Computer slow as Christmas

[meelox]

Guestolo .... Please help?

my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:53:12 PM, on 3/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

My dll compare Log:
*    DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />"
________________________________________________

989 items found:  989 files, 0 directories.
Total of file sizes:  189,559,637 bytes    180.78 M

--------------------End log---------------------

thanks Meelox http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

I'm not seeing nothing bad Meelox.
Is it the Internet that's slow or just the computer in General

When was the last time you cleaned out all your temp folders and did a Disk Defrag?
Best done in safe mode

Just out of curiousity, this didn't happen after you installed SpywareGuard did it?
It shouldn't, I like the program, just curious

[meelox]

Man am I ever late in returning an answer... Please let me apologize.I could give you a list of excuses but "my being Slack is the only excuse, I am certainly appreciative of your help!
I don't  think SpywareGuard has anything  to do with it. It was okay..until I put something on ebay ...and everytime I go to ebay now ... I get that double click when I use the mouse but I can't find anything that shows that double click program. As a matter of fact nothing is slow until I go to E-bay but after that the thing crawls! If I close the computer and start it back ....everything seems to work fine ..until I go back to ebay ... I don't get that double click on anything else but e-bay! Got any Ideas?
Actually, this double click on ebay has been on here since the first time you and I  worked on this computer. I have just tried not to go there.

[meelox]

It's nearly 1 am here, i will check back again tomorrow.

A new question>>> what is this thing that keeps popping up that says ...media107.fastclick.net... can i get rid of that?

I checked out some of that ebay double click stuff but I don't understand how to get rid of it yet ...any suggestions would help.

and to answer your first question ... i haven't done a defrag in a while ... I have run spybot S&D and Lavasoft ad aware every week. Usually nothing to delete but cookies.
Computer is slow in opening all programs ...not just while on the internet.

any suggestions would help.
Meelox

[guestolo]

Can you do me a favor please

Navigate to your Hosts file

C:\Windows\Hosts

Open it with Notepad and copy and paste back here the whole contents

[meelox]

this is all I could find:
host.bak
127.0.0.1  www.igetnet.com
127.0.0.1  code.ignphrases.com
127.0.0.1  clear-search.com
127.0.0.1  r1.clrsch.com
127.0.0.1  sds.clrsch.com
127.0.0.1  status.clrsch.com
127.0.0.1  www.clrsch.com
127.0.0.1  clr-sch.com
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  search.netscape.com
69.20.16.183  search.netscape.com
69.20.16.183  auto.search.msn.com

there is a list of 8 backup files that says:
hosts.20050105.22126.backup (others have a different number before .backup)
this is the latest done on 10502005..at 9:38 pm
127.0.0.1  www.igetnet.com
127.0.0.1  code.ignphrases.com
127.0.0.1  clear-search.com
127.0.0.1  r1.clrsch.com
127.0.0.1  sds.clrsch.com
127.0.0.1  status.clrsch.com
127.0.0.1  www.clrsch.com
127.0.0.1  clr-sch.com
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  ieautosearch
69.20.16.183  search.netscape.com
69.20.16.183  search.netscape.com
69.20.16.183  auto.search.msn.com

I also have this: host.sam
 Copyright © 1998 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

BUT NO c:/windows/host

I found these by going to windows explorer,
then c, then windows. (no directory named host) these files were found in the windows directory

[guestolo]

Well let's ensure that you clean out your temp folders and cookies and such
Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup
Install for now, don't run a scan yet
I can't remember if you installed this earlier

Next: right click an empty spot on the desktop and left click properties
Click the Screen Saver tab
Under the Screen saver drop down bar set to (None)
Under the Power or energy savings>>Click Settings
Put power schemes to Always on
Ok out of there

Restart into safe mode

Can you do me a favor
Open Spybot and click on Advanced at the top
Ok the prompt
Then click on TOOLS>>
Ensure Hosts file is checked on the right and then click Hosts file
on the left
Click the Remove Spybot Hosts file list at the top if being used

Then delete Host.bak
Delete all the hosts files that look like this
hosts.20050105.22126.backup

Don't delete LmHost.sam
host.sam looks good but can you right click on that and rename to host.old

Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
It will prompt you too Restart your computer, DON'T at this time

Instead close out CleanUp!
Go to START>>Programs>>Accessories>>System Tools>>Scandisk
Do a Standard Scandisk for error and check Automatically fix errors

Next:Go to START>>Programs>>Accessories>>System Tools>>Disk Defragmenter
Defrag the Hard disk, give this time to finish, may take some time if not done about once a month

Restart back to Normal mode when it's complete

After that open Hijackthis>>Open Misc tools section>>>Open Hosts File Manager
You should be prompted that no hosts file was found
Let it create one

Then download and save to desktop
VX2 Finder.exe
Open it and click the
"Click to find VX2.BetterInternet"
Let it finish scanning and then Make a log and post it back here
with a fresh Hijackthis log

[meelox]

I have not defragged in a while so it took about three hours last night..
After doing all that you said here is what I have:
Logfile of HijackThis v1.99.1
Scan saved at 7:41:44 AM, on 3/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

Log for VX2.BetterInternet File Finder (ver126)

Files Found---


User Agent String---

this is what is in c:/windows/hosts
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

thanks for being patient with me ... I just can't seem to get the time to stay at this computer..
Meelox

[guestolo]

Everything looks ok now, How's everything running?

[meelox]

Today it started in what appeared to be "safe mode'"
I checked the settings in the control panel and my settings somehow got set set to 16 colors... I changed that back it looks normal now but I have not restarted it yet. So I am not sure if it will hold. maybe.
When I click on start... Or any programs for that matter..it takes forever to load .... and my desk top icons, and icon in control panel are taking a while to load. It works in the internet as long as I don't go to ebay... I hate, hate, hate that e-bay double click thing. I really think that is where all of this started. After I go to e-bay then the rest of the internet takes for ever to load. I really believe its the ebay double click...if anyone knows how to get rid of that and still have ebay available please let me know?

Thank you Guestolo for all your help! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

I don't understand the slowdowns

Can you try this

Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL and the  C" keys  on your Keyboard to copy all found in the lower pane  and save it too a notepad file

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

If you can't run this in normal mode restart to safe mode and run the scan
Save the log to a Notepad file
Thanks

[1badtech]

[quote name=\'meelox\' date=\'Mar 21 2005, 06:21 AM\']I have not defragged in a while so it took about three hours last night..[/quote]

Not only does it take a long time, it also slows everything down.  I use a third party defrag program and it runs a lot faster and smoother.  You can even schedule it to run automatically and defrag the master table file and page file at startup.

[guestolo]

1badTech, I have to agree  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

Although the user didn't defrag in some time so this would cause the lengthy time to defrag

But in all fairness, on my 98SE machine I use Diskeeper lite

Locking this topic as Meelox has posted in another thread
Issues may be resolved