HELP ME :( part one

Hi there im hoping that somone can help me, as requested to say " I have done all the things on your list "read & run me first" I have started a thread with the scan results requested... my problem is the obvious, slow computer, slow start up. when i open a programme it eather one does not open or takes almost 20 mins to start, ie msn messenger, web browser so you can imagine the fun I had trying to make a post here haha. Help me guys.. find posted scan results.

Many thanks gary

 

HELP ME part two

second part guys with remainder of the scans, i followed the directions to the T many thanks

 

Hi garythegreat!
Welcome to Major Geeks!

You have at least one bad thing I can see right off, but there could be more. I can't tell you at this point if this is behind the slowness or not. The reason we ask that you rename hijackthis.exe to analyse.exe is because there's a certain virus which can evade detection by recognizing the name hijackthis.exe. Please go back and change the name and rerun it and post the new results. I haven't checked anything further yet, but make sure your computer is in normal start mode and not in selective in msconfig.

I'll take a look at the rest of your logs and get back to you.
abri

 

oh no im so sorry i thought i did that im crazy here we go.. thank you...

 

Hi gary!

Two things:

We're going to delete all your Temp files as part of cleaning your computer and I noticed there are a lot of jpg's in there. Are they also stored somewhere more permanent?

Teatimer is running in Spybot. You need to turn this off. To turn it off, you can right-click on the icon in the lower right-hand corner of the screen and diable it there, or you can start Spybot and go to the top of the window where it says Mode. Make sure it's set to Advanced. Then go down to Tools on the left side of the page and click on that. On the next window on the left-hand side, there will be a red and white resident shield. Click on that button. Then in the middle of the page, you'll see a box to uncheck which will disable Teatimer. Make sure it is disabled.

Thanks.
abri

 

ok i have done that thank you.... what temp file? on my desktop? im not sure were you mean

 

ok ok i understand what yo mean by the jpg files yes i need those as they relate to a website we have made... so they have to remain... lookiiing forward to having this fixed for sure many thanx

 

Hi gary,
I can't promise we'll fix the problem, but I can promise you, if you leave your pictures in the Temp files, they will be deleted, so
1) please make a folder for them somewhere that is not in any of the temp folders and pull anything you want to keep out of there so you won't lose it! Temp folders is one of the places malware likes to hang out, so that's why we clear them out.

2) After you do that, please go to add/remove programs and uninstall this old Java:

- Java(TM) 6 Update 2

3) And then next I would like to know if you recognize the .fmp file and what is in the "unknown" folder (don't open any file) below. The date they were installed makes me curious about them. If you put them in, that's fine. Just tell me.

I suspect funrecent is something you really don't want on your computer.

4) Okay, and now, if you've turned off Teatimer, please do this next:

5) Scan with HijackThis and check the boxes for the following entries. Put a check in the box next to them and make sure all your browser windows including this one are closed and then click on FIX:
( Make sure ALL browser windows are closed when you click FIX )

After clicking Fix, exit HJT.

6) After you have removed ALL those things from the Temp folders that you wish to save (there's a list in the newfiles.txt log near the bottom just above the uninstalls list), please run the following cleaner. It will delete all your temporary files, temporary internet files, etc.

7) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


8) After you have completed the above in the correct order, please run new scans and attach the following logs.

• ShowNew Log (newfiles.txt)
• GetRunKey Log (runkeys.txt)
• HijackThis Log

abri

 

ok I have done those things in the right order AFT cleaner removed 165.453 MBs not sure it that is a good thing? haha

 

Hi I have done the tasks requested but yet to have a reply I hope to fix this soon, I appreciate the help thank you.

 

lol ... um ...Is your computer faster?
well ... hmmm ... a lot of what I asked you to take out of the Temp files, either by moving it or by cleaning it with ATF Cleaner is still there. Since the Temp folder is where a lot of malware like to hang out, we try to clean it out entirely. Please remove the files you want to keep in the Temp files to another part of the computer, like under My Photos. Make a folder for them and then move them all into the folder. After that, rerun ATF Cleaner again and see if it gets those last remaining files out.

And, while we're on the topic of do-overs. Please install HijackThis according to the instructions in the READ & RUN ME FIRST It needs to be installed in its own folder called HijackThis or HJT which is in C:\Program Files. Once it's been installed, please go into the folder and find the program called hijackthis.exe and right-click on it and rename it to analyse.exe. After that rerun it with its new name an location and post a fresh log.

Thanks.

abri

 

Two last notes to add to the previous post ...

Are you running msconfig in normal mode? If not, please go to Start/Run and type in msconfig and check to run in normal mode.

Also, you seem to have Counterspy on your computer. Please run it, if you haven't recently, and have it fix whatever it finds. If it finds things, please post the log here.

abri