Author Topic: se.dll/about:blank problems every day (Read 7845 times)

Wenis · « **on:** March 10, 2005, 12:36:04 AM »

there

I know that there've been alot of se.dll/about:blank threads made here, but after reading them and trying as hard as I can with my own resources I'm feeling drained here. I had problems with the hidden dll about:blank trojan or whatever it is in the past, but fixed them and they never resurfaced. Now, however, I'm having the same problems again literally every single day. Every day I delete se.dll, the registry keys involved with it, delete the hidden dll in safe mode, run HJT, fix suspected problems, run adaware se, run spybot, run cwsshredder, and google for help. Still, every day, se.dll regenerates, the hidden dll regenerates, my homepage gets changed, and I get frequent popups.

It even happens on days when I haven't used the computer all day. I think I've typed enough here sorry to have you read so much but I'm feelin a little desperate.

Heres my log:
(id like to note that i dont have that many IE windows open, it just says in my task manager iexplore a whole bunch of times for some reason)

Logfile of HijackThis v1.99.1
Scan saved at 11:35:20 PM, on 3/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {D5285017-90A6-11D9-AB74-000CB62B573F} - C:\WINDOWS\SYSTEM\BEEN.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AlogServEXE] C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\3rd Works\4DMAIN.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs3.chat.yahoo.com/v/yacscom.cab
O16 - DPF: Yahoo! Chat (Voice) - http://cs3.chat.yahoo.com/cv/chat.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O18 - Filter: text/html - {0E8DCE00-90F2-11D9-AB74-000CDA16F9C4} - C:\WINDOWS\SYSTEM\BEEN.DLL
O18 - Filter: text/plain - {0E8DCE00-90F2-11D9-AB74-000CDA16F9C4} - C:\WINDOWS\SYSTEM\BEEN.DLL

Thanks in advance

Guest · « **Reply #1 on:** March 10, 2005, 12:38:27 AM »

sorry to double post, but I forgot to mention that on occasion, I'll open IE and it will be a different homepage, or while surfing instead of going to the page I wanted to go to it will go to something entirely different. Immediately following the last time this happened about ten minutes ago I got the messages from my spywareguard about my homepage being changed and all other sorts of things about about:blank.

guestolo · « **Reply #2 on:** March 10, 2005, 01:32:15 AM »

Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log

Also, Download STARTDRECK

Unzip it to it's own folder

run StartDreck.exe:

Hit: -config
Hit: -Unmark all

Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log

Also post back a fresh Hijackthis log afterwards

Guest · « **Reply #3 on:** March 11, 2005, 02:36:57 AM »

Thanks for the fast reply, guestolo

Sorry to take so long but I found a program called about:buster and decided to wait a while after trying it before posting or deciding my problem was handled. All went well for a while, but once again, it's back.

Heres the DLLcompare log:

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,049 items found: 1,049 files, 0 directories.
Total of file sizes: 201,204,365 bytes 191.88 M

--------------------End log---------------------

Interesting...

Heres the Startdreck log:

StartDreck (build 2.1.7 public stable) - 2005-03-11 @ 01:24:29 (GMT -06:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 5.50.4134.0600
Logged in as joe at Z5M0J1

»Registry
»Run Keys
»Current User
»Run
*PopUpStopperFreeEdition="C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
»RunOnce
»Default User
»Run
*Desktop Architect="C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.ExE
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*AlogServEXE=C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
*AvconsoleEXE=C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize
*WheelMouse=C:\Program Files\3rd Works\4DMAIN.EXE -startup
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
*EnsoniqMixer=starter.exe
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*hppwrsav=C:\SCANJET\PrecisionScanLT\hppwrsav.exe
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
»RunServicesOnce
**pd=rundll32 C:\WINDOWS\JOE0G1.ACL,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*SpywareGuardDLBLOCK.CBrowserHelper/{4A368E80-174F-4872-96B5-0B27DDD11DB2}
`InprocServer32=C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
*{683F2E67-91CB-11D9-AB74-000C32D08926}
`InprocServer32=C:\WINDOWS\SYSTEM\CMPA.DLL
»Files
»System/Drivers
»Running Processes
+FF8F13E1=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF29D1=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF5441=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF7E7D=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFF7BDD=C:\WINDOWS\RUNDLL32.EXE
+FFFEC2D9=C:\WINDOWS\EXPLORER.EXE
+FFFD8AD9=C:\WINDOWS\TASKMON.EXE
+FFFDB4A1=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD1331=C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
+FFFD6F55=C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
+FFFD68D9=C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
+FFFC0FA5=C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
+FFFC03F5=C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
+FFFCD4E9=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFC6DD5=C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
+FFFEB82D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFFB7ABD=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFFB776D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF98CC5=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFFB713D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF89B75=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF8B01D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF91C25=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF9BA11=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF9E349=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFFB059D=C:\PROGRAM FILES\VALVE\STEAM\STEAM.EXE
+FFF7006D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF58CA9=C:\WINDOWS\RUNDLL32.EXE
+FFF67B19=C:\WINDOWS\PROFILES\JOE\DESKTOP\DLLCOMPARE.EXE
+FFF7E1C9=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFFB3B5D=C:\ABOUTBUSTER\ABOUTBUSTER\ABOUTBUSTER.EXE
+FFF67779=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF76621=C:\ABOUTBUSTER\STARTDRECK\STARTDRECK.EXE
»Application specific

Id like to point out once more that I dont have that many IE windows open. Also I noticed the file JOE0G1.ACL. That seemed to kind of appear around the same time as these problems, and a google search reveals no matches. Think maybe it has something to do with this?

Heres the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 1:31:48 AM, on 3/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\VALVE\STEAM\STEAM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = society.com/]http://www.the[censored]society.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {683F2E67-91CB-11D9-AB74-000C32D08926} - C:\WINDOWS\SYSTEM\CMPA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AlogServEXE] C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\3rd Works\4DMAIN.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AirPlus.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs3.chat.yahoo.com/v/yacscom.cab
O16 - DPF: Yahoo! Chat (Voice) - http://cs3.chat.yahoo.com/cv/chat.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O18 - Filter: text/html - {683F2E66-91CB-11D9-AB74-000C5D9C2CBD} - C:\WINDOWS\SYSTEM\CMPA.DLL
O18 - Filter: text/plain - {683F2E66-91CB-11D9-AB74-000C5D9C2CBD} - C:\WINDOWS\SYSTEM\CMPA.DLL

Thanks

guestolo · « **Reply #4 on:** March 12, 2005, 04:43:38 PM »

Very sorry for the delay

May I get you too post a fresh Hijackthis log, and then we'll try some fixes on your computer, thanks

Lou Caraballo · « **Reply #5 on:** March 13, 2005, 01:45:27 AM »

I think I've found the solution to this nagging problem. This was after much study and realizing that this thing was embedding itself deeper than the registry... no Spy Checker, or Hijacker... can solve this, only brute force... similar to the brute way this thing inserted itself to begin with..

The "se.dll" problem is embbeded deeper in the startup of Windows. The culprit is a 'window hook' called "won.---" located in the Windows/ directory. Use Dr. Watson to verify this. This hook intercepts all window activity and periodically recreates the temp/se.dll pest that's been bothering everone in the internet these days, if it is missing or has been deliberately corrupted, which in turn creates the random message generator located in the /system directory and loaded as a Browser Helper Object. This nasty hook also modifies the Registry with the home page and BHO overwrites. I received this pest ungloriously while I was surging a 'porn site' and didn't have my security level set appropriately...

Booting Windows to "Safe" mode does not work, because this ugly critter loads with the Basic load, before loading the registry.

To remove, you have to DOS boot (or create a "Startup Disk" from the "add/Remove Programs" utility). Re-Boot without starting windows, delete or rename "Windows/won.---". Remove DOS boot diskette, Reboot to windows. You will receive a RunDLL error (saying it cannot find "won.---" on the first boot, but after it will go away after further reboots. Any further problems with SE.DLL should go away and your interaction with windows should be faster since your keystrokes are no longer intercepted by "won.---".

Hope that helps!

-- L

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

guestolo · « **Reply #6 on:** March 13, 2005, 01:53:46 AM »

That method somewhat works for some systems

If you rename the Windows key too NotWindows
delete the value in Appint_dll
and then Rename back to Windows
you may leave your system unsecure

It's better to export the key first
Rename the Windows key
remove the value
Rename the NotWindows back to Windows
Delete the hidden file
Import the reg file
Delete the value again
This will keep your Windows key secure

Not sure if you noticed but Startdreck has shown the installer
RunServicesOnce
**pd=rundll32 C:\WINDOWS\JOE0G1.ACL,DllGetClassObject
The bolded entry to the hidden file will change on every log

Because this is Windows 98, no reason to use your method
We can boot to DOS and strip the attributes of that file and delete it
Do some other registry cleaning and some final cleaning with Hijackthis

guestolo · « **Reply #7 on:** March 13, 2005, 03:40:57 AM »

Locking this topic as the original poster has posted a hijackthis log in different forums
on the web

All others please start your own topic

TheTechGuide Forum

News:

Author Topic: se.dll/about:blank problems every day (Read 7845 times)

Wenis

se.dll/about:blank problems every day

Guest

se.dll/about:blank problems every day

guestolo

se.dll/about:blank problems every day

Guest

se.dll/about:blank problems every day

guestolo

se.dll/about:blank problems every day

Lou Caraballo

se.dll/about:blank problems every day

guestolo

se.dll/about:blank problems every day

guestolo

se.dll/about:blank problems every day