XP home IE6 mystery window named monitor-now runs slowly

Running XP Home, IE 6 all updated.  I saw a very short flash of a very small window flash with the word 'monitor' at the top. The next time, the window had no title.  The computer started running slowly shortly before that.
PC-Cillin Internet Security 2007, Housecall, found nothing. Now I am afraid to reboot.
shlewAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RedKelvinCommented:
It may have just been a freak event. Backup all of your important data, before rebooting...Just in case.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rpggamergirlCommented:
Is it only at startup? it could just be the LegalNotice's.

Can we look at a hijackthis log to rule out malware?
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

You can either upload the log to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
0
shlewAuthor Commented:
Not at startup. I am on 24/7.
I ran HijackThis, went to ee-stuff, browsed to the file, clicked on upload but find no activity.
The forum format is new since my last visit so maybe I don't understand, did it upload somewhere and I didn't see it? If so, there must be 3 copies by now...  :-(
 Same with trying to upload it to TomCoyote and related.

I'll try rafb.
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

shlewAuthor Commented:
http://rafb.net/p/ie5YtP35.html
finally figured out the paste sequence...
0
shlewAuthor Commented:
But I don't uderstand why I get invlaid file tpe from ee-stuff for a text file...
0
rpggamergirlCommented:
Thanks for the log, I don't know why it gave you an invalid file, I haven't uploaded for a long time, maybe it needed to be zipped, it's supposed to accept .txt so maybe it's just bug, sorry about that.

Unfortunately, I couldn't find any suspicious entries in the log, but it can happen that nasties hides from the scan.
Can you please try downloading and running SUPERAntispyware, it's a ver good scanner:
http://www.superantispyware.com/


Then after that, please run Combofix, it gives us a log to look at as well.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
shlewAuthor Commented:
While SuperAntispyware is running, I should tell you that, even after finding the conflict between the new Trend 2007 and Spybot seems to have problemetic solutions, I have unwillingly removed Spybot, still slooow, I had discontinued PC-Cillin,-that is turned it off, still rediculously slow.
Windows take minutes to load, move, do anything.
The SuperAntispyware has been running for 1.5 hours and has only just finished scanning the updates file and is starting on PCHealth.
Frustrating.
Any further thoughts?
0
shlewAuthor Commented:
What about trying a restore point? Or is that going to work if I have a bad guy?
I am afraid to reboot for fear I won't be able to reboot properly!
0
rpggamergirlCommented:
I can't blame you for hesitating to boot, when suspicious thing going on.

If the bad guy hasn't affected the System Restore and you go back as far back as before you were infected, then it should be okay.

Also you need to check first that userinit.exe in system32 folder folder is still there so you can log back in.
You also check to make sure there aren't any suspicious entries in your winlogon notify keys,
 It's when a bad files is removed and the related registry entry still intact could cause the bootup problems.
0
shlewAuthor Commented:
I checked my restore points and still hesitated. So I ran several online scanners-don't remember all of them. There were a few what looked like cookies and one non cookie which I removed. I wish I could remember but have been ill. I did run ComboFix based on your recommendation.

I just wish I could rmemeber what solved it.  Perhaps a combination of things. I usually keep a diary of problems and fixes but that evaporated too.

Points for all the effort and ComboFix.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.