How do I get rid of ADW_SE. Spyware/Malware?

Try running TrendMicro after booting in safe mode. If that does not help, attach a log from TrendMicro that shows exactly what and where they are finding the problems.

 

Okay! But you did not attach the requested log!

I think you should work thru the below.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Your HJT log shows no problems!

Attach a log from a Trend Micro scan that provides more useful information. What you are giving me is not useful. I need to know what it is find and where it is finding it. What file names and in what folders.

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there.

Note: They must be in the same directory for the scan to work properly!

Sysclean Package

Pattern.zip

After you download the above the above, locate the file "lpt325.zip", right click to extract the contents into the same directory you created!

Once you complete the steps above, REBOOT INTO SAFE MODE!

Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach the Trend SysClean Log.

 

That error means that you did not extract the pattern file from the ZIP file you downloaded. As I indicated you must extract the pattern file from the ZIP and it MUST be in the same folder as sysclean.com

A new pattern file has come out. Download the below file and then MAKE SURE to extract the pattern file into the proper folder. If you still get the error message, you did not do it properly.

Trend Micro Pattern File for Windows 3.327.00

Looks like you hand typed the detections from the Online scan. I think you have a bunch of mistakes and inconsistencies in what you reported. These are mostly registry keys and you must get the exact info or it cannot be fixed.

 

You still are not saving the info correctly. I would suspect that all of those CLSID numbers should be the same. A CLSID is this ===> {232CF401-90A9-11D4-9421-005004AD29B2}



Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Did you ever install or do you have installed the below:
http://www.tucows.com/preview/196120

 

Download, install, and run: Erunt to make a backup. Let me know when you have it installed and have made a backup of your registry. Then I will make a registry patch for you to run to remove those registry keys.

 

Alright below is the patch but you must realize something that I kept questioning about the results you were giving me. I kept stating the results do for what Trend Micro is reporting look incorrect because you were hand typing them and that I believe you were not typing all of them up correctly. So the patch below is only based upon what you gave me. If you gave me the wrong info, then the patch will not work. And I still feel what you gave me was not correct because the CLSID was not consistent.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

Try this again! I'm not sure what the Softwrap one is not going away. It could be that you do not own that registry key (this means you do not have permission to do anything with it even if you are the Administrator of the PC).

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

Yes! I fixed it now! Sorry about that.

If you still have items detected, make sure that you are giving me the EXACT info being found. There has to be a way to save a log or to just copy and paste the info to a text file in notepad.

 

Download and install Registrar Lite make sure to download it from one of the Majorgeeks links and not the Author site.

Copy and paste the below into the Address box of registrar lit and hit the Enter key.

HKEY_CURRENT_USER\S-1-5-21-3570486074-772453757-3757357657-1006\Software

Then click the Security pull down on the top menu and choose Take Ownership. Click OK in the next window to approve it.

Now copy and paste the below into the Address box of Registrar Lite and hit the Enter key.

HKEY_CURRENT_USER\S-1-5-21-3570486074-772453757-3757357657-1006\Software\Softwrap

Now right click on the above key and select delete.

Now exit Registrar Lite

Is it gone now? Did you get any error messages while doing any of the above?

 

You need to find this key:

HKEY_CURRENT_USER\S-1-5-21-3570486074-772453757-3757357657-1006\Software\Softwrap


and right click on it which will present options to you. One of the options is Delete which is what we want to do.

 

Are you sure that the below is 100% correct?

HKCU\S-1-5-21-3570486074-772453757-3757357657-1006\Software\Softwrap

 

Download the Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

Softwrap

Press 'OK'

The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread. If it is very long, an attachment would be better.

 

This cannot be correct!

First, that type or registry key (the S-1-5-21......) never is seen under HKCU (which is HKEY_CURRENT_USER). It would only be found under HKEY_USERS.

Second RegSrch is not finding it so I doubt that it exists.

Did you actually see this registry key when you ran the steps I gave you using Registrar Lite? If so, export just that registry key to a file and then put it in a ZIP file and upload it. Here!

However, note I believe you we are wasting a load of time on a non-issue!!

 

So as I said from the very beginning, you were giving me the wrong information. Now that you have the correct information. Use what I gave you with Registrar Lite, but delete this key:
HKEY_USERS\S-1-5-21-3570486074-772453757-3757357657-1006\Software\Softwrap

 

All you need to delete is the highest level key which is:

HKEY_USERS\S-1-5-21-3570486074-772453757-3757357657-1006\Software\Softwrap

Deleting it will delete everything under it.

 

You're welcome. In addition to the System Restore toggle, you should work thru the below link:

How to Protect yourself from malware!