BSOD! Pls Help ME

amfufu89 · August 30, 2012

When i try playing warcraft III frozen throne blue screen appears i cant even create a map its only up to the Local area network,,

and i cant get to safe mode blue screen appears also when trying safe mode. and i cant install windows XP s3 weird errors appears like the "missing catalog files???"

this is my Specs:

Windows XP Pro SP2

Intel[R]core[tm]2 duo CPU T5470 @1.60GHz

1.18GHz, 0.99 GB oF RAM

and i use Laptop

Dell Vostro A840

[sorry for bad english]

i already run DDS??? heres the result:

Attach.txt:>

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/17/2009 7:38:00 AM

System Uptime: 8/30/2012 11:03:24 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G216H

Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 68 GiB total, 36.408 GiB free.

D: is FIXED (NTFS) - 81 GiB total, 63.132 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {00000000-0000-0000-0000-000000000000}

Description: Network Controller

Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1

Manufacturer:

Name: Network Controller

PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1

Service:

.

==== System Restore Points ===================

.

RP297: 10/17/2011 4:12:54 AM - Software Distribution Service 3.0

RP298: 10/17/2011 9:22:12 AM - Software Distribution Service 3.0

RP299: 10/21/2011 3:06:49 AM - Software Distribution Service 3.0

RP300: 10/24/2011 11:43:34 PM - Software Distribution Service 3.0

RP301: 10/25/2011 8:36:09 AM - Software Distribution Service 3.0

RP302: 10/28/2011 11:02:46 AM - Removed AVG Free 9.0

RP303: 10/30/2011 5:19:57 AM - Software Distribution Service 3.0

RP304: 11/6/2011 9:23:00 AM - Software Distribution Service 3.0

RP305: 11/6/2011 7:42:27 PM - Software Distribution Service 3.0

RP306: 11/7/2011 2:10:34 AM - Software Distribution Service 3.0

RP307: 11/7/2011 6:31:10 AM - Software Distribution Service 3.0

RP308: 11/13/2011 8:51:20 AM - Software Distribution Service 3.0

RP309: 11/20/2011 7:00:17 AM - Software Distribution Service 3.0

RP310: 11/20/2011 7:18:47 PM - Software Distribution Service 3.0

RP311: 11/21/2011 2:47:10 AM - Software Distribution Service 3.0

RP312: 11/21/2011 7:34:16 PM - Software Distribution Service 3.0

RP313: 11/27/2011 5:31:49 AM - Software Distribution Service 3.0

RP314: 11/27/2011 6:31:40 AM - Software Distribution Service 3.0

RP315: 11/27/2011 11:24:49 PM - Software Distribution Service 3.0

RP316: 12/4/2011 8:16:37 AM - Software Distribution Service 3.0

RP317: 12/4/2011 1:31:22 PM - Software Distribution Service 3.0

RP318: 12/5/2011 12:16:21 AM - Software Distribution Service 3.0

RP319: 12/5/2011 7:57:16 AM - Software Distribution Service 3.0

RP320: 12/5/2011 9:55:29 AM - Software Distribution Service 3.0

RP321: 12/6/2011 1:48:29 AM - Software Distribution Service 3.0

RP322: 12/6/2011 9:09:41 PM - Software Distribution Service 3.0

RP323: 12/11/2011 7:52:30 AM - Software Distribution Service 3.0

RP324: 12/18/2011 6:06:52 PM - Software Distribution Service 3.0

RP325: 12/18/2011 6:41:07 PM - Software Distribution Service 3.0

RP326: 12/19/2011 8:07:56 AM - Software Distribution Service 3.0

RP327: 12/19/2011 8:33:36 AM - Software Distribution Service 3.0

RP328: 12/20/2011 12:33:11 AM - Software Distribution Service 3.0

RP329: 12/20/2011 4:06:44 AM - Software Distribution Service 3.0

RP330: 12/25/2011 2:26:55 PM - Software Distribution Service 3.0

RP331: 12/25/2011 11:54:22 PM - Software Distribution Service 3.0

RP332: 12/26/2011 2:10:22 AM - Software Distribution Service 3.0

RP333: 12/26/2011 10:04:50 AM - Software Distribution Service 3.0

RP334: 12/26/2011 11:16:26 PM - Software Distribution Service 3.0

RP335: 12/26/2011 11:21:44 PM - Software Distribution Service 3.0

RP336: 12/27/2011 12:14:47 AM - Software Distribution Service 3.0

RP337: 12/27/2011 12:24:28 PM - Software Distribution Service 3.0

RP338: 12/27/2011 5:38:42 PM - Software Distribution Service 3.0

RP339: 1/1/2012 10:06:10 PM - Software Distribution Service 3.0

RP340: 1/8/2012 9:03:10 AM - Software Distribution Service 3.0

RP341: 1/15/2012 8:02:35 PM - Software Distribution Service 3.0

RP342: 1/15/2012 8:30:17 PM - Software Distribution Service 3.0

RP343: 1/22/2012 10:48:54 AM - Software Distribution Service 3.0

RP344: 1/22/2012 4:20:51 PM - Software Distribution Service 3.0

RP345: 1/23/2012 12:48:51 AM - Software Distribution Service 3.0

RP346: 1/23/2012 11:02:40 AM - Software Distribution Service 3.0

RP347: 1/29/2012 6:11:17 AM - Software Distribution Service 3.0

RP348: 2/5/2012 12:38:00 PM - Software Distribution Service 3.0

RP349: 2/6/2012 2:07:44 AM - Software Distribution Service 3.0

RP350: 2/6/2012 9:59:56 AM - Software Distribution Service 3.0

RP351: 2/7/2012 3:56:20 PM - Software Distribution Service 3.0

RP352: 2/8/2012 10:56:06 AM - Software Distribution Service 3.0

RP353: 2/8/2012 11:08:18 PM - Software Distribution Service 3.0

RP354: 2/9/2012 8:48:25 AM - Software Distribution Service 3.0

RP355: 2/9/2012 1:40:48 PM - Software Distribution Service 3.0

RP356: 2/10/2012 4:51:13 AM - Software Distribution Service 3.0

RP357: 2/10/2012 8:15:48 AM - Software Distribution Service 3.0

RP358: 2/12/2012 4:36:31 PM - Software Distribution Service 3.0

RP359: 2/13/2012 12:45:13 AM - Software Distribution Service 3.0

RP360: 2/16/2012 7:41:49 PM - Software Distribution Service 3.0

RP361: 2/16/2012 9:49:54 PM - Software Distribution Service 3.0

RP362: 2/17/2012 4:34:36 PM - Software Distribution Service 3.0

RP363: 2/19/2012 6:53:44 AM - Software Distribution Service 3.0

RP364: 2/20/2012 11:35:29 AM - Software Distribution Service 3.0

RP365: 2/20/2012 4:48:25 PM - Software Distribution Service 3.0

RP366: 2/20/2012 5:34:25 PM - Software Distribution Service 3.0

RP367: 2/22/2012 5:17:07 PM - Software Distribution Service 3.0

RP368: 2/22/2012 8:11:57 PM - Software Distribution Service 3.0

RP369: 3/4/2012 8:17:19 AM - Software Distribution Service 3.0

RP370: 3/4/2012 11:38:49 AM - Hitman 2: Silent Assassin Demo

RP371: 3/4/2012 11:39:40 AM - Software Distribution Service 3.0

RP372: 3/6/2012 12:06:21 AM - Software Distribution Service 3.0

RP373: 3/6/2012 5:00:17 AM - Software Distribution Service 3.0

RP374: 3/7/2012 7:58:01 PM - Software Distribution Service 3.0

RP375: 3/14/2012 9:32:38 PM - Software Distribution Service 3.0

RP376: 3/15/2012 12:15:42 PM - Software Distribution Service 3.0

RP377: 3/15/2012 7:02:54 PM - Software Distribution Service 3.0

RP378: 3/16/2012 11:26:52 AM - Software Distribution Service 3.0

RP379: 3/16/2012 12:30:45 PM - Software Distribution Service 3.0

RP380: 3/16/2012 3:55:26 PM - Software Distribution Service 3.0

RP381: 3/18/2012 9:43:02 AM - Software Distribution Service 3.0

RP382: 3/18/2012 3:54:29 PM - Software Distribution Service 3.0

RP383: 3/18/2012 7:43:16 PM - Software Distribution Service 3.0

RP384: 3/19/2012 2:57:36 PM - Software Distribution Service 3.0

RP385: 3/27/2012 12:30:03 AM - Software Distribution Service 3.0

RP386: 3/27/2012 10:47:56 AM - Software Distribution Service 3.0

RP387: 4/1/2012 6:26:16 AM - Software Distribution Service 3.0

RP388: 4/1/2012 6:40:49 AM - Software Distribution Service 3.0

RP389: 4/1/2012 11:47:31 PM - Software Distribution Service 3.0

RP390: 4/3/2012 12:11:19 AM - Software Distribution Service 3.0

RP391: 4/8/2012 12:46:43 PM - Software Distribution Service 3.0

RP392: 4/14/2012 9:33:38 PM - Software Distribution Service 3.0

RP393: 4/15/2012 12:21:46 PM - Software Distribution Service 3.0

RP394: 4/17/2012 10:35:07 PM - Software Distribution Service 3.0

RP395: 4/19/2012 8:28:29 PM - Software Distribution Service 3.0

RP396: 4/22/2012 11:34:00 AM - Software Distribution Service 3.0

RP397: 4/22/2012 5:21:24 PM - Software Distribution Service 3.0

RP398: 4/22/2012 10:57:30 PM - Software Distribution Service 3.0

RP399: 4/23/2012 10:35:44 AM - Software Distribution Service 3.0

RP400: 5/24/2012 12:30:31 AM - Restore Operation

.

==== Installed Programs ======================

.

µTorrent

A4 TECH PC Camera H

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

Akamai NetSession Interface

Akamai NetSession Interface Service

Atheros Wireless LAN Client Adapter

Bluetooth Stack for Windows by Toshiba

CCleaner

Conduit Engine

Conexant HD Audio

Dealio Toolbar v4.0.2

Dell Resource CD

Dell Touchpad

DivX Setup

Facebook Plug-In

FormatFactory 2.80

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java™ 6 Update 21

Kalydo Player 3.09.00

LightScribe 1.8.13.1

Mabry Volume

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Help Viewer 1.0

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Basic 2008 Express Edition - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Mozilla Embedded Browser version 3.5

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 6 Service Pack 2 (KB973686)

Pando Media Booster

PhotoScape

Process Tamer 2.11.01

PunkBuster Services

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05

Search Settings v1.2.3

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Skype Toolbars

Skype™ 5.3

System Requirements Lab for Intel

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB898461)

Update for Windows XP (KB925720)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.0.5

Warcraft III: All Products

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR 4.01 (32-bit)

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/29/2012 12:34:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.

8/29/2012 1:11:00 PM, error: System Error [1003] - Error code 000000ea, parameter1 8717cda8, parameter2 86a60328, parameter3 864da380, parameter4 00000001.

8/28/2012 9:03:21 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.

8/26/2012 8:09:45 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/26/2012 8:09:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

8/26/2012 8:09:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Update\DivXUpdate.exe. Reference error message: The operation completed successfully. .

8/26/2012 8:09:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

8/26/2012 3:31:31 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

8/26/2012 3:31:31 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

8/26/2012 3:31:31 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

8/26/2012 11:47:04 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

8/23/2012 5:20:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/23/2012 4:20:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

8/23/2012 3:50:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

DDS.txt:>

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Administrator at 11:04:54 on 2012-08-30

.

============== Running Processes ===============

.

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\VMSnap3.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ProcessTamer\ProcessTamerTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.starwebsearch.com/index.php?from=3

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LClock] c:\program files\lclock\LClock.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe"

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Runonce] c:\windows\system32\runouce.exe

mRun: [VMSnap3] c:\windows\VMSnap3.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRunOnce: [RunNarrator] Narrator.exe

mExplorerRun: [13415tyhewr5234325] c:\documents and settings\administrator\application data\3T0F1VR85D.exe

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NofolderOptions = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm

IE: &Search

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344411596125

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{3714AB7D-9B50-43E1-BBF5-298C78CFCE0E} : DhcpNameServer = 192.168.254.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ecitfnq6.default\

FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\npkalydo.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

============= SERVICES / DRIVERS ===============

.

R? 1394hub;1394 Enabled Hub

R? abp470n5;abp470n5

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? ByakkoDriver;ByakkoDriver

R? ByakkoSvc;ByakkoSvc

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? Da12prp;Da12prp

R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

R? dpti930;dpti930

R? EagleXNt;EagleXNt

R? GGSAFERDriver;GGSAFER Driver

R? GUCI_AVS;USB2.0 VGA Video Device

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? IlvMoneyDRIVER53;IlvMoneyDRIVER53

R? LcAgent;LC Remote Agent

R? MozillaMaintenance;Mozilla Maintenance Service

R? npggsvc;nProtect GameGuard Service

R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)

R? vmfilter303;vmfilter303

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

R? XDva346;XDva346

R? XDva365;XDva365

R? XDva369;XDva369

R? XDva386;XDva386

R? XDva388;XDva388

S? Akamai;Akamai NetSession Interface

S? ElRawDisk;ElRawDisk

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

.

=============== Created Last 30 ================

.

2012-08-30 09:58:16 -------- dc----w- c:\documents and settings\administrator\application data\DonationCoder

2012-08-30 09:58:12 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder

2012-08-30 09:58:10 -------- d-----w- c:\program files\ProcessTamer

2012-08-30 09:05:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-08-29 07:59:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 07:11:26 -------- d-----w- c:\documents and settings\all users\application data\Ask

2012-08-24 08:08:45 0 -c--a-w- c:\documents and settings\administrator\windbg.exe

2012-08-24 07:47:18 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-08-24 07:43:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-08-21 06:04:55 15612896 ----a-w- c:\program files\mozilla firefox\xul.dll

2012-08-16 22:07:05 2829 ----a-w- c:\windows\War3Unin.pif

2012-08-16 22:07:05 139264 ----a-w- c:\windows\War3Unin.exe

2012-08-16 21:29:58 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-08-16 21:15:39 -------- dc----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro

2012-08-11 08:18:40 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2012-08-11 08:18:39 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys

2012-08-11 08:18:39 39944 ----a-w- c:\windows\system32\drivers\eamon.sys

2012-08-11 08:01:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE

2012-08-11 08:01:01 -------- d-----w- c:\program files\Conduit

2012-08-09 01:48:33 -------- d-----w- c:\windows\system32\CatRoot2

2012-08-09 01:16:15 19569 ----a-w- c:\windows\005931_.tmp

2012-08-09 00:44:11 19569 ----a-w- c:\windows\006001_.tmp

.

==================== Find3M ====================

.

2012-08-23 23:25:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-23 23:25:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-03-23 17:21:55 3993600 ----a-w- c:\program files\GUT35F.tmp

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST9160827AS rev.3.ADB -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87370EC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84f10872; SUB DWORD [EBP-0x4], 0x84f1012e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x874BDAB8]

3 CLASSPNP[0xF759E05B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x871FE2A0]

[0x87476228] -> IRP_MJ_CREATE -> 0x87370EC5

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160827AS_____________________________3.ADB___#5&71b3819&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x87370AEA

\Driver\atapi -> 0x8759e1e8

user & kernel MBR OK

sectors 312581806 (+255): user != kernel

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 11:08:41.60 ===============

Maniac · August 30, 2012

Hello amfufu89! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

µTorrent

Conduit Engine

Search Settings v1.2.3

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log

amfufu89 · August 30, 2012

hello Maniac ive done all the things you said. here are the logs i hope its correct

DDS.TXT:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Administrator at 0:58:27 on 2012-08-31

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.584 [GMT -7:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\VMSnap3.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\ProcessTamer\ProcessTamerTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.starwebsearch.com/index.php?from=3

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LClock] c:\program files\lclock\LClock.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe"

uRun: [Facebook Update] "c:\documents and settings\administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver