Results 1 to 8 of 8
  1. #1
    Member jacob's Avatar
    Join Date
    Dec 2004

    Default Sound Crackles & Pops (Pandascan & HJT Log)

    Recently I have started having problems with my sound - have been getting crackles/distortions. I'm worried it might be a hardware problem - the CPU level isn't spiking, but last time my computer messed up the RAM had to be replaced, so maybe its something to do with that again... But first I want to rule out the possibility that it's virus/spyware messing up my computer.

    Anyway, I followed these instructions:

    Housecall was clean, Spybot clean, Adaware removed some cookies, Windows Defender was clean.

    Here is Pandascan Log:

    Incident Status Location

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@atdmt[2].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adtech[2].txt
    Spyware:Cookie/ Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@com[1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@ads.pointroll[1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@888[2].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@cassava[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@serving-sys[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@bs.serving-sys[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@tribalfusion[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@questionmarket[1].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@azjmp[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@serving-sys[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@bs.serving-sys[3].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[]
    Spyware:Cookie/ Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/bravenetA Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/Xiti Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.003\FILE0005.CHK[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[]

    And here is HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:42:37, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\xampp\apache\bin\apache.exe
    C:\Program Files\xampp\apache\bin\apache.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\UltraRecall\UltraRecall.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Workrave\lib\Workrave.exe
    C:\Program Files\\LastFMHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\setup_wm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Contour.Config32] C:\WINDOWS\Contour\Config32.exe Perfit Optical Mouse (USB)
    O4 - HKLM\..\Run: [Contour.PageIcon] C:\WINDOWS\Contour\PageIcon.exe Software\LCS\{90C3F540-5485-11D1-AC67-00000500480A}
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
    O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [Ultra Recall] C:\Program Files\UltraRecall\UltraRecall.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Workrave.lnk = C:\Program Files\Workrave\lib\Workrave.exe
    O4 - Startup: Helper.lnk = C:\Program Files\\LastFMHelper.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

    End of file - 9260 bytes[/b]

    Any help much appreciated!


  2. #2
    Join Date
    Jan 2003


    Hi jacob:

    WOW, are you using a $100.00 mouse ?

    You some have seldom seen entires and not in data bases that we use.

    Are fireface.exe and firefacemix.exe a firewire card/driver ?

    UltraRecall.exe appears to monitor your internet activity, but not sure.
    Do you know what is ?

    Do you know what these entries are:

    O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE
    O4 - Startup: Helper.lnk = C:\Program Files\\LastFMHelper.exe


  3. #3
    Member jacob's Avatar
    Join Date
    Dec 2004

    Default Unusual Entries

    Hi Basementgeek,

    Thanks for the response.

    Yeah I had a bout of RSI symptoms at one point, which as a guitarist is really important for me to avoid, so I looked into ergonomics, etc, hence the ergonomic mouse and use of Workrave.

    Yes fireface.exe and fireface.mix are for my firewire audio interface. Just so you know I've tried disabling them through Control Panel->Sounds & Audio Devices, and using the crappy onboard laptop soundcard instead, but still get the same sound problems (though to a slightly lesser extent).

    Ultra Recall is a Personal Information Management program ( I doubt it would be doing anything untoward...? Helper is from, it tracks the MP3s that I listen to through iTunes and sends them to the site so I can keep track of my stats (here's my user page:!). Have been using it for years.

    I don't know what this is:

    O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE

    Google search on it comes up with very little. Some suggest it could be something to do with the laptop? I found this:

    Any advice much appreciated!

    Thanks again,

  4. #4
    Member jacob's Avatar
    Join Date
    Dec 2004


    I forgot to add:

    I got given a recovery CD with the laptop that re-installs Windows and restores everything back to ideal settings for my laptop (I get a clean slate with my C: drive, and it keeps all the files on my D: drive). I believe it runs a copy of Symantec Ghost.

    However, I tried to run it this time to see if would fix the sound problems and it comes up with 2 errors: "Cannot find I:/ghost00001.gho" and then "Invalid Dump File". (Not the exact wording but something like that - I can find out the exact wording if it helps). This happens when I try to restore from the recovery files stored on drive D:, AND ALSO when I try to restore from external backup CDs given to me by the company that I bought the laptop from.

    This has never happened to me before and seems very strange. Could it be something to do with it looking in Drive I: instead of the CD drive which is Drive E:?

    Any ideas?


  5. #5
    Join Date
    Jan 2003


    Lets try to find out what the file is, 4mtcsb.EXE

    Please go to VirusTotal here

    In the middle of the page you'll find a Browse button.

    Copy and paste the following:


    Click the Send File button

    Copy the report it create and paste that report in your next reply.

    Have tried a set of headphones or different speakers?


  6. #6
    Member jacob's Avatar
    Join Date
    Dec 2004


    Yeah I tried headphones - it's definitely not the speakers. Actually, it would probably be better to desribe it as stuttering than cracks/pops, kinda like the computer is trying to catch up with itself.

    File 4mtcsb.exe received on 01.18.2008 01:29:46 (CET)
    Antivirus Version Last Update Result
    AhnLab-V3 2008.1.18.10 2008.01.17 -
    AntiVir 2008.01.17 -
    Authentium 4.93.8 2008.01.17 -
    Avast 4.7.1098.0 2008.01.17 -
    AVG 2008.01.17 -
    BitDefender 7.2 2008.01.18 -
    CAT-QuickHeal 9.00 2008.01.17 -
    ClamAV 0.91.2 2008.01.17 -
    DrWeb 2008.01.17 -
    eSafe 2008.01.16 -
    eTrust-Vet 31.3.5467 2008.01.17 -
    Ewido 4.0 2008.01.17 -
    FileAdvisor 1 2008.01.18 -
    Fortinet 2008.01.17 -
    F-Prot 2008.01.17 -
    F-Secure 6.70.13260.0 2008.01.17 -
    Ikarus T3.1.1.20 2008.01.17 -
    Kaspersky 2008.01.18 -
    McAfee 5210 2008.01.17 -
    Microsoft 1.3109 2008.01.18 -
    NOD32v2 2803 2008.01.18 -
    Norman 5.80.02 2008.01.17 -
    Panda 2008.01.17 -
    Prevx1 V2 2008.01.18 -
    Rising 2008.01.17 -
    Sophos 4.24.0 2008.01.18 -
    Sunbelt 2.2.907.0 2008.01.17 -
    Symantec 10 2008.01.17 -
    TheHacker 2008.01.17 -
    VBA32 2008.01.15 -
    VirusBuster 4.3.26:9 2008.01.17 -
    Webwasher-Gateway 6.6.2 2008.01.17 -
    Additional information
    File size: 28672 bytes
    MD5: 95f79300633bdf564c4fd2034448e465
    SHA1: 6a1e7d1f25963aba8ecd94e6711ca4b8551a1b3d
    PEiD: Armadillo v1.71

  7. #7
    Join Date
    Jan 2003


    I would say your problem is not related to malware, never thought it was.

    Suggest that you start a new topic in our Computer help forum, on your problem with the sound.


  8. #8
    Member jacob's Avatar
    Join Date
    Dec 2004


    Thanks for your help Basement Geek - just wanted to rule it out as an option.

    I'm gonna try a different firewire card and cable, as my audio interface is firewire-based. Will let you know if that works and if it doesn't I may try asking in the Computer forum.


    Topic is now closed - BG 28Jan08