Help my computer is acting crazy:(

Welcome to Major Geeks!

Slow PCs can be due to malware but more typically they are not due to malware. One thing I would suggest that you immediately start doing is getting all of the stuff you have save to your Desktop off of your Desktop and saved to properly locations if you need them. Having all of this on your Desktop will slow things down and also the clutter makes a nice hiding place for malware and also make all of those files easy targets for infections.

You did not rename HijackThis as requested in step 7 of the READ ME. You renamed the folder not the executable. You have this:

C:\Program Files\analyse.exe\HijackThis.exe

You need to have this:

C:\Program Files\HJT\analyse.exe or even C:\Program Files\HijackThis\analyse.exe

Correct this now!

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Then go back and follow the directions in the READ ME and download the proper versions of GetRunKey and ShowNew. I don't know where you got them from but you did not get them from the links in the READ ME. Where did you get them from?

Now attach new logs from GetRunKey and ShowNew. And also from a properly renamed HijackThis.


I don't see any malware yet based on what you posted but I do see a potential system problem. HJT shows the below:

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe (file missing)

This is a required Windows service and your MSTask.exe file could be missing based on this message. You should check to see if the C:\WINNT\system32\MSTask.exe file is there or not. If not, you need to get a copy back into that folder.

 

Well you renamed HijackThis properly and you have the correct versions of GetRunKey and ShowNew. But you did not uninstall CounterSpy as requested and you did not tell me where you got the old versions of GetRunKey and ShowNew from.

Also you did not tell me about the MSTask.exe file.

 

Here are a couple other non-malware comments. One is a repeat statement.


You also did not cleanup your Desktop yet. None of the below belong on your Desktop.

Code:

"C:\Documents and Settings\CFK User.COMPUTER-5ED6C3\Desktop\"
aawsep~1.exe  May 10 2007     4850920  "aawsepersonal.exe"
active~1.htm  Apr  1 2007       18668  "Activescan-1 txt.html"
adberd~1.exe  Feb 15 2007    16706160  "AdbeRdr60_enu_full.exe"
avgas-~1.exe  May  6 2007    11470608  "avgas-setup-7.5.0.50.exe"
bamyou~1.rtf  May  5 2007      408749  "BAMyouroutdoorhandyman.rtf"
ccleaner.lnk  Mar 20 2007        1423  "CCleaner.lnk"
ccsetu~2.exe  Feb 14 2007      459952  "ccsetup137_slim.exe"
ccsetu~3.exe  Mar 20 2007     2685104  "ccsetup138.exe"
comics~1.fot  Mar 14 2007        1409  "COMIC SANS MS.FOT"
counte~2.exe  Mar 11 2007    34919584  "CounterSpy(2).exe"
dklite.exe    Feb 14 2007    12425080  "dklite.exe"
eavest~1.rtf  May  5 2007      474106  "Eavestrough[1].MaintenanceCleaning.rtf"
eclea2_0.exe  Feb 14 2007     2951802  "eclea2_0.exe"
family~1.rtf  Mar 25 2007       31890  "family_tree_rubric.rtf"
firefo~1.exe  Feb 24 2007     5808632  "Firefox Setup 2.0.0.2.exe"
fsbl-2~1.log  May  6 2007         854  "fsbl-20070506075558.log"
fsblc.exe     May  6 2007      682864  "fsblc.exe"
getrun~1.zip  May 12 2007       69765  "GetRunKey.zip"
google~1.exe  Mar  3 2007     1606064  "googletalk-setup.exe"
hijack~1.exe  May 12 2007      251392  "hijackthis_sfx.exe"
instal~3.exe  Feb 15 2007     1410680  "install_flash_player.exe"
itunes~1.exe  Feb 11 2007    36808256  "iTunesSetup.exe"
jre-6u~1.exe  May 12 2007    13801120  "jre-6u1-windows-i586-p.exe"
lpninf~1.doc  Feb 11 2007       31232  "LPNInfoSheetSaskatoon06-07.doc"
mpsetup.exe   Feb 17 2007    13951112  "MPSetup.exe"
mrubla~1.exe  Feb 14 2007      507960  "mrublastersetup.exe"
msgr8u~1.exe  Mar  4 2007      415784  "msgr8us(2).exe"
painters.rtf  May  5 2007       38886  "Painters.rtf"
painte~1.rtf  May  9 2007       38456  "PAINTERSWORKINGFORYOU!!.rtf"
parabola.nb   Mar 31 2007      243576  "Parabola.nb"
printa~1.exe  Mar 14 2007     1569536  "printables-sm-v2.EXE"
pwd255~1.zip  Mar  5 2007      562095  "PWD255W-2.zip"
qc848enu.exe  Feb 19 2007    33823016  "qc848enu.exe"
regcur~1.exe  Feb 14 2007      989584  "RegCureSetup_46.exe"
setupeng.exe  Mar  2 2007    13326120  "setupeng.exe"
shawse~1.exe  May  3 2007     7117688  "ShawSecure.exe"
shownew.zip   May 12 2007       64666  "ShowNew.zip"
smitfr~1.zip  May 12 2007      693537  "SmitfraudFix.zip"
spybot~1.exe  May  6 2007     5037072  "spybotsd14.exe"
to_my_~1.doc  Mar 18 2007      172544  "To_My_Dearest_Family.doc"
trackn~1.mp4  May  5 2007     1930406  "Track No10.mp4"
TRENDM~1      May  6 2007              "TrendMicroPCCsmall"
trends~1.exe  May  6 2007    49290816  "TrendSitetrialdownload_USP5008001.exe"
wayne_~1.rtf  May  5 2007      473305  "Wayne_sLawnCutting.rtf"
zlsset~1.exe  May 10 2007    40738456  "zlsSetup_70_337_000_en.exe"

What is all the below stuff? Do you really have all these user names on this PC? Why? And what are all the associated logs for?

Code:

"C:\Documents and Settings\"
cfc5b6~1      Feb  4 2007        8192  "CFC5B6~1"
cfc5b6~1.log  Feb  4 2007        1024  "CFC5B6~1.LOG"
cfc5b6~2      Feb  4 2007        8192  "CFC5B6~2"
cfc5b6~2.log  Feb  4 2007        1024  "CFC5B6~2.LOG"
cfc5b6~3      Feb  4 2007        8192  "CFC5B6~3"
cfc5b6~3.log  Feb  4 2007        1024  "CFC5B6~3.LOG"
cfc5b6~4      Apr  1 2007        8192  "CFC5B6~4"
cfc5b6~4.log  Apr  1 2007        1024  "CFC5B6~4.LOG"
cfc5b6~5      May  3 2007        8192  "CFC5B6~5"
cfc5b6~5.log  May  3 2007        1024  "CFC5B6~5.LOG"
cfc5b6~6      May  6 2007        8192  "CFC5B6~6"
cfc5b6~6.log  May  6 2007        1024  "CFC5B6~6.LOG"
cfc5b6~7      May  9 2007        8192  "CFC5B6~7"
cfc5b6~7.log  May  9 2007        1024  "CFC5B6~7.LOG"
cfk           May  6 2007        8192  "CFK"
cfk.log       May  6 2007        1024  "CFK.LOG"
cfkuse~1      Dec  6 2006        8192  "CFKUSE~1"
CFKUSE~1.COM  May 12 2007              "CFK User.COMPUTER-5ED6C3"
cfkuse~1.log  Dec  6 2006        1024  "CFKUSE~1.LOG"
cfkuse~2      Dec  6 2006        8192  "CFKUSE~2"
cfkuse~2.log  Dec  6 2006        1024  "CFKUSE~2.LOG"
cfkuse~3      Dec  6 2006        8192  "CFKUSE~3"
cfkuse~3.log  Dec  6 2006        1024  "CFKUSE~3.LOG"
cfkuse~4      Dec  6 2006        8192  "CFKUSE~4"
cfkuse~4.log  Dec  6 2006        1024  "CFKUSE~1.COM.LOG"
DEFAUL~1      Mar 23 2006              "Default User"
tha265~1      Dec  6 2006        8192  "THA265~1"
tha265~1.log  Dec  6 2006        1024  "THA265~1.LOG"
tha265~2      Feb  4 2007        8192  "THA265~2"
tha265~2.log  Feb  4 2007        1024  "THA265~2.LOG"
tha265~3      Feb  4 2007        8192  "THA265~3"
tha265~3.log  Feb  4 2007        1024  "THA265~3.LOG"
tha265~4      Feb  4 2007        8192  "THA265~4"
tha265~4.log  Feb  4 2007        1024  "THA265~4.LOG"
tha265~5      Apr  1 2007        8192  "THA265~5"
tha265~5.log  Apr  1 2007        1024  "THA265~5.LOG"
tha265~6      May  3 2007        8192  "THA265~6"
tha265~6.log  May  3 2007        1024  "THA265~6.LOG"
tha265~7      May  6 2007        8192  "THA265~7"
tha265~7.log  May  6 2007        1024  "THA265~7.LOG"
tha265~8      May  9 2007        8192  "THA265~8"
tha265~8.log  May  9 2007        1024  "THA265~8.LOG"
thanky~1      Dec  6 2006        8192  "THANKY~1"
thanky~1.log  Dec  6 2006        1024  "THANKY~1.LOG"
thanky~2      Dec  6 2006        8192  "THANKY~2"
thanky~2.log  Dec  6 2006        1024  "THANKY~2.LOG"
THANKY~3      May  3 2007              "Thank You"
thanky~3.log  Feb  4 2007           0  "THANKY~3.LOG"
thanky~4      Dec  6 2006        8192  "THANKY~4"
thanky~4.log  Dec  6 2006        1024  "THANKY~4.LOG"

And here are a few other non-malware things you can fix with HJT to help with your PC's performance a little.
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

After clicking Fix, exit HJT.

Now reboot in normal mode

Now attach a new HJT log

Are things working a little better!

 

Yes! You should not keep storing things like this on your Desktop. If you need to keep things on a permanent basis, save them in proper folders someplace else. If you want to put something like this on your Desktop temporarily just to make it easy to find the download so you can install that's fine. But after installing, delete the installation file or move it someplace else. Also save your document files in your My Documents folder which is where they belong.

What about my other questions?

 

Shortcuts to run programs and other shortcuts like My Computer, Network Places, Recycle Bin or similar.

If you don't answer my questions, I will stop answering yours!

 

See message number 9 second sentence.

 

Please go back and follow all instructions I have given you thus far properly and answer all of my questions!

You still have not uninstall CounterSpy! Msg # 4 & Msg # 6
You did not address the comment about MStask.exe which I asked about in Msg # 4 & # 6
You did not tell me where you downloaded the old versions of GetRunKey and ShowNew from! What website did you get them from?
Also in message # 7 I asked:

And at this point I have to also ask another question: What malware problems if any are you having?

 

Not according to the last HJT log you posted. It showed the below which is CounterSpy!

Look in a new log! Do you still see the above? If so, it is not uninstall!

You will have to get it from your Windows 2000 CD. We cannot give it to you.

Okay! In the future follow the directions in the READ ME and click on the links and download the tools there and use them. This way you are sure to have the proper versions.

 

Okay now you have CounterSpy removed!

At this time since you have no malware problems, we are finished and you should work thru the below:

1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
2. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!