help with startup problem thats killing me

**optimal_prism** · 3rd Oct 06 7:08 PM

Ok I had this software called freedom privacy and security.

It was anti-spyware anti virus software
Now I got a bettre software so I manually uninstalled freedom then it told me to restart.
Then I restarted the little fucker and this is what i get.

Now I said no biggie, ill just do a registry clean or delete th startup software or disable them etc. but..
NO

i TRIED to no end to get rid of this, but no avail I tried EVERYTHING. As soon as I delete the little mofo it comes back! Right that second. I disable then you start to get double entried, so i disable it but it just comes back. Heres what happened when I tried to do registry clean and delete startup values.

So please help me fix this omfg, i beg you, i will worship you foreevr if you get rid of this fucker. I have tried soo long and soo hard to get rid of this, its not even funny. I downloaded new sfotware to do it, but no, still its there. And the worst thing is that evreytime I start the comp that stupid mssage comes up.

I even tried with registry cleaner but nothing:

Heres when I used windows defender to disable it, but it failed to. Good thing about it is that it gives info about what youre going to delete so heres the info for those 3 lil fuckers.

In the pic you are currently seeing "indexcleanerR.exe" now you can see al the info for it so I will talk about the other 2.

The one above the one shown in picture is "freedom.exe"
File Name: Freedom.exe
Startup Value: C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
File Path: C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Not yet classified

The one on the top of all is again "IndexCleanerR.exe'
but its different then the one shown in picture
this one is:
Startup Type: Registry: Current User

while the one in pic is this
Registry Local:Machine
The rest is the same.

Also heres what my registry clean(which also deletes startup values) says:

The same thing from windows defender screenie. Those little fuckers.

I also did windows search in hgard drive for indexcleaner and zero knowledge I got a lot of stuff but didnt wanna delete them like this. I deleted them before and nothing happened so I resinatlled and deleted again and here I am.

More screenshots to come. If you need more info I will give you it. Now me needs to get sleep, I cant deal with this crap anymore.

**Neckbreaker** · 3rd Oct 06 8:42 PM

1) You can try to prevent it from starting during windows startup using msconfig. Might be seen as "in use" while you are trying to delete it.

2) You can start in "Safe Mode" and try to delete it manually if you know all the appropriate registry keys.

That program almost sounds like malware itself if it is constantly reinstalling without permission.

If it has an uninstall entry in the Add/Remove Program section, but it isn't working, you can try this...but be careful.

http://support.microsoft.com/default.aspx?kbid=290301

**A176** · 3rd Oct 06 8:54 PM

Heres when I used windows defender to disable it, but it failed to.

Use the 'remove' button to delete it.

**mailpup** · 3rd Oct 06 11:03 PM

If you haven't already, turn off System Restore. That will delete all the system restore files where the malware might still be saved.

**Moe** · 4th Oct 06 12:30 AM

Start->Run->regedit
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion and go through the "run" and "run_once" folders. Nuke the entries for freedom.exe and that other file.

**RZetlin** · 4th Oct 06 6:24 AM

Run MSCONFIG to see the list of stuff you got.

**Evaders99** · 4th Oct 06 12:34 PM

Get someone to analyze your HijackThis logs. Usually they will tell which files you can kill... using Killbox if necessary

**optimal_prism** · 4th Oct 06 12:47 PM

hey guys i already tried msconfig and also tried the remove button for windows defender and no.

Also it isnt a malware, its downlaoded from this American company named Adelphia who makes like cable TVs and its really popular. You need to be a member of Adelphia download this security software.

Oh and I how do I turn off system restore?

BTW it did have add/remove and I used it and told me to restart and this is what keeps happening

Oh and Ill try moe's idea after hijackthis report which I will do now

Code:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:18 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\extra downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.146.91.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Zero Knowledge\Freedom\IndexCleanerR.exe"
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157210261703
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BTW my question is, what should I do??!
What Moe said or the hijackthis thing?!!?

**mailpup** · 4th Oct 06 1:47 PM

After turning off System Restore, turn it back on again. Right click on My Computer and left click Properties. Click on the System Restore tab. I'm sure you can figure the rest.

**BmB** · 4th Oct 06 2:18 PM

Maybe you just shouldn't have deleted it manually. These things never end well.

**optimal_prism** · 4th Oct 06 3:02 PM

Maybe you just shouldn't have deleted it manually

what you mean?

**Belgarion** · 5th Oct 06 12:45 AM

Back up your stuff and do a clean windows install. Sometimes if you have been running windows for a while the registry just becomes too fragmented and messy.
I use Tweaknow Powerpack 2006 which does the trick for me usually but sometimes I just give up and reformat

EDIT Just a thought. Try reinstalling it because sometimes when an uninstaller cant find files it will leave stuff. A fresh install should reinstate all the missing files which should then allow it to uninstall

**Moe** · 5th Oct 06 3:07 AM

Try what I suggested, failing that try a hijackthis repair.

**optimal_prism** · 5th Oct 06 12:47 PM

guess what?
I tried what moe said, then i tried the hijackthis fix and still they re appear instantly?

Any other suggestions besides windows clean up thingie?
I cant backup my stuff at the moment.

**Belgarion** · 5th Oct 06 2:58 PM

Did you try reinstalling the software then removing it again

**optimal_prism** · 5th Oct 06 3:08 PM

i said in my first psot I did. But nothing happened.

I also said what Moe told me to do in safe mode and still it just respawns there.

EDIT!!!: I GOT IT!!
I fricking bio bombed the damn thing!

I resintalled it first
googled "how to uninstall freedom"
then i went to manufacturers sites FAQ
it said "how do i uinstall freedom?"
It told u the normal uninstall instructions from ocntrol panel
but on the bottom it said "or you can downlaod this freeomcleanup.exe to delete it"
I downlaoded it and it completely atom obmbed freedom, it doesnt exist anymore and no more error messages.

**Evaders99** · 5th Oct 06 10:00 PM

This is what HijackThis.de has analyzed on your log

http://www.hijackthis.de/logfiles/2b...16d22f36d.html

Go through and look at all the Unknown and Nasty entries
Use Killbox to delete any EXE and Dlls that keep popping up
http://www.bleepingcomputer.com/files/killbox.php

**Belgarion** · 6th Oct 06 3:09 AM

Grats optimal.
Much nicer than the reformat that I also suggested

**The Collector** · 6th Oct 06 10:48 AM

Should've tried the manufacturer first before coming to us. ;p

help with startup problem thats killing me

Thread Tools

help with startup problem thats killing me

Thread Information

Users Browsing this Thread

Posting Permissions