HELP! Fun Web objects detected: how do I remove them?

[Saussure]

My computer. Windows XP+Service Pack 2, with the latest patches, has suddenly started to crash - once when I turned off my printer, and once when I booted it. It stayed turned off, that is, it did not restart automatically. I checked the computer with Norton AntiVirus and Ad-Aware (latest versions, with latest updates and patches). Nothing. Then I ran a Panda scan, and it came up with the following:

Incident Status Location

Adware:Adware/FunWeb No disinfected Windows Registry
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.5.inf

Okay, then I decided to download HijackThis and it came up with the following:

Logfile of HijackThis v1.99.1
Scan saved at 23:28:57, on 19.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Uni Basel\VPN Service\cvpnd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sony\vaio media music server\SSSvr.exe
C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\SV_Httpd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\UPnPFramework.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.mugglenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.baz.ch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo

Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager]

"C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk =

C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk =

C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Uni Basel VPN Service.lnk = C:\Programme\Uni

Basel\VPN Service\vpngui.exe
O8 - Extra context menu item: &Google Search -

res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -

res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Encarta &Definition -

http://encarta.msn.com/encnet/featu...kDictionary.htm
O8 - Extra context menu item: Similar Pages -

res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherche-Assistent -

{9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search

Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binar...kr.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products

Installer Start) -

http://imgfarm.com/images/nocache/f...tralInitialSetu

p1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

Class) - http://messenger.zone.msn.com/binar...er.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

- http://by10fd.bay10.hotmail.msn.com...es/MsnPUpld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield

International Setup Player) -

http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binar...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/binar...wn.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec

Corporation - C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems,

Inc. - C:\Programme\Uni Basel\VPN Service\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec

Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation

- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application)

(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner -

C:\Programme\Sony\vaio media music server\SSSvr.exe"

/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media

Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP)

(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner -

C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media

platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP

/RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0"

/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)

(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation -

C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media

platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application)

(VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner -

C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)

(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner -

C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP

/RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0"

/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)

(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation -

C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\UPnPFramework.exe


Okay, now what do I do? CAN SOMEONE PLEASE PLEASE PLEASE HELP ME?!!!

[NealM]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when a reply has been made.

Please be patient with me during this time.

[Saussure]

I've posted a new scan, I've found something which the other log didn't have even though I did not use the computer to surf between the posting times of the two logs. It's a smileycentral object:


Logfile of HijackThis v1.99.1
Scan saved at 16:41:24, on 20.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Uni Basel\VPN Service\cvpnd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sony\vaio media music server\SSSvr.exe
C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\SV_Httpd.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\UPnPFramework.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\SymWSC.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.mugglenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.baz.ch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo

Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager]

"C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk =

C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk =

C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk =

C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Uni Basel VPN Service.lnk = C:\Programme\Uni

Basel\VPN Service\vpngui.exe
O8 - Extra context menu item: &Google Search -

res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -

res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Encarta &Definition -

http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Similar Pages -

res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherche-Assistent -

{9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search

Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products

Installer Start) -

http://imgfarm.com/images/nocache/fu...ralInitialSetu

p1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

- http://by10fd.bay10.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield

International Setup Player) -

http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/binary...n.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec

Corporation - C:\Programme\Gemeinsame Dateien\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems,

Inc. - C:\Programme\Uni Basel\VPN Service\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec

Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation

- C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation

- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Programme\Gemeinsame Dateien\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application)

(VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner -

C:\Programme\Sony\vaio media music server\SSSvr.exe"

/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media

Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP)

(VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner -

C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media

platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP

/RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0"

/RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP)

(VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation -

C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media

platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application)

(VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner -

C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP)

(VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner -

C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP

/RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0"

/RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP)

(VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation -

C:\Programme\Gemeinsame Dateien\sony shared\vaio media

platform\UPnPFramework.exe

Whether these objects have anything to do with the crashes is something I don't know. I downloaded smileycentral ages ago - more than a year ago, and removed it when I read about its bad reputation, but obviously, not all of it. The crashes started a few days ago, the first one was because I turned my printer off and the error report sent to Microsoft confirmed that it was the printer's fault. But the second crash worries me more. It happened when I was booting my computer as usual. There was a flash of a blue screen and the computer switched itself off.

[NealM]

Your post is quite difficult to read because of all the line breaks. Are you simply copying and pasting the log from Notepad into this thread or are you doing something else to it "in between"

[Saussure]

No, I'm simply copy-pasting it from Notepad, where the log is created.

[Saussure]

Is this better? This is the log which I just posted.



Logfile of HijackThis v1.99.1
Scan saved at 16:41:24, on 20.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Uni Basel\VPN Service\cvpnd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sony\vaio media music server\SSSvr.exe
C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mugglenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baz.ch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Uni Basel VPN Service.lnk = C:\Programme\Uni Basel\VPN Service\vpngui.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Uni Basel\VPN Service\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Programme\Sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe

Sorry...I think both logs are identical, after all! Didn't see the smileycentral object in the first log at first sight, I was in such a hurry.

[NealM]

That's great thanks v. much

[tetonbob]

Just as an aside.....what causes those line breaks in Notepad is Word Wrap....it must not be enabled when copying and pasting the logs.....

On with the show!

[NealM]

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

To turn off System Restore Click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/f....tup1.0.0.5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab30149.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

Please remember to close all other windows, including browsers then click Fix checked.


Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.5.inf


Reboot your System in normal mode.


See the thread HERE. The second post down, and follow the instructions for downloading and using Adaware SE.

Also go HERE to download Spybot Search & Destroy.

Run both of the above applications, you can safely delete everything they find.


If you have a fast internet connection (Broadband), run an online scan at Trend Micro or RAV Antivirus.
Please select the “autoclean” option when using Trend Micro.

Please post a fresh Hijack This log so that we can check if your system is clean.

[Saussure]

Am currently at university and will have to get home first before cleaning my computer. In the meantime, I'm wondering especially about the following file which I am to fix with HijackThis:

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

Is it part of Hewlett Packard? Because my printer is a Hewlett Packard all-in-one.
I've had it since January, and it worked very well until a few days ago when I turned it off, causing the computer to crash. So is it a rogue file or something?

[NealM]

This is an ActiveX downloaded program file. (Yes it's associated with Hewlett Packard) These can be perceived as gateways to your machine, a way in for the nasties ! ! ! ! This particular one is sometimes deleted by analysts and sometimes left. In truth it makes very little difference because next time you visit the site it will automatically download again if it's required.

[Saussure]

Thank you for taking the time and trouble to help me out. I tried to boot the computer in safe mode, but there was no safe mode listed. Only the following were listed in the blue box that appeared:

Please select boot device:

SM-Sony DVDRWDW-U12A
1st FLOPPY DRIVE
-PM-WDC WD1200 BB-22DAAO
-MBA UNDI

Is this because my computer is running on Windows XP Home + Service Pack 2? I tried booting the computer several times, pressing the F8 key at various stages of the boot-up (boot-up is quick with this computer). After the SONY logo and the Microsoft logo with the "loading bar" (the bar with the moving green thingies to indicate the loading process) popped up, there was no effect because the computer had already finished the booting process. Do I have do press a different key? I tried holding down the key, then I tried pressing it repeatedly. Do I really have to do this in safe mode?

[greyknight17]

In this case Safe Mode is not crucial, but it's how we usually do things here.

Just to get it straight though, try hitting F5 instead. Some systems may use a different key and F5 might be it. Or you can try holding down the ctrl key after you restart.

Either way, finish up the fix for HijackThis and follow the rest of the instructions by NealM.

[Saussure]

Thank you for your instructions - it took the F5 key to boot into safe mode. I removed what you told me to check, and I am posting a fresh log. By the way, two computer boots ago, an error report popped up in connection with the second crash, and I was sent on to the Microsoft Crash Analysis Website; but all they could say was that one of the drivers (they couldn't say which one) had made an error. I strongly suspect Hewlett Packard, which may have not recovered from the first crash when I turned of the HP Printer, causing the computer to switch itself off. What also puzzles me is that it takes several boots (about five boots) for the computer to generate an error report...But for now, here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 20:45:13, on 21.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Uni Basel\VPN Service\cvpnd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sony\vaio media music server\SSSvr.exe
C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mugglenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baz.ch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Uni Basel VPN Service.lnk = C:\Programme\Uni Basel\VPN Service\vpngui.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab30149.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Uni Basel\VPN Service\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Programme\Sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Programme\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programme\Gemeinsame Dateien\sony shared\vaio media platform\UPnPFramework.exe

I am also attaching the two Microsoft analysis reports which I bookmarked, so as not to lose them (unfortunately, they are in German, but they might help anyway).

First report after computer crashed upon turning off the printer:

Analyseinformationen

Vielen Dank für das Einsenden Ihres Fehlerberichts. Die Fehlerursache ist wahrscheinlich:

Hewlett-Packard Printer Driver (HPZid412/HPZius12)


Hewlett-Packard Printer Driver (HPZid412/HPZius12) wurde von Hewlett-Packard Company erstellt. Bei Hewlett-Packard Company ist das Problem bekannt und es wird an einer Lösung gearbeitet. Weitere Informationen finden Sie auf der Hewlett-Packard Company-Website.

http://welcome.hp.com/country/us/eng/support.htm


Second report after crash while booting the computer and after logging into Windows:
Fehler durch einen Gerätetreiber

Vielen Dank für das Einsenden Ihres Fehlerberichts. Microsoft kann keine spezifische Ursache für das berichtete Problem ermitteln. Unten finden Sie Informationen zur Problembehandlung.

Analyse

Ein Gerätetreiber auf Ihrem System hat das Problem verursacht, aber die Ursache kann nicht genau festgestellt werden. Je nach Ausgangssituation führen Sie eine der folgenden Aktionen durch:

Falls das Problem nach dem Installieren neuer Hardware auf dem Computer aufgetreten ist, liegt die Ursache möglicherweise im Gerätetreiber dieser Hardware. Fordern Sie Unterstützung beim Gerätehersteller an, sofern dieser bekannt ist.
Auch Software, wie etwa Firewall- oder Antivirussoftware, kann Treiber installieren. Falls das Problem nach dem Installieren neuer Software aufgetreten ist, könnte die Problemursache ein Treiber sein, der durch die Software mitinstalliert worden ist. Fordern Sie Unterstützung beim Produktsupport des Softwareherstellers an, sofern dieser bekannt ist.
Falls Sie den Treiberhersteller nicht kennen und Hilfe bei der Diagnose und Lösung dieses Problems benötigen, wenden Sie sich an den Produktsupport des Computerherstellers.
Ein aktualisierter Treiber ist ggf. auf der Microsoft Windows Update-Website erhältlich. Bei Windows Update können Sie Ihren Computer nach aktualisierten Treibern durchsuchen lassen. Sofern diese verfügbar sind, wird Windows Update eine Auswahl geeigneter Treiber anbieten. Weitere Informationen über ggf. erhältliche aktualisierte Treiber finden Sie unter Microsoft Windows Update.
Weitere Informationen über Microsoft-Supportoptionen finden Sie bei Microsoft Support Services.

[greyknight17]

Since Neil is not online and you are waiting for a reply, I will try to wrap it up for him.

Don't worry, we understand all languages here Yes, it seems like it is a driver problem. Did you have problems before or is this the first time you installed it? Try removing the drivers from the Device Manager. Restart and then reinstall the HP drivers.

Your log itself is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided.

Are there any problems now? If not, you should be set to go.

If you have problems with the drivers, please post at the Printers Section instead. Someone should help you shortly there.

[Saussure]

Thank you very much!
I installed the printer (HP psc all-in-one 1315) in January 2005, and I had no problems at all. Why, after roughly four months, it should suddenly act funny is a mystery to me. I had just printed out something and then I turned off the printer. Immediately, the computer flashed a blue screen (too quick for me to read it) and switched itself off. After a few boots, the critical error report was generated. Obviously, the problem is known to Hewlett Packard (at least it says so in the first analysis) but I wouldn't mind knowing what went wrong when I turned off the computer...