Problems with Freedom antivirus and firewall program.

My PC is at 100% pc usage when i have Freedom Telus Security Anti-Virus running from Zero Knowlegde.

Can anyone help? Attatched is my HijackThis.

Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 7:52:38 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Ed\LOCALS~1\Temp\Temporary Directory 1 for hjt.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\TELUS Security service\FreeBHOR.dll
O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O4 - HKLM\..\Run: [Windows Compliant] rqosdl.exe
O4 - HKLM\..\Run: [Microsoft Windows Securety] wurguar.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [tacnlxtoai] C:\WINDOWS\system32\kirekq.exe
O4 - HKLM\..\Run: [TELUS Security service] C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Compliant] rqosdl.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Securety] wurguar.exe
O4 - HKCU\..\Run: [Windows Compliant] rqosdl.exe
O4 - HKCU\..\Run: [Microsoft Windows Securety] wurguar.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Homepage Protector (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - http://www.homepageprotector.com/data/homeproinstall.cab
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - http://pib.wooribank.com/com/common/SessionControl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097802872985
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.com/Published/XecureWeb/v5.4.1.0/xw_install.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

You only posted this log yesterday. Please give people more time to respond before reposting.

Hi JAlexanderW,

Please update HijackThis, you are using an outdated version:

Open HijackThis, click Config > Misc Tools > Check for Update online

Or download a copy of version 1.98.2 at:

http://www.majorgeeks.com/download3155.html

Please install HijackThis to a permanent folder such as C:\HJT It is important that it is in it's own folder as it will make important backups of what we will fix.

Post a fresh log with this new version.

Tom

Logfile of HijackThis v1.98.2
Scan saved at 4:39:28 PM, on 11/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\TELUS Security service\pkR.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\TELUS Security service\FreeBHOR.dll
O4 - HKLM\..\Run: [Windows Compliant] rqosdl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TELUS Security service] C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
O4 - HKLM\..\RunServices: [Windows Compliant] rqosdl.exe
O4 - HKCU\..\Run: [Windows Compliant] rqosdl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {2A6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - http://www.homepageprotector.com/data/homeproinstall.cab
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - http://pib.wooribank.com/com/common/SessionControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097802872985
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.com/Published/XecureWeb/v5.4.1.0/xw_install.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworld.nate.com/ImageUpload/CyImageUpload.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab

Threads merged. Please reply to your existing thread rather than creating a new one.

Regarding Freedom antivirus and firewall program: It seems the program(s) do not mix well with other forms of antispyware protection. It also sounds quite pricey. Read this thread:

http://www.wilderssecurity.com/archive/index.php/t-3072.html

I think you would do well with one of the free antivirus programs like AVG along with Zone Alarm. Keep in mind that AVG6 will no longer be supported as of December. AVG7 Free edition should be out any day.

On to the fix...

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Download Ad-Aware SE Personal Edition from:

http://www.lavasoft.de/support/download/

Run Adaware, click the "Check for Updates now" link. Install the latest reference file, then close it.Do not scan and fix anything yet, just update it.

Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode.

Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.searchmiracle.com/
O4 - HKLM\..\Run: [Windows Compliant] rqosdl.exe
O4 - HKLM\..\RunServices: [Windows Compliant] rqosdl.exe
O4 - HKCU\..\Run: [Windows Compliant] rqosdl.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab

These are resource hogs that can be fixed also:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Make sure your computer is configured to show all files and folders.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck hide extensions for known file types.
Uncheck the Hide Protected Operating System Files option.
Click Yes to confirm.
Click OK.

Search for and delete the following files:

rqosdl.exe

Next....

Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following:

Temporary Internet Files
Recycle Bin
Temporary Files

Then click OK.

Empty your Recycle Bin.

Run Adaware, perform a "full system scan". Allow it to remove anything it finds.

Reboot normally.

Please post a fresh HijackThis log.

Tom