se.dll again, & again, & again

A process is installing se.dll into user temp folder and changing run keys. I've followed the the instructions in the "How To: Spyware, Trojan and Virus Removal" thread except for Trend Micro and Symantic online scans 'cause my security setting won't allow them to be run. (I tried to change them but even at lower protection settings they won't run.)

I can see clearly where the se.dll executable is being installed and can find the changed registry keys. In SAFE mode I can clean the system so that it's clean and stable. But as soon as I do a normal boot and start ther control panel, the se.dll is installed into user temp folders and run keys are changed. It seems that there's a problem with control panel but here is where my expertise ends.

Thanks very much for your help.

 

Sorry, should've added that after perfomring all the steps listed in the "Do This First" post, I downloaded and ran Hijack This! There was very little indicated that raised any suspicion; thise that did I selected and "Fixed." Problem recurred after restart when I opened the control panel.

Please let me know if you'd look at the HJT log or with any other thoughts.

Thanks again!

 

Go ahead and post a HTJ log as an attachment to your post.

 

Here's the log from a scan run after the se.dll reappearance. Thanks

 

First:

Please make sure all browsers are closed when running HJT!

C:\Program Files\Internet Explorer\iexplore.exe

Second:

There are no signs of your running the online scans. Please go thru this thread again. After you have completed ALL the steps, post a new log.

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

IE wouldn't let me run the online scans: ActiveX controls. As hard as I tried to enable ActiveX processes, IE intervened with messages sayiing that the security settings disallowed them.

 

Go into, Control Panel > Internet Options. Go into the Security Tab and default all Security Settings. Click the Programs Tab and Reset Web Settings. See if this takes care of it.

 

I reset Internet Security Setting in the Control Panel, but when I try to run the online scans at the Trend Micro website, I get a message from IE: "Your Security Setting do not allow Web sites to use ActiveX controls installed on your computer."

 

For the ActiveX Problem, follow me below:

1) Click Start > Run and type in cmd

2) At the command prompt, type the following commands, pressing ENTER after each line:

NOTE: Click OK if your are prompted to do this.

regsvr32 softpub.dll

regsvr32 /u wintrust.dll

regsvr32 /u initpki.dll

regsvr32 /u dssenh.dll

regsvr32 /u rsaenh.dll

regsvr32 /u gkpcsp.dll

regsvr32 /u sccbase.dll

regsvr32 /u slbcsp.dll

regsvr32 /u cryptdlg.dll

regsvr32 /u softpub.dll


3) Restart your computer!

4 Click Start > Run and type in cmd

5) At the command prompt, type the following commands, pressing ENTER after each line:

NOTE: Click OK if your are prompted to do this.

regsvr32 softpub.dll

regsvr32 wintrust.dll

regsvr32 initpki.dll

regsvr32 dssenh.dll

regsvr32 rsaenh.dll

regsvr32 gpkcsp.dll

regsvr32 sccbase.dll

regsvr32 slbcsp.dll

regsvr32 cryptdlg.dll

regsvr32 softpub.dll


6) Exit, ActiveX problem should be fixed.

Try doing the online scan now

 

These two didn't work, (module couldn't be found). All others ok. Proceed?

regsvr32 /u gkpcsp.dll
regsvr32 cryptdlg.dll

 

It's regsvr32 /u gpkcsp.dll

The other should be right, try again. Make sure spelling is correct.

 

Ok ran the cmd lines successfully. Restarted in safe mode and went to run online scans. Same ActiveX messages.

 

Do this in normal mode!

Adjust Active X security settings
- In Internet Explorer, click Tools/Internet Options/Security. Click on the Internet globe. Then select 'Default Level', then click OK. Now select 'Custom Level' and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
- Set 'Download signed Active X controls' to Prompt
- Set 'Download unsigned Active X controls' to Disable
- Set 'Initialize and Script ActiveX controls not marked as safe' to Disable
- Set the Initialize and script ActiveX controls not marked as safe to Disable
- Set the Installation of desktop items to Prompt
- Set the Launching programs and files in an IFRAME to Prompt
- Set the Navigate sub-frames across different domains to Prompt

Let me know how this goes.