At midnight,exactly when the time shows 00.00 there is a whirring sound and the light on the A drive comes on. It happens every night.
Rather strange so if someone could put my mind at ease by explaining if it is related to any attack or not.
Thanks.

Unless you have some scheduled event that is supposed to occur at that time, it would be a good idea to run a full set of security scans... I would suggest starting with an online virus scan using one of the links in my list below... I suggest Housecall to start with... Then download, update and run both Ad-Aware SE and Spybot... Fix any malware that they find... Next it would be a good idea to post a HijackThis log so we can check to see if there is anything in it...

You can download it here:

http://www.subratam.org/?page=removal

To run HJT, extract it to a permanent folder such as one you create like C:\HJT. Close all open windows and browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log. When the log window appears, Right click to Copy it, open your browser and come here to Paste the entire log. Do not make any changes until it is checked since most items are either benign or essential to the computer.

Hi,
budfred,
Thanks for the help. here is the hjkt.
Logfile of HijackThis v1.99.0
Scan saved at 14:55:18, on 16/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Eraser\eraser.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Documents and Settings\g48154\My Documents\New Folder (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thanks once again for any help.
robert006.

Your log seems to be clean... Did you run the other scans I suggested and did they find anything??

Hi budfred,
scanned with house call. result was clean.
Thanks.

Long shot:

1. check your firewall log for an invader at midnight, I wonder if tht coould be your firwall or your disc detector responding to something that scans you at a regular time.

2. Shut it down at 11:58 pm and bring it back at 12:01 am and see if it kicks in. If not then perhaps it is a real time scheduler that is running Disk Clean Up. My Compaq used to do that at various times of the day/night and it kind of bothered me, and then when I disabled the scheduler it stopped and I kinda missed it. But that's what it was, and I am sure because I happened to be watching TV while at the PC table (PC at desk top) and it started doing that--clicking away, drive light flashing, and then the Disk Clean-up box flashed across the screen for about two seconds.

3. Do you have Real Player, Quick Time, or WMP, Music Match, or any other program where you are checked off to allow it to survey your useage? If so, then that might be the collecting point for whatever program is surveying you on a per 24hrs basis, and that would not turn up on an AV or spyware scan--unfortunately.

Disable your scheduler (if it isn't) in msconfig and see if this event continues; check the above mentioned types of programs for permission to survey you, and check to see if you have Scan Disk and Disk Clean-up on a schedule--I'm not sure where that is in Xp, I'm ME (and PROUD of it !! :eek: )

:cool:

M'self, I'd go for these in reverse order for likelihood.

Also, did you run Ad-Aware SE and Spybot??

and if you are running them are they updated as of today? They update these days about once a week, sometimes every three days or so. . .

'ounce of prevention. . . . '

:cool: