winupd.dll pops & Ad-Ware scan problems

Sounds like you may need to run this: Symantec W32.Blaster.Worm Removal Tool

You did not need to delete Yahoo Companion it is not a problem. But on the otherhand it is not a necessary program either. Did you use Yahoo Companion and Yahoo Toolbars?

Do the following in order to properly post a HijackThis log.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

From Control Panel, Add/Remove Programs look for an Uninstall for DealHelper. If found, uninstall it.

Download LSPFix from here: http://www.majorgeeks.com/download4180.html

Unzip it and run it. Check the Box labeled "I know what I'm doing" and then click on the inetadpt.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move inetadpt.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

Reboot your PC and the Delete the following file: c:\windows\system32\inetadpt.dll

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O3 - Toolbar: Search Bar - {F16E9E5F-92DD-4000-8701-FBDD48F24B86} - C:\WINDOWS\System32\iebarget.dll
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:\WINDOWS\DOWNLO~1\sbar.dll
O4 - HKLM\..\Run: [aux.exe] \\?\C:\WINDOWS\System32\aux.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [SCJQWNT] C:\WINDOWS\SCJQWNT.exe
O4 - HKLM\..\Run: [EPZKU] C:\WINDOWS\EPZKU.exe
O4 - HKLM\..\Run: [GTW] C:\WINDOWS\GTW.exe
O4 - HKLM\..\Run: [easywww] C:\WINDOWS\easywww2.exe
O4 - HKLM\..\Run: [redirect] C:\WINDOWS\redirect7.exe
O4 - HKLM\..\Run: [hoadgbw] C:\WINDOWS\kjberup.exe
O4 - HKLM\..\Run: [Shell] C:\WINDOWS\svhost.exe
O4 - HKCU\..\Run: [aux.exe] \\?\C:\WINDOWS\System32\aux.exe
O4 - HKCU\..\Run: [gBqmRVM6S] mmcicicm.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.com/bannerfarm/47041/WrapperOuter1154.EXE
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} (Search Bar) - http://www.search-bar.com/sbar.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.idatanet.com/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10e1d485f8899d9d4e06/netzip/RdxIE601.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.junglepalacecasino.com/isetup.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://a404.g.akamai.net/f/404/7210/12h/casinosoft.onisak.com/software/v7/Grand%20Online%20Casino/setup.exe
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://captaincooks.microgaming.com/captaincooks/FlashAX.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\iebarget.dll
C:\WINDOWS\Downloaded Program Files\sbar.dll <--- I'm pretty sure you will not be able to see this file, and I'll add another step later to delete it.
C:\WINDOWS\System32\aux.exe
D:\Setup.exe
C:\WINDOWS\SCJQWNT.exe
C:\WINDOWS\EPZKU.exe
C:\WINDOWS\GTW.exe
C:\WINDOWS\easywww2.exe
C:\WINDOWS\redirect7.exe
C:\WINDOWS\kjberup.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\System32\aux.exe
C:\WINDOWS\System32\mmcicicm.exe
C:\WINDOWS\System32\DLHelperEXE.exe
Now reboot in normal mode and post a new HJT log. And tell us how things are working.


Additional step to delete sbar.dll:
- Click Start, Run, and enter cmd in the box and click OK. This opens a commend prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s sbar.dll
del sbar.dll
exit

That should delete the file and then close the command prompt window.

 

You're welcome.

Your forgot to post your HJT log! You need to give the logs a different name each time of the Manage Attachments feature will not work. It will actually give you a message if you watch closely that tells you that you have already upload that file name. Even if you post in an entirely new thread, the same thing will happen.

 

Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

If you have a problem after completing the above, start your own thread for your problem. And in your thread indicate that you have run ALL the steps of the READ ME FIRST and clearly state the problems you are having.