We got an email virus a while back which we deleted pretty quickly with the free avg checker. However, the computer is still really slow. It crawls when opening things, when it used to be ok speed. I posted hijack this log, any ther advice>?

Where did you post the HijackThis log?? Also, what other troubleshooting have you done, what virus was it and what are your system specs. It is really hard to be helpful with only minimal info....

THe only troubleshooting is that I tried to clean up all the junk. I emptied temp files and cookies, I got ad-aware and ran that. I deleted some programs we werent using anymore.

I dont know the name of the virus, we just ran the AVG and got rid of it.

System specs are 733mgz, 256ram, 10gig harddrive, Windows ME.

Okay, this is why having 2 threads about the same issue is confusing. The info you just provided would be more helpful in the thread where you posted the HijackThis log... HERE... (http://www.pcguide.com/vb/showthread.php?s=&postid=155478#post155478)

sorry i didnt make one post, but i figured different people would answer the different questions.

The questions I asked you were also asked by mjc in the other thread and he may not have seen your answer since you posted it in this thread. The truth is that most of us that hang out and respond to a lot of different questions here tend to read all active threads, so it is usually best to keep it all together. If I hadn't read your post's back to back, I might not have caught that they were connected....

All that said, you might want to post the answer from here into the other thread....

sdfsaasdf
Geek Disciple

Registered: Apr 2003
Location:
Posts: 43
Can someone decipher Hijack this please.
Logfile of HijackThis v1.97.3
Scan saved at 8:54:14 PM, on 11/23/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\POWERSTRIP\PSTRIP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\WJVIEW.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WPSPSW.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TD_0006.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F1 - win.ini: load=WPSHRC.EXE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanWizard 5 Assistant] C:\WINDOWS\Twain_32\ScanWiz5\Button.exe
O4 - HKLM\..\Run: [SDetect.exe] C:\WINDOWS\Twain_32\ScanWiz5\SDetect.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Care2GTU] wjview /cp "C:\Program Files\Care2GTU\System\Code" Main lp: "C:\Program Files\Care2GTU"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\RunOnce: [ICQ] C:\PROGRAM FILES\ICQ\ICQ.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.phoenix-computers.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.c...7754.3706481481[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/...ash/swflash.cab[/url]
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - [url]http://www.quikshield.com/qshsetup.exe[/url]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://www.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - [url]http://www.care2.com/go/z/3578/C2GTU.cab[/url]
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - [url]http://www.gigex.com/ActiveX/vxpspeeddelivery.dll[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab[/url]
O16 - DPF: Yahoo! Chat - [url]http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab[/url]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52...meInstaller.exe[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/184467c80e7867...ip/RdxIE601.cab[/url]



Budfred
Amateur Master Geek

Registered: Jul 2002
Location: Minn
Posts: 7532
Okay, now I know where you posted the HijackThis log... Please keep your thread in one piece, it is a lot less confusing... The other thread is HERE...



pentachris
Discordian Geek

Registered: Dec 2001
Location: The Mind of God
Posts: 897
So, in your other thread you said that you had a virus that you thought you'd cleaned up using AVG, but everything is still running much slower than before. I don't see a virus in your HJT log, but I'm still learning how to read them and what to look for.

What I do see is that you're running Windows ME with System Restore turned on. Did you turn off System Restore before cleaning up your virus? It could still be living in a restore point.

Also, System Restore as it appeared in Windows ME was really a work in progress and wasn't very good. I'd consider turning it off permanently to free up resources and hard drive space.



mjc
Supreme Exalted Grand Master Geek
Moderator

Registered: Nov 2000
Location: The Mountain State
Posts: 9680
Close all browser windows, then in HijackThis check off the boxes next to the following and then the Fix button....


[b]O4 - HKLM\..\Run: [Care2GTU] wjview /cp "C:\Program Files\Care2GTU\System\Code" Main lp: "C:\Program Files\Care2GTU"

O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - [url]http://www.care2.com/go/z/3578/C2GTU.cab[/url]
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - [url]http://www.gigex.com/ActiveX/vxpspeeddelivery.dll[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://207.188.7.150/184467c80e7867...ip/RdxIE601.cab[/url]


info on this one.....

C:\Program Files\Care2GTU
[url]http://www.pestpatrol.com/PestInfo/t/topmoxie.asp[/url]
(yes, caregtu IS topmoxie...and regardless of what they say on their site, it does have all the same functions as tm from another source and the same "holes"...)

There are also some other items that don't really need to run from startup, these will slow down your machine some.

Also, have you done a basic cleanup?

Emptied the Recycle bin, Temp files, Browser cache?

How large is you sys-restore folder?

What virus did you have?


sdfsaasdf
Geek Disciple

Registered: Apr 2003
Location:
Posts: 43
Hi, thanks for help. I deleted the things you said too. I do not know what System Restore is, but it sounds like a good idea to turn it off? Please tell me how. Thanks again.

That was all the posts from the other thread. I did what the person said to do regarding hijack this, but my comp is still slow. How do I turn off System restore? Could that be the problem?