Se.dll

I happened to notice in Trillian the UN of Se.DLL (about what?)

I did a google and saw this wasnt normal, especially since i have no idea who that user is or how he got past my whitelist on msn

Please help me rid this crap

mucho thanx!

Below is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:33:21 AM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\`Gm`ail` Notifier\gnotify.exe
C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NoteWhen\notewhen.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Siber Systems\AI RoboForm\Passcards.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Registrar Registry Manager\rr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\LOGS_HiJack_This\HijackThis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = YOU ARE BEING MONITORED BY THE HOMELAND SECURITY OF THE UNITED STATES OF AMERICA <*>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\SpoofStick\ie\SpoofStickBHO.dll
O2 - BHO: (no name) - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - (no file)
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\SpoofStick\ie\SpoofStick.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\`Gm`ail` Notifier\gnotify.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: NoteWhen.lnk = C:\Program Files\NoteWhen\notewhen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth_Software_WIDCOMM\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth_Software_WIDCOMM\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth_Software_WIDCOMM\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1119255832296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1119255806625
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BBA00EB-25AB-4AB7-B8A1-C05FA9EEBE4A}: NameServer = 12.127.16.68,12.127.17.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BBA00EB-25AB-4AB7-B8A1-C05FA9EEBE4A}: NameServer = 12.127.16.68,12.127.17.72
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Labs\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth_Software_WIDCOMM\bin\btwdins.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\ProgramChecker\sassvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Hello BubbaC and welcome to the BC HijackThis forum. The only thing I see that looks suspicious is the NOTEPAD.EXE files running in the system32 folder. This is not the normal folder for that program. Let's get this file checked out at Jotti's and see what they find.

We need to make sure all hidden files are showing so please:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide file extensions for known types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:

C:\WINDOWS\system32\NOTEPAD.EXE

Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Cheers.

OT

BleepingComputer.com: Se.dll

Forum Guidelines

Se.dll se.DLL INFECTION ? (ALSO SHOWS IN MSN MESSENGER)

#1 BubbaC

#2 OldTimer

Share this topic:

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats