Sound Crackles & Pops (Pandascan & HJT Log)

**jacob** · 01-16-2008 04:06 PM

Recently I have started having problems with my sound - have been getting crackles/distortions. I'm worried it might be a hardware problem - the CPU level isn't spiking, but last time my computer messed up the RAM had to be replaced, so maybe its something to do with that again... But first I want to rule out the possibility that it's virus/spyware messing up my computer.

Anyway, I followed these instructions: http://www.help2go.com/Tutorials/Pro...Hijackers.html

Housecall was clean, Spybot clean, Adaware removed some cookies, Windows Defender was clean.

Here is Pandascan Log:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@atdmt[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adtech[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@com[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@ads.pointroll[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@888[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@cassava[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@bs.serving-sys[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@tribalfusion[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@questionmarket[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@azjmp[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@bs.serving-sys[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[server.iad.liveperson.net/hc/44546139]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jxl05c9g.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\FOUND.003\FILE0005.CHK[.com.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[server.iad.liveperson.net/hc/44546139]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[server.iad.liveperson.net/]
Spyware:Cookie/bravenetA Not disinfected C:\FOUND.003\FILE0005.CHK[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.003\FILE0005.CHK[.xiti.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.003\FILE0005.CHK[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.003\FILE0005.CHK[server.iad.liveperson.net/hc/67809844]

And here is HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:37, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\4mtcsb.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Contour\Config32.exe
C:\WINDOWS\Contour\PageIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\UltraRecall\UltraRecall.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Workrave\lib\Workrave.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Contour.Config32] C:\WINDOWS\Contour\Config32.exe Perfit Optical Mouse (USB)
O4 - HKLM\..\Run: [Contour.PageIcon] C:\WINDOWS\Contour\PageIcon.exe Software\LCS\{90C3F540-5485-11D1-AC67-00000500480A}
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Ultra Recall] C:\Program Files\UltraRecall\UltraRecall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Workrave.lnk = C:\Program Files\Workrave\lib\Workrave.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189528600445
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190286463752
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

--
End of file - 9260 bytes[/b]

Any help much appreciated!

Thanks,
Jacob

**Basementgeek** · 01-16-2008 07:29 PM

Hi jacob:

WOW, are you using a $100.00 mouse ?

You some have seldom seen entires and not in data bases that we use.

Are fireface.exe and firefacemix.exe a firewire card/driver ?

UltraRecall.exe appears to monitor your internet activity, but not sure.
Do you know what is ?

Do you know what these entries are:

O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

BG

**jacob** · 01-17-2008 04:46 AM

Hi Basementgeek,

Thanks for the response.

Yeah I had a bout of RSI symptoms at one point, which as a guitarist is really important for me to avoid, so I looked into ergonomics, etc, hence the ergonomic mouse and use of Workrave.

Yes fireface.exe and fireface.mix are for my firewire audio interface. Just so you know I've tried disabling them through Control Panel->Sounds & Audio Devices, and using the crappy onboard laptop soundcard instead, but still get the same sound problems (though to a slightly lesser extent).

Ultra Recall is a Personal Information Management program (http://www.ultrarecall.com/). I doubt it would be doing anything untoward...?

Last.fm Helper is from http://www.last.fm/, it tracks the MP3s that I listen to through iTunes and sends them to the site so I can keep track of my stats (here's my user page: http://www.last.fm/user/jacoustic!). Have been using it for years.

I don't know what this is:

O4 - HKLM\..\Run: [4mtcsb] C:\WINDOWS\System32\4mtcsb.EXE

Google search on it comes up with very little. Some suggest it could be something to do with the laptop? I found this: http://www.file.net/process/4mtcsb.exe.html

Any advice much appreciated!

Thanks again,
Jacob

**jacob** · 01-17-2008 05:30 AM

I forgot to add:

I got given a recovery CD with the laptop that re-installs Windows and restores everything back to ideal settings for my laptop (I get a clean slate with my C: drive, and it keeps all the files on my D: drive). I believe it runs a copy of Symantec Ghost.

However, I tried to run it this time to see if would fix the sound problems and it comes up with 2 errors: "Cannot find I:/ghost00001.gho" and then "Invalid Dump File". (Not the exact wording but something like that - I can find out the exact wording if it helps). This happens when I try to restore from the recovery files stored on drive D:, AND ALSO when I try to restore from external backup CDs given to me by the company that I bought the laptop from.

This has never happened to me before and seems very strange. Could it be something to do with it looking in Drive I: instead of the CD drive which is Drive E:?

Any ideas?

Jacob

**Basementgeek** · 01-17-2008 10:34 AM

Lets try to find out what the file is, 4mtcsb.EXE

Please go to VirusTotal here ……

http://www.virustotal.com/en/indexf.html

In the middle of the page you'll find a Browse button.

Copy and paste the following:

C:\WINDOWS\System32\4mtcsb.EXE

Click the Send File button

Copy the report it create and paste that report in your next reply.

Have tried a set of headphones or different speakers?

BG

**jacob** · 01-17-2008 06:42 PM

Yeah I tried headphones - it's definitely not the speakers. Actually, it would probably be better to desribe it as stuttering than cracks/pops, kinda like the computer is trying to catch up with itself.

File 4mtcsb.exe received on 01.18.2008 01:29:46 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.10 2008.01.17 -
AntiVir 7.6.0.48 2008.01.17 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.17 -
AVG 7.5.0.516 2008.01.17 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.17 -
ClamAV 0.91.2 2008.01.17 -
DrWeb 4.44.0.09170 2008.01.17 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5467 2008.01.17 -
Ewido 4.0 2008.01.17 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.17 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.17 -
Ikarus T3.1.1.20 2008.01.17 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5210 2008.01.17 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2803 2008.01.18 -
Norman 5.80.02 2008.01.17 -
Panda 9.0.0.4 2008.01.17 -
Prevx1 V2 2008.01.18 -
Rising 20.27.31.00 2008.01.17 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.17 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.17 -
Webwasher-Gateway 6.6.2 2008.01.17 -
Additional information
File size: 28672 bytes
MD5: 95f79300633bdf564c4fd2034448e465
SHA1: 6a1e7d1f25963aba8ecd94e6711ca4b8551a1b3d
PEiD: Armadillo v1.71

**Basementgeek** · 01-18-2008 10:21 PM

I would say your problem is not related to malware, never thought it was.

Suggest that you start a new topic in our Computer help forum, on your problem with the sound.

BG

**jacob** · 01-21-2008 04:29 PM

Thanks for your help Basement Geek - just wanted to rule it out as an option.

I'm gonna try a different firewire card and cable, as my audio interface is firewire-based. Will let you know if that works and if it doesn't I may try asking in the Computer forum.

Thanks,
Jacob

Topic is now closed - BG 28Jan08

Thread: Sound Crackles & Pops (Pandascan & HJT Log)

LinkBack

Thread Tools

Sound Crackles & Pops (Pandascan & HJT Log)

Unusual Entries