Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Where does the phantom music come from

07 Mar 2014   #31
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

I have run the scanners suggested by Layback and used them to remove malware, except for nircmd.exe and install.rdf. Results are attached. No reply from VoiceTeach yet, but I think it was probably a false positive for nircmd.exe.

Viv

Scan_2014-3-7-12-30.txt
AdwCleaner[S2].txt
AdwCleaner[S1].txt
AdwCleaner[R11].txt
AdwCleaner[R10].txt
AdwCleaner[R9].txt




My System SpecsSystem Spec
.
07 Mar 2014   #32
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

Sorry, I forgot the Malwarebytes log. Thanks to all who have offered suggestions.

Viv

mbam-log-2014-03-07 (08-44-10).txt


My System SpecsSystem Spec
08 Mar 2014   #33
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks for posting the logs Viv,

Mbam and AdwCleaner look clean. Two more just to make sure:

Restart your machine in case there are any system operations pending
Click here to download Old Timer-TFC.
>> save the application to your Desktop.
Old Timer-TFC is a standalone application, there is no install.

Save your work and close all open windows.
TFC will close ALL open programs including your browser!

Old Timer-TFC resets Folder Options -> View -> Hidden files and folders to Don't show hidden...

Right click TFC and select, Run as administrator from the alternate menu.

Click the Start button to begin the cleaning up temporary files and folders.
Do not work on other things while TFC is running - most applications use some sort of temporary files. Just let TFC run by itself on the machine until it completes.

If TFC prompts you to restart, do so immediately.
If TFC does NOT prompt you, then restart your machine immediately after TFC has completed.



Run herdProtect one more time (see post# 15 - you don't have to download it again, just scan)

Please post the log and if it's clean, I think you're done.
Leave the thread open for a few days and when you feel that the issue is resolved, please mark the thread as solved.

Thanks,

Bill
.
My System SpecsSystem Spec
.

09 Mar 2014   #34
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

I have done as you suggest and attach the herdProtect results.

Thanks again,

Viv

Scan_2014-3-8-22-50.txt


My System SpecsSystem Spec
09 Mar 2014   #35
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks,

There are a few entries that concern me

easyfundraising toolbar - conduit reference.
Uninstall it in CPL - > Pgm & Feats
and uninstall any tool bars - I thought this was already done - perhaps it was and the malware re-established itself.

c:\program files (x86)\asus\axsp\1.00.19\pebiosinterface32.dll
Anything asus on your machine?

c:\users\viv\appdata\local\temp\install_hosts_anti-adware.exe
Old Timer-TFC should have cleaned up every temp location.

Download the Farbar Recovery Scan Tool (FRST) Click here
  1. Select the version that applies to your system: 32-bit OR 64-bit
    .
  2. Click the Save button
    Default save location is your Downloads folder
    If the SmartFilter bar is presented, click the Actions button and click Don't Run (saves FRST but does not run it)
    .
  3. Double-click FRST or FRST64 to launch the utility
    FRST is the 32-bit version / FRST64 is the 64-bit version
    1. Click the Yes button to confirm UAC
      .
    2. Click the Yes button on the Warranty disclaimer window.
      .
    3. Tick [a] all Whitelist checkboxes
      .
    4. Tick [a] Addition.txt in the Optional scan list
      .
  4. Click the Scan button to begin scanning.
    .
  5. FRST creates two logs when the scan has finished, they are located in the same folder where FRST was launchedExit out of Farbar

I don't know this tool well enough to advise you past a scan.
Do NOT experiment with FRST - the wrong line in the wrong place can rick your system.
A simple scan is safe.

I'll ask a member of the Security team to look at the output and they can determine what, if any, tool is needed next.

Thanks
My System SpecsSystem Spec
10 Mar 2014   #36
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Slartybart View Post
easyfundraising toolbar - conduit reference.
Uninstall it in CPL - > Pgm & Feats
and uninstall any tool bars - I thought this was already done - perhaps it was and the malware re-established itself.
I have now done this as I have realised that I do not use it.

Quote:
c:\program files (x86)\asus\axsp\1.00.19\pebiosinterface32.dll
Anything asus on your machine?
My MoBo.

Quote:
c:\users\viv\appdata\local\temp\install_hosts_anti-adware.exe

Old Timer-TFC should have cleaned up every temp location.
I have run Old Timer again but there are still 32Gb of files in c:\users\viv\appdata\local\temp\, including about 35 .tmp files, although the install_hosts_anti-adware.exe file is no longer there.


Quote:
Download the Farbar Recovery Scan Tool (FRST)
I have done this, (just before running Old Timer for the second time), and the results are attached.

Viv

Addition.txt

FRST.txt


My System SpecsSystem Spec
11 Mar 2014   #37
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Ok, thank you. I've done a cursory look at FRST and there's not much that I saw, but I'll ask for a second opinion from the Sec team.

I want to make sure your system is clean, the FRSt says your home page is easyfundraising.uk.org and I thought that should have been corrected by the reset. That and the 2nd run of herdProtect showing some remnants.

ASUS: Oops... of course it's your Mobo

The music is still gone - right?

Thanks for all of your excellent feedback.


I've collected all of your logs/screenshots and placed them here in chorological order
  1. Post# 16: herdProctect screenshots
  2. Post# 18: AdwCleaner[R7].txt
  3. Post# 20: AdwCleaner[R8].txt
  4. Post# 31:
    1. herdProtect log
    2. AdwCleaner [S1].txt
    3. AdwCleaner [S2].txt
    4. AdwCleaner[R9].txt
    5. AdwCleaner[R10].txt
    6. AdwCleaner[R11].txt
  5. Post# 32: Mbam log
  6. Post# 34: herdProtect log
    >> also ran Old timer-TFC at this point - no log
  7. Fabar logs from post# 36
    1. FRST.txt
    2. Addition.txt
Hopefully this will save some time looking through the thread.


Bill
.
My System SpecsSystem Spec
11 Mar 2014   #38
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
I have run Old Timer again but there are still 32Gb of files in c:\users\viv\appdata\local\temp\, including about 35 .tmp files, although the install_hosts_anti-adware.exe file is no longer there.
It looks like these temp files are in "Quarantine".


Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3


Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:
ComboFix: A guide and tutorial on using ComboFix
My System SpecsSystem Spec
13 Mar 2014   #39
k0065126

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Bill,

I set the home pages of IE to the ones I want, as I use them regularly. There has been one occasion when I have heard the phantom noise, but I do not have my headphones on all of the time. It still seems likely that it is a web page which is doing this, although I have not been able to narrow it down yet.

Jacee,

The size of the c:\users\viv\appdata\local\temp\ file is now much reduced, 306Mb, most of which are tmp files from today.

I ran combofix according to your instructions, rebooted even though I was not asked, and have attached the file you want to see.

Viv

ComboFix.txt


My System SpecsSystem Spec
14 Mar 2014   #40
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks for letting me know about the home page, Viv.

You'll have to see what Jacee has to say about the ComboFix output, that's her forte'

Bill
.
My System SpecsSystem Spec
Reply

 Where does the phantom music come from




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Delete Music File Via The Music Player
I will be previewing hundreds of songs. I will be deleting at least 80% of these. I welcome ideas on the most expedient procedure for this task. Naturally, I seek to avoid exiting the player, going to the folder, deleting the file, reinvoking the player, loading the next song, etc. ... -thx
Music, Pictures & Video
HELP! music is playing in the background but no music program is open!
ok so im hearing comming from my speakers, some music, but mostly commercials. i was browsing the web and all the sudden i hear "buy a mcdonalds big mac today!" i dont get it i went to task manager and nothing looks weird. here's ahttp://img404.imageshack.us/i/audiosnap.jpg screen shot of active...
Sound & Audio
Music folder displaying a my music option and a number in brackets
Hey guys, on my laptop i currently have this issue where my music seems to come up when your in the folder. its in blue writing and has a number in brackets which im presuming is how many files ive got in there or something like that. My computer does not have this and i also wish to remove this...
General Discussion
Odd distortion while playing music in any music player on Win 7 PC
I am not sure if the title accurately tells what my issue is. I hope I can explain it. When listening to music on my PC, it does not matter if I use Winamp, Songbird, Quicktime, Windows Media Player, or any other software. Every so often, there appears some sort of distortion, like the drive...
BSOD Help and Support
download music from exterior hard drive to Music and Videos partition
The other day I posted my problem with getting a new computer which had win7 installed. When downloading all my backups which had been on an exterior drive, they ended up in strange places. Suddenly, I had libraries and the library had folders but all the folder were named differently. No more...
General Discussion
Phantom
Hi I'm a newbie here, and have had a look around to try and find similar posts or problems, but none of the solutions posted seem to work...... First thing to say is that I haven't added any new hardware, or software, and have not changed any settings, so onto the problem..... from what I can...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App