Freeprod virus and others

Are you saying your ran this: READ & RUN ME FIRST Before Asking for Support

If so, make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

.

 

I already told you what to do next in message # 3. Follow the steps in the HJT link and post your log.

 

Please read and follow the steps in the below link again. You did not install HJT properly as requested. But do not post another log yet!

Downloading, Installing, and Running HijackThis

After getting HJT installed properly continue with below (make sure you run it in safe mode).

Download EliteToolbar Remover do not run it yet. Just extract it to its own folder.

And then follow the steps in this link: Running Ewido Security Suite however do not reboot into normal mode at the end of the steps of using Ewido (you will see that in the link). First complete the below scan with EliteToolbar Remover.

Run the ETRemover_v210.exe file by double clicking on it.

Now reboot into normal mode and attach your Ewido log, a new HJT log and tell me how these steps went.

 

Note: since EliteToolBar remover has just been updated, the executable file name is now:

ETRemover_v212.exe

 

While Ewido fixed a bunch of bad things, you still have problems, including EliteToolbar. Are you sure you ran the new version ( ETRemover_v212.exe ) and that you ran it in safe mode with all browsers windows closed? Try it again. Take note of any messages it gives you.

Also look for the belowin Add/Remove programs and uninstall if found:
Need2Find or Need2Find Bar
WinTools
WeatherBug

Stay away from the AskJeeves website. That maybe be where you picked up some of this. See:
http://www.benedelman.org/spyware/installations/askjeeves-banner/


Now let's continue with some fixes.
If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\Program Files\Pcmt\Duxoyyh.exe
C:\WINDOWS\etb\pokapoka76.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {AFDDB832-A42E-93CC-85E1-3C362899A1E6} - C:\WINDOWS\FYI\rhhnweumop.dll (file missing)
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [Kmvheof] C:\Program Files\Pcmt\Duxoyyh.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\Temp\WTuninst.exe
C:\Program Files\Need2Find <--- the whole folder
C:\WINDOWS\FYI <--- the whole folder
C:\Program Files\Pcmt <--- the whole folder
C:\WINDOWS\etb <--- the whole folder
C:\Program Files\AWS <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Let me know if you run into any problems deleting the above.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay that got it! All clean now! To help keep it that way, you need to follow the steps in the below:

How to Protect yourself from malware!

 

You're welcome. Surf Safely!