I was navigating to a previously visited blogsite by selecting it from the URL address bar (stored history). When I clicked Go, a command prompt type of screen flashed for a quarter of a second then dissappeared. In order to read it, I took a digital shot of my monitor. Perhaps this is normal behavior because of how the website address was stored, or, something worse? The website as I tried it was: AT HTTP://COUNTERTERRORISMBLOG.ORG The black background, command prompt type of screen that flashed had the following data: Title bar: C\Windows\System32\at.exe Inside the box: AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [\\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command" then there are commands listed with descriptions, such as \\computername Specifies a remote computer. Commands are scheduled on the local computer (description continues) Others: id, /delete, /yes, time, /interactive, /every:date{,...], /next:date[,...], "command" so, is this normal behavior becase of how the addy was placed in the URL? --or, should I be more concerned? tia, drcarl

Here are some checks you can make. at.exe http://www.google.com.au/search?hl=... Free online sites to cleanup your comp. Use at least 2 from each group. Group1: Free online Virus scan. http://kaspersky.com/kos/english/ka... http://www3.ca.com/virusinfo/viruss... http://housecall.antivirus.com/ http://www.coledata.com/virusalert.htm http://www.cybertechhelp.com/html/m... http://www.pandasoftware.com/produc... http://www.pandasoftware.es/actives... http://www.bitdefender.com/ http://www.pcpitstop.com/antivirus/... http://virusscan.jotti.dhs.org/ http://virusscan.jotti.org/ http://www.virustotal.com/flash/ind... DrWeb CureIT http://www.klitetools.com/comments.... http://www.klitetools.com/comments.... http://download.drweb.com/win/ Group2: Free online Trojan scan. http://www.trojanscan.com/ http://www.pcflank.com/ http://www.spywareinfo.com/xscan.php http://www.windowsecurity.com/troja... Group3: Free online Spyware detector. http://www.pestscan.com/ http://home.ca.com/dr/v2/ec_main.en... http://www.spywareguide.com/txt_onl... http://www.webroot.com/services/spy... http://download.zonelabs.com/bin/pr... Or, http://www.spywareinfo.com/xscan.php Screen for Adware, Spyware, Scumware, Diallers, ’Jackers and other unsolicited commercial software. This scanner is an ActiveX applet. After a short delay in which your browser downloads the control file, you will receive a "Warning Dialogue" requesting permission for the scanner to run. Click "Yes" and the applet will pop up and scan. You will be alerted if any spyware is found. When a spyware or malware is found, you will be alerted and asked if you want to remove it. If no spyware is found, the scanner will disappear on its own. If nothing happens, or if you are using a browser other than Internet Explorer, click here and choose either "Open" or "Run this program from its current location". Do not choose "Download". http://www.xblock.com/download/xcle... Run HiJackThis. Important: Create a specific folder on your hard drive called HijackThis to keep its backups. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HijackThis. Download and unzip HijackThis.exe into this folder. http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/ If possible run HJT in Normal mode ( not Safe ) with all your normal startup's working. HijackThis Tutorial - How to Analyse your own log http://spywarewarrior.com/viewtopic... http://hometown.aol.co.uk/jrmc137/h... http://www.bleepingcomputer.com/tut... http://www.malwarehelp.org/understa... HijackThis log file analysis ( online ) http://hijackthis.de/index.php?lang... Or, http://startup.networktechs.com/pag... http://hjt.iamnotageek.com

Wow...there is a lot of good information there. Thank you. I have performed many of these tasks in the past...not recently...takes a bit of time...stiil, a GREAT list...I'll attack these areas one by one. I still wonder...first, why a website would show a history of an address as "AT http://etc...." and secondly...if such a command was run from the address bar in IE6, is it normal for a command line box to open???...kind of looks like I had gone to "run" and entered "at" from there... tia, drcarl