1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Half life 2 [Vundo help needed .. moved from Games]

Discussion in 'Virus & Other Malware Removal' started by james2523, Oct 20, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    i just installed Half life 2 and when im on the internet if i open up 2 windows the original goes white when i close out the 2. i dont know what to do. My computer has above the minimum specs it needs to operate also. do i not have enought memory
     
  2. in3rt!a

    in3rt!a

    Joined:
    Aug 6, 2004
    Messages:
    506
    try to be more specific...

    what are the specs of your computer?
    and what is your internet connection speed?

    ..is there an error message? does it always happen at the same time? what happens?
     
  3. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    i have a 3.1 g processer with 512 mb its a custom computer with a radion 9100
    its also white box computer
     
  4. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    when i have a window on the internet and i click on something the original window goes blank and an error report goes up but this does not happen when i play the game.(counter strike source)it came in a pack half life 2 hl1 source and counter strike source...
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    HL2 is very memory intensive from what I've seen. I play it offline with 1 gig of ram and it appears to use most of it. I doubt I could do anything else if I tried. I've minimized the game to the desktop a few times and it generally took a minute before I had enough resources to open anything at normal speed.

    When you get one of those error reports you can select option that tells you what it contains and note the modules involved. These will also be recorded in the Administrative tools event viewer log for Applications. Run eventvwr.msc

    Also if you open up the task manager and select the performance tab you can note the following:

    "Physical Memory”

    Total: (this is your total installed ram -- "physical" memory)
    Available: (this is the amt of real "physical" memory presently uncommitted)


    "Commit Charge”

    Total: (this is the combination of total physical and virtual memory currently in use)
    Limit: (this is the total physical and virtual memory available)
    Peak: (this is the most you have had in use in this session)

    >> if the "Peak" value above is close to or above your installed ram, you are maxing out its usage. When I run HL2 it actually approaches the "Limit" value in many cases -- which is really extreme.

    What you might do before running HL2 is terminate any unnecessary applications -- such as antivirus or external firewall to conserve resources.

    You can also post a HijackThis scanlog and I'm sure folks will be happy to advise you on what startup programs may be disabled for better performance:

    Download and install HijackThis using the "self extractor". Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe
     
  6. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    Logfile of HijackThis v1.99.1
    Scan saved at 1:44:56 PM, on 10/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqn.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\gebcb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128554174625
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
    O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  8. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    thats good because i love counterstrike and now i dont have to get rid of it. ok please tell me how to get rid of it and i will. what virus i do i have now i had vundo h now which one do i have.
     
  9. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
  10. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    it said that it did not find any vundo virus.
     
  11. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    Symantec Trojan.Vundo Removal Tool 1.4.0
    The process "winlogon.exe" contained a viral thread (00000684). The thread was terminated.
    The process "winlogon.exe" contained a viral thread (00000688). The thread was terminated.
    The process "explorer.exe" contained a viral thread (000000A4). The thread was terminated.
    The process "explorer.exe" contained a viral thread (000000A8). The thread was terminated.
    The process "explorer.exe" contained a viral thread (00000238). The thread was terminated.

    C:\Documents and Settings\Steven: (not scanned)
    C:\System Volume Information: (not scanned)
    registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents (key deleted)
    registry: HKEY_CLASSES_ROOT\MSEvents.MSEvents.1 (key deleted)
    registry: HKEY_CLASSES_ROOT\CLSID\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} (key deleted)
    registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} (key deleted)


    Trojan.Vundo has not been found on your computer.
     
  12. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    will anyone reply to this tread ???? my comp is still screwed up i think heres anothor hijack this
    Logfile of HijackThis v1.99.1
    Scan saved at 3:07:00 PM, on 10/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\gebcb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128554174625
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
    O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
    • At this point press enter one time.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\gebcb.dll

    • Press Enter to continue with the fix.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\bcbeg.*
        This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
    • Press Enter to continue with the fix.
    • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
    • In HiJackThis, please place a check next to the following items and click FIX CHECKED:
      • enter hjt items here

        O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\gebcb.dll
        O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
        O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll

    • After you have fixed these items, close Hijackthis.
    • Press enter to exit the program then manually reboot your computer.
    • The fix will tell you to shutdown using the Power button. Hold in your power button until the computer shuts down. Wait about 15 seconds and then restart the computer into regular windows.

      Chkdsk will run. This is normal. It will take a few minutes and is checking your file system because of the Bad Shutdown we caused.

    • Once your machine reboots please continue with the instructions below.
    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    Set the program up as follows:
    Click "Options..."
    Move the arrow down to "Custom CleanUp!"
    Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    Click OK
    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Now please run an online scan from one of these sites

    http://www.kaspersky.com/virusscanner
    http://www.pandasoftware.com/products/activescan.htm
    http://housecall.trendmicro.com/housecall/start_corp.asp

    Allow them to clean what they can

    Panda will have the option to create a log after the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.

    Kaspersky also has the option to save a log so do that and post that report





    Run hijackthis and post the new log and the vundofix.txt file from the vundofix folder into as well.
     
  14. james2523

    james2523 Thread Starter

    Joined:
    Jun 22, 2005
    Messages:
    161
    ok but do i add the * or no
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes. Type it exactly as C:\WINDOWS\system32\bcbeg.*
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/409600

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice