Author Topic: Malware installed? (Read 2383 times)

Dale · « **on:** April 22, 2009, 05:38:11 AM »

I just put this system together from scratch last weekend. It appears that something's running all the time that shouldn't be since the disk drive light is constantly flickering. Also, the GIGABYTE utility, EasyTune6, won\t seem to start up. I double click it, but it doesn't seem to start.

I suspect I've installed something bad when setting it up.

If you could help me clean it up - get rid of malware, remove things that don't need to run at startup, etc., assuming it needs it already, I'd sure appreciate it.

Dale

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:56 AM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SageTV\SageTV\SageTVService.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\PROGRA~1\STREAM~1\Remote\zremote.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Interlink Electronics\RemotePointRF\rpointRF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SageTV\SageTV\SageTV.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StreamZap Remote] C:\PROGRA~1\STREAM~1\Remote\zremote.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: RemotePointRF.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 6382 bytes

Dale · « **Reply #1 on:** April 22, 2009, 05:58:24 PM »

guestolo · « **Reply #2 on:** April 22, 2009, 07:22:54 PM »

Can you open up the Task Manager
Under Processes, what appears to be using the CPU %

Also, I assume you started installation of XP from scratch, correct?
As in Formatted and installed XP

Did you install all latest motherboard drivers?

Dale · « **Reply #3 on:** April 22, 2009, 07:52:18 PM »

[quote name=\'guestolo\' post=\'461735\' date=\'Apr 22 2009, 07:22 PM\']Can you open up the Task Manager
Under Processes, what appears to be using the CPU %

Also, I assume you started installation of XP from scratch, correct?
As in Formatted and installed XP

Did you install all latest motherboard drivers?[/quote]

System Idle Process is using all the CPU. Everything else reads 0 - for the most part. If I can count on the sort order for values that are the same, there's taskmgr.exe, jucheck.exe, alg.exe, X10nets.exe all towards the top of the list.

You are correct. This is a fresh install of XP SP3, albeit with a few Microsoft updates already. I formatted a new drive. I believe I did go to the Internet to update the drivers for the motherboard (after I installed the ones on the CD that came with). For everything else, the video card, optical drive, and tuner cards, I downloaded the latest drivers first and installed them.

I just have a feeling I installed something bad during this process. There are several programs in the startup list I don't recognize. For example, one has the name = The thing I don't understand is why the drive light keeps flickering all the time. The PC this one is replacing did not do that. I used power management to tell the system to stop the drives after 10 minutes of inactivity before getting on this forum, thinking that would do the trick, but it did not.

guestolo · « **Reply #4 on:** April 22, 2009, 08:33:38 PM »

I noticed the following in your log
O4 - HKLM\..\Run: [GEST] =

This I believe is related to the gigabyte software
Could be why it's not working properly

Where did you get EasyTune 6
On CD with your motherboard, or did you download/install it from online?

Quote

The thing I don't understand is why the drive light keeps flickering all the time.

If it flashes for a split second, continually, at a regular interval
Some computers may do that, It could it is monitoring for CD/DVD insertion, I've had that happen on one of my computers
Could never understand it really, but it caused no harm, I was able to disable it, but next clean install it was there again, can't remember quite what I did, it was on a laptop, so it wasn't physical disconnection
I believe it was just disabling AutoPlay on CD/DVD drive cured it

Dale · « **Reply #5 on:** April 23, 2009, 07:07:40 AM »

[quote name=\'guestolo\' post=\'461740\' date=\'Apr 22 2009, 08:33 PM\']I noticed the following in your log
O4 - HKLM\..\Run: [GEST] =

This I believe is related to the gigabyte software
Could be why it's not working properly

Where did you get EasyTune 6
On CD with your motherboard, or did you download/install it from online?

If it flashes for a split second, continually, at a regular interval
Some computers may do that, It could it is monitoring for CD/DVD insertion, I've had that happen on one of my computers
Could never understand it really, but it caused no harm, I was able to disable it, but next clean install it was there again, can't remember quite what I did, it was on a laptop, so it wasn't physical disconnection
I believe it was just disabling AutoPlay on CD/DVD drive cured it[/quote]

EasyTune did come on the CD, but it seemed problematic, so I did get whatever the latest version off of Gigabyte's website to install. It still seems problematic. When I start it, I see the hour glass for a moment and then nothing. Sometimes I'll see it down in the tool tray, and from there I can open it, but sometimes not (i.e., I don't see it in the tool tray all the time). I've yet to figure out how it works/is supposed to work. I wish I could, at least while the system's new, I'd like to see how the CPU is doing temp wise.

You're correct about the drive light. It flashes for a split second, continually, at a regular interval. I'd rather it didn't, but I guess I can live with it as long as it not caused by something that shouldn't be running on my system. I will see if I can figure out how to turn off AutoPlay.

guestolo · « **Reply #6 on:** April 24, 2009, 07:42:49 PM »

You might want to uninstall your copy of Easytunes installed now
Reboot afterwards, post back a fresh Hijackthis log

What is the exact model Motherboard you have in this computer?

Dale · « **Reply #7 on:** April 25, 2009, 07:31:47 AM »

[quote name=\'guestolo\' post=\'461821\' date=\'Apr 24 2009, 07:42 PM\']You might want to uninstall your copy of Easytunes installed now
Reboot afterwards, post back a fresh Hijackthis log

What is the exact model Motherboard you have in this computer?[/quote]

Gigabyte EP45-UD3R

EasyTunes uninstalled and system rebooted.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:11 AM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\STREAM~1\Remote\zremote.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Interlink Electronics\RemotePointRF\rpointRF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SageTV\SageTV\SageTVService.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StreamZap Remote] C:\PROGRA~1\STREAM~1\Remote\zremote.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: RemotePointRF.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 6610 bytes

guestolo · « **Reply #8 on:** April 25, 2009, 09:47:07 AM »

You could try redownloading and reinstalling again
Here's the link to Easytune 6
http://www.gigabyte.com.tw/Support/Motherb...=2921#anchor_os
If this doesn't work, I would uninstall it and get a different utility to monitor your temperatures, etc..

Dale · « **Reply #9 on:** April 25, 2009, 10:07:05 AM »

[quote name=\'guestolo\' post=\'461859\' date=\'Apr 25 2009, 09:47 AM\']You could try redownloading and reinstalling again
Here's the link to Easytune 6
http://www.gigabyte.com.tw/Support/Motherb...=2921#anchor_os
If this doesn't work, I would uninstall it and get a different utility to monitor your temperatures, etc..[/quote]
Will do.

As far as spyware/malware, viruses, etc., things look clean/fine?

guestolo · « **Reply #10 on:** April 25, 2009, 10:17:35 AM »

It looks ok, but I don't see any Anti-Virus software running on the computer
Do you plan on installing One?
Do you have one to install, or do you need a free solution, such as Avast or Avira?

Dale · « **Reply #11 on:** April 25, 2009, 12:28:57 PM »

[quote name=\'guestolo\' post=\'461862\' date=\'Apr 25 2009, 10:17 AM\']It looks ok, but I don't see any Anti-Virus software running on the computer
Do you plan on installing One?
Do you have one to install, or do you need a free solution, such as Avast or Avira?[/quote]
I don't have an Antivirus to install. I guess I would install AVG's 8.5 as I have my other system, but I was kind of leaning against installing it on this system. It's my "TV" computer. It's connected to my TV's PC input, as well as my receiver. I use it to play music and TV shows it records. I do use it for some Internet browsing, but that's not its primary function. I did install a copy of Spyware Blaster just in case. :-) That's more than I had on my last system and it went almost 5 years with no issues. That I know of. I could install AVG too probably with no issues. My last system was much slower than this one but I also don't want the antivirus to interfere with the system's ability to store the data it does when recording multiple shows at once.

I guess I'll live with the flickering hard drive light - that or unplug it I could always tell before when the system was busy, or not, by that light and now I can't. I like being able to plug a disk in and have Windows regcognize it so I'm not sure I want to turn autoplay off.

Thanks for your assistance.

Dale

Dale · « **Reply #12 on:** April 28, 2009, 06:04:11 PM »

My system has been rebooting periodically. I thought it was only happening when I was playing back recorded shows via SageTV.

Now I'm not so sure.

I have the dump (?) and other information that was to be sent to Microsoft after the system restarted. I don't know how to read it however.

I was wondering how I might could isolate was the true cause of these reboots is.

Dale · « **Reply #13 on:** April 28, 2009, 06:05:59 PM »

[quote name=\'Dale\' post=\'461977\' date=\'Apr 28 2009, 06:04 PM\']My system has been rebooting periodically. I thought it was only happening when I was playing back recorded shows via SageTV.

Now I'm not so sure.

I have the dump (?) and other information that was to be sent to Microsoft after the system restarted. I don't know how to read it however.

I was wondering how I might could isolate was the true cause of these reboots is.[/quote]

Attaching information I have.

Dale · « **Reply #14 on:** April 30, 2009, 07:41:18 PM »

[quote name=\'Dale\' post=\'461978\' date=\'Apr 28 2009, 06:05 PM\']Attaching information I have.[/quote]
FYI I changed JREs. I had been running the latest 1.6 JRE and switched to the latest 1.5. So far the system has stayed up for 24 hours. I'll see how it does tonight. I remember having similar rebooting issues with my last system when I ran anything but the 1.4 JRE with SageTV. Sage support suggested I try 1.5, so I am.

The hard drive light still flickers on about once a second when the system is supposedly idling.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

guestolo · « **Reply #15 on:** April 30, 2009, 11:07:02 PM »

I'm sorry, but that dump file, when I download it, is corrupt
Can you upload it by other means and supply a new zip file
As eg.. Use Savefile and post the link here
http://www.savefile.com/upload.php

Dale · « **Reply #16 on:** May 01, 2009, 06:33:35 PM »

[quote name=\'guestolo\' post=\'462025\' date=\'Apr 30 2009, 11:07 PM\']I'm sorry, but that dump file, when I download it, is corrupt
Can you upload it by other means and supply a new zip file
As eg.. Use Savefile and post the link here
http://www.savefile.com/upload.php[/quote]
Try these links. There were just four small files - 3 created when the system died and one\s a snap shot of some info from the Microsoft dialog that appeared when the system restarted.

http://www.savefile.com/files/2089730
http://www.savefile.com/files/2089731
http://www.savefile.com/files/2089732
http://www.savefile.com/files/2089733

I appreciate your time on this. FYI, the system hasn't crashed now for 3 days and 2 nights. Not since I switched JREs. Could just be a coincidence, but hopefully not. For all I know this could be a hardware problem.

Thanks,
Dale

guestolo · « **Reply #17 on:** May 02, 2009, 02:06:46 PM »

I only see one dump file in those uploads?

It seemed to have crashed at stream.sys

Do you have a USB Webcam connected to this computer?

Dale · « **Reply #18 on:** May 02, 2009, 05:11:58 PM »

[quote name=\'guestolo\' post=\'462066\' date=\'May 2 2009, 02:06 PM\']I only see one dump file in those uploads?

It seemed to have crashed at stream.sys

Do you have a USB Webcam connected to this computer?[/quote]
No camera. There are a couple of things connected to USB ports. An RF receiver for a keyboard, and an infrared receiver for a remote control.

I do have other dumps I believe. I did only put one. The other files I uploaded were created at the same time and I wasn't sure which ones were important. I'll post the other dumps I have if I can find them. All were a result of the computer just crashing and I mean boom. One second it's sitting there and the next thing you know the monitor goes black and the system is restarting. Is there anyway to tell what caused this from the dump? That' what I was hoping.

Dale · « **Reply #19 on:** May 02, 2009, 05:25:41 PM »

I did a search for all the DMP files on the system and found several. All pretty much in the time frame I expected.

I'll see if I can find what stream.sys is. I bet its related to SageTV. It's just an educated guess though for now.

Here's the link to the zip file with the dumps: http://www.savefile.com/files/2090532

Thanks again,
Dale

News:

Author Topic: Malware installed? (Read 2383 times)