Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: noise.dat and unknown accounts

25 Jun 2011   #1

Win 7 HP 64 bit
noise.dat and unknown accounts

Hello -
I was looking at the logs of my spy/mal ware program (CounterSpy), and have noticed that every scan has some errors - the ones I am worried about are: c:\windows\system32\noise.dat and c:\windows\syswow64\noise.dat - the error msg is that it is a corrupt object. The other 3 are: c:\users\Home\ntuser.dat (the log states it could not be accessed because it was in use by another process - which is the same message for: c:\users\Home\ntuser.dat.LOG1 and: c:\windows\SYSWOW64.log.txt

I googled noise.dat, and from what I was able to gather, it is a google redirect virus.

One other thing that makes me suspicious that I have a virus (in spite of the fact that my two spy/malware programs say nothing is amiss; and that is when I installed Microsoft Office 2007 home and student version, after I restarted, I clicked the start button, and in the list of programs were: Microsoft Excel, and Microsoft OneNote, and now, Powerpoint - I have not opened or run any Office program except Word. When I looked at the properties of OneNote - I notiiced that their was an unknown user account listed in addition to the admin and user and system - it is: S-(a string of numbers) and in addition to this unknown account, the Everyone group is listed. (Which I actually have not seen on any other program I've installed or that came with my PC by the OEM)
I am using Windows 7 Home Premium SP1 64 bit. My pc is a Lenovo Idea, with a dual core i5 processor, at 3.2Ghz, 6GB of RAM, 1 TB HD. My security programs are: Norton Internet security suite, and Malwarebytes, and GFI CounterSpy.
I have not yet contacted them as all of my scans insist my system is clean - I even used the ESET online scanner (with CounterSpy and Norton disabled during it's scan.)

To hopefully better assist you, I've run a HiJackThis scan and cut and pasted the log below:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:21:18 AM, on 6/25/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\\coIEPlg.dll
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMTray.exe"
O4 - HKLM\..\Run: [SSClearCloudTrayApp] C:\Program Files (x86)\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{775F06F9-5F21-409A-B429-F4842A214EA1}: NameServer =,,
O17 - HKLM\System\CS1\Services\Tcpip\..\{775F06F9-5F21-409A-B429-F4842A214EA1}: NameServer =,,
O17 - HKLM\System\CS2\Services\Tcpip\..\{775F06F9-5F21-409A-B429-F4842A214EA1}: NameServer =,,
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\CounterSpy\SBPIMSvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 10621 bytes

My System SpecsSystem Spec
26 Jun 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64

let's try a simple first step, run this
SFC /SCANNOW Command - System File Checker

you seem to be missing some file data that should be there. Hopefully the secure file check will fix it.
My System SpecsSystem Spec
26 Jun 2011   #3

Win 7 HP 64 bit

I just finished doing that - I went to programs, accessories, command prompt run as an administrator.
At the prompt - I typed sfc /scannow - it took some time to complete, but the end result said that system integrity was fine.
My System SpecsSystem Spec

26 Jun 2011   #4

Microsoft Community Contributor Award Recipient

Windows 7 x64

If it's in use by another application I know an app that may tell you what's grabbing it from windows.
Download Unlocker 1.9.1 -
It's normally meant to free up files so you can delete them. However it also will tell you what is taking control of the file and locking it out.
My System SpecsSystem Spec
26 Jun 2011   #5

Win 7 HP 64 bit

I'm not quite sure I understand you - what type and which files am I missing? And how would this program help me - would I follow the path to the object that was in use and then use unlocker? And how does that pertain to the noise.dat and unknown account issue? (btw - I just went to that site, and looked at the product list - there is no "unlocker" program - seems to be all folder encrypt/protect apps.
My System SpecsSystem Spec
26 Jun 2011   #6

Win 7 HP 64 bit

Actually I found the download and ran it - it's for 32 bit systems only. And they do not appear to have one for 64 bit machines.
My System SpecsSystem Spec

 noise.dat and unknown accounts

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Unknown user showing in user accounts - possibly compromised?
Hi all, Hoping someone might be able to help. Recently, a few strange things have happened with the PC, which first started when I found I couldn't use the Backup & Recovery software in Windows 7. Whenever I clicked on one of the buttons with a shield, nothing would happen at all. I've looked...
System Security
Windows Recovery disk shows operating system: Unknown on (Unknown)
I've been trolling the forums here for a while. Lots of great info but now I actually have an issue where I need some assistance. :D When I was booting one day last week I got a nasty BSOD when Windows was trying to load. Then on the next reboot Windows 7 said it couldn't load and needed to do...
BSOD Help and Support
Strange Unknown Accounts In User list
Hi there, Wonder if you can help me. Noticed something strange today and trying to work out whether anything sinister is going on with my machine. Ran virus scans and such, all came back clear. I basically have a series of "Unknown Accounts" listed in advanced system properties. This...
General Discussion
Two unknown user accounts showing in the security tab
I have two unknown user accounts showing in the security tab. They do not exist under "user accounts" in control panel. I have been unable to delete them and thought they might be part of Comodo firewall or Avast antivirus? I'm not familiar with how to navigate to the security tab other then...
General Discussion
User Accounts / Manage Accounts Blank
Hello I have been chasing up an answer to this problem for a couple of weeks now and have found a number of people with same symptoms but no answer which works. When I go to the User Accouns page the dialog box for the "Choose the Account you would like to change" is blank. I am an...
General Discussion
Unknown Accounts
My system has 3 accounts: mine, my wife's and guest When I right click a program icon, go to properties and then security, I see two Unknown Accounts. Are these a problem? I suspect they are the Guest account. I had turned the Guest Account Off and then On again, that's why there's...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:26.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App