Spyware On My Computer

You should try updating SpywareBlaster again. Sometimes the server is just very busy.

Spyware Doctor will not fix anything unless you register it. You should not need it. The other tools we have should be sufficient. So you can uninstall Spyware Doctor's trial version unless you want to use just to see what it finds.

You do not need to do step 5 unless you have the "Only the Best" aka "HSA" HIJACKER .

Step 6 is going to be the next step.

You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HijackThis version 1.98.2 and follow the above directions.

 

Rosie,

1) You need to get HijackThis out of the compresses RAR file you downloaded and into its own NON-temp and NON-subfolder of C:\Documents and Settings. See the directorys I gave in my last message. This is very important. You will not get any backups the way you are running it.

2) You have said you are running Ad Ware SE but I see Ad-Aware 6 and Ad-watch on your PC. I don't believe they recommend having both of them on your PC. You are supposed to remove Ad-Aware 6 when you install SE. So do you have SE and is that what you are running. If so, why is version 6 still installed and showing as running.

3) It is not a good idea to have more than one antivirus application installed on your PC. I see both Symantec/Norton and Panda Titanium Antivirus 2004. Choose one and remove the other.

4) Goto Add/Remove Programs and uninstall the following if you find them:
- Web_Rebates (check for similar names)
- WinAd (or Winad Client)

5) Do you use Microsoft MSN toolbar? This is not a problem I'm just checking.

 

After following the steps of my previous message, do the following.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).
Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
Winad.exe
WinClt.exe

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" <--just in case still here
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe <--just in case still here
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\TD.exe (file missing)
O9 - Extra button: (no name) - {DBE2CE99-5EBA-4235-8BB7-38B5BA26630A} - (no file) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\winipsec709l.dll

Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Winad Client <--- The whole directory
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
C:\WINDOWS\System32\winipsec709l.dll <--- let me know if you have a problem finding this.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Ignore the RPC item you found, as stated in the directions you only look for that stuff if yo have the hijacker problems mentioned and you must match the service names EXACTLY.

What version of SpywareBlaster do you have?

You never answered my question earlier about why you are using Ad-Aware 6 instead of Ad-Aware SE. You need to update to the current version and get the latest reference files for it. And run a scan with it.

Let's clean up what BitDefender found. Boot in safe mode and do the following.

- click Start, Run and in the open box enter cmd and click okay. This will open a command prompt window.
- In the command prompt window enter the following lines each followed by the Enter key (don't forget the quotes where they are given):

attrib -r -h -s "C:\Program Files\Internet Explorer\koeqshup.exe"
del "C:\Program Files\Internet Explorer\koeqshup.exe"

attrib -r -h -s "C:\WINDOWS\Downloaded Program Files\70odhr0b.exe"
del "C:\WINDOWS\Downloaded Program Files\70odhr0b.exe"

attrib -r -h -s "C:\WINDOWS\Downloaded Program Files\CS3.exe"
del "C:\WINDOWS\Downloaded Program Files\CS3.exe"

attrib -r -h -s "C:\WINDOWS\system32\ATPartners.dll"
del "C:\WINDOWS\system32\ATPartners.dll"

reboot and run BitDefender again and see if we are clean now.