hi,

I've got spyware blaster, spybot S&D and spywareblaster. HOwever when I run trend micro house call. I find out that I have ADW_SE malware. how do I remove it.

here's my hijack this report follow by panda report. Kaspersky report doesn't report any malware found.


nick

************ HIJACKTHIS **************
Logfile of HijackThis v1.99.1
Scan saved at 22:54:35, on 06/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\USB MEMORY BAR\diskicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SSC Service Utility\ssc_serv.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=127.0.0.1:8118;https=127.0.0.1:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O15 "D-Link LPT port" /M "Stylus C65"
O4 - HKLM\..\Run: [DiskIcon] C:\Program Files\USB MEMORY BAR\diskicon.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P32 "EPSON Stylus C65 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /M "Stylus C65" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WL630USB Wireless B+G Utility.lnk = C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.sg/support/OnlineDiagnosis/selftest/Prg/ESTPTest.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe




************** PANDA SCAN ***************************


Incident Status Location

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tt\Cookies\tt@112.2o7[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\tt\Cookies\tt@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tt\Cookies\tt@ath.belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\tt\Cookies\tt@c.fsx[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\tt\Cookies\tt@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\tt\Cookies\tt@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\tt\Cookies\tt@ct.360i[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\tt\Cookies\tt@gamearena.com[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\tt\Cookies\tt@gostats[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\tt\Cookies\tt@image.checkmystats.com[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\tt\Cookies\tt@kinghost[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tt\Cookies\tt@microsofteup.112.2o7[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\tt\Cookies\tt@mp3search[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\tt\Cookies\tt@searchportal.information[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\tt\Cookies\tt@webpower[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\tt\Cookies\tt@www.advnt01[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\tt\Cookies\tt@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\tt\Cookies\tt@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\tt\Cookies\tt@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\tt\Cookies\tt@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\tt\Cookies\tt@yadro[1].txt
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\tt\Local Settings\Temporary Internet Files\Content.IE5\6ZE32D2V\rmtag3[1].js
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\tt\Local Settings\Temporary Internet Files\Content.IE5\CV67HYT8\rmtag3[3].js

Hi Nick and welcome to the forum. Looks like all of that junk is cookies you are storing. Here is some information to help you clean it out and use your settings to get better control on what you are storing:

http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
IE cookies

http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Firefox cookies

Looks to me like: C:\Documents and Settings\tt\Application Data\Mozilla\Firefox\Profiles\hidfbzol.default\ <<< check the folder in red and delete any cookies in it (not the folder)
Do the same with any others until Panda is running clean. You also should delete Temporary Internet Files:
http://www.google.com/search?hl=en&rls=GGLG,GGLG:2006-16,GGLG:en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=Delete+Temporary+internet+files&spell=1

Kaspersky would probably not scan junk you are storing and your HJT log is clean.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

thanks buddy

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me, pskelley or Tashi know.