Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

se.dll


  • Please log in to reply
6 replies to this topic

#1 billhunsaker

billhunsaker

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 February 2005 - 08:20 PM

Sorry...wrong forum... posted properly on hijackedthis forum.

I have read through several different posts on getting rid of aboutblank and se.dll hijacker, but to no avail. After installing spybot, I can at least keep aboutblank from taking over the startup page, but the popups from se.dll never stop. I have tried to unregister the dll but it gets caught up in an error message. Below is my log from hijackthis. Your help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 오전 10:12:43, on 2005-02-21
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHNLAB\SMART UPDATE UTILITY\AHNSD.EXE
C:\PROGRAM FILES\INKLINE GLOBAL\PC BOOSTER\PCBOOSTER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\INCITERINSTALLER\ICAGENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\HPJETDSC.EXE
C:\PROGRAM FILES\POPUP GUARD\PG.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\AHNLAB\V3\V3P3AT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SOFTFORUM\XECUREWEB\ACTIVEX\CLIENTSM.EXE
C:\PROGRAM FILES\AHNLAB\V3\MONSYS32.EXE
C:\PROGRAM FILES\AHNLAB\V3\MONSYSNT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS1\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: CIEIntegrator Object - {562C1A20-72E7-4ED8-A26D-0DC57415FE92} - C:\PROGRAM FILES\POPUP GUARD\PGI.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\PROGRAM FILES\AHNLAB\V3\V3BAR.DLL
O3 - Toolbar: 라디오(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [레지스트리 검사] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Inciter Inspector] C:\WINDOWS\INCITERINSTALLER\ICAGENT.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [Vantage Popup Guard] C:\Program Files\Popup Guard\PG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\RunServices: [Vantage Popup Guard] C:\Program Files\Popup Guard\PG.exe
O4 - HKCU\..\RunServices: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040708.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://portal.korea.ac.kr/XecureObject/xw_install.cab
O16 - DPF: {EBB9A178-05D2-4DBD-A255-45B9A7EC9F7E} (IdiskLauncher Control) - http://idisk.korea.ac.kr/app/IdiskUpdate.cab
O16 - DPF: {124968E3-A145-40C7-8912-5432EB4908BC} (Project1.LocalExecute) - http://portal.korea.ac.kr/Download/kupid/Project1.CAB
O16 - DPF: {976B9142-EA25-4143-85BD-6E1D544D8AA8} (ChangjoEditor.WebEditor) - http://mail.korea.ac.kr:2001/webeditor/WebEditor.cab
O16 - DPF: {45FC3433-CC83-4D62-991A-BAE9F68EF710} (CrinityUpload Class) - http://mail.korea.ac.kr:2001/activex/CrinityUpload.cab
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://intranet.korea.ac.kr:8001/allgenact...tiv_3_3_0_3.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan.com/bank/etc/TrustSit...oTrustSiteX.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://image.shinhan.com/initech/plugin/ve...INIplugin40.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://image.shinhan.com/bank/etc/keyStrok.../4043/SCSK4.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {1514EB38-3F47-4DB9-B295-21209446CC1A} (SecureSession Class) - http://www.samsunglife.com/cab/SecuiBohumIE.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plu...yfirewall20.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13b97ed345e403...RdxIE601_ko.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackorea.net/update/ilkactx.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {21463B59-2B2E-4BC6-8F2F-A8D80E6B628D} (WebEditorParser.WEParser) - http://intranet.korea.ac.kr:8002/webeditor/WEViewer.cab
O16 - DPF: {8AE03B06-5BDA-44AA-B4AD-72BB01597451} (DaumQLauncher Control) - http://appupdate.popfolder.co.kr/download/DaumQ/DaumQAx.cab
O16 - DPF: {61823E19-C838-4A32-ADDB-950B590BE069} (AxOrgTree Control) - http://groupware.korea.ac.kr/AXOrgTree.cab
O16 - DPF: {C6B89053-6E47-41DB-91A8-EDFE12B56EAF} (AXFileUp Control) - http://groupware.korea.ac.kr/AXFileUp.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {DA33B535-768B-4A72-BEDE-82DA7D5094FA} (InciterX Control) - http://163.152.7.107/InciterX.cab
O16 - DPF: {83896843-E656-4DE7-96BD-88E2885B555D} (yessignSM ActiveX Control) - http://trusbill.korea.ac.kr/files/yessignSM.cab
O16 - DPF: {57FA6402-0B12-448F-A58C-6E8AF6921A12} (ListCtrl Class) - http://intranet.korea.ac.kr:8002/crinity/C...tyDocUpload.cab
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} (ExpressViewer Class) - http://download.softforum.co.kr/XecureExpr...xei_install.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn.com/contents/trustnet...oolkitForIE.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn.com/skcab/SKCommAX.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn.com/contents/kdefense...01/kdfense7.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = korea.ac.kr
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 163.152.1.1,163.152.11.6

Edited by billhunsaker, 20 February 2005 - 08:49 PM.


BC AdBot (Login to Remove)

 


m

#2 Guest_screwworm_*

Guest_screwworm_*

  • Guests
  • OFFLINE
  •  

Posted 21 February 2005 - 03:02 AM

I tried several different ones that didnt do the job. But when I ran "adware away.com" that one did get rid on all such critters....and its FREE.

#3 sam23

sam23

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Location:Queensland

Posted 25 February 2005 - 08:38 AM

screwworm, when i tried to use Adware away it had an error during installation, any idia why?
It said there was a missing dll file, dont supose anyone out there knows how to get it back or soething.
Samuel O'Donnell

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:24 AM

Posted 25 February 2005 - 12:14 PM

Hi sam23

Can you give us a more specific response as to the dll file that you are missing? This will happen occasionally when trying to install or run new software. If you can recreate the error and get the name of the dll perhaps you can download it from dll-files.com.

Symantec (Norton) has a page detailing manual removal of the se.dll at this page. They are calling the infection Adware.WebBar.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 ckperry

ckperry

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 01 March 2005 - 08:33 PM

I've been trying for hours and hours to rid about:blank from a local museum's Win 98 desktop and tried "adware away" also and got the same missing .dll file message also. Unfortunately I'm pretty far away from the machine right now and don't remember the whole filename. I sure would prefer this way than regedit :thumbsup:

#6 ckperry

ckperry

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 01 March 2005 - 08:37 PM

Whoops on my previous post. :thumbsup: The missing dll file message occurs during the installation of adware away and the program never installs....

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:24 AM

Posted 01 March 2005 - 08:54 PM

If you do go to dll.com be careful what you download. If you want to be sure you can post here for more info.

I recently downloaded the wrong .dll file and turned my computer into a swedish one. :thumbsup:

Posted Image

Shot myself in the foot on that one.

What is the exact error and name of .dll?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users