Hello
Ok, when did this color issue began?
Hello
Ok, when did this color issue began?
Hi there. I did some researching all of the programs you had me do. And believe me I didn't think I skipped anything. Well I did. I went back to Safe Mode and showed all hidden and system files. And there it was again. The same virus that keeps showing up in the Lexmark files for printing as you may guess. Also looked into the Windows files and there are alot infected there. I did change some of them but having the inf and i386 to go through I stopped to write and let you know. Must say I am sorry for not checking first. So, if you may give me a couple days to clean it all out I would like to get back to you. Will try to go through all the steps you wrote as I printed them all out. I must say, my pc is starting to run smoother without error messages and crashing on its own. At least I'm able to access the internet with all original files. I will hold off installing the SP2 CD from Microsoft. It is still my belief that having Norton pre-installed on my pc was not protecting everything. This stuff has been constantly coming up until I deleted the program and bought something else. Also I really liked all the older S&D Versions that cleaned alot off for me. That is why I am recognizing what is in those files. I just can't get to them with any program yet. Getting back to the color, it has been going on for three months. Twice I got into some files in the system and found it and the colors came back. I have maybe four other third party programs I will re-install when everything goes well. They were not causing me any problems but have large quantiy of files. So Mr_JAK3 I will say everything has been going well with your help. And I'm glad to find where alot of it has been. I would like to keep going with this as soon as I get my files taken care of in a few days. Thanks again, Shela
Ok don't worry
Post the fresh logs when you're ready...
How is it going Shela.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
I have just made some logs to send. I've been working all weekend long on the infected files. So you can't imagine how I feel as the same things keep popping up in the Lexmark files in the Registry. It is this, Account Unknown (S-1-5-32-547). I don't know where it's coming from. Also my colors are all back to normal on the desktop this morning. Also I found two files in the C:\Documents and Settings\All Users\Documents\Shared Music\Thumbs. The Thumbs says it's a DataBase file dated Sept.18,03. The next one is a Thumbs database file from Sheila Wilsons Pictures\sample pictures. Also a Thumbs database file from the Owners Videos. I didn't deleted them but deleted this, S-1-5-21-3150081293-1317959777-2995841162-1003 from most all of the files infected. This is the one that keeps coming back also on reboot. And I don't know if it's still there or not. Will wait to hear from you and thanks again. Shela
Sorry, Logfile of HijackThis v1.99.1
Scan saved at 1:36:19 PM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://security.kolla.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://security.kolla.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.verisign.com/repository/CPS
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Wireless keyboard control panel.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...b1179350540468
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:55:54 PM 6/11/2007
+ Scan result:
Nothing found.
::Report end
Tashi or Mr_JAK3
Today I ran the S&D V1.4 and it said no problems found there. So I don't know where to go from here. Please Help if you will. Thanks,Shela
Hello
Your HijackThis log was taken from safe mode.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log taken in normal mode
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Hi Mr_JAK3 Ready to go with ComboFixlog and hjlog. All done in normal mode..
ComboFix 07-06-13 - C:\Documents and Settings\Sheila Wilson\Desktop\ComboFix.exe
"Sheila Wilson" - 2007-06-12 13:26:10 - Service Pack 1 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\command.pif
((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))
2007-06-12 13:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-30 12:41 100 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\wklnhst.dat
2007-05-29 22:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-27 00:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 23:37 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll
2007-05-26 23:36 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-05-26 23:36 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-05-26 23:36 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-05-26 23:36 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2007-05-26 23:36 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2007-05-26 23:36 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-05-26 23:36 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2007-05-26 23:36 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2007-05-26 23:36 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-05-26 23:36 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-05-26 23:36 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2007-05-26 23:36 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2007-05-26 23:36 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2007-05-26 23:36 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2007-05-26 23:36 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2007-05-26 23:36 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2007-05-26 23:36 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2007-05-26 23:36 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2007-05-26 23:30 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-26 23:30 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-26 23:30 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-19 08:45 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\Help
2007-05-19 07:39 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-17 19:48 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\Leadertech
2007-05-17 19:45 <DIR> d-------- C:\Program Files\Atari
2007-05-17 15:03 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-05-17 15:02 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\OfficeUpdate12
2007-05-17 14:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-05-16 14:43 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\AdobeUM
2007-05-16 14:37 173,792 --a------ C:\wks7dll.exe
2007-05-16 14:06 0 --a------ C:\DOCUME~1\SHEILA~1\APPLIC~1\wklnhst.dat
2007-05-16 01:31 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-05-16 01:31 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-05-16 01:31 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-05-16 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-16 00:20 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-05-15 23:39 <DIR> d-------- C:\WINDOWS\system32\bits
2007-05-15 23:38 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-15 23:38 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-15 23:38 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-15 23:38 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-15 23:38 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-15 23:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-15 23:38 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-15 23:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-15 23:30 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-15 23:30 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-15 23:30 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-15 23:30 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-15 23:30 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-15 23:30 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-15 23:30 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-15 22:58 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-05-15 22:58 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-05-15 22:58 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-05-15 22:58 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-05-15 22:58 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-05-15 22:58 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-05-15 22:58 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-05-15 22:50 630,464 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-05-15 22:50 108,656 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-05-15 22:45 <DIR> d-------- C:\Program Files\CA
2007-05-15 22:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-15 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-15 16:57 2,855 --a------ C:\WINDOWS\system32\mem.PIF
2007-05-15 15:12 2,855 --a------ C:\WINDOWS\system32\edit.PIF
2007-05-14 19:00 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-05-14 19:00 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-14 19:00 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2007-05-14 18:59 299,520 --a------ C:\WINDOWS\uninst.exe
2007-05-14 18:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-05-14 18:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-05-13 22:24 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-13 22:19 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-13 18:32 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-13 18:32 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-05-13 18:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-05-13 18:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-05-13 18:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-05-13 18:25 3,670,016 --ah----- C:\DOCUME~1\SHEILA~1\NTUSER.DAT
2007-05-13 18:25 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-05-13 18:25 <DIR> d---s---- C:\DOCUME~1\SHEILA~1\UserData
2007-05-13 18:25 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\Symantec
2007-05-13 18:25 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\CyberLink
2007-05-13 18:25 <DIR> d-------- C:\DOCUME~1\SHEILA~1\APPLIC~1\Ahead
2007-05-13 18:24 <DIR> d---s---- C:\DOCUME~1\DEFAUL~1\UserData
2007-05-13 18:24 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-05-13 18:24 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
2007-05-13 18:24 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead
2007-05-13 18:13 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-13 18:13 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-05-13 18:13 50,560 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-05-13 18:13 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-01 08:04:33 388,608 ----a-w C:\WINDOWS\system32\mstsc.exe
2007-05-30 19:43:03 -------- d-----w C:\Program Files\MSN Messenger
2007-05-18 02:46:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 02:45:44 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-16 08:01:24 -------- d-----w C:\Program Files\Messenger
2007-05-16 06:30:33 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 18:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 21:47]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"PCMService"="C:\Program Files\PowerCinema\PCMService.exe" [2003-06-24 12:23]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 03:43]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-15 22:58]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-15 22:58]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 03:32]
"Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 C:\WINDOWS\CMICNFG.CPL]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 13:26:59
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-12 13:27:21
C:\ComboFix-quarantined-files.txt ... 2007-06-12 13:27
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 1:40:57 PM, on 6/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Wireless keyboard control panel.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...b1179350540468
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Hi there Mr_JAK Would like to add that since running the programs yesterday and posting log everything has returned. And the only thing I remember is the Microsoft Updates came upon desktop wanting to install the June Malicious File Removal and did install that. Also I had one problem with Window Media Player 9, while reading email with an audio, video is stopped part way through to say it crashed,files may be corrupted and was unable to continue with no error number. As I thought all error messages had a number to refer to. Also once again I have lost my colors on the desktop.. Would like to hear from you. Shela
Hi
Ok what video card do you have? We could try updating it's drivers.