1
Tech Clinic / "your computer is infected" black screen
« on: August 29, 2005, 12:06:59 AM »
YOU ARE THE BEST!! It is gone, and I now have the right theme.
Thanks!!!!
Thanks!!!!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / "your computer is infected" black screen
« on: August 28, 2005, 11:26:08 PM »
" Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck everything you find in there.
the only box checked was a security box, which I unchecked, but when i logged off and on again it was checked back.
here are the results of display.txt
=================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,00,00,53,00,00,00,79,00,00,00,73,00,00,00,74,00,00,00,\
65,00,00,00,6d,00,00,00,52,00,00,00,6f,00,00,00,6f,00,00,00,74,00,00,00,25,\
00,00,00,5c,00,00,00,72,00,00,00,65,00,00,00,73,00,00,00,6f,00,00,00,75,00,\
00,00,72,00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,54,00,00,\
00,68,00,00,00,65,00,00,00,6d,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,\
6c,00,00,00,75,00,00,00,6e,00,00,00,61,00,00,00,5c,00,00,00,6c,00,00,00,75,\
00,00,00,6e,00,00,00,61,00,00,00,2e,00,00,00,6d,00,00,00,73,00,00,00,73,00,\
00,00,74,00,00,00,79,00,00,00,6c,00,00,00,65,00,00,00,73,00,00,00,00,00,00,\
00
"ColorName"="NormalColor"
"SizeName"="NormalSize"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\Web\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\Web\\desktop.html"
"FriendlyName"="Security"
"Flags"=dword:00006002
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,57,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,00,00,00,32,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,57,02,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,58,02,\
00,00,01,00,00,00
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000
the only box checked was a security box, which I unchecked, but when i logged off and on again it was checked back.
here are the results of display.txt
=================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,00,00,53,00,00,00,79,00,00,00,73,00,00,00,74,00,00,00,\
65,00,00,00,6d,00,00,00,52,00,00,00,6f,00,00,00,6f,00,00,00,74,00,00,00,25,\
00,00,00,5c,00,00,00,72,00,00,00,65,00,00,00,73,00,00,00,6f,00,00,00,75,00,\
00,00,72,00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,54,00,00,\
00,68,00,00,00,65,00,00,00,6d,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,\
6c,00,00,00,75,00,00,00,6e,00,00,00,61,00,00,00,5c,00,00,00,6c,00,00,00,75,\
00,00,00,6e,00,00,00,61,00,00,00,2e,00,00,00,6d,00,00,00,73,00,00,00,73,00,\
00,00,74,00,00,00,79,00,00,00,6c,00,00,00,65,00,00,00,73,00,00,00,00,00,00,\
00
"ColorName"="NormalColor"
"SizeName"="NormalSize"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\Web\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\Web\\desktop.html"
"FriendlyName"="Security"
"Flags"=dword:00006002
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,57,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,00,00,00,32,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,57,02,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,58,02,\
00,00,01,00,00,00
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000
3
Tech Clinic / "your computer is infected" black screen
« on: August 28, 2005, 10:47:40 PM »
OK. AVG found nothing. Spybot found and fixed mediaplex and avenue A.
I still have the original problem: a white background shows up between my background of choice (windows xp theme) and the icons on my desktop, right after googletalk and the antivirus start. Also, if i go to control panel-> display -> themes and choose any theme (eg, windows XP), i get the usual picture but on top of it there is a little pop up window on top of the picture. it is labeled Active X window, and it is a white window with
"window text" written within it.
Here is my hjt
Logfile of HijackThis v1.99.1
Scan saved at 11:40:40 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
I still have the original problem: a white background shows up between my background of choice (windows xp theme) and the icons on my desktop, right after googletalk and the antivirus start. Also, if i go to control panel-> display -> themes and choose any theme (eg, windows XP), i get the usual picture but on top of it there is a little pop up window on top of the picture. it is labeled Active X window, and it is a white window with
"window text" written within it.
Here is my hjt
Logfile of HijackThis v1.99.1
Scan saved at 11:40:40 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
4
Tech Clinic / "your computer is infected" black screen
« on: August 28, 2005, 07:38:15 PM »
I am desperate!! Thanks for getting back so fast. I removed the folders and files you specified. Here is the hosts notepad output
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
5
Tech Clinic / "your computer is infected" black screen
« on: August 28, 2005, 07:24:25 PM »
here is the list:
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe SVG Viewer 6.0
Adware Patrol 1.0.8
AlertSpy 1.0.8
Avance AC'97 Audio
Big Action Construction
BigFix
BitTorrent 4.1.2-Beta
Bricks Of Egypt (remove only)
Chessmaster 10th Edition
CleanUp!
Coelho Sabido e a Estrela Cintilante
CompuServe
Conexant SoftK56 Modem(M)
DELL TrueMobile 1180 Wireless USB
DivX
DivX Player
ewido security suite
GameSpy Arcade
Google Talk (remove only)
Google Toolbar for Internet Explorer
Gutterball
HijackThis 1.99.1
Intel® Extreme Graphics Driver Software
Internet Chess
iPod mini 1.0 for Windows User Guide
iPod mini Software Updater 1.0
iPodder.NET
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
JetSuite Pro for the HP LaserJet 3150
JumpStart Advanced 1st Grade
JumpStart Advanced 2nd Grade
JumpStart Field Trip Adventure
JumpStart Phonics
KODAK Picture CD
Learn to Play Chess with Fritz and Chesster
Learn to Play Chess with Fritz and Chesster 2
LEGO My Style Preschool
Macromedia Shockwave Player
Math Missions Grades K-2
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Works 6.0
Mozilla Firefox (1.0.5)
MSN Messenger 6.2
Mystery Club Detective Academy
Outlook Express Q837009
Panda ActiveScan
Playhouse Disney's Stanley Wild for Sharks
QuickTime
Reader Rabbit 1st Grade
Reader Rabbit Playtime for Baby
Reader Rabbit Thinking Adventures Ages 4-6
Reader Rabbit Toddler
Reader Rabbit's Math Ages 6-9
RealPlayer
Registrar Lite 2.00
Rescue Heroes Hurricane Havoc
Rescue Heroes Meteor Madness
Rescue Heroes Mission Select
Rescue Heroes(tm) Lava Landslide
Rescue Heroes(tm) Tremor Trouble
Shockwave
Spinner the Space Kid (remove only)
Spy Kids 3D
Spybot - Search & Destroy 1.3
SpyCatcher 3.0
Update for Windows XP (KB894391)
Viewpoint Media Player (Remove Only)
Vodei Multimedia Processor 1.09
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q819696
Windows XP Service Pack 1a
Yahoo! Companion
Zoombinis Logical Journey(tm)
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe SVG Viewer 6.0
Adware Patrol 1.0.8
AlertSpy 1.0.8
Avance AC'97 Audio
Big Action Construction
BigFix
BitTorrent 4.1.2-Beta
Bricks Of Egypt (remove only)
Chessmaster 10th Edition
CleanUp!
Coelho Sabido e a Estrela Cintilante
CompuServe
Conexant SoftK56 Modem(M)
DELL TrueMobile 1180 Wireless USB
DivX
DivX Player
ewido security suite
GameSpy Arcade
Google Talk (remove only)
Google Toolbar for Internet Explorer
Gutterball
HijackThis 1.99.1
Intel® Extreme Graphics Driver Software
Internet Chess
iPod mini 1.0 for Windows User Guide
iPod mini Software Updater 1.0
iPodder.NET
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
JetSuite Pro for the HP LaserJet 3150
JumpStart Advanced 1st Grade
JumpStart Advanced 2nd Grade
JumpStart Field Trip Adventure
JumpStart Phonics
KODAK Picture CD
Learn to Play Chess with Fritz and Chesster
Learn to Play Chess with Fritz and Chesster 2
LEGO My Style Preschool
Macromedia Shockwave Player
Math Missions Grades K-2
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Works 6.0
Mozilla Firefox (1.0.5)
MSN Messenger 6.2
Mystery Club Detective Academy
Outlook Express Q837009
Panda ActiveScan
Playhouse Disney's Stanley Wild for Sharks
QuickTime
Reader Rabbit 1st Grade
Reader Rabbit Playtime for Baby
Reader Rabbit Thinking Adventures Ages 4-6
Reader Rabbit Toddler
Reader Rabbit's Math Ages 6-9
RealPlayer
Registrar Lite 2.00
Rescue Heroes Hurricane Havoc
Rescue Heroes Meteor Madness
Rescue Heroes Mission Select
Rescue Heroes(tm) Lava Landslide
Rescue Heroes(tm) Tremor Trouble
Shockwave
Spinner the Space Kid (remove only)
Spy Kids 3D
Spybot - Search & Destroy 1.3
SpyCatcher 3.0
Update for Windows XP (KB894391)
Viewpoint Media Player (Remove Only)
Vodei Multimedia Processor 1.09
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q819696
Windows XP Service Pack 1a
Yahoo! Companion
Zoombinis Logical Journey(tm)
6
Tech Clinic / "your computer is infected" black screen
« on: August 28, 2005, 07:09:47 PM »
here is the output:
**********1) smitRem.txt***********
smitRem log file
version 2.3
by noahdfear
The current date is: Sun 08/28/2005
The current time is: 0:19:00.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />
*********** 2) Ewido ***************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:30:10 PM, 8/28/2005
+ Report-Checksum: 48FCB9F6
+ Scan result:
:mozilla.23:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.60:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.61:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.78:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.84:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.86:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.95:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.96:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
::Report End
************************** 3) Panda *************
Incident Status Location
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:adware/findspy No disinfected C:\DOCUMENTS AND SETTINGS\ANDREW\FAVORITES\ Free Hidden Cams World - Realtime.url
Adware:adware/topmoxie No disinfected C:\WINDOWS\cache371
Adware:adware/wupd No disinfected Windows Registry
Virus:Trj/Ppdoor.AH Disinfected C:\WINDOWS\system32\crypmg32.dll
***************** 4) HJT ***********************
Logfile of HijackThis v1.99.1
Scan saved at 8:04:11 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
**********1) smitRem.txt***********
smitRem log file
version 2.3
by noahdfear
The current date is: Sun 08/28/2005
The current time is: 0:19:00.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
\' />*********** 2) Ewido ***************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:30:10 PM, 8/28/2005
+ Report-Checksum: 48FCB9F6
+ Scan result:
:mozilla.23:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.60:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.61:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.78:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.84:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.86:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.95:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.96:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\c5tv0e2d.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
::Report End
************************** 3) Panda *************
Incident Status Location
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:adware/findspy No disinfected C:\DOCUMENTS AND SETTINGS\ANDREW\FAVORITES\ Free Hidden Cams World - Realtime.url
Adware:adware/topmoxie No disinfected C:\WINDOWS\cache371
Adware:adware/wupd No disinfected Windows Registry
Virus:Trj/Ppdoor.AH Disinfected C:\WINDOWS\system32\crypmg32.dll
***************** 4) HJT ***********************
Logfile of HijackThis v1.99.1
Scan saved at 8:04:11 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
7
Tech Clinic / "your computer is infected" black screen
« on: August 27, 2005, 08:54:55 AM »
My PC got infected with spyware. we got a black screen on the desktop saying "your computer is infected" and directing us to a url where we could buy anti spyware software.
I ran the Microsoft antispyware software (beta version), Adware SE special 1.06, and spybot search and destroy.
The black screen and text went away. BUT, there is still something on top of my desktop (I can tell because the desktop shows up when I boot the machine or turn it off without the white background, and in fact googletalk launches while my theme of choice for the desktop is still there).
also, when I open control panel/display and look at the themes tab, the picture of the themes has the usual pictures but on top of it comes a smaller "Active Window."
Here is my HJT log - pls help
Logfile of HijackThis v1.99.1
Scan saved at 9:46:58 AM, on 8/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
I ran the Microsoft antispyware software (beta version), Adware SE special 1.06, and spybot search and destroy.
The black screen and text went away. BUT, there is still something on top of my desktop (I can tell because the desktop shows up when I boot the machine or turn it off without the white background, and in fact googletalk launches while my theme of choice for the desktop is still there).
also, when I open control panel/display and look at the themes tab, the picture of the themes has the usual pictures but on top of it comes a smaller "Active Window."
Here is my HJT log - pls help
Logfile of HijackThis v1.99.1
Scan saved at 9:46:58 AM, on 8/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\andrew\Desktop\hijackthis.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Pages: [1]