PDA

View Full Version : Got blue screen...


martinoto
2010-09-11, 16:29
Hi there, and thanks for your help ¡¡

I got several "blue screens" lately (never happened before), anytime I plug any of my two Tascam Audio interfaces (144 & 1641), randomly. Both units have the latest firmware & driver, and Tascam support said that it is something wrong within my Windows.
- I am running Win XP Pro SP3 (OEM)
- Computer is Dell Latitude D630 (notebook)
- I ran ERUNT
- Resident Tea Timer already disabled
- I included DDS below
- attach.zip attached
- Please, help me ¡¡¡ I am stacked here, don't know what else to do ¡¡
- Thanks a million.... Martin

DDS (Ver_10-03-17.01) - NTFSx86
Run by Martin Di Lorenzo at 10:08:58,29 on 11/09/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2038.298 [GMT -3:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Archivos de programa\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Archivos de programa\DellTPad\Apoint.exe
C:\Archivos de programa\Motorola\MotoConnectService\MotoConnect.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\DellTPad\ApMsgFwd.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Archivos de programa\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Archivos de programa\DellTPad\Apntex.exe
C:\Archivos de programa\DellTPad\HidFind.exe
c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqbam08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Martin Di Lorenzo\Mis documentos\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=ar&l=es&s=gen
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\archivos de programa\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\archivos de programa\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\archivos de programa\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\archivos de programa\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\archivos de programa\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\archivos de programa\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\archivos de programa\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ccApp] "c:\archivos de programa\archivos comunes\symantec shared\ccApp.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [hpqSRMon] c:\archivos de programa\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menúin~1\progra~1\inicio\digita~1.lnk - c:\archivos de programa\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\menúin~1\progra~1\inicio\hdwrit~1.lnk - c:\archivos de programa\panasonic\hd writer ae 1\HDWriterAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\menúin~1\progra~1\inicio\hpdigi~1.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\widcomm\software bluetooth\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\archivos de programa\widcomm\software bluetooth\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Trusted Zone: marketengines.com\paybox04
DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271334978531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisco.webex.com/client/T27L10NSP15/webex/ieatgpc.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\archivos de programa\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\archivos de programa\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\archivos de programa\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccEvtMgr;Symantec Event Manager;c:\archivos de programa\archivos comunes\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\archivos de programa\archivos comunes\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-7 54752]
R2 MotoConnect Service;MotoConnect Service;c:\archivos de programa\motorola\motoconnectservice\MotoConnectService.exe [2010-5-10 91456]
R2 RVIEGVST;VSC VST Engine;c:\archivos de programa\roland\virtual sound canvas vst\RVIEg01VST.sys [2008-12-29 188276]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\archivos de programa\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-4 2234296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivos de programa\archivos comunes\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\archiv~1\archiv~1\symant~1\virusd~1\20100910.041\NAVENG.SYS [2010-9-11 85424]
R3 NAVEX15;NAVEX15;c:\archiv~1\archiv~1\symant~1\virusd~1\20100910.041\NAVEX15.SYS [2010-9-11 1362608]
S2 gupdate1c9a41b5999ccf6;Google Update Service (gupdate1c9a41b5999ccf6);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-3-13 133104]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-9-8 5120]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 cpuz132;cpuz132;\??\c:\docume~1\martin~1\config~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\martin~1\config~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 EWAVE;EWAVE;c:\windows\system32\drivers\ew.sys [2009-5-19 1693344]
S3 FILESPY;FILESPY;c:\windows\system32\drivers\FileSpy.sys [2009-5-19 26992]
S3 fsssvc;Servicio de Windows Live Protección infantil;c:\archivos de programa\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2007-2-21 20696]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-5-10 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-5-10 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-5-10 42752]
S3 NSTATION;NSTATION;c:\windows\system32\drivers\NSTATION.sys [2009-5-19 19808]
S3 RDID1076;BOSS GT-10;c:\windows\system32\drivers\Rdwm1076.sys [2009-11-6 173297]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-4-13 18432]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2008-7-25 367616]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2008-7-25 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2008-7-25 33792]
S3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\drivers\tus1641u.sys [2009-8-7 397888]
S3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys [2009-8-7 26688]
S3 TASCAM_US1641_WDM;TASCAM US-1641 WDM;c:\windows\system32\drivers\tus1641a.sys [2009-8-7 39488]

=============== Created Last 30 ================

2010-09-10 16:39:19 0 d-----w- c:\archivos de programa\Microsoft Windows Performance Toolkit
2010-09-10 16:36:29 0 d-----w- c:\archivos de programa\Debugging Tools for Windows (x86)
2010-09-10 16:28:00 0 d-----w- c:\archivos de programa\Application Verifier
2010-09-10 14:03:12 0 d-----w- c:\docume~1\alluse~1\datosd~1\NTRU Cryptosystems
2010-09-10 12:34:20 0 d-----w- c:\archivos de programa\Fingerprint Sensor
2010-09-10 12:31:56 106496 ----a-w- c:\windows\system32\bioapi100.dll.bak
2010-09-10 12:31:56 106496 ----a-w- c:\windows\system32\bioapi100.dll
2010-09-10 12:31:55 143360 ----a-w- c:\windows\system32\bioapi_mds300.dll.bak
2010-09-10 12:31:55 143360 ----a-w- c:\windows\system32\bioapi_mds300.dll
2010-09-10 12:27:58 0 d-----w- c:\archivos de programa\NTRU Cryptosystems
2010-09-09 23:36:50 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D630.MRK
2010-09-09 23:36:44 666 ----a-w- c:\windows\speed.reg
2010-09-09 23:36:07 94208 ----a-w- c:\windows\system32\stacsv.exe
2010-09-09 23:36:07 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2010-09-09 23:36:07 405504 ----a-w- c:\windows\stsystra.exe
2010-09-09 23:36:07 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-09-09 23:35:49 270336 ----a-w- c:\windows\system32\stacapi.dll
2010-09-09 23:34:42 217088 ----a-r- c:\windows\system32\UCI32M21.dll
2010-09-09 23:33:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-09-09 23:33:13 0 d-----w- c:\archivos de programa\DellTPad
2010-09-09 23:33:04 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-09-09 23:32:34 0 d-----w- C:\Intel
2010-09-09 23:31:01 0 d-----w- c:\archivos de programa\NetWaiting
2010-09-09 23:27:26 174224 ----a-w- c:\windows\system32\DellSystem.xml
2010-09-09 23:26:53 0 ----a-w- c:\windows\invcol.tmp
2010-09-09 22:43:22 0 d-----w- c:\docume~1\alluse~1\datosd~1\UAB
2010-09-09 22:42:56 0 d-----w- c:\docume~1\alluse~1\datosd~1\PC Drivers HeadQuarters
2010-09-09 22:41:15 0 d-----w- c:\archivos de programa\PC Drivers HeadQuarters
2010-09-04 22:56:50 204800 ------w- c:\windows\system32\US-122L_US-144.CPL
2010-09-04 22:56:49 0 d-----w- c:\windows\usb-audio.deTascam

==================== Find3M ====================

2010-09-09 23:36:50 5 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_D630.mrk
2010-08-03 15:03:15 67276 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-14 23:31:03 176938 ----a-w- c:\windows\hphins26.dat
2010-06-25 15:07:00 214053 ----a-w- c:\windows\hpwins23.dat

============= FINISH: 10:09:55,76 ===============
Blade81
2010-09-27, 16:05
Hi,


Please Download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here. Post fresh dds logs too.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?
martinoto
2010-10-02, 05:46
Blade81, thanks a lot.

I would have to attach all files, since they are too long to be copied here. Hope you don't mind, please let me know.

Attach.txt in here, rest in further replies.

Thanks
martin
martinoto
2010-10-02, 05:47
DDS file in here....
martinoto
2010-10-02, 05:50
Report in here...

Thanls again ¡¡

Martin
Blade81
2010-10-02, 11:42
Hi,

Don't see any infection related there but let's take a bit closer look.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). Post back its report.
martinoto
2010-10-02, 20:20
Blade81,

Done. Here is the Kas result, also attached.
Thanks a million ¡¡

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 02, 2010 03:29:38
Records in database: 4274019
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Objects scanned: 121969
Threats found: 5
Infected objects found: 12
Suspicious objects found: 1
Scan duration: 04:36:49


File name / Threat / Threats count
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80000\4FFC2A2D.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80001\4FFC2B50.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80002\4FFC2B63.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\109C0000\5AFF2942.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\109C0001\5AFF294E.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\109C0002\5AFF295C.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\109C0003\5AFF2964.VBN Infected: Virus.Win32.VB.mg 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11400000\5D6801D3.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11400001\5D6803E0.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13EC0000\5BFFE6C8.VBN Infected: Trojan.JS.Iframe.eu 1
C:\Documents and Settings\All Users\Datos de programa\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14A00000\5FF728F4.VBN Suspicious: Exploit.Java.CVE-2010-0886.a 1
C:\Documents and Settings\Martin Di Lorenzo\Mis documentos\Ares_Installer.exe Infected: Worm.Win32.Qvod.ava 1
C:\Documents and Settings\Martin Di Lorenzo\Mis documentos\Ares_Installer.exe Infected: Trojan-Spy.Win32.Delf.iur 1

Selected area has been scanned.
Blade81
2010-10-03, 11:43
Hi,

Delete those Kaspersky findings. I don't think those are causing blue screen. Have you noted down the error message it shows there when blue screen occurs?
Blade81
2010-10-09, 11:49
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.