Help with removing freeprod

I've used Ad-Aware and Spybot numerous times, and neither can remove all of the adware/spyware on my system. Freeprod keeps coming back after I do a system restore, and it's screwing up Firefox and a few of my other programs, as well as slowing down my PC.

Here's my logfile. Any help would be appreciated!

~ INLINE LOG REMOVED ~ SPD

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

 

Sorry for posting prematurely.

I've since taken all of the steps instructed in the link/links you posted, and have attached my logs below. I am still having problems with pop-ups and some of the processes are running before that were giving me problems.

As I said before, any help would be appreciated! I am at my wits end with this!

 

You DO NOT have HijackThis installed as per STEP 7 of the Tutorial I linked you to. UnZIP HijackThis to C:\Program FIles\HJT; before doing any of the below.

Uninstall Yazzle Sudoku - This program comes bundled with Spyware.

Following the directions for running the following procedures:
SurfSideKick Removal
Virtumonde aka Trojan Vundo Fix w/ Tool

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Do the Following:
How to Reset Web Settings
Qoologic/Winsync/Kavsvc

Post all logs from the above procedures - All of them. Post a fresh HijackThis log.

 

Thanks again. I've now done all of the above.

Here are the logs requested.

 

Follow the directions for Running Hoster.

Copy the contents of the below quote box to notepad and save as FixReg.reg to your desktop.

Double-click FixReg.reg and answer 'YES'

Now run ExplorerXP navigate to and delete the following:

Scan with HijackThis and fix the following lines:

REBOOT

Post a fresh WinPFind log and a fresh HijackThis log.

 

Thanks.

I did what you said, and here's my HJT logfile.

 

They are both still there. Follow the directions for Running GetRunKeys.

Post runkeys.txt.

 

Here's the .txt file. Thanks.

 

Thansks for pointing that out Chas.

Yes, I need the log from the FindQool procedure, otherwise I cannot locate the hidden problem files; and this infection will still be tere.

 

My FindWool log.

 

Copy the contents of the below quote box to notepad and save as FixReg.reg to your desktop.

Double-click FixReg.reg and answer 'Yes'.

Now scan with HijackThis and fix the following lines:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bevhj.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ladltwr.exe

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.