Jump to content


se.dll :(

Started by gainward3, Jun 13 2005 07:42 AM

  • You cannot reply to this topic
4 replies to this topic

#1 OFFLINE   gainward3

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 13 June 2005 - 07:42 AM

Hi.


I've got a pain in the ass virus/spyware, called, SE.dll

Right, it only annoys me when IE starts, and yes, I know what your thinking "don't use IE" but I'm not, thing is, IE opens itself, it dosnt open like, A window.. but, at one point, I'll get a message going "Cannot open/run se.dll cause the file is damaged" (It's in TEMP btw).

So I go on taskmanager, and I see that, IE is running, I close it, I go to the temp folder, I scan it, Its a Virus, I remove it, I Empty the paper bin (habbit), then, 15-20 seconds later, "DUN", Cannot run se.dll" So I do the whole process over again.

Now, I've used, AD-Aware, and CrapCleaner, to remove most of whats on the computer of spyware and trash, but, SE.DLL is still there, poking me when I least expect it!

And also, I'm not so Literate about Removing Spyware, so if the answer is gonna be like "go in the regestry and remove bla bla" then :( It's not gonna help me :(.

Right, Hope This information was good enough, and I hope I get some answers that can finally solve this damn thing.

Mike.

#2 OFFLINE   TwistedMetal

    Forum Moderator

  • Moderators
  • 1,537 posts
  • Gender:Male
  • Location:Glendale, AZ
  • Interests:CCleaner, Computers, and Movies

Posted 13 June 2005 - 08:20 AM

Download HiJackThis. Scan, then Save Log. Copy and Paste the log so we can all see it.
Your Friendly Neighborhood Piriform Forum Moderator
Quick Links: Forum Rules

#3 OFFLINE   gainward3

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 13 June 2005 - 12:50 PM

TwistedMetal, on Jun 13 2005, 08:20 AM, said:

Download HiJackThis. Scan, then Save Log. Copy and Paste the log so we can all see it.

<{POST_SNAPBACK}>



Logfile of HijackThis v1.99.1
Scan saved at 14:48:54, on 13.06.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\EA GAMES\Battlefield 2 Demo\BF2.exe
C:\WINDOWS\system32\mspaint.exe
C:\Programfiler\CCleaner\CCleaner.exe
C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Mike\Lokale innstillinger\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Mike\LOKALE~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Mike\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programfiler\SurfSideKick 3\SskBho.dll
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Programfiler\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing)
O2 - BHO: C:\WINDOWS\lbbho.dll - {3049FD98-FF07-4000-8146-6E865CA900AE} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {4E614AEA-FB90-4045-9B12-67B8EA1F467C} - C:\WINDOWS\System32\hopa.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Programfiler\iMeshBar\bar\2.bin\IMESHBAR.DLL
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Programfiler\iMeshBar\bar\2.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVR SchSvr] C:\Programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programfiler\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programfiler\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [uch] C:\WINDOWS\System32\uch.exe
O4 - HKLM\..\Run: [SIE2004] "C:\Programfiler\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programfiler\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Blokk alle bildene fra samme server - C:\Programfiler\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Legg til AD Black Listen - C:\Programfiler\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Marker - C:\Programfiler\Avant Browser\Highlight.htm
O8 - Extra context menu item: Søk - C:\Programfiler\Avant Browser\Search.htm
O8 - Extra context menu item: Åpne alle linker på denne siden... - C:\Programfiler\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programfiler\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programfiler\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearch...lbar30/hsrb.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Filter: text/html - {84E6E939-71F0-444A-95F6-6A088D7C6BDE} - C:\WINDOWS\System32\hopa.dll
O18 - Filter: text/plain - {84E6E939-71F0-444A-95F6-6A088D7C6BDE} - C:\WINDOWS\System32\hopa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

That's all

#4 OFFLINE   USSR

    Member

  • Members
  • PipPip
  • 18 posts
  • Location:Kolding, Denmark

Posted 13 June 2005 - 01:19 PM

Do you use any anti spyware/adware software?

Se.dll is a IE Browser Helper Object of adware SCBar/SearchExe variant. It adds a toolbar to Internet Explorer and generates popup ads while online.

If you download Microsoft AntiSpyware:
http://www.microsoft.com/downloads/details...&displaylang=en

Or Ad-aware:
ftp://ftp.download.c...wsepersonal.exe

I'm sure that they will find the threats, and safely delete it. :)

If not, write back. :)

#5 OFFLINE   Tarun

    Lunarian

  • Banned
  • PipPipPipPipPip
  • 3,071 posts

Posted 13 June 2005 - 02:01 PM

What you guys are trying to do is well and good and all that, but please... Leave it to the experts! You're only making more work for the users having problems.



Gainward3, what you have is CoolWebSearch. It's very bad adware/spyware. Some virus scanners mark it as a trojan because it downloads the things it needs into your computer and runs them.

First, download this Anti Malware Package, it contains everything you need to effectively clean your computer.

Next, refer to this PC Maintenance website, as it will tell you the settings you need and everything to effectively clean your computer. Then you can post your HijackThis log here.
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell