Chekc this log

[swker98]

Hey guys, i downloaded edwardo, adaware(whithc cant run( avg and SBs&D)

they all find probems and ive fixed them, exept i cannot run adaware i get a blue screen (minidumps attached)
so is a HJT log


and safemod will not get past thte black scrren with safemode in the courners

Thanks Guys

PS they use all the pocker sites if you see them on the log

 

[howard_hopkinso]

Go HERE and follow the instructions.

Then, post a fresh HJT log as a .txt attachment.

Regards Howard

 

[swker98]

thanks, i fowled those insturctions (insafemode) and i still see that file
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddccd.dll

on the log

whats wrong here and why do i get that bsod on the adaware scan


thanks howard

i fowled all of those instuctions multable time

 

[howard_hopkinso]

Ok, we`ve got rid of one nasty infection, but we still have some way to go. Your system is infected with the Vundo infection.

Go HERE and follow the instructions exactly.

Start at step 2, then do steps 1/3/4/5 etc.

Post a fresh HJT log after doing the above.

Regards Howard

 

[swker98]

thanks howard, everything is runnig smoothly and ive fowled all of your instction

ive attached an updated log and i got adawere working (accually you did)

thanks again

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Network
Carnival Casino
PartyPoker
PartyGaming.net

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

RunPF.exe
PartyPoker.exe
casino.exe
network.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe

O9 - Extra 'Tools' menuitem: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)

O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)

O20 - Winlogon Notify: winlogon - C:\WINDOWS\system32\ddccd.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll
C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
C:\Program Files\PartyPoker\PartyPoker.exe
C:\Documents and Settings\Mom\Desktop\MOM\Carnival Casino\casino.exe
C:\Program Files\Network\network.exe

Reboot into normal mode and turn system restore back on.


Regards Howard

 

[swker98]

well i dont like to correct you but what should i remove becsase they use all of that poker junk (dont ask) so i cant remove most of that stuff

 

[howard_hopkinso]

All that poker junk puts spyware etc onto the computer.

They need to get rid of it, otherwise the spyware will just keep coming back.

Regards Howard

 

[swker98]

thats almost all that copmuter is used for besieds their banking (BAD COMBONATION!!!) well i jsut hope edwardo and windows FW will keep most of that crap out because i really cant tell them what to play on their computer, so i guss i will have to do a monthly scan or soemthing with edwardo and adaware?

but thanksyou for your awsome help most of those popups are gone if not all and ive convinced them to use firefox insted of the dreded IE



well i just need to turn off System Restore and delete
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll

 

[howard_hopkinso]

C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll

The above files(if there) are the remains of the vundo infection.

Some folks won`t listen lol. I don`t suppose there`s a lot you can do about that though.

Regards Howard

 

[swker98]

yea im shore you understand, the resion they dont think it is from the poker is because they had an olnd win 98 mechine that never got that bed of an infection, but thats because more of this spyware, malware is for win 2000\xp

Is there any program that will help fight any possable infections form that spam

also is any of dangerous because i cant get there for a few days now, is it just the none living reamines of that vundo infection lol (C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll)

is that vundo infections a trojin or maleware?

BTW was the BSOD on adaware from the vundo infection
thanks for the help it took me alsmot 6 hours to fix, shows you how bad this crap can pile up

 

[howard_hopkinso]

I don`t know if Vundo caused the BSOD`s.

I minidump crashes at FOPN.sys. This is part of the WinAntiVirus PRO. Apparently, this is a know issue with this antivirus software. Maybe uninstalling and using a different antivirus programme will help. It has a bugcheck of 50.

1 minidump crashes at nv4_disp.dll. This is part of the Nvidia video card drivers. It has a bugcheck of EA.

This maybe a problem with the drivers, or a possible problem with the card. Try updating the drivers.

0x00000050: PAGE_FAULT_IN_NONPAGED_AREA

Requested data was not in memory. An invalid system memory address was referenced. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop message, as may other hardware problems (e.g., incorrect SCSI termination or a flawed PCI card).

0x000000EA: THREAD_STUCK_IN_DEVICE_DRIVER

A device driver problem has caused the system to pause indefinitely (hang). Typically, this is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter, or a faulty video driver.

Look HERE for information on the vundo infection.

Regards Howard

 

[swker98]

wow thanks for that anlist well it doesnt matter anyway now because its gone it did goe away after the ifection removerl

that winantivirus is accually adware as said in SB s&d and edwardo, what worries me is that thye purched the win antivirus off of a popup and used thir credit card

should they be concerned my guss is yes,

wil lthe remans of the C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll cuse any harm?

 

[howard_hopkinso]

C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\ddccd.dll

The above files might not even be there, but if they are, you should delete them.

Read the instructions I gave you in reply #6

Regards Howard

The WinAntiVirus PRO is not spyware. Probably it is a false positive in Ewido and SS&D. I still think it should be uninstalled. It would probably be better to get the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.

 

[swker98]

ive alraedy done so but i think ZA is a little to compolcated for them so windows xp firewall and their router firewall should do the trick


thanks for your help :knock: