Also getting an official looking screen with Unlock Computer on the top left and a message saying This Computer is In Use and Has Been Locked --There is the User Name and an empty password area - This screen goes away when I press OK.
I found something with google that leads me to believe this has something to do with a corrupted screensaver:
http://support.micro...om/?kbid=242917
Have run Cleanup4 AVG Spybot Adaware Ewido.
Thanks
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:35:38 AM, 8/4/2005
+ Report-Checksum: B097F608
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
[1720] C:\WINDOWS\System32\iijnipjp.dll -> Worm.Prox.c : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\FileSubmit\Finding Nemo SS\nnez_388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\SpySheriff\IESecurity.dll -> Spyware.SpywareNo : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Trojan.SpySheriff : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\sys026.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys027.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys033.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys034.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1151.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys122.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys124.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1432.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1433.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1632.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1637.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys185.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys186.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5233.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5237.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5238.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\adsmsext.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\atl70082.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\ca2.dll -> Spyware.SearchIt : Cleaned with backup
C:\WINDOWS\system32\deoglnpa.dll -> Worm.Prox.c : Cleaned with backup
C:\WINDOWS\system32\ghpbldpm.dll -> Worm.Prox.c : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\msclock32.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.f : Cleaned with backup
C:\WINDOWS\system32\zolker005.dll -> Spyware.Azesearch : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__iijnipjp.dll -> Worm.Prox.c : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__symcsvc.exe -> Trojan.Crypt.i : Cleaned with backup
::Report End
HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:53:03 AM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\m?dtc.exe
C:\Utilities\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E790DCDA-6338-44B7-4411-1D5333F601EF} - C:\WINDOWS\System32\tlai.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [Bufh] C:\WINDOWS\System32\m?dtc.exe
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.c...cab/awswaxf.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_2us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: System - {16B8EA89-9ACF-4A04-96F8-CBE23477C9B4} - vr_sys.dll (file missing)
O21 - SSODL: 357ECB62-CD36-4B63-B57E-769D0CA174F4 - {7D126260-357B-63E5-8BCD-D4A4312EB4FC} - c:\program files\wildtangent\apps\gamechannel\games\357ecb62-cd36-4b63-b57e-769d0ca174f4\wpfkj32.dll (file missing)
O21 - SSODL: 1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC - {8ECFF52C-B52B-0662-86EA-91D1D05DEFF2} - c:\program files\wildtangent\apps\gamechannel\games\1abc286c-de10-4590-beff-4d0dff5ea1ec\winkajk32.dll (file missing)
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\iijnipjp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe
Edited by tacoeater, 04 August 2005 - 07:57 AM.