1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Browsela again

Discussion in 'Windows - Virus and spyware problems' started by fridmarr, Mar 31, 2006.

  1. fridmarr

    fridmarr Member

    Joined:
    Mar 31, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Hi, I've got browsela, and despite my best efforts, it's got me beat. Any help would be great.

    Here's my HijackThis file:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:36:54, on 01/04/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\inetsrv\inetinfo.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Documents and Settings\Administrator\Desktop\System Tools\procexp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Administrator\Desktop\System Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINNT\adsldpbm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\msconfig.exe /auto
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134318307643
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba2202.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C4FBF5C-7FED-49DB-BEF4-50842CAB90CE}: NameServer = 194.106.56.6,194.106.33.42
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dll
    O20 - Winlogon Notify: cfgmngr32 - C:\WINNT\system32\cfgmngr32.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
    fridmarr, Mar 31, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hi fridmarr

    Download win32delfkil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe

    Save it on desktop and doubleclick it, it will then extract itself on win32delfkil-folder
    Close all windows and open win32delfkil-folder. Doubleclick fix.bat. If computer doesn't restart, restart it by yourself.

    Fix with HjT (do a system scan only, checkmark these and press fix checked, some of them may not present after win32delfkil):

    O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINNT\adsldpbm.dll
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba2202.exe
    O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dll
    O20 - Winlogon Notify: cfgmngr32 - C:\WINNT\system32\cfgmngr32.dll

    Delete if found:

    C:\WINNT\adsldpbm.dll
    C:\WINNT\system32\cfgmngr32.dll

    Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/

    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
    * Install background guard
    * Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
    * On the left hand side of the main screen click update.
    * Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")

    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates -> http://www.ewido.net/en/download/updates/

    Once the updates are installed do the following:

    Reboot your computer in SafeMode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:

    * Click on scanner
    * Click on Complete System Scan and the scan will begin.
    * You will be prompted to clean the first infection.
    * Select "Perform action on all infections", then proceed.
    * Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    * Click Save report.
    * Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido security suite.

    Reboot back to normal mode, post a fresh HjT-log, ewido report and contents of c:\windelf.txt
     
    -kemisti-, Apr 1, 2006
    #2

Share This Page