Unexpected sounds that occur randomly - Part 2

Discussion in 'other security issues & news' started by carlb1120, Feb 6, 2004.

Thread Status:
Not open for further replies.
  1. carlb1120

    carlb1120 Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    6
    I want to thank both BIGC73542 and Snowbound again for the additional help. Snowbound, where do you reside in Canada. Three of my IHRA races are in Canada (the sole use of the Laptop is for drag race programs). I could not find a reply button to the previous thread, so in order to provide the "HiJackThis" log, I started a part 2 (hope this was OK).

    I looked for duplicate copies of Ulead, and it appears that I have successfully removed the program, as I could find no others. I updated both the Desk & Laptop computers with the most current Norton AntiVirus versions and scanned both, and no viruses were found (Neither the Desk nor the Laptop computers have ever checked positive for a virus in the past).

    I re-enabled the msconfig start up manager and ran the "HiJackThis" program on the Laptop, since it is the newest, with the least amount of programs, but has the same unexpected noise issues. (This is the computer that will go to all the races with me, so I am really worried about making sure it is well before the season starts).

    Thanks again for all of your help.

    Carl

    Logfile of HijackThis v1.97.7
    Scan saved at 12:31:54 AM, on 2/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0a\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\Program Files\Norton Personal Firewall\ATRACK.EXE
    C:\Documents and Settings\Carl Bullock\My Documents\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.4199305556
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi carlb1120,

    I can't find anything wrong in your log, but I will list some programs that could be responsible and are not necessary to start at boot.

    I suggest you disable them in msconfig to make it easier to enable them again.
    (Start > Run > msconfig > OK > Startup tab)

    pctspk.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe

    Hoping it helps,

    Pieter
     
  3. carlb1120

    carlb1120 Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    6
    Hi Pieter:

    Thank you for reviewing the "HiJackThis" for my laptop. I will follow your suggestion and disable the mentioned programs in msconfig.

    I thought that I should forward the "HiJackThis" log for my Desk computer too, since they are both producing the same random unexpected noises. Maybe one of the experts will see something that is similar in the too logs.

    I am most appreciative of all the help. The desk computer's log is below.

    Thanks again,

    Carl
    Logfile of HijackThis v1.97.7
    Scan saved at 3:09:50 PM, on 2/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
    C:\WINDOWS\System32\ZipToA.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\Program Files\Norton Personal Firewall\ATRACK.EXE
    C:\Documents and Settings\Carl\My Documents\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.bullockcars.com"); (C:\Documents and Settings\Carl\Application Data\Mozilla\Profiles\default\rsw9324z.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carl\Application Data\Mozilla\Profiles\default\rsw9324z.slt\prefs.js)
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Pure Networks Port Magic] C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKCU\..\Run: [Kontiki] "C:\Program Files\Kontiki\BIN\kontiki.exe" -s Kontiki -q
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: ExpressServices 2000.lnk = C:\Program Files\Day-Timer Organizer SHARP Edition\xserv2k.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\BIN\bh304181.dll/201
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37402.0268171296
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi carlb1120,

    These can go anyway (orphaned entries)
    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

    O4 - HKCU\..\Run: [Kontiki] "C:\Program Files\Kontiki\BIN\kontiki.exe" -s Kontiki -q

    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\BIN\bh304181.dll/201

    Regards,

    Pieter
     
  5. carlb1120

    carlb1120 Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    6
    Many thanks to BIGC73542, Snowbound and Pieter for your very constructive help. I have made all the changes that have been suggested, and both the Laptop and Desk computers are turned on.

    No programs have to be running for the noises to activate themselves. I have gone for periods of 24 hours or more without a sound; however, I usually get one or two piano strings a night and the prehistoric elephant visits about once a week.

    I will post the minute any noises appear, but I will definitely post a big "Thank You" again, if they do not return.

    Thanks a million for all of your help, . . . so far so good,

    Carl
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Yes please do post if you are clear of the problem or if you do come across what is causing the problem. I am curious to know what the prehistoric elephant is. :D :D ;)
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Toronto :)

    See u in Cayuga ;)




    snowbound
     
  8. carlb1120

    carlb1120 Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    6
    I just wanted to report that there have been no strange noises for two days since I made the last suggested changes. I will report back from time to time, but if I make it through this week, I will be one happy person.

    Snowbound, if you like Professional Drag Racing, I will be in your neck of the woods on the dates below. Stop by my motor home and I will show you the laptop you helped rescue. You can see what a ProMod drag car looks like by checking out http://www.ihra.com/profile/promod/carl_bullock.html or www.bullockcars.com (but from your remarks, "See you in Cayuga," I get the impression you already know). Thanks again to everyone that helped.

    Carl Bullock

    5th Annual
    Mopar Canadian Nationals
    Grand Bend Motorplex
    June 11-13, 2004
    Grand Bend, Ontario Canada

    3rd Annual
    ACDelco Canadian Nationals
    Toronto Motorsports Park
    July 30-August 1, 2004
    Toronto, Ontario, Canada
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Nice to see that the noises haven't returned. :)

    I might just take u up on that invite Carl. :D

    Good Luck in your season. :)



    snowbound
     
Loading...
Thread Status:
Not open for further replies.