HELP BSOD!

[amfufu89]

Hello guys, when i try to play warcraft IIII frozen throne i get BSOD

0x0000008 (0x80000004. 0x806EAA01, 0xAA2B5570, 0x00000000)

and i cant get to safe mode i also get BSOD when going on safe mode i guess it was 0x0000007B?

this is my specs

Windows XP Pro SP2

Intel[R]core[tm]2 duo CPU T5470 @1.60GHz

1.18GHz, 0.99 GB oF RAM

and i use Laptop

Dell AVostro 840

[sorry for bad english]

[daledoc1]

Hello and welcome to MBAM forum, amfufu89:

BSOD is usually due to hardware or driver issues, although it can also be caused by some of today's really bad rootkits.

Since you appear to be running XP without SP3 (why?????), it is possible that you could be infected.

One of the more expert folks will need to analyze your BSOD stop codes, but until then, you might want to run tests of your hardware (HDD disk check, mem test, etc) and look to see if your drivers are up to date.

You didn't mention the brand of your computer, but most of the OEM makers have diagnostics that you can run on their equipment.

(PS It also looks as if you might be a bit short on RAM, even for XP.)

At some point, you'll also absolutely need to upgrade to SP3 (and all other critical Windows patches).

While you are waiting for more expert advice, you could also post back to this thread with the 2 scan logs from DDS, as explained below.

HTH,

daledoc1

----------------------------------------------

How to Run DDS

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

• 
  When done, DDS will open two (2) logs:
• 
  
  1. DDS.txt
     
  2. Attach.txt
     

• Save both reports to your desktop!
  
• Please include both of the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[Firefox]

Hello and

Just to add to the excellent advice above by daledoc1....

Since you are running a Dell computer, have your ran a dell diagnostics on your computer? To do this, turn on the computer and when you see the Dell Logo (before windows starts to load) press the F12 Key (you may have to do it a few times) to bring up a Menu. When the menu appears and depending on your Bios version you will see something that says Hard Drive Diagnostics or Dell Diagnostics. Run those tests and let us know if anything fails and what the code is.

[daledoc1]

OOPS!

Good catch, Firefox!

(I missed the mention of the Dell brand.)

Thanks!

[Firefox]

Between your eyes and my 4 eyes we are bound to catch a few things....

[daledoc1]

Between your eyes and my 4 eyes we are bound to catch a few things....

Make that 4 + 4!

[amfufu89]

i run the diagnostics well i guess theres no problem cause it says pass in all drives???

well i tried to upgrade my XP to sp3 but i keep getting weird errors so i cant..

well heres the result for those two

attach.rar

dds.rar

[amfufu89]

Hello and welcome to MBAM forum, amfufu89:

BSOD is usually due to hardware or driver issues, although it can also be caused by some of today's really bad rootkits.

Since you appear to be running XP without SP3 (why?????), it is possible that you could be infected.

One of the more expert folks will need to analyze your BSOD stop codes, but until then, you might want to run tests of your hardware (HDD disk check, mem test, etc) and look to see if your drivers are up to date.

You didn't mention the brand of your computer, but most of the OEM makers have diagnostics that you can run on their equipment.

(PS It also looks as if you might be a bit short on RAM, even for XP.)

At some point, you'll also absolutely need to upgrade to SP3 (and all other critical Windows patches).

While you are waiting for more expert advice, you could also post back to this thread with the 2 scan logs from DDS, as explained below.

HTH,

daledoc1

----------------------------------------------

How to Run DDS

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

• 
  When done, DDS will open two (2) logs:
• 
  
  1. DDS.txt
     
  2. Attach.txt
     

• Save both reports to your desktop!
  
• Please include both of the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

i run the diagnostics well i guess theres no problem cause it says pass in all drives???

well i tried to upgrade my XP to sp3 but i keep getting weird errors so i cant..

well heres the result for those two

Attached Files

• attach.rar 4.42K 1 downloads
  
• dds.rar 4.38K 0 downloads
  

[daledoc1]

Hi:

Thanks for the update and for logs -- we'll need to wait for Firefox or one of the other qualified experts to review them.

(FYI it probably would have been better -- for readability and security -- if you had just used copy/paste to post them directly into your reply, rather than zipping and attaching them ).

It's worrisome that you are unable to update to SP3 -- what is the specific error message you received?

Are you still getting BSOD?

Thanks for your patience and understanding,

daledoc1

PS Please do not use the "Quote" and "Multi-Quote" buttons when replying here at the forum. Instead, please use "More Reply Options" > then type your reply > then "Add Reply". It will make your thread easier for everyone to read.

[amfufu89]

Yes i still keep getting BSOD hmm from what I remember it was "Failed to install catalog files?"

thanks for some advice.. ill post it now here

Attach.txt:>

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/17/2009 7:38:00 AM

System Uptime: 8/30/2012 11:03:24 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G216H

Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz

Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 36.408 GiB free.

D: is FIXED (NTFS) - 81 GiB total, 63.132 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {00000000-0000-0000-0000-000000000000}

Description: Network Controller

Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1

Manufacturer:

Name: Network Controller

PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1

Service:

.

==== System Restore Points ===================

.

RP297: 10/17/2011 4:12:54 AM - Software Distribution Service 3.0

RP298: 10/17/2011 9:22:12 AM - Software Distribution Service 3.0

RP299: 10/21/2011 3:06:49 AM - Software Distribution Service 3.0

RP300: 10/24/2011 11:43:34 PM - Software Distribution Service 3.0

RP301: 10/25/2011 8:36:09 AM - Software Distribution Service 3.0

RP302: 10/28/2011 11:02:46 AM - Removed AVG Free 9.0

RP303: 10/30/2011 5:19:57 AM - Software Distribution Service 3.0

RP304: 11/6/2011 9:23:00 AM - Software Distribution Service 3.0

RP305: 11/6/2011 7:42:27 PM - Software Distribution Service 3.0

RP306: 11/7/2011 2:10:34 AM - Software Distribution Service 3.0

RP307: 11/7/2011 6:31:10 AM - Software Distribution Service 3.0

RP308: 11/13/2011 8:51:20 AM - Software Distribution Service 3.0

RP309: 11/20/2011 7:00:17 AM - Software Distribution Service 3.0

RP310: 11/20/2011 7:18:47 PM - Software Distribution Service 3.0

RP311: 11/21/2011 2:47:10 AM - Software Distribution Service 3.0

RP312: 11/21/2011 7:34:16 PM - Software Distribution Service 3.0

RP313: 11/27/2011 5:31:49 AM - Software Distribution Service 3.0

RP314: 11/27/2011 6:31:40 AM - Software Distribution Service 3.0

RP315: 11/27/2011 11:24:49 PM - Software Distribution Service 3.0

RP316: 12/4/2011 8:16:37 AM - Software Distribution Service 3.0

RP317: 12/4/2011 1:31:22 PM - Software Distribution Service 3.0

RP318: 12/5/2011 12:16:21 AM - Software Distribution Service 3.0

RP319: 12/5/2011 7:57:16 AM - Software Distribution Service 3.0

RP320: 12/5/2011 9:55:29 AM - Software Distribution Service 3.0

RP321: 12/6/2011 1:48:29 AM - Software Distribution Service 3.0

RP322: 12/6/2011 9:09:41 PM - Software Distribution Service 3.0

RP323: 12/11/2011 7:52:30 AM - Software Distribution Service 3.0

RP324: 12/18/2011 6:06:52 PM - Software Distribution Service 3.0

RP325: 12/18/2011 6:41:07 PM - Software Distribution Service 3.0

RP326: 12/19/2011 8:07:56 AM - Software Distribution Service 3.0

RP327: 12/19/2011 8:33:36 AM - Software Distribution Service 3.0

RP328: 12/20/2011 12:33:11 AM - Software Distribution Service 3.0

RP329: 12/20/2011 4:06:44 AM - Software Distribution Service 3.0

RP330: 12/25/2011 2:26:55 PM - Software Distribution Service 3.0

RP331: 12/25/2011 11:54:22 PM - Software Distribution Service 3.0

RP332: 12/26/2011 2:10:22 AM - Software Distribution Service 3.0

RP333: 12/26/2011 10:04:50 AM - Software Distribution Service 3.0

RP334: 12/26/2011 11:16:26 PM - Software Distribution Service 3.0

RP335: 12/26/2011 11:21:44 PM - Software Distribution Service 3.0

RP336: 12/27/2011 12:14:47 AM - Software Distribution Service 3.0

RP337: 12/27/2011 12:24:28 PM - Software Distribution Service 3.0

RP338: 12/27/2011 5:38:42 PM - Software Distribution Service 3.0

RP339: 1/1/2012 10:06:10 PM - Software Distribution Service 3.0

RP340: 1/8/2012 9:03:10 AM - Software Distribution Service 3.0

RP341: 1/15/2012 8:02:35 PM - Software Distribution Service 3.0

RP342: 1/15/2012 8:30:17 PM - Software Distribution Service 3.0

RP343: 1/22/2012 10:48:54 AM - Software Distribution Service 3.0

RP344: 1/22/2012 4:20:51 PM - Software Distribution Service 3.0

RP345: 1/23/2012 12:48:51 AM - Software Distribution Service 3.0

RP346: 1/23/2012 11:02:40 AM - Software Distribution Service 3.0

RP347: 1/29/2012 6:11:17 AM - Software Distribution Service 3.0

RP348: 2/5/2012 12:38:00 PM - Software Distribution Service 3.0

RP349: 2/6/2012 2:07:44 AM - Software Distribution Service 3.0

RP350: 2/6/2012 9:59:56 AM - Software Distribution Service 3.0

RP351: 2/7/2012 3:56:20 PM - Software Distribution Service 3.0

RP352: 2/8/2012 10:56:06 AM - Software Distribution Service 3.0

RP353: 2/8/2012 11:08:18 PM - Software Distribution Service 3.0

RP354: 2/9/2012 8:48:25 AM - Software Distribution Service 3.0

RP355: 2/9/2012 1:40:48 PM - Software Distribution Service 3.0

RP356: 2/10/2012 4:51:13 AM - Software Distribution Service 3.0

RP357: 2/10/2012 8:15:48 AM - Software Distribution Service 3.0

RP358: 2/12/2012 4:36:31 PM - Software Distribution Service 3.0

RP359: 2/13/2012 12:45:13 AM - Software Distribution Service 3.0

RP360: 2/16/2012 7:41:49 PM - Software Distribution Service 3.0

RP361: 2/16/2012 9:49:54 PM - Software Distribution Service 3.0

RP362: 2/17/2012 4:34:36 PM - Software Distribution Service 3.0

RP363: 2/19/2012 6:53:44 AM - Software Distribution Service 3.0

RP364: 2/20/2012 11:35:29 AM - Software Distribution Service 3.0

RP365: 2/20/2012 4:48:25 PM - Software Distribution Service 3.0

RP366: 2/20/2012 5:34:25 PM - Software Distribution Service 3.0

RP367: 2/22/2012 5:17:07 PM - Software Distribution Service 3.0

RP368: 2/22/2012 8:11:57 PM - Software Distribution Service 3.0

RP369: 3/4/2012 8:17:19 AM - Software Distribution Service 3.0

RP370: 3/4/2012 11:38:49 AM - Hitman 2: Silent Assassin Demo

RP371: 3/4/2012 11:39:40 AM - Software Distribution Service 3.0

RP372: 3/6/2012 12:06:21 AM - Software Distribution Service 3.0

RP373: 3/6/2012 5:00:17 AM - Software Distribution Service 3.0

RP374: 3/7/2012 7:58:01 PM - Software Distribution Service 3.0

RP375: 3/14/2012 9:32:38 PM - Software Distribution Service 3.0

RP376: 3/15/2012 12:15:42 PM - Software Distribution Service 3.0

RP377: 3/15/2012 7:02:54 PM - Software Distribution Service 3.0

RP378: 3/16/2012 11:26:52 AM - Software Distribution Service 3.0

RP379: 3/16/2012 12:30:45 PM - Software Distribution Service 3.0

RP380: 3/16/2012 3:55:26 PM - Software Distribution Service 3.0

RP381: 3/18/2012 9:43:02 AM - Software Distribution Service 3.0

RP382: 3/18/2012 3:54:29 PM - Software Distribution Service 3.0

RP383: 3/18/2012 7:43:16 PM - Software Distribution Service 3.0

RP384: 3/19/2012 2:57:36 PM - Software Distribution Service 3.0

RP385: 3/27/2012 12:30:03 AM - Software Distribution Service 3.0

RP386: 3/27/2012 10:47:56 AM - Software Distribution Service 3.0

RP387: 4/1/2012 6:26:16 AM - Software Distribution Service 3.0

RP388: 4/1/2012 6:40:49 AM - Software Distribution Service 3.0

RP389: 4/1/2012 11:47:31 PM - Software Distribution Service 3.0

RP390: 4/3/2012 12:11:19 AM - Software Distribution Service 3.0

RP391: 4/8/2012 12:46:43 PM - Software Distribution Service 3.0

RP392: 4/14/2012 9:33:38 PM - Software Distribution Service 3.0

RP393: 4/15/2012 12:21:46 PM - Software Distribution Service 3.0

RP394: 4/17/2012 10:35:07 PM - Software Distribution Service 3.0

RP395: 4/19/2012 8:28:29 PM - Software Distribution Service 3.0

RP396: 4/22/2012 11:34:00 AM - Software Distribution Service 3.0

RP397: 4/22/2012 5:21:24 PM - Software Distribution Service 3.0

RP398: 4/22/2012 10:57:30 PM - Software Distribution Service 3.0

RP399: 4/23/2012 10:35:44 AM - Software Distribution Service 3.0

RP400: 5/24/2012 12:30:31 AM - Restore Operation

.

==== Installed Programs ======================

.

µTorrent

A4 TECH PC Camera H

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Akamai NetSession Interface

Akamai NetSession Interface Service

Atheros Wireless LAN Client Adapter

Bluetooth Stack for Windows by Toshiba

CCleaner

Conduit Engine

Conexant HD Audio

Dealio Toolbar v4.0.2

Dell Resource CD

Dell Touchpad

DivX Setup

Facebook Plug-In

FormatFactory 2.80

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java™ 6 Update 21

Kalydo Player 3.09.00

LightScribe 1.8.13.1

Mabry Volume

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Help Viewer 1.0

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Basic 2008 Express Edition - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Mozilla Embedded Browser version 3.5

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 6 Service Pack 2 (KB973686)

Pando Media Booster

PhotoScape

Process Tamer 2.11.01

PunkBuster Services

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05

Search Settings v1.2.3

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Skype Toolbars

Skype™ 5.3

System Requirements Lab for Intel

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB898461)

Update for Windows XP (KB925720)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.0.5

Warcraft III: All Products

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR 4.01 (32-bit)

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/29/2012 12:34:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.

8/29/2012 1:11:00 PM, error: System Error [1003] - Error code 000000ea, parameter1 8717cda8, parameter2 86a60328, parameter3 864da380, parameter4 00000001.

8/28/2012 9:03:21 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.

8/26/2012 8:09:45 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/26/2012 8:09:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

8/26/2012 8:09:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Update\DivXUpdate.exe. Reference error message: The operation completed successfully. .

8/26/2012 8:09:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

8/26/2012 3:31:31 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

8/26/2012 3:31:31 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

8/26/2012 3:31:31 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

8/26/2012 11:47:04 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

8/23/2012 5:20:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/23/2012 4:20:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/23/2012 3:50:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

DDS.txt:>

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Administrator at 11:04:54 on 2012-08-30

.

============== Running Processes ===============

.

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\VMSnap3.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ProcessTamer\ProcessTamerTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.starwebsearch.com/index.php?from=3

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LClock] c:\program files\lclock\LClock.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe"

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Runonce] c:\windows\system32\runouce.exe

mRun: [VMSnap3] c:\windows\VMSnap3.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRunOnce: [RunNarrator] Narrator.exe

mExplorerRun: [13415tyhewr5234325] c:\documents and settings\administrator\application data\3T0F1VR85D.exe

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NofolderOptions = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm

IE: &Search

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344411596125

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{3714AB7D-9B50-43E1-BBF5-298C78CFCE0E} : DhcpNameServer = 192.168.254.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ecitfnq6.default\

FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\npkalydo.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

============= SERVICES / DRIVERS ===============

.

R? 1394hub;1394 Enabled Hub

R? abp470n5;abp470n5

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? ByakkoDriver;ByakkoDriver

R? ByakkoSvc;ByakkoSvc

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? Da12prp;Da12prp

R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

R? dpti930;dpti930

R? EagleXNt;EagleXNt

R? GGSAFERDriver;GGSAFER Driver

R? GUCI_AVS;USB2.0 VGA Video Device

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? IlvMoneyDRIVER53;IlvMoneyDRIVER53

R? LcAgent;LC Remote Agent

R? MozillaMaintenance;Mozilla Maintenance Service

R? npggsvc;nProtect GameGuard Service

R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)

R? vmfilter303;vmfilter303

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

R? XDva346;XDva346

R? XDva365;XDva365

R? XDva369;XDva369

R? XDva386;XDva386

R? XDva388;XDva388

S? Akamai;Akamai NetSession Interface

S? ElRawDisk;ElRawDisk

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

.

=============== Created Last 30 ================

.

2012-08-30 09:58:16 -------- dc----w- c:\documents and settings\administrator\application data\DonationCoder

2012-08-30 09:58:12 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder

2012-08-30 09:58:10 -------- d-----w- c:\program files\ProcessTamer

2012-08-30 09:05:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-08-29 07:59:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 07:11:26 -------- d-----w- c:\documents and settings\all users\application data\Ask

2012-08-24 08:08:45 0 -c--a-w- c:\documents and settings\administrator\windbg.exe

2012-08-24 07:47:18 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-08-24 07:43:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-08-21 06:04:55 15612896 ----a-w- c:\program files\mozilla firefox\xul.dll

2012-08-16 22:07:05 2829 ----a-w- c:\windows\War3Unin.pif

2012-08-16 22:07:05 139264 ----a-w- c:\windows\War3Unin.exe

2012-08-16 21:29:58 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-08-16 21:15:39 -------- dc----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro

2012-08-11 08:18:40 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2012-08-11 08:18:39 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys

2012-08-11 08:18:39 39944 ----a-w- c:\windows\system32\drivers\eamon.sys

2012-08-11 08:01:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE

2012-08-11 08:01:01 -------- d-----w- c:\program files\Conduit

2012-08-09 01:48:33 -------- d-----w- c:\windows\system32\CatRoot2

2012-08-09 01:16:15 19569 ----a-w- c:\windows\005931_.tmp

2012-08-09 00:44:11 19569 ----a-w- c:\windows\006001_.tmp

.

==================== Find3M ====================

.

2012-08-23 23:25:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-23 23:25:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-03-23 17:21:55 3993600 ----a-w- c:\program files\GUT35F.tmp

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST9160827AS rev.3.ADB -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87370EC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84f10872; SUB DWORD [EBP-0x4], 0x84f1012e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x874BDAB8]

3 CLASSPNP[0xF759E05B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x871FE2A0]

[0x87476228] -> IRP_MJ_CREATE -> 0x87370EC5

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160827AS_____________________________3.ADB___#5&71b3819&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x87370AEA

\Driver\atapi -> 0x8759e1e8

user & kernel MBR OK

sectors 312581806 (+255): user != kernel

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 11:08:41.60 ===============

[CWB]

from the last line in the logs you posted ... you may be infected with a rootkit .

you will need to have one of the experts in the malware removal section help you ...

start here : http://forums.malwar...?showtopic=9573

follow the instructions to the best of your abilities and do not run any tools or scanners or clear out any files unless you are told to do so .

(you also have some very questionable programs/items installed)

[daledoc1]

Thanks for that.

EDIT: OOPS! Thanks, CWB. You must have posted while I was typing.

I am neither qualified nor authorized to provide malware removal advice.

However, since you are running WinXP without SP3, are running P2P software (bit torrent), have some outdated, vulnerable software (Adobe reader, Java, etc), and reported that at least part of your hardware tested OK, I suspect that it's highly likely that your system may have been compromised by malware.

Since we don't work on malware-related issues in this section of the forum, please read below in order to have a qualified expert assist you with scanning and cleaning your system.

If there are other, non-malware issues remaining after that, your helper may refer you back here to the PC help section.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• -->Since you have already run DDS, you'll just need to post those same logs into a new topic in the malware removal section, perhaps with a link back to this topic and a short description of the problem, & what you've already tried.
  
• Then please start a new post in the Malware Removal Forum.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.
  

• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  
• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
  

Alternatively, if you are a paid, licensed user of MBAM PRO, you may wish to open a support ticket with the helpdesk directly, instead. The helpdesk can be reached by filling out >>THIS FORM<<.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

[Firefox]

You are indeed are having some issues on this computer.... from the logs I can see you have some disk corruption and quite of bit of services failing. Most likely the cause of an infection.... To get help with this computer choose one of the following options below....

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

IMPORTANT: Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the

Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the directions >>Right HERE<<, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
  so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  
• You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer, you can contact the help desk by filling out the form located >>Right HERE<<

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site >>Right HERE<<

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Reply to this Topic" or "More Reply Options" buttons (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums. That will make your topic easier to follow.

[CWB]

daledoc1 : "OOPS! Thanks, CWB. You must have posted while I was typing."

the time stamp would indicate that the postings were simulchtainious (intentional spelling) .