Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

se.dll

Started by miksve , Apr 06 2005 12:31 PM

  • This topic is locked This topic is locked

#1
miksve
Posted 06 April 2005 - 12:31 PM

miksve

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I have a problem when I am running my computer and connecting to Internet especially through Internet Explorer. I keep getting the error message can not read c:\docume~1\mikael~1\lokala~1\temp\se.dll. I have tried everything like removing internet explorer, but internet explorer seems to recreate itself... and the error message keeps coming up. Here is the log file from HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 20:25:39, on 2005-04-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\COMMON~2\QuickKaz.exe
C:\Program\Winamp\winampa.exe
C:\Program\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program\wqwvwpwq\Z0RACwxM.exe
C:\Program\QuickTime\qttask.exe
C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\wqwvwpwq\MxwCAR0Z.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\RioSoft\RioDVD\DMon.exe
C:\WINDOWS\System32\??oolsv.exe
C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program\Netscape\Netscape\Netscp.exe
C:\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MIKAEL~1\LOKALA~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\addgd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MIKAEL~1\LOKALA~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mikael Svensson\Application Data\Mozilla\Profiles\default\9nc8swst.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12ECCC1C-008B-0472-888D-2240329DFC98} - C:\WINDOWS\System32\dwiusvhe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {B51D9877-B89F-AF85-6260-D52F509B1F43} - blank (file missing)
O2 - BHO: (no name) - {FC13341D-8689-4DFE-988C-9C5B76D18C39} - C:\WINDOWS\System32\iode.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickKaz] C:\Program\COMMON~2\QuickKaz.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiscMonitor] C:\Program\RioSoft\RioDVD\DMon.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"
O4 - HKCU\..\Run: [Cekqfue] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [Poss] C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100336647890
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.c...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O18 - Filter: text/html - {E2A10FDE-D12D-40A3-9851-A27136402664} - C:\WINDOWS\System32\iode.dll
O18 - Filter: text/plain - {E2A10FDE-D12D-40A3-9851-A27136402664} - C:\WINDOWS\System32\iode.dll

If anyone can help me I would be so grateful!!!

All the best! /Mikael Svensson
  • 0

Advertisements

#2
g2i2r4
Posted 10 April 2005 - 03:14 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Mikael Svensson at Geeks to Go!

Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe

Download 'SpSeHjfix' to the desktop.
Rightclick a blank part of the desktop and select new folder, call it ‘spfix’.
Unzip the file into that folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix' and click on "Start Disinfection".
When it's finished it will reboot your computer to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers, it will say system clean and not go on to next stage.

Now run the CWShredder - Hit The FIX button!

Reboot and post a fresh log using HijackThis and the log that was created by 'SpSeHjfix'.

Edited by g2i2r4, 10 April 2005 - 03:14 PM.

  • 0

#3
miksve
Posted 22 April 2005 - 04:03 AM

miksve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi, thanks for your help. Have now completed the steps you suggested in your reply. Here are the fresh log files from Spfix abd Hijackthis:

Spfix

(4-22-05 11:52:19) Reboot


(4-22-05 11:53:25) SPSeHjFix started v1.1.2
(4-22-05 11:53:25) OS: WinXP Service Pack 1 (5.1.2600)
(4-22-05 11:53:25) Language: svenska
(4-22-05 11:53:25) Win-Path: C:\WINDOWS
(4-22-05 11:53:25) System-Path: C:\WINDOWS\System32
(4-22-05 11:53:25) Temp-Path: C:\DOCUME~1\MIKAEL~1\LOKALA~1\Temp\
(4-22-05 11:54:00) Disinfection started
(4-22-05 11:54:00) Bad-Dll(IEP): c:\docume~1\mikael~1\lokala~1\temp\se.dll
(4-22-05 11:54:00) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\iode.dll
(4-22-05 11:54:00) Searchassistant Uninstaller - Keys Deleted
(4-22-05 11:54:00) UBF: 6 - UBB: 4 - UBR: 25
(4-22-05 11:54:00) FilterKey: HKCR\text/html (deleted)
(4-22-05 11:54:00) FilterKey: HKCR\CLSID\{DD39F499-DE93-445E-9825-A900E9797D57} (deleted)
(4-22-05 11:54:00) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4-22-05 11:54:00) FilterKey: HKCR\text/plain (deleted)
(4-22-05 11:54:00) FilterKey: HKCR\CLSID\{DD39F499-DE93-445E-9825-A900E9797D57} (error while deleting)
(4-22-05 11:54:00) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4-22-05 11:54:00) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BE758DD-0D9D-42BD-A743-B284071DE850} (deleted)
(4-22-05 11:54:00) BHO-Key: HKCR\CLSID\{4BE758DD-0D9D-42BD-A743-B284071DE850} (deleted)
(4-22-05 11:54:00) UBF: 4 - UBB: 3 - UBR: 25
(4-22-05 11:54:00) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\mikael~1\lokala~1\temp\se.dll/sp.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\mikael~1\lokala~1\temp\se.dll/sp.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4-22-05 11:54:00) Stealth-String not found
(4-22-05 11:54:00) File added to delete: c:\windows\system32\iode.dll
(4-22-05 11:54:00) Reboot


(4-22-05 11:55:03) SPSeHjFix started v1.1.2
(4-22-05 11:55:03) OS: WinXP Service Pack 1 (5.1.2600)
(4-22-05 11:55:03) Language: svenska
(4-22-05 11:55:03) Win-Path: C:\WINDOWS
(4-22-05 11:55:03) System-Path: C:\WINDOWS\System32
(4-22-05 11:55:03) Temp-Path: C:\DOCUME~1\MIKAEL~1\LOKALA~1\Temp\

HiJackThis

Logfile of HijackThis v1.98.2
Scan saved at 11:59:33, on 2005-04-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\COMMON~2\QuickKaz.exe
C:\Program\Winamp\winampa.exe
C:\Program\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program\wqwvwpwq\Z0RACwxM.exe
C:\Program\QuickTime\qttask.exe
C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program\wqwvwpwq\MxwCAR0Z.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\RioSoft\RioDVD\DMon.exe
C:\WINDOWS\System32\??oolsv.exe
C:\Program\Java\jre1.5.0_01\bin\jucheck.exe
C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mikael Svensson\Application Data\Mozilla\Profiles\default\9nc8swst.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C831ED0-D616-D6B9-4D30-A938054F909A} - C:\WINDOWS\System32\hjag.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: (no name) - {B51D9877-B89F-AF85-6260-D52F509B1F43} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickKaz] C:\Program\COMMON~2\QuickKaz.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] C:\Program\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiscMonitor] C:\Program\RioSoft\RioDVD\DMon.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"
O4 - HKCU\..\Run: [Cekqfue] C:\WINDOWS\System32\??oolsv.exe
O4 - HKCU\..\Run: [Poss] C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100336647890
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.c...ionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab

Looking forward to a reply from you soon!
  • 0

#4
g2i2r4
Posted 22 April 2005 - 01:14 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Please copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

***

Go to start - run
copy and paste the line from the box:
regsvr32 /u sfg_2723.dll
to unregister it from the Registry.

***

Open a new Notepad file
Copy and paste the text from the box:
dir C:\WINDOWS\System32\??oolsv.exe /a h > files.txt
notepad files.txt
Save it to your desktop as:
name: findfile.bat
type : all types
Close Notepad.
It will created a file called files.txt, save that file to your desktop. I'll need to review the content.

***

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

***

Download CleanUp!.
Don't run the program, we'll do that later.

***

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press ‘open process manager’
Select the process, press ‘kill process’ (and repeat this if necessary):
MxwCAR0Z.exe
spoolsv.exe (if it's there twice, kill it twice)
press ‘back’ and 'scan'.

***

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {7C831ED0-D616-D6B9-4D30-A938054F909A} - C:\WINDOWS\System32\hjag.dll

O2 - BHO: (no name) - {B51D9877-B89F-AF85-6260-D52F509B1F43} - blank (file missing)

O4 - HKLM\..\Run: [QuickKaz] C:\Program\COMMON~2\QuickKaz.exe

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"

O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_2723.dll"

O4 - HKCU\..\Run: [Cekqfue] C:\WINDOWS\System32\??oolsv.exe

O4 - HKCU\..\Run: [Poss] C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.c...ionale_ver4.CAB

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab

Click on Fix Checked when finished and exit HijackThis.

***

Restart the computer to safe mode.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
***

Find and doubleclick the file cleanup.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, press 'close'and say NO when asked to log off or reboot.

***

please run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\sfg_2723.dll
C:\Program\COMMON search\QuickKaz.exe
C:\Documents and Settings\Mikael Svensson\Application Data\ereb.exe
C:\Program\wqwvwpwq\MxwCAR0Z.exe

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

***

Post back here with a fresh log using HijackThis.
Also post the content of the 'files.txt' on your desktop.

Let me know how this went.


EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 12 May 2005 - 04:24 AM.

  • 0

#5
g2i2r4
Posted 24 May 2005 - 11:48 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
miksve,

As you requested via PM, this topic is re-opened.



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 09 June 2005 - 03:21 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP