Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Adtools - need help


  • Please log in to reply
6 replies to this topic

#1 estrangedboy

estrangedboy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 November 2004 - 02:19 AM

Hi,

My computer's infected with Win Adtools and it's slowing everything down. I've read your very helpful thread but the only thing is that I can't find the exact files you specify. I was wondering whether or not you could have a look at the HijackThis log I've attached and tell me what I should highlight for fixing?

Any help you can offer would be great. Thanks heaps!

Attached Files



BC AdBot (Login to Remove)

 


#2 Nirvana

Nirvana

    In Utero


  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 23 November 2004 - 04:18 AM

Hello estrangedboy,

Download: TREND MICRO System Cleaner
http://uk.trendmicro-europe.com/file_downl...sc/sysclean.com

Download: Virus Pattern File (AS/400, S/390, Windows)
http://uk.trendmicro-europe.com/global/fil.../opr/lpt246.zip

Create a new folder [example] C:\Sysclean
Copy the downloaded file: sysclean.com to the new folder.
Unzip and copy the downloaded pattern file to the new folder.

Then from safe mode, run "Sysclean"
To use: double-click "sysclean.com"
Creates a text file "sysclean.log" when completed.

Copy and paste the contents in your next message along with a new HijackThis log. Please don't add your logs as attachments Copy and paste them as text in your post.
"Computers are useless. They can only give you answers." <span style='color:red'>Pablo Picasso</span>

#3 southcmft

southcmft

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Ballina, Co. Mayo, Ireland
  • Local time:08:39 PM

Posted 23 November 2004 - 07:55 AM

[EDITED]

estrangedboy
Please do not act until an Administrator, Moderator or member of the HJT Team posts to your Topic.

Nirvana will help you.

Edited by cryo, 23 November 2004 - 08:44 AM.


#4 estrangedboy

estrangedboy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 November 2004 - 07:59 AM

Hey,

I tried doing what you said but when in safe mode using the sysclean my computer suddenly restarted and now when booting up says it has a boot.ini error. Just out of interest, would a complete reformat of my computer fix everything because I do have what information I need backed up. If so, how do I go about reformatting because I have tried on this computer (a laptop) before but haven't been able to. Sorry about this but maybe reformatting would just be easier that's all?

Cheers.

#5 Nirvana

Nirvana

    In Utero


  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 23 November 2004 - 08:38 AM

Please tell me exactly what the error says then post your HijackThis log. There is no need to reformat, we can clean you up.
"Computers are useless. They can only give you answers." <span style='color:red'>Pablo Picasso</span>

#6 estrangedboy

estrangedboy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 November 2004 - 06:07 PM

Hi,

The message I get when booting up is:

Invalid BOOT.INI File.
Booting from C:\windows\

My HijackThis log is:

Logfile of HijackThis v1.98.2
Scan saved at 9:04:01 AM, on 24/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\Explorer.EXE
C:\windows\System32\atiptaxx.exe
C:\windows\System32\wuauclt.exe
C:\windows\LTSMMSG.exe
C:\WINDOWS\Hcontrol.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\windows\System32\winmon32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\windows\System32\winmon32.exe
C:\Documents and Settings\lachlan\Application Data\euol.exe
C:\WINDOWS\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
C:\windows\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computeralliance.com.au
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [Ncth] C:\Documents and Settings\lachlan\Application Data\euol.exe
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computeralliance.com.au
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...7ec58ff8178110e
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099012091319
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Cheers.

#7 Nirvana

Nirvana

    In Utero


  • Members
  • 218 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 23 November 2004 - 06:16 PM

Run both of the following on-line virus scans: Housecall and Bitdefender.

Download and run Ad-Aware and Spybot. For best results follow the tutorials.

Download: Clear the Cache from here

Once installed, run CCleaner then tick the following:
Posted Image
Then click Run Cleaner (bottom right) then, when it finishes scanning click Exit.

Reboot, then post a new HijackThis log and let us know how things are running. We'll clear the rest out manually.
"Computers are useless. They can only give you answers." <span style='color:red'>Pablo Picasso</span>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users