*sinet.exe seemingly unremovable and causes serious systemwide slowdown, I don't know what this is or how I got it but I think it is the source of my systemwide slowdown and would like to remove it, other things that could be the problem are Cashback (Doggie Icon that doesnt go away), and Bullseye Network, below is a copy of my HijackThis log, however upon manual removal of these items they just replaced themselves upon next scan... Logfile of HijackThis v1.97.7 Scan saved at 11:10:09 AM, on 11/19/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.exe C:\WINNT\SOUNDMAN.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\msagent\chars\sinet.exe C:\WINNT\Twain_32\CA561A\SnapDetect.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\NaviSearch\bin\nls.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\CashBack\bin\cashback.exe C:\PROGRA~1\Grisoft\AVG6\AVGCC32.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://if.searchcentrix.com/sidecat.jsp?p=98567&appid=21&id=1621141921680100 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://if.searchcentrix.com/sidecat.jsp?p=98567&appid=21&id=1621141921680100 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/ R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WINDOW~4\WinSB1.DLL (file missing) R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\JOHNWE~1\LOCALS~1\Temp\tenis.dat O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\system32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [*sinet] C:\WINNT\msagent\chars\sinet.exe O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\RunOnce: [*sinet] C:\WINNT\msagent\chars\sinet.exe rerun O4 - Global Startup: SnapDetect.lnk = C:\WINNT\Twain_32\CA561A\SnapDetect.exe O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Support (HKCU) O9 - Extra button: Help (HKCU) O9 - Extra button: ComcastHSI (HKCU) O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38276.7215856481 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll PROBLEM ITEMS: 1. C:\WINNT\msagent\chars\sinet.exe 2. C:\Program Files\BullsEye Network\bin\bargains.exe 3. C:\Program Files\CashBack\bin\cashback.exe

There's a nice big warning message requesting that you don't post HJT logs unless requested. Try copying & pasting on this site: http://www.hijackthis.de/index.php?langselect=english you get an automatic response "I know that I'm mad - I've always been mad..."

sorry I ignored the rules, I won't do it again, however can I get an diagnosis and/or solution please?

Woot! got rid of the biatch! first I went into Safe Mode, and edited my services, it places a couple odd services in Windows2000/NT services you will have to disable, also be aware it loads (sinet.exe) even In Safe Mode, so I tried to delete it through DOS and Windows, I tried "killing" the process, but what this does is take your CPU time for the program and run it all the way up to 99%, its a resources hog virus... anyway then I went and denied all functions of it to all my users, then the process I noticed had been ended and STAYED ended (it restarts itself), so then I rebooted my computer normally, and it gave the message at start up that all access to the program was denied > OK, then I went into it in Normal Mode and select access to Modify, another copy of itself with the MS-DOS Icon showed, I deleted both of them and now as far as I can tell the problem may be solved...

I have this same problem but I can't figure out how to fix it. Can you help me please, in lamen's terms? I'm not exceedingly good at this whole computer thing.