XP operating system.Good luck,good morning,thanks.
ps.notice those links are 'hot'.There is no reason to replicate the mechanism for them.That is information from 'my hardrive,now given to your hardrive...and so on.Thanks windowsbbs.com.

 

I'm happy to hear you've gotten your problem sorted. I must admit though, I am puzzled as to why you feel anyone posting drive configuration information in a public forum is such a mistake, and further puzzled as to why you would go through the trouble of stripping your logs of the drive letter. If you're thinking that posting such info is in any way a security risk, I beg you to think again. I, nor anyone else cares what drive letters you have assigned to anything, how many partitions you have, what partition the active operating system resides on, etc. That information's only value to anyone is in directing a user where to locate a file or folder, knowing where further cleaning might be needed, helping us determine if a file is legitimate or rogue based on it's location, etc. A hacker could care less what your drive letter assignment is, and it makes no difference to malware or it's authors either. Such things target environment variables, and despite hiding your drive letter configuration from the public, you cannot hide environment variables such as the following from something that has penetrated your system.

%SystemDrive%
%SystemRoot%
%ProgramFiles%
%CommonFiles%
%Userprofile%


The 'numbering' of startup entries, services, etc in a HijackThis log are only a method of grouping key areas of the registry, making the analysis of the logs a bit easier for us. The 'key areas' I refer to are well known targets for exploitation, and therefore enumerated to help us diagnose any problems. HijackThis has perhaps been one of the most valuable tools for the diagnosis of virus and malware infections in the history of the internet, and it does not report any information that would pose a risk to your computer's security, such as passwords, product keys, etc. It is used in every forum that deals with infections, and even many that do not. It has been used by billions, most of which have posted those logs in the public forums. HijackThis was created and maintained by a well known, highly respected individual known as Merijn, who then sold it to Trend Micro earlier this year. Trend continues to develop and provide HijackThis as a free tool to aid in the identifcation and removal of malware.

 

Whew,..I didn't think I might get any sort of reply here.I'm staring like a dog at the screen thinking about what I wrote so early in the day..Well in good spirit what can I tell you,..a.. "take me wife . Since I dont have one of those ? ".

Seriously,you can see that,the moderator to the forum here,took my post off of the original board,and placed it within the 'removing virus -and malware forum'. That alone removed the context of it into that wich was more the intention of finding malware,and virus. When,for all extensive purposes that was no indication of wich that was what my troubleshooting session was to pertain to.
On another point,if you do not see several thousand dollars in assets in my start up files alone. I can only tell you I am not alone in that ascertation.And that like I mentioned I find it uncanny that an anti-virus company would do such a tact to the general population,as that this is an acceptable practice.Since for the most part everybody within computerdom has fought to keep their data,and files on the private side. Mere participation within Internet does not pertain to this type of open entertainment that this is an acceptable ideal.
As far as the HIjack this being an accepable tool.It perhaps is.But since I am trying to solve for a problem,it would not be the only possibility to conclude that. I would moreso at a first grasp something within the Windows arsenal,within the usage of the operating system software. This would be a winner for sure,since it is myself wich I would like to enlighten of how to run this machine. Hijackthis is actually missing a back-end part,of wich requires the security,and attention of a technician.It probably was something that was decided would not be able to be afforded and was taken to the 'liberal information' ideal as it is at present.
Your perspective is one of many sir. I would like for example to be told what tool to use,and so could for myself how to use it. I would not be as canny as to simply consider to come here,and then be tossed to another forum,to weave between those many different lighted threads.
It simply is not a good practice put public what you want to continue as is condsidered personal.I'll add that I consider the 'blackmail of 'Trend Micros liscence aggreement to be agressive,howebeit' at this writing it is truly my opinion. It is their own folly.
I would like to continue detailing the XP operating system.As I miss it. And use Trend Micros products,when at all possible.
Good troubleshooting.

PS:%SystemDrive%
%SystemRoot%
%ProgramFiles%
%CommonFiles%
%Userprofile%...what does the % mean,and how can I use them.Or where can I go to read where they are described as used ? I see them is everything from HTML to of course the hardrive.I started DOS 3.1 but things moved on,...I'm not asking because of my own (can't think of the word)...shortcommings,or inadaquacy.Toward running the computer here. Even though that would make just perfect standard to some.
A more topical continuation of your puzzle would be as to if Corel.com has a security pop-up within its trial-ware products timed to show up at some interval for its instalation users.The "uvpl.exe "file was shear chance at looking at the 'firewall program area for some clue.I clicked on this file located within the installation files within the Ulead VideoStudio 10 directory,and the exact prompt came up. This time of year I'm thinking of doing the videos.I haven't used the program for a whole year.It was of course expired.When I attempted to.Security here is also to a certain context.Mystery in convention too..

 

Click Start>Run and type (or paste) any of the four commands on the run line then hit enter. You'll know then exactly what they are and what you can do with them. BTW, my error .......... %CommonFiles% should actually be %CommonProgramFiles%

 

Thats nifty computering. Thanks for your reply. Little quicker than grabbing the drive/directory with the mouse from a drop down menu.

LOL I noticed somebody in the XP forum needed to know how to put missing default menus back up.A reply put a url to go 'download a program wich would do so.The program works of course. Yet the problem is actually not solved by using the program. Since there must be a way to do so-utilizing the XP components.
I would take hours trying to deal with downloading on a slow connection,configuring,then running and utilizing a program.It would be like yada,yada download and go figure.It just does nobody any good to have someone else put a problem that really could be better solved by addressing it for onself.Although having such a resolution is neccesary for many problems.
Of course I don't know how to resolve putting missing menus back on the XP programs default.I downloaded and did the program too,myself ?
Here is a program wich inspects for insecure software versions.It will search an advise on software wich has security updates available for instalation.

Secunia Software Inspector
http://secunia.com/software_inspector/

I receive and read an email newletter for/from FredLanga.He is at WindowsSecrets.com,and INformationWeek.com as an editor.I enjoy reading his tips although I haven't recently,as most of the 'good stuff'for Windows is a 'paid for subscription.And too,you can find yourself doing a lot of program utility downloads.

Happy Holidays.