pgmfi.org

Hacking up Honda's ECU
It is currently Tue Apr 16, 2024 1:36 pm

View unanswered posts | View active topics


Board index » Resources - POST INFORMATION HERE » Off Topic

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 
  Previous topic | Next topic 
Author Message
Ltdannear
PostPosted: Sat Jan 23, 2010 11:54 pm 
Offline

Joined: Tue Jul 27, 2004 3:01 am
Posts: 2945
Location: Tampa bay, Florida
My PC started doing wierd things lately.. Like out of nowhere, it will 'hang' for a minute and the motherboard speaker will chirp this short melody. sometimes it will reboot when this happens.

I have antivirus and always scans OK without incident..

Anybody ever had a similar experience?


You do not have the required permissions to view the files attached to this post.

Top
 Profile  
Reply with quote  
esi42
PostPosted: Mon Jan 25, 2010 5:02 am 
Offline

Joined: Mon Oct 31, 2005 11:53 am
Posts: 369
Location: Wisconsin y0!
Lol, yeah. I had a virus called B.exe.

It would also kill malwarebytes and hijackthis when i tried to run them.

Google a program named combofix. Itll detect the rootkit activity if you are infected and clean it up for ya.
Top
 Profile  
Reply with quote  
Ltdannear
PostPosted: Mon Jan 25, 2010 8:50 am 
Offline

Joined: Tue Jul 27, 2004 3:01 am
Posts: 2945
Location: Tampa bay, Florida
AFAIK, it didn't find anything. See anything I missed?

Another friend thought maybe it's a motherboard warning about hardware failure:
http://www.f-secure.com/v-descs/fur_elis.shtml
but the melody I hear doesn't sound like that piece..

I did Sysinternals Rootkit revealer earlier as well, and no dice.

Code:
ComboFix 10-01-24.04 - Daniel Near 01/25/2010   7:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.1354 [GMT -5:00]
Running from: d:\documents and settings\Daniel Near\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
d:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
d:\windows\system32\BSTIEPrintCtl1.dll

.
(((((((((((((((((((((((((   Files Created from 2009-12-25 to 2010-01-25  )))))))))))))))))))))))))))))))
.

2010-01-24 19:39 . 2010-01-24 19:42   --------   d-----w-   D:\WinAVR-20100110
2010-01-24 15:05 . 2010-01-24 15:05   95259   ----a-w-   d:\windows\system32\drivers\klick.dat
2010-01-24 15:05 . 2010-01-24 15:05   108059   ----a-w-   d:\windows\system32\drivers\klin.dat
2010-01-24 15:01 . 2010-01-25 11:56   --------   d-----w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-24 15:01 . 2010-01-24 15:01   --------   d-----w-   d:\program files\Kaspersky Lab
2010-01-24 12:27 . 2010-01-24 12:27   47944   ------w-   d:\windows\system32\drivers\PROCMON20.SYS
2010-01-24 05:23 . 2010-01-24 06:06   --------   d-----w-   d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 05:23 . 2010-01-24 05:27   --------   d-----w-   d:\program files\Spybot - Search & Destroy
2010-01-24 05:13 . 2010-01-24 05:13   --------   d-----w-   d:\program files\Trend Micro
2010-01-24 04:24 . 2010-01-24 04:20   1048576   ----a-w-   D:\SG31U110.BIN
2010-01-24 04:24 . 2008-07-24 22:14   63837   ----a-w-   D:\AWDFLASH.EXE
2010-01-24 03:07 . 2009-06-30 14:37   28552   ----a-w-   d:\windows\system32\drivers\pavboot.sys
2010-01-23 15:35 . 2010-01-23 15:35   --------   d-----w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-13 02:54 . 2010-01-13 02:54   --------   d-----w-   d:\program files\EAGLE-5.7.0
2010-01-09 02:31 . 2001-08-17 18:48   17664   -c--a-w-   d:\windows\system32\dllcache\sermouse.sys
2010-01-09 02:31 . 2001-08-17 18:48   17664   ----a-w-   d:\windows\system32\drivers\sermouse.sys
2010-01-09 01:08 . 2010-01-09 01:08   --------   d-----w-   d:\documents and settings\All Users\Application Data\Atmel
2010-01-09 01:05 . 2009-05-14 17:54   143360   ----a-w-   d:\windows\system32\wdapi1001.dll
2010-01-09 01:04 . 2009-05-20 17:46   5752320   ----a-w-   d:\windows\system32\BCGCBPRO103090.dll
2010-01-04 12:34 . 2010-01-04 12:35   --------   d-----w-   D:\_Memeo

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 12:00 . 2009-05-24 13:48   --------   d-----w-   d:\program files\Mozilla Firefox 3.5 Beta 4
2010-01-25 12:00 . 2008-11-29 19:42   --------   d-----w-   d:\program files\Mozilla Thunderbird
2010-01-25 11:46 . 2009-04-01 02:25   --------   d-----w-   d:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 20:34 . 2008-12-01 02:46   --------   d-----w-   d:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-24 20:26 . 2008-11-30 17:56   --------   d-----w-   d:\program files\gspot
2010-01-24 20:19 . 2009-10-03 02:14   --------   d-----w-   d:\program files\Pazera
2010-01-24 18:06 . 2009-12-14 00:58   --------   d-----w-   d:\program files\Wireshark
2010-01-24 15:18 . 2010-01-24 15:18   932368   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-24 15:18 . 2010-01-24 15:18   678416   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-24 15:18 . 2010-01-24 15:18   604688   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-24 15:18 . 2010-01-24 15:18   522768   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-24 15:18 . 2010-01-24 15:18   1096208   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-24 15:17 . 2010-01-24 15:17   80400   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-24 15:17 . 2010-01-24 15:17   397328   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-24 15:17 . 2010-01-24 15:17   315408   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-24 15:17 . 2010-01-24 15:17   19472   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-24 15:17 . 2010-01-24 15:17   109072   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-24 15:17 . 2010-01-24 15:17   397328   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-24 15:17 . 2010-01-24 15:17   17936   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-24 15:17 . 2010-01-24 15:17   109072   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-24 15:17 . 2010-01-24 15:17   80400   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-24 15:17 . 2010-01-24 15:17   315408   ----a-w-   d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-24 14:51 . 2009-01-24 02:55   --------   d-----w-   d:\program files\Google
2010-01-24 14:48 . 2009-09-20 14:57   --------   d-----w-   d:\program files\Symantec
2010-01-24 14:27 . 2009-11-11 16:46   --------   d-----w-   d:\program files\UltraVNC
2010-01-24 14:26 . 2009-02-08 04:21   --------   d-----w-   d:\program files\QuickTime
2010-01-24 14:26 . 2008-12-02 01:08   --------   d-----w-   d:\program files\Microsoft Visual Studio 9.0
2010-01-24 14:26 . 2009-08-22 03:03   --------   d-----w-   d:\program files\eclipse
2010-01-24 14:26 . 2008-11-30 03:57   --------   d-----w-   d:\program files\DivX
2010-01-24 14:26 . 2008-12-02 02:07   --------   dc----w-   d:\program files\Common Files\WindowsLiveInstaller
2010-01-24 14:26 . 2009-06-13 17:52   --------   d-----w-   d:\program files\arduino-0016
2010-01-24 14:22 . 2008-11-29 06:47   --------   d-----w-   d:\program files\InstallShield Installation Information
2010-01-24 14:21 . 2008-12-01 01:33   --------   d-----w-   d:\program files\Microchip
2010-01-24 06:03 . 2008-12-16 14:46   --------   d-----w-   d:\program files\Common Files\Actel
2010-01-24 05:43 . 2009-06-07 20:16   --------   d-----w-   d:\program files\EAGLE-5.6.0
2010-01-24 04:24 . 2008-12-02 02:07   --------   d-----w-   d:\program files\Windows Live
2010-01-21 02:02 . 2008-11-30 04:35   --------   d-----w-   d:\program files\Common Files\Adobe
2010-01-20 21:15 . 2008-12-01 01:59   --------   d-----w-   d:\program files\Microsoft Silverlight
2009-12-24 02:24 . 2009-12-24 02:24   26694   ----a-r-   d:\documents and settings\Daniel Near\Application Data\Microsoft\Installer\{93BF2344-DBEB-4B2B-AADE-614C148D2428}\_E50EAB77EEEB75909B93AE.exe
2009-12-24 02:24 . 2009-12-24 02:24   26694   ----a-r-   d:\documents and settings\Daniel Near\Application Data\Microsoft\Installer\{93BF2344-DBEB-4B2B-AADE-614C148D2428}\_A481915362E121C5756BE7.exe
2009-12-21 19:14 . 2004-08-04 12:00   916480   ----a-w-   d:\windows\system32\wininet.dll
2009-12-19 22:21 . 2009-04-19 13:33   --------   d-----w-   d:\program files\Xvid
2009-12-19 01:42 . 2009-02-07 12:57   --------   d-----w-   d:\documents and settings\Kaori Near\Application Data\Apple Computer
2009-12-18 12:23 . 2009-12-18 12:23   --------   d-----w-   d:\documents and settings\Kaori Near\Application Data\Memeo
2009-12-18 02:53 . 2009-12-18 02:53   --------   d-s---w-   d:\documents and settings\All Users\Application Data\Memeo
2009-12-18 02:51 . 2009-12-18 02:51   --------   d-----w-   d:\documents and settings\All Users\Application Data\MemeoCommon
2009-12-18 02:49 . 2009-12-18 02:49   --------   d-----w-   d:\documents and settings\Daniel Near\Application Data\Memeo
2009-12-14 19:15 . 2009-12-14 19:15   2146304   ----a-w-   d:\windows\system32\GPhotos.scr
2009-12-14 02:17 . 2009-12-14 02:16   --------   d-----w-   d:\documents and settings\Daniel Near\Application Data\Wireshark
2009-12-14 00:58 . 2009-12-14 00:58   --------   d-----w-   d:\program files\WinPcap
2009-12-13 22:26 . 2009-12-13 22:23   --------   d-----w-   d:\documents and settings\Daniel Near\Application Data\Smart Panel
2009-12-08 02:43 . 2009-11-26 02:02   --------   d-----w-   d:\program files\WIZnet
2009-12-05 15:14 . 2009-02-04 02:06   --------   d-----w-   d:\program files\EAGLE-5.4.0
2009-11-21 15:51 . 2004-08-04 12:00   471552   ----a-w-   d:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57   922112   ------w-   d:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57   426496   ------w-   d:\windows\system32\imapi2.dll
2009-11-04 00:11 . 2009-11-04 00:11   152576   ----a-w-   d:\documents and settings\Daniel Near\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 13:11 . 2009-10-31 13:11   79144   ----a-w-   d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2003-06-19 15:05 . 2003-06-19 15:05   431888   --s-a-w-   d:\program files\Common Files\riched20.dll
2009-09-25 16:41 . 2009-09-25 16:41   1044480   ----a-w-   d:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41   200704   ----a-w-   d:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-01 16858624]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-03-17 159744]
"CoolSwitch"="d:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="d:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=d:\windows\pss\Event Planner Reminder.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=d:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57   35760   ----a-w-   d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 00:21   141600   ----a-w-   d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 19:08   2289664   ----a-w-   d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54   417792   ----a-w-   d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 08:01   32768   ----a-w-   d:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17   149280   ----a-w-   d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\UltraVNC\\vncviewer.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [1/23/2010 10:07 PM 28552]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [4/16/2009 11:44 PM 54752]
R2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1c9b271396cccd0;Google Update Service (gupdate1c9b271396cccd0);d:\program files\Google\Update\GoogleUpdate.exe [3/31/2009 9:26 PM 133104]
S3 ADM8511;%ADM8511.Service.DispName%;d:\windows\system32\drivers\ADM8511.SYS [8/17/2001 12:11 PM 20160]
S3 fsssvc;Windows Live Family Safety Service;d:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 mmrb;memoribo device;d:\windows\system32\drivers\mmrb.sys [9/20/2005 7:38 PM 25435]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 19:06   451872   ----a-w-   d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-25 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 02:25]

2009-10-31 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 02:26]

2009-10-31 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - d:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - d:\documents and settings\Daniel Near\Application Data\Mozilla\Firefox\Profiles\xfp9q8pp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: d:\documents and settings\Daniel Near\Application Data\Mozilla\Firefox\Profiles\xfp9q8pp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Memeo AutoBackup - d:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
HKCU-Run-Memeo Autosync Launcher - d:\program files\Memeo\AutoBackup\MemeoLauncher.exe
MSConfigStartUp-APVXDWIN - d:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE
MSConfigStartUp-ErrorSweeper - d:\program files\ErrorSweeper\ErrorSweeper.exe
MSConfigStartUp-SCANINICIO - d:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe
MSConfigStartUp-Veoh - d:\program files\Veoh Networks\Veoh\VeohClient.exe
AddRemove-PICC 9.65PL1 - h:\dan's development tools\HI-TECH Software\PICC\PRO\9.65\resources\setup.exe
AddRemove-Wireshark - d:\program files\Wireshark\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 07:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1980)
d:\windows\system32\WININET.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\en-us\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
d:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
d:\program files\Common Files\Ahead\Lib\MFC71U.DLL
d:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\btncopy.dll
d:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
d:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\windows\system32\SearchIndexer.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\windows\system32\SearchProtocolHost.exe
d:\windows\RTHDCPL.EXE
d:\program files\Microsoft ActiveSync\wcescomm.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\progra~1\MICROS~3\rapimgr.exe
d:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-01-25  07:32:20 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-25 12:32

Pre-Run: 23,482,802,176 bytes free
Post-Run: 23,744,450,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 26CB37B6EDD07082B7D9658F9A9B1A48
Top
 Profile  
Reply with quote  
TitanTerrier
PostPosted: Mon Jan 25, 2010 10:40 am 
Offline

Joined: Wed Feb 15, 2006 7:17 pm
Posts: 189
Location: UK
To me it sounds like it's a hard drive noise and could possibly be bad sectors on the drive. I've never heard anything like that coming from a PC speaker, only definate tones, whereas your sound clip sounded like clicking noises.

You could try disabling the automatic restart so the next time it tries to reboot it should stop at the BSOD. It might give you a clue to what is going on.

If you don't know how to do that... Start the PC and keep pressing F8 until you see the advanced options menu. Select the option 'Disable automatic restart on system failure'. If after pressing F8 you see the boot options you need to select your hard drive from the list, press 'Enter' then immediately press F8 again to get the advanced option.

Good luck!
Top
 Profile  
Reply with quote  
Ltdannear
PostPosted: Mon Jan 25, 2010 8:09 pm 
Offline

Joined: Tue Jul 27, 2004 3:01 am
Posts: 2945
Location: Tampa bay, Florida
It's not just 'clicking' though... it's chirping as well.. If it was just clicking, I'd instantly suspect the HDD..
and when it does this oddity, it has a definite rythmic pattern between the clicks and chirps. It really sounds like 'simple' pops, chirps and clicks coming from a speaker inside the case.

Even wierder..
Quote:
Mr. Near,

Thank you for choosing Shuttle Computer Products.

As far as I know, there is no internal speaker built into the motherboard of the SG31G2. Other manufacturers do put internal speakers on their boards, but this is not present on Shuttle

machines. If you hear this melody, it would not be from something that would come stock on the board for this machine.


And I looked around inside.. I can't find a speaker anywhere..

I'll give a try to stopping the auto reboot.. I don't get blue screens, though.. it goes immediately from the last video frame Windows displays to the bios boot screen..
Top
 Profile  
Reply with quote  
TitanTerrier
PostPosted: Tue Jan 26, 2010 5:55 pm 
Offline

Joined: Wed Feb 15, 2006 7:17 pm
Posts: 189
Location: UK
Normally you wouldn't see the blue screen when a PC freaks and reboots itself, well you can but your eyes have to be super quick to see/read it. Disabling the auto reboot should, in most cases, halt it at the point of crash and show the blue screen.
Top
 Profile  
Reply with quote  
Ltdannear
PostPosted: Tue Jan 26, 2010 8:20 pm 
Offline

Joined: Tue Jul 27, 2004 3:01 am
Posts: 2945
Location: Tampa bay, Florida
It now seems more likely that it's my Maxtor HDD making those sounds. I took the cover off & no speakers anywhere to be found. Swapped out the PSU and the problem still returned. With the cover off, it only lasted a few seconds, but the sound definitely coming from around the HDD..

So I googled and found lots of hits where people's Maxtor drives play "music" when they are about to fail or are broken.. Trying to limp all my data off before it implodes..
Top
 Profile  
Reply with quote  
TitanTerrier
PostPosted: Wed Jan 27, 2010 8:01 am 
Offline

Joined: Wed Feb 15, 2006 7:17 pm
Posts: 189
Location: UK
Quote:
Trying to limp all my data off before it implodes..
Very wise choice.

It's for reasons like this that I have automatic backups performed every day, overnight, to an external drive using a great little program called SyncBack. Very convenient for me because my PC is on 24/7.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 

Board index » Resources - POST INFORMATION HERE » Off Topic

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 9 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group