star up (empty) box-HJT LOG-HELP PLEASE!!!

vitico66 · Jul 17, 2004

hi;im a newbie here & not sure how this works;anyway,here is my problem:
the las 6 to 7 days ive noticed that everytime i start or reboot my pc there is a silver box w/a o.k. button in the bottom-this "box" pops up just before the computer promps for me to choose a user (me or my wife)-;unless i click the o.k. button it wont go on---im concerned that im o.k.'ing somethin bad so if anyone can help please.what's this???-is it bad???-how can i get rid of it???
thanks in advance------vitico66

Logfile of HijackThis v1.98.0
Scan saved at 2:20:01 PM, on 7/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\PROGRA~1\MemoKit\memokit2.exe
C:\Documents and Settings\Owner\My Documents\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB

chaslang · Jul 17, 2004

Could be one of these:
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe

Can you give more information? Are you saying there is just a button that only has the work OK in it? There is nothing else on the button? Where is the button? In the regular screen area or in your tray? Can you right click on it and get any info? Can you hit CTRL-ALT-DEL at that point to bring up Task Manager and find out what processes are running?

Major Attitude · Jul 17, 2004

Im a bit confused on one thing, but it may be nothing. I see you have a Dell printer, thats these lines here:

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

BUT, your also starting up a Lexmark printer here, more specifically netwrok related programs for that printer:
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE

Do you have 2 printers or is your Dell printer a rebranded Lexmark printer? If not, you might want to remove the one your not using.

vitico66 · Jul 18, 2004

hi fellows; i only have 1 printer; (dell a920) i tried removing lexpps.exe and
lexbces.exe and all my icons went away,so i put them back,as for memokit , start up monitor and s&d tea timer those are programs that have been running in my sistem for awhile,i did remove them and still getting the same box.;now, the box im talking about is silver,it comes up right after windows load and just before i get to choose awho is using my computer;ie,administrator(me),or my wife, it sits in the middle of my monitor,it's the kind of box that usually have prompts inside,with an o.k. button. if i try to do anything other than click o.k. it wont respond (to nothing),perhaps ive activated some hidden XP setting by accident,i really dont know,my wife thinks i should just forget about it and click o.k. every time i boot up or re-boot, but it's really bugging me.

thanks for all your help------frustated---vitico66

chaslang · Jul 18, 2004

Did you try to remove the Lexmark Printer stuff thru Add/Remove programs?
Also go here and read about those to Lexmark exe files, they don't sound very good.
http://www.answersthatwork.com/Tasklist_pages/tasklist_l.htm

As for the silver box, can you get a response from CTRL-ALT-DEL when it is on the screen?

Also, after your PC starts up, click Start, Run, and in the Open box type msconfig and click okay. Then select the Startup tab. Take a look at all the startup programs see if you can possibly identify anything strange.

Log in or Sign up

star up (empty) box-HJT LOG-HELP PLEASE!!!

vitico66 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Major Attitude Co-Owner MajorGeeks.Com Staff Member

vitico66 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

star up (empty) box-HJT LOG-HELP PLEASE!!!

vitico66 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Major Attitude Co-Owner MajorGeeks.Com Staff Member

vitico66 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches