MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: se.dll problem
August 19, 2019, 06:04:44 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 19, 2019, 06:04:44 AM

Login with username, password and session length
 
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: se.dll problem  (Read 2475 times)
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: March 07, 2005, 07:43:18 PM »

Hello -
I know there are a lot of posts regarding se.dll. I need help as well. I try to remove the file and associated registry entries by running ad-aware, spybot, hijack this etc. However nothing permanently solves the problem. I can remove all of the symptoms but not the source of the problem. Please Help.

Joe




PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: win98
Problem Application Name & Version: se.dll
Problem Hardware Make & Model:
Error Messages:



Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: March 08, 2005, 03:31:07 AM »

Hi joechris .. Smiley

Post your HJT logfile here in your Thread .. Wink

Download Hijackthis Ver. 1.99.1
---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #2 on: March 08, 2005, 03:35:35 AM »

Here is the log file from HJT

Logfile of HijackThis v1.99.1
Scan saved at 9:27:13 PM, on 3/7/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\3dmoused.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\PC CLEANUP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {395828DB-8F43-11D9-9733-A0F1C0D3D6FC} - C:\WINDOWS\SYSTEM\DMJM.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE /NOSPLASH
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\RunServices: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.micorp.com/iNotes.cab
O18 - Filter: text/html - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL
O18 - Filter: text/plain - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL


quote:
Originally posted by Cactus

Hi joechris .. Smiley

Post your HJT logfile here in your Thread .. Wink

Download Hijackthis Ver. 1.99.1
---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Cactus  
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: March 08, 2005, 04:04:16 AM »

Let's open a command prompt (Goto Start>All Programs>MS-DOS Prompt) and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u se.dll    <<< INCLUDING THE SPACE -- HIT ENTER
regsvr32 /u DMJM.DLL  <<< INCLUDING THE SPACE -- HIT ENTER



It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.


Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

PowerReg Scheduler.exe
Scheduler.exe
wizard.exe
EXEC.EXE

Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {395828DB-8F43-11D9-9733-A0F1C0D3D6FC} - C:\WINDOWS\SYSTEM\DMJM.DLL

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstallO4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe

O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun

O4 - HKCU\..\RunServices: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: PowerReg Scheduler.exe

O18 - Filter: text/html - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL
O18 - Filter: text/plain - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL


Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


NETZERO

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\WINDOWS\SYSTEM\DMJM.DLL
c:\windows\TEMP\se.dll
c:\windows\SYSTEM\wizard.exe
C:\PROGRAM FILES\NETZERO\EXEC.EXE  

Now, empty all your TEMP Folders / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.



Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #4 on: March 08, 2005, 04:22:15 AM »

Cactus -

I could not get the dos command to run  Bad command or file name.

I am running Win98

Also if I remove Exec.exe from Netzero, I will not be able to get ton the iinternet.

Joe???

quote:
Originally posted by Cactus

Let's open a command prompt (Goto Start>All Programs>MS-DOS Prompt) and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u se.dll    <<< INCLUDING THE SPACE -- HIT ENTER
regsvr32 /u DMJM.DLL  <<< INCLUDING THE SPACE -- HIT ENTER



It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.


Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

PowerReg Scheduler.exe
Scheduler.exe
wizard.exe
EXEC.EXE

Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {395828DB-8F43-11D9-9733-A0F1C0D3D6FC} - C:\WINDOWS\SYSTEM\DMJM.DLL

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstallO4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe

O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun

O4 - HKCU\..\RunServices: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: PowerReg Scheduler.exe

O18 - Filter: text/html - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL
O18 - Filter: text/plain - {395828DA-8F43-11D9-9733-A0F1AF9F7367} - C:\WINDOWS\SYSTEM\DMJM.DLL


Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


NETZERO

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\WINDOWS\SYSTEM\DMJM.DLL
c:\windows\TEMP\se.dll
c:\windows\SYSTEM\wizard.exe
C:\PROGRAM FILES\NETZERO\EXEC.EXE  

Now, empty all your TEMP Folders / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.



Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.

Cactus  
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: March 08, 2005, 04:38:10 AM »

Well this is a  good COMMAND >>> regsvr32 /u ..nothing bad
about it.
As long as you typed what I did no reason why it wouldn't work.

And if NETZERO is your ISP .. then leave it.

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #6 on: March 08, 2005, 04:45:57 AM »

I was just reminded by Jee that you can also Goto Start->Run, type command (Enter).

Thx Jee .. Wink

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #7 on: March 08, 2005, 05:36:19 AM »

Cactus -

I removed the dlls in safe mode, and cleared out the temp folders.

My start page is good for now.

Here is my HJT log.

Thanks
Joe

Logfile of HijackThis v1.99.1
Scan saved at 11:17:03 PM, on 3/7/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\3dmoused.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\DESKTOP\PC CLEANUP\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE /NOSPLASH
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.micorp.com/iNotes.cab

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: March 08, 2005, 07:04:02 AM »

Your logfile looks clean .. Grin


Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #9 on: March 09, 2005, 12:31:53 AM »

It's baaa-aaacckkkk!  The SE.DLL is back.  IE worked ok last night, but this morning it came back.  Did I get it again or did I not get rid of it totally?

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:29 PM, on 3/8/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\3dmoused.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\PC CLEANUP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {123F8B8C-8F6A-11D9-9733-2035E25886AE} - C:\WINDOWS\SYSTEM\IMHIBOB.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE /NOSPLASH
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\PROGRAM FILES\NETZERO\EXEC.EXE regrun
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.micorp.com/iNotes.cab
O18 - Filter: text/html - {74CE7107-8FD6-11D9-9733-2039AE3CA78C} - C:\WINDOWS\SYSTEM\IMHIBOB.DLL
O18 - Filter: text/plain - {74CE7107-8FD6-11D9-9733-2039AE3CA78C} - C:\WINDOWS\SYSTEM\IMHIBOB.DLL

Thanks
Joe
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #10 on: March 09, 2005, 02:07:17 AM »

It's back because you did not follow the directions I gave...did you UN-REGISTER the DLL files like I explained?

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
joechris
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #11 on: March 09, 2005, 03:19:09 AM »

Cactus -

I was able to unregister Imhibob.dll.  I'm still having trouble with se.dll.  I get a message that says that the dll was loaded, but entry point was not found.  Consider using pview to detect and remove it.  Do you know what that is?  I'm going to reboot and try again.

Joe
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #12 on: March 09, 2005, 03:24:26 AM »

How are you un-registering the DLL's?

Do it like this:

Goto Start->Run, type command then hit Enter.

regsvr32 /u se.dll
regsvr32 /u IMHIBOB.DLL

One at a time...

Then run HJT and remove those entries

Then go DELETE those files

Cactus  
« Last Edit: March 09, 2005, 03:25:34 AM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 22, 2018, 01:22:38 PM