TechSpot

Chekc this log

By swker98
May 24, 2006
  1. Hey guys, i downloaded edwardo, adaware(whithc cant run( avg and SBs&D)

    they all find probems and ive fixed them, exept i cannot run adaware i get a blue screen (minidumps attached)
    so is a HJT log


    and safemod will not get past thte black scrren with safemode in the courners

    Thanks Guys

    PS they use all the pocker sites if you see them on the log
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and follow the instructions.

    Then, post a fresh HJT log as a .txt attachment.

    Regards Howard :)
     
  3. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    thanks, i fowled those insturctions (insafemode) and i still see that file
    O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddccd.dll

    on the log

    whats wrong here and why do i get that bsod on the adaware scan


    thanks howard :confused: :confused:

    i fowled all of those instuctions multable time
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, we`ve got rid of one nasty infection, but we still have some way to go. Your system is infected with the Vundo infection.

    Go HERE and follow the instructions exactly.

    Start at step 2, then do steps 1/3/4/5 etc.

    Post a fresh HJT log after doing the above.

    Regards Howard :)
     
  5. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    thanks howard, everything is runnig smoothly and ive fowled all of your instction

    ive attached an updated log and i got adawere working (accually you did)

    thanks again
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Network
    Carnival Casino
    PartyPoker
    PartyGaming.net

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    RunPF.exe
    PartyPoker.exe
    casino.exe
    network.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O9 - Extra button: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe

    O9 - Extra 'Tools' menuitem: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

    O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)

    O20 - Winlogon Notify: winlogon - C:\WINDOWS\system32\ddccd.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll
    C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
    C:\Program Files\PartyPoker\PartyPoker.exe
    C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe
    C:\Program Files\Network\network.exe

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  7. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    well i dont like to correct you but what should i remove becsase they use all of that poker junk (dont ask) so i cant remove most of that stuff
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All that poker junk puts spyware etc onto the computer.

    They need to get rid of it, otherwise the spyware will just keep coming back.

    Regards Howard :)
     
  9. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    thats almost all that copmuter is used for besieds their banking (BAD COMBONATION!!!) well i jsut hope edwardo and windows FW will keep most of that crap out because i really cant tell them what to play on their computer, so i guss i will have to do a monthly scan or soemthing with edwardo and adaware?

    but thanksyou for your awsome help most of those popups are gone if not all and ive convinced them to use firefox insted of the dreded IE



    well i just need to turn off System Restore and delete
    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll

    The above files(if there) are the remains of the vundo infection.

    Some folks won`t listen lol. I don`t suppose there`s a lot you can do about that though.

    Regards Howard :)
     
  11. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    yea im shore you understand, the resion they dont think it is from the poker is because they had an olnd win 98 mechine that never got that bed of an infection, but thats because more of this spyware, malware is for win 2000\xp

    Is there any program that will help fight any possable infections form that spam

    also is any of dangerous because i cant get there for a few days now, is it just the none living reamines of that vundo infection lol (C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll)

    is that vundo infections a trojin or maleware?

    BTW was the BSOD on adaware from the vundo infection
    thanks for the help it took me alsmot 6 hours to fix, shows you how bad this crap can pile up
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know if Vundo caused the BSOD`s.

    I minidump crashes at FOPN.sys. This is part of the WinAntiVirus PRO. Apparently, this is a know issue with this antivirus software. Maybe uninstalling and using a different antivirus programme will help. It has a bugcheck of 50.

    1 minidump crashes at nv4_disp.dll. This is part of the Nvidia video card drivers. It has a bugcheck of EA.

    This maybe a problem with the drivers, or a possible problem with the card. Try updating the drivers.

    0x00000050: PAGE_FAULT_IN_NONPAGED_AREA

    Requested data was not in memory. An invalid system memory address was referenced. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop message, as may other hardware problems (e.g., incorrect SCSI termination or a flawed PCI card).

    0x000000EA: THREAD_STUCK_IN_DEVICE_DRIVER

    A device driver problem has caused the system to pause indefinitely (hang). Typically, this is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter, or a faulty video driver.

    Look HERE for information on the vundo infection.

    Regards Howard :)
     
  13. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    wow thanks for that anlist well it doesnt matter anyway now because its gone it did goe away after the ifection removerl

    that winantivirus is accually adware as said in SB s&d and edwardo, what worries me is that thye purched the win antivirus off of a popup and used thir credit card

    should they be concerned my guss is yes,

    wil lthe remans of the C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll cuse any harm?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    C:\WINDOWS\system32\vtstq.dll
    C:\WINDOWS\system32\ddccd.dll

    The above files might not even be there, but if they are, you should delete them.

    Read the instructions I gave you in reply #6

    Regards Howard :)

    The WinAntiVirus PRO is not spyware. Probably it is a false positive in Ewido and SS&D. I still think it should be uninstalled. It would probably be better to get the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.
     
  15. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    ive alraedy done so but i think ZA is a little to compolcated for them so windows xp firewall and their router firewall should do the trick


    thanks for your help :knock: :blush:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...