ladhide5.dll & se.dll can't be removed

I have run AdAware, Hijack This, CW Schredder and have used GiPo@moveonboot to try and remove these files from my Temp folder on C:\Windows. Everytime we log into the internet though these two files show up again so I'm guessing they are generating from somewhere else but the above programs aren't finding them. My homepage is always changing from google to "aboutblank" - don't know if that is related to the problem or not. Any help you can give me on this would be great. Thanks so much.

 

forgot to mention that I have also run Spybot as well - and while they all find spyware none seem able to delete those two files.

 

This will take a few steps. Start with the following.

• Prepare CWShredder:
  • Download the stand-alone CWShredder 2.0 from here. Save it to the desktop. Double click to install.
  • Do not run it yet. We will run it later.
• Run Symantec's BackDoor Removal Tool:
  • Download the Backdoor.Agent.B Removal Tool from Symantec.
  • Follow Symantec's instructions for how to run it.
  • Be sure to save the log file. I will need to see it later.
  • Restart your computer.
• Open CWShredder from the new shortcut on the desktop, close ALL other windows and click fix.
• Restart your computer once more.
• Post a HijackThis log and the log Symantec's tool gave you.

 

Here's my HijackThis log
Logfile of HijackThis v1.98.2
Scan saved at 2:10:40 PM, on 07/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

but the backdoor log didn't have anything in it - just this:

Symantec Backdoor.Agent.B Removal Tool 1.0.1.2

 

Download HijackThis.exe Version 1.99.1 from here, overwriting the one you currently have. Scan again and with all other windows closed, fix the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

Reboot, surf a bit, then post a new log.

 

Here's my new HJT log. I deleted the files you indicated and it appears they are back again. Also, I have noticed that everytime I go on the internet new "favorites" are added to my favorite group - folders like Links, Travel etc

Logfile of HijackThis v1.99.1
Scan saved at 6:49:04 PM, on 07/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B09A8FEE-CE5A-4A15-B89A-20237BD361CB} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O18 - Filter: text/html - {011DEF80-7AB0-42F9-B69C-8DC8040CEF5E} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL
O18 - Filter: text/plain - {011DEF80-7AB0-42F9-B69C-8DC8040CEF5E} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL

 

Download this zip.

http://www.downloads.subratam.org/pv.zip

Unzip it to the desktop. It will not work if you run it from inside the zip. After unzipping open the pv folder. Double click on the runme.bat. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy and paste the log into this thread. Then run option 2 for IE dlls, and post it's log too. Usually pretty large and take more than one post. Then, choose option 6 for appinit contents. Notepad will open with a log in it. Please post it also.

 

explorer dlls notepad

Module information for 'EXPLORER.EXE'
MODULE BASE SIZE PATH
WEBVW.DLL 7f1b0000 2138112 C:\WINDOWS\SYSTEM\WEBVW.DLL 5.50.4134.100 Shell WebView Content & Control Library
DXTMSFT.DLL 7c530000 446464 C:\WINDOWS\SYSTEM\DXTMSFT.DLL 5.50.4134.100 DirectX Media -- Image DirectX Transforms
DXTRANS.DLL 7c470000 233472 C:\WINDOWS\SYSTEM\DXTRANS.DLL 5.50.4134.100 DirectX Media -- DirectX Transform Core
ATL.DLL 5f3e0000 69632 C:\WINDOWS\SYSTEM\ATL.DLL 3.00.8168 ATL Module for Windows (ANSI)
MSHTMLED.DLL 79a40000 425984 C:\WINDOWS\SYSTEM\MSHTMLED.DLL 5.50.4134.100 Microsoft (R) HTML Editing Component
DOCPROP2.DLL 7cb70000 331776 C:\WINDOWS\SYSTEM\DOCPROP2.DLL 5.00.2136.1 DocProp2
AVIFIL32.DLL 7e460000 98304 C:\WINDOWS\SYSTEM\AVIFIL32.DLL 4.90.3000 Microsoft AVI File support library
MSACM32.DLL 7a1e0000 102400 C:\WINDOWS\SYSTEM\MSACM32.DLL 4.90.3000 Microsoft Audio Compression Manager
CRTDLL.DLL 7fb20000 180224 C:\WINDOWS\SYSTEM\CRTDLL.DLL 3.50 Microsoft C Runtime Library
MSVFW32.DLL 77ee0000 147456 C:\WINDOWS\SYSTEM\MSVFW32.DLL 4.90.3000 Microsoft Video for Windows DLL
WOW32.DLL bfdc0000 20480 C:\WINDOWS\SYSTEM\WOW32.DLL 4.90.3000 Win32 WOW32 core component
DCIMAN32.DLL 7d190000 24576 C:\WINDOWS\SYSTEM\DCIMAN32.DLL 4.90.3000 DCI Manager 1.00
MYDOCS.DLL 77b80000 81920 C:\WINDOWS\SYSTEM\MYDOCS.DLL 5.50.4134.100 My Documents Folder UI
WMPLOC.DLL 7c40000 2940928 C:\WINDOWS\SYSTEM\WMPLOC.DLL 9.00.00.2980 Windows Media Player
PLUGIN.OCX 3af0000 98304 C:\WINDOWS\SYSTEM\PLUGIN.OCX 5.50.4134.100 ActiveX Plugin OCX
RSVPSP.DLL 76560000 40960 C:\WINDOWS\SYSTEM\RSVPSP.DLL 4.90.2464.1 Microsoft Windows Rsvp 1.0 Service Provider
RAPILIB.DLL 76830000 28672 C:\WINDOWS\SYSTEM\RAPILIB.DLL 4.90.2464.1 RSVP Libary 1.0 DLL
MSWSOSP.DLL 77d60000 40960 C:\WINDOWS\SYSTEM\MSWSOSP.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
IMGUTIL.DLL 7b8c0000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL 5.50.4134.100 IE plugin image decoder support DLL
CRYPTNET.DLL 7da50000 53248 C:\WINDOWS\SYSTEM\CRYPTNET.DLL 5.131.2133.2 Crypto Network Related API
WLDAP32.DLL 74170000 167936 C:\WINDOWS\SYSTEM\WLDAP32.DLL 5.00.2168.1 Win32 LDAP API DLL
DDRAWEX.DLL 7d140000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL 4.87.00.0700 Microsoft DirectDrawEx
DDRAW.DLL baaa0000 389120 C:\WINDOWS\SYSTEM\DDRAW.DLL 4.09.00.0900 Microsoft DirectDraw
KEYLIMIT.DLL 8000000 20480 C:\WINDOWS\SYSTEM\KEYLIMIT.DLL 5.00.2133.2 International Cryptographic Key Size Limits
RSAENH.DLL 7ca00000 110592 C:\WINDOWS\SYSTEM\RSAENH.DLL 5.00.2133.2 Microsoft Enhanced Cryptographic Provider (US/Canada Only, Not for Export)
SCHANNEL.DLL 77400000 131072 C:\WINDOWS\SYSTEM\SCHANNEL.DLL 5.00.2133.2 TLS / SSL Security Provider
SHFOLDER.DLL 75f40000 32768 C:\WINDOWS\SYSTEM\SHFOLDER.DLL 5.50.4134.100 Shell Folder Service
JSCRIPT.DLL 7af70000 552960 C:\WINDOWS\SYSTEM\JSCRIPT.DLL 5.5.0.5207 Microsoft (r) JScript
RNR20.DLL 766b0000 57344 C:\WINDOWS\SYSTEM\RNR20.DLL 4.90.3000 Windows Socket2 NameSpace DLL
MSRATING.DLL 78810000 167936 C:\WINDOWS\SYSTEM\MSRATING.DLL 5.50.4134.100 Internet Ratings and Local User Management DLL
KBJFJDA.DLL 3140000 53248 C:\WINDOWS\SYSTEM\KBJFJDA.DLL
BROWSELC.DLL 7e0f0000 45056 C:\WINDOWS\SYSTEM\BROWSELC.DLL 5.50.4134.100 Shell Browser UI Library
WIASHEXT.DLL 742f0000 454656 C:\WINDOWS\SYSTEM\WIASHEXT.DLL 4.90.3000.1 Imaging Devices Shell Folder UI
STI.DLL 75910000 114688 C:\WINDOWS\SYSTEM\STI.DLL 4.90.3000.1 Still Image Devices client DLL
IPROP.DLL 7b5f0000 114688 C:\WINDOWS\SYSTEM\IPROP.DLL 4.00 OLE PropertySet Implementation
SETUPAPI.DLL 76140000 581632 C:\WINDOWS\SYSTEM\SETUPAPI.DLL 5.00.2195.1526 Windows Setup API
WINTRUST.DLL 741d0000 176128 C:\WINDOWS\SYSTEM\WINTRUST.DLL 5.131.2133.2 Microsoft Trust Verification APIs
IMAGEHLP.DLL 7b960000 143360 C:\WINDOWS\SYSTEM\IMAGEHLP.DLL 5.00.2178.1 Windows NT Image Helper
CRYPT32.DLL 7da90000 479232 C:\WINDOWS\SYSTEM\CRYPT32.DLL 5.131.2133.3 Crypto API32
MSASN1.DLL 79f80000 65536 C:\WINDOWS\SYSTEM\MSASN1.DLL 4.4.3420 Microsoft ASN.1 Encoder/Decoder
CABINET.DLL 7e0c0000 77824 C:\WINDOWS\SYSTEM\CABINET.DLL 5.00.2147.1 Microsoft® Cabinet File API
WINSPOOL.DRV 7fe40000 36864 C:\WINDOWS\SYSTEM\WINSPOOL.DRV 4.90.3000 Win32 WINSPOOL core component
LZ32.DLL bfe40000 24576 C:\WINDOWS\SYSTEM\LZ32.DLL 4.90.3000 Win32 LZ32 core component
CFGMGR32.DLL 7f720000 40960 C:\WINDOWS\SYSTEM\CFGMGR32.DLL 4.90.3000 Configuration Manager Win32 Interface
WINMM.DLL bfdd0000 65536 C:\WINDOWS\SYSTEM\WINMM.DLL 4.90.3000 System APIs for Multimedia
COMDLG32.DLL 7fe00000 208896 C:\WINDOWS\SYSTEM\COMDLG32.DLL 5.50.4134.100 Common Dialogs DLL
WIASTATD.DLL 742e0000 24576 C:\WINDOWS\SYSTEM\WIASTATD.DLL 4.90.3000.1 WIA Status Dialog
SENSAPI.DLL 761e0000 20480 C:\WINDOWS\SYSTEM\SENSAPI.DLL 5.50.4134.100 SENS Connectivity API DLL
MSONSEXT.DLL 78990000 573440 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
WZSHLSTB.DLL 16200000 24576 C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
MBOOT.DLL 3100000 110592 C:\PROGRAM FILES\GIPO@UTILITIES\GIPO@MOVEONBOOT\MBOOT.DLL 1, 9, 5, 22 GiPo@MoveOnBoot Shell Extension that used for deleting or moving files during OS reboot
IADHIDE5.DLL 10000000 24576 C:\WINDOWS\TEMP\IADHIDE5.DLL Version 6.3.2 (Build 62R) IAdHide
ES.DLL 7c330000 114688 C:\WINDOWS\SYSTEM\ES.DLL 1998.09.1003.0 COM+ EventSystem Library
SENS.DLL 761f0000 90112 C:\WINDOWS\SYSTEM\SENS.DLL 5.50.4134.100 System Event Notification Service (SENS)
ESTIER2.DLL 7c2e0000 61440 C:\WINDOWS\SYSTEM\ESTIER2.DLL 1998.09.1003.0 COM+ EventSystem Service Library
ESSHARED.DLL 7c310000 65536 C:\WINDOWS\SYSTEM\ESSHARED.DLL 1998.09.1003.0 COM+ EventSystem Shared Utilities
LINKINFO.DLL 7faa0000 36864 C:\WINDOWS\SYSTEM\LINKINFO.DLL 4.90.3000 Windows Volume Tracking
WFXSEH32.DLL 21670000 53248 C:\PROGRAM FILES\SYMANTEC\WINFAX\WFXSEH32.DLL 9.00.98.0727 Shell extension for ACT phonebook integration DLL
WEBCHECK.DLL 74500000 270336 C:\WINDOWS\SYSTEM\WEBCHECK.DLL 5.50.4134.100 Web Site Monitor
ACTXPRXY.DLL 7f0d0000 94208 C:\WINDOWS\SYSTEM\ACTXPRXY.DLL 5.50.4134.100 ActiveX Interface Marshaling Library
IMM32.DLL bfe00000 16384 C:\WINDOWS\SYSTEM\IMM32.DLL 4.90.3000 Win32 IMM32 core component
MSLS31.DLL 79050000 163840 C:\WINDOWS\SYSTEM\MSLS31.DLL 3.10.337.0 Microsoft Line Services library file
MSI.DLL 22d0000 2015232 C:\WINDOWS\SYSTEM\MSI.DLL 2.0.2600.2 Windows Installer
SHDOCLC.DLL 76070000 401408 C:\WINDOWS\SYSTEM\SHDOCLC.DLL 5.50.4134.100 Shell Doc Object and Control Library
IPHLPAPI.DLL 7b610000 49152 C:\WINDOWS\SYSTEM\IPHLPAPI.DLL 4.90.3000.2 IP Helper API
MSAFD.DLL 79fb0000 40960 C:\WINDOWS\SYSTEM\MSAFD.DLL 4.90.3000 Microsoft Windows Sockets 2.0 Service Provider
DHCPCSVC.DLL 7cee0000 28672 C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
ICMP.DLL 7bbd0000 24576 C:\WINDOWS\SYSTEM\ICMP.DLL 5.00.1454.1 ICMP DLL
NTDLL.DLL bfe70000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL 4.90.3000 Win32 NTDLL core component
RASAPI32.DLL 7f7a0000 249856 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.90.3000 Dial-Up Networking Dynamic Linked Library
WSOCK32.DLL 736d0000 36864 C:\WINDOWS\SYSTEM\WSOCK32.DLL 4.90.3000 BSD Socket API for Windows
MSWSOCK.DLL 77d70000 81920 C:\WINDOWS\SYSTEM\MSWSOCK.DLL 4.90.3000 Microsoft WinSock Extension APIs
WS2_32.DLL 73710000 69632 C:\WINDOWS\SYSTEM\WS2_32.DLL 4.90.3000 Windows Socket 2.0 32-Bit DLL
WS2HELP.DLL 73700000 20480 C:\WINDOWS\SYSTEM\WS2HELP.DLL 4.90.3000 Windows Socket 2.0 Helper for Windows 98
SECUR32.DLL 7f780000 69632 C:\WINDOWS\SYSTEM\SECUR32.DLL 4.90.3000 Microsoft Win32 Security Services (Export Version)
SVRAPI.DLL 7f870000 32768 C:\WINDOWS\SYSTEM\SVRAPI.DLL 4.90.3000 32-bit common Server API library
MSNET32.DLL 7fa30000 77824 C:\WINDOWS\SYSTEM\MSNET32.DLL 4.90.3000 Microsoft 32-bit Network API Library
MSPWL32.DLL 7fa70000 40960 C:\WINDOWS\SYSTEM\MSPWL32.DLL 4.90.3000 Password list management library
NETAPI32.DLL 7f8b0000 20480 C:\WINDOWS\SYSTEM\NETAPI32.DLL 4.90.3000 32-bit network API DLL
NETBIOS.DLL 7f750000 32768 C:\WINDOWS\SYSTEM\NETBIOS.DLL
MPR.DLL 7f160000 57344 C:\WINDOWS\SYSTEM\MPR.DLL 4.90.3000 WIN32 Network Interface DLL
WININET.DLL 74210000 495616 C:\WINDOWS\SYSTEM\WININET.DLL 5.50.4134.100 Internet Extensions for Win32
TAPI32.DLL 7f880000 122880 C:\WINDOWS\SYSTEM\TAPI32.DLL 4.90.3000 Microsoft® Windows(TM) Telephony API Client DLL
RPCRT4.DLL 7fab0000 344064 C:\WINDOWS\SYSTEM\RPCRT4.DLL 4.71.3335 Remote Procedure Call DLL
OLEAUT32.DLL 7fe80000 610304 C:\WINDOWS\SYSTEM\OLEAUT32.DLL 2.40.4515
MSHTML.DLL 7f3c0000 2682880 C:\WINDOWS\SYSTEM\MSHTML.DLL 5.50.4134.100 Microsoft (R) HTML Viewer
MLANG.DLL 7a860000 557056 C:\WINDOWS\SYSTEM\MLANG.DLL 5.50.4134.100 Multi Language Support DLL
URLMON.DLL 75160000 471040 C:\WINDOWS\SYSTEM\URLMON.DLL 5.50.4134.100 OLE32 Extensions for Win32
VERSION.DLL bfe50000 24576 C:\WINDOWS\SYSTEM\VERSION.DLL 4.90.3000 Win32 VERSION core component
BROWSEUI.DLL 7f650000 823296 C:\WINDOWS\SYSTEM\BROWSEUI.DLL 5.50.4134.100 Shell Browser UI Library
SHDOCVW.DLL 75f50000 1159168 C:\WINDOWS\SYSTEM\SHDOCVW.DLL 5.50.4134.100 Shell Doc Object and Control Library
OLE32.DLL 7ff20000 794624 C:\WINDOWS\SYSTEM\OLE32.DLL 4.71.3328 Microsoft OLE for Windows and Windows NT
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
SHELL32.DLL 7fbd0000 2285568 C:\WINDOWS\SYSTEM\SHELL32.DLL 5.50.4134.100 Windows Shell Common Dll
MSVCRT.DLL 78000000 286720 C:\WINDOWS\SYSTEM\MSVCRT.DLL 6.10.8637.0 Microsoft (R) C Runtime Library
EXPLORER.EXE 400000 225280 C:\WINDOWS\EXPLORER.EXE 5.50.4134.100 Windows Explorer
COMCTL32.DLL bfe80000 581632 C:\WINDOWS\SYSTEM\COMCTL32.DLL 5.81 Common Controls Library
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component

 

second posting for IE dlls
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
STI_TRABE.LOG 61b80000 81920 C:\WINDOWS\STI_TRABE.LOG
IEXPLORE.EXE 400000 73728 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 5.50.4134.100 Internet Explorer
SHLWAPI.DLL 63180000 315392 C:\WINDOWS\SYSTEM\SHLWAPI.DLL 5.50.4134.100 Shell Light-weight Utility Library
USER32.DLL bff40000 69632 C:\WINDOWS\SYSTEM\USER32.DLL 4.90.3000 Win32 USER32 core component
GDI32.DLL bff10000 172032 C:\WINDOWS\SYSTEM\GDI32.DLL 4.90.3000 Win32 GDI core component
ADVAPI32.DLL bfe60000 65536 C:\WINDOWS\SYSTEM\ADVAPI32.DLL 4.90.3000 Win32 ADVAPI32 core component
KERNEL32.DLL bff60000 536576 C:\WINDOWS\SYSTEM\KERNEL32.DLL 4.90.3000 Win32 Kernel core component

 

I gave you the logs for the first two options but option # 6 is a Process Viewer for Windows and there is no log in there. The options I have are:
1. Explorer DLL's
2. Internet Explorer Dll's
3. Rundll32 dlls
4. registry menu
5. process view readme
6. process view html readme
7. shadowwar's readme

 

Yikes! Must have removed the Appinit option from the newer version. Download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.

Would you please zip a copy of STI_TRABE.LOG in C:\Windows and email it to me here. Put WindowsBBS Trabe.log in the subject line.

 

I have run Reglite and put the line you indicated into the address line but no AppInit_DLLs entry shows up. It opens straight to "Current Version" folder within a Windows NT folder. There are two folder in the Current Version one - a Drivers32 and a Drivers.desc - none of which have AppInit_Dlls in them. Maybe I'm doing something wrong here ?

 

Well, my forehead is all red and stinging from slapping it when I looked back and saw that you are running Windows ME, which is why you didn't come up with an Appinit entry. That would apply to Win 2000 or XP, not ME. My apologies.

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\KBJFJDA.DLL

Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When the below filepaths are done, allow it to reboot.

C:\WINDOWS\TEMP\SE.DLL
C:\WINDOWS\STI_TRABE.LOG This is the correct spelling of the file we want to delete. Do not change it to STI_TRACE.LOG

Scan again with HJT and fix the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B09A8FEE-CE5A-4A15-B89A-20237BD361CB} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O18 - Filter: text/html - {011DEF80-7AB0-42F9-B69C-8DC8040CEF5E} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL
O18 - Filter: text/plain - {011DEF80-7AB0-42F9-B69C-8DC8040CEF5E} - C:\WINDOWS\SYSTEM\KBJFJDA.DLL

Reboot.

I suggest you go directly to Windows Update from the start menu and accept all critical updates and service packs offered. Reboot when prompted and go back, until there are no more offered.

Then download and install an Antivirus program and Firewall. AVG and Zone Alarm are both free. Install, update and run a full system scan.

Scan again with HJT and post a new log.