Internet connection SLOW

I think I have hijackers. I'm not very good with hjt and I have a 64 bit processor, so there is no virus protection for my machine. I don't know what's going on, internet used to be fast, real fast, now most of the time my browser will time out. This happens with firefox, and IE both the 32 and 64 bit versions. Here is my HJT log, I guaruntee, there needs to be a lot of deleting, help me to know which ones.
Thanks
Thedagem

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

I did as I was told in the read this first thing, I just followed the windows XP procedures. I have windows XP Professional x64. There were no instructions for my operating system, that's why I didn't do it before. Still getting popups and this thing called Exfol ltd keeps showing up and asking me to install. I don't know what it is, but I always choose cancel. Panda scan did not work, I was using IE like the log said, it didn't work. Bit defender says it has 83:26:22 left for the scan. I'm leaving it run, in hopes that it speeds up a bit. I think I'm still having problems though. CCleaner deleted a whole load of stuff. I Can I post a HJT log?
Thedagem

 

bitdefender has finished. It found no problems. Here is my HJT log. I saved HJT to a folder called HJT in my C program files folder. System restore is off.
Here is the log.
Thanks
Thedagem

 

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

there is no log to report
it found nothing.
I woke up the other day before getting your post. I had 17 pop up windows.
I connected to the internet after doing the scan. I got one as soon as I did. What's going on? can I stop this. Remember I'm running Windows XP Professional x64. Some programs do not work. Is there one that will stop the madness?
Thanks
Thedagem

 

Attach a fresh HJT log and we will start the fix.

 

Thank you.
Here it is.
Thedagem

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please look in Add or Remove Programs for the following and Uninstall them if found:

Kazaa

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

Crack.exe

Ad-Watch.exe <-- End this because it will block parts of this fix!

Now scan with HijackThis and Check the Boxes for the following:

F2 - REG:system.ini: UserInit=userinit

O4 - HKLM\..\Run: [MyVBApp] C:\WINDOWS\Crack.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files (x86)\Kazaa Lite K++\kpp.exe" "C:\Program Files (x86)\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY

Now please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files (x86)\Kazaa Lite K++ ←–– Delete this whole folder if it exist!

C:\WINDOWS\Crack.exe

NEXT:
Run CCleaner to clean up cookies and temp files.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Final step, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete this fix, reboot and attach a fresh HJT log and let me know how things are running!

 

here is the HJT log you requested. I found Crack.exe in the search and deleted it. I found it in C: windows and deleted it. Did not find it in HJT. When I rebooted, I found it in HJT. and promptly deleted it. Hope it doesn't matter weather or not I deleted it from HJT in safe mode or not. cause it wasn't there until I rebooted. Here is the log after I deleted Crack.exe in regular mode.

 

One more thing. sorry. You requested I tell you how things are running. The internet seems fine right now. But I usually wake up in the morning to at least 10 pop up windows. I havn't seen any since the reboot, however it's only been 10 minutes. I will post a reply tomorrow morning to let you know if I have pop ups or not. I am also going to start up my ad watch again hope that's ok. Thank you for your help. One window I always get is a thing that asks me to install a program called Exfol or Exfol inc or something like that. What is that? I'm sure it's no good.
Thedagem

 

If it's called "Exfol", then this is a nasty piece of Adware that installs a ton of junk which would cause your problems. To help us a little bit more, run the below and get me this log.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

First I would like to say that you are a genius. I have not had a pop up window since I got rid of crack.exe. you are the man. I never did install or download Exfol, it just used to ask me to do it quite frequently in a pop up window, I always clicked on the X in the corner, or on cancel, as I didn't know what it was. havn't seen that download box since my second to last post. So I think I'm cured doc. I figured you know more than me though, and if there's still a problem, I'm game to fix it. Here is the scan you requested of winpfind.

 

Download Pocket KillBox
(Don't run it yet)

Now, shut down "Ad-Watch" so it won't block anything we try to fix. After you have shut down Ad-Watch, procede with the below...

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\Crack.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, attach one last HJT log to confirm things are ok. Also let me know how things are running.

 

Here is the log. It seems that Crack.exe is still here. Don't know why, thought I deleted it. System is running fine though. No pop ups as of yet.

 

First, uninstall Microsoft AntiSpyware and then have HJT fix the below entry:

O4 - HKLM\..\Run: [MyVBApp] C:\WINDOWS\Crack.exe

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\Crack.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, attach a fresh HJT log with a log from the below...

Please download RegSrch.zip

Unzip the archive to your desktop and double click on the VBS file.
(If your AntiVirus alerts, allow the script to run.

Now enter Crack.exe and post back with the results in this thread (call it regsrch.txt).

 

Ok, here are the logs. The last one says it's in "E:\\My Shared Folder\\Programs\\WinRar 3.51 Full\\WinRar 3.51 Crack\\Crack.exe"="Crack" That folder doesn't even exist. I'm a bit confused. But I'm sure you know what to do.
Thanks
Thedagem

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above, reboot and let me know how things are running. Also, navigate to and delete the folder if you can find it.

 

Hey there. Did as you suggested. Can't find the folder though. Computer seems to be running fine. After the reboot. I did a HJT scan, and did not see any signs of Crack.exe. I have the log if you would like it. I also did a search using the search under start and search and found no instances of crack.exe on my machine. Can I download Microsoft anti spyware again? or is it not worth it being that I have spybot and Adaware?
Any other things I should do to ensure the safety of my machine? I do not have an antivirus program. Know where I can get one? I don't know who makes one for 64bit windows.
Thanks again.
Thedagem

 

MSAS is ok, personally I dont use it. I only use Spy Sweeper but this is a subscription application and well worth it IMO.

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

thanks doc! I'm cured. I downloaded outpost as a firewall, but can not do updates with it. Will this program work on my operating system?
Thedagem

 

The only firewall I'm familiar with is ZoneAlarm. This is the only one I have ever used so I'm not sure.