hi all my computer is taken ages to load up could someone please check this hjt log to see if i am infected with anything
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:38 PM, on 26/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/skynews/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=0061215
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 194.168.8.100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 194.168.8.100:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P1 /q C:\Users\DENNIS~1\AppData\Local\Temp\{CD948~1\SDPL UG~1.SH! C:\Users\DENNIS~1\AppData\Local\Temp\{CD948~1.SH! (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P2 /q C:\Users\DENNIS~1\AppData\Local\Temp\Low\HSPERF~1. SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P1 /q C:\Users\DENNIS~1\AppData\Local\Temp\{CD948~1\SDPL UG~1.SH! C:\Users\DENNIS~1\AppData\Local\Temp\{CD948~1.SH! (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P2 /q C:\Users\DENNIS~1\AppData\Local\Temp\Low\HSPERF~1. SH! (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7005 bytes

Welcome,

Please download ATF CLEANER 3


Double-click ATF-Cleaner.exe to run the program.

If you would like to keep your cookies don't check that item

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.





Go HERE to run an online scannner from ESET.

* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Check next options: Remove found threats and Scan unwanted applications.
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log in your next reply and also let me know how things are now.


New hijackthis log please.

thanks for your advice ran atf could not run eset online scanner told me i need to be administrarer even though i am

Is your computer set to show you are administrator?

You can also setup a fake admin account and see if scan will work then.


If no go:



You may want to printout the following instructions:

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update successful message.
  • Click on Scanner on the toolbar at top of this screen.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

• Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.If you can't go to safe mode or run from safe mode, use NORMAL MODE.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

• Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
• At the bottom of the window click on the Apply all Actions button.(3)

• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop. I will need you to post this in your next reply.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

ran avg as told it only found tracking cookies but would not let me quarantine them it deleted them would not let me save a logfile option was greyed out

Not seeing any malware. If the below tool doesn't find something then you need to look else where like your ISP.

You can uninstall AVG antispyware if you want to and should so the next tool will not slow you down.

Also for your reading pleasure:

http://www.google.com/search?hl=en&q...le+Search&aq=f




Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!


IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the [color=blue]SUPERAntiSpyware[/b] log in your next reply.

ran superantispyware log below
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/30/2008 at 09:26 PM

Application Version : 3.9.1008

Core Rules Database Version : 3391
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 00:59:39

Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 7165
Registry threats detected : 0
File items scanned : 74806
File threats detected : 42

Trojan.Security Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url

Browser Hijacker.Favorites
C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL

Adware.Tracking Cookie
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@2o7[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ad.uk.tangozebra[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ad.uk.tangozebra[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ad.uk.tangozebra[3].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ad1.emediate[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adlegend[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adopt.euroclick[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adrevolver[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adserver.mediarun[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adtech[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@advertising[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@adviva[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@anad.tacoda[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@atdmt[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@bluestreak[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@bs.serving-sys[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@doubleclick[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ehg-futurepub.hitbox[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@ehg-wssuk.hitbox[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@hitbox[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@media.adrevolver[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@media.adrevolver[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@media.adrevolver[3].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@mediaplex[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@msnportal.112.2o7[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@overture[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@questionmarket[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@revsci[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@serving-sys[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@stats.powergen.co[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@statse.webtrendslive[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@track.adform[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@tracking.summitmedia.co[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@tracking.summitmedia.co[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@trinitymirror.112.2o7[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@virginmedia[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@virginmedia[3].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@www.googleadservices[1].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@www.googleadservices[2].txt
C:\Users\DENNIS BARNETT\AppData\Roaming\Microsoft\Windows\Cookies\ Low\dennis_barnett@www.virginmedia[1].txt

how things are doing please, we need feed back on what is happening!!


Run the next tool as administrater by right clicking, since you have Vista.




Please download http://siri.urz.free.fr/Fix/SmitfraudFix.zip (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Please do not run any other option until asked to do so, Thanks

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Please post the smitfraudfix log. Thanks.












http://siri.urz.free.fr/Fix/SmitfraudFix.zip

sorry can not run smitfraud it tells me there is a registry error
computer runs fine but takes about a minute after desktop loads to load antivirus program and internet connection, these 2 things always used to load just after desktop appeared