Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Speech Synthesizer says: stop stealing releases


  • Please log in to reply
14 replies to this topic

#1 Chipopo

Chipopo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 04 October 2013 - 07:22 PM

Hi,

Here's a bit strange expirience - I was browsing a folder with windchimes sound samples downloaded via BitTorent, suddenly a synthesized voice said loudly: stop stealing releases, you fnɔʞıuƃ cnuʇ. I'm not sure where the voice came from, maybe from the PC speech synthesizer, maybe from somewhere else (Bittorent was still on), but that was a pretty weird experience. Can somebody explain what it was?

Thanks.


Edited by Chipopo, 04 October 2013 - 07:26 PM.


BC AdBot (Login to Remove)

 


#2 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 08 October 2013 - 02:06 PM

Was  it a rootkit? A virus? Other? How did they know that I downloaded something and how did they manage to send me a voice message?



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 08 October 2013 - 06:50 PM

Hello Chipopo -

Please start with Delete Bittorrent so you have no contact with them.

Next, please list any particular steps you have taken -

 

Now - Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe - Right click and select Run as Administrator for Vista and above
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following checkboxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (Only Problems)
* List Users, Partitions and Memory size.
* List Minidump Files
* List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click GO and post the result (Result.txt) back here.

 

Thank You -



#4 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 09 October 2013 - 07:54 AM

Thank you for your quick reply.

Not sure what you mean by "list any particular steps you have taken" but anyway that's how it was from the very begining:

1. I opened the downloaded folder that contained nothing but wav files and started clicking them one by one to listen in Winamp.

2. The synth voice passed me the message.

3. Right after that I restored my computer 20 days back, downloaded AVG and ran a full scan. The scan allegedly found 40 instances of IRP hook. It was the same file - Fastfat.SYS in Drivers/System32.

4.After seeing your advice I uninstalled BitTorent with settings removal and ran the tools.

Below are the scan results.

Thank you for your time.

 

 Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
4
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by 1 (administrator) on 09-10-2013 at 14:12:27
Running from "C:\Documents and Settings\1\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : 1        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : FBR-1461Ethernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : FBR-1461        Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller        Physical Address. . . . . . . . . : E0-CB-4E-C4-32-98        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.0.2        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.0.1        DHCP Server . . . . . . . . . . . : 192.168.0.1        DNS Servers . . . . . . . . . . . : 192.168.0.1        Lease Obtained. . . . . . . . . . : Wednesday, October 09, 2013 9:20:30 AM        Lease Expires . . . . . . . . . . : Wednesday, October 09, 2013 9:20:30 PMServer:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  184.90.196.98, 184.90.196.89, 184.90.196.101, 184.90.196.87
      184.90.196.94, 184.90.196.116, 184.90.196.100, 184.90.196.79, 184.90.196.105
      184.90.196.83, 184.90.196.112, 184.90.196.120, 184.90.196.122, 184.90.196.109
      184.90.186.111, 184.90.196.90

Pinging google.com [184.90.196.91] with 32 bytes of data:Reply from 184.90.196.91: bytes=32 time=46ms TTL=53Reply from 184.90.196.91: bytes=32 time=49ms TTL=53Ping statistics for 184.90.196.91:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 46ms, Maximum = 49ms, Average = 47msServer:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=308ms TTL=41Reply from 98.139.183.24: bytes=32 time=243ms TTL=42Ping statistics for 98.139.183.24:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 243ms, Maximum = 308ms, Average = 275msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...e0 cb 4e c4 32 98 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0      192.168.0.2     192.168.0.2      20
      192.168.0.2  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.0.255  255.255.255.255      192.168.0.2     192.168.0.2      20
        224.0.0.0        240.0.0.0      192.168.0.2     192.168.0.2      20
  255.255.255.255  255.255.255.255      192.168.0.2     192.168.0.2      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2013 01:44:09 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmssswizard.exe4.3.215.00x8004ff0adownloadingcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL

Error: (10/03/2013 08:41:37 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module kontakt 5.dll, version 5.0.3.5812, fault address 0x0038c2cb.
Processing media-specific event for [fl.exe!ws!]

Error: (10/03/2013 04:48:14 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ddraw.dll, version 5.3.2600.5512, fault address 0x0001b09a.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/01/2013 04:10:02 AM) (Source: Application Error) (User: )
Description: Faulting application adobe premiere pro.exe, version 3.0.0.0, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00008aa0.
Processing media-specific event for [adobe premiere pro.exe!ws!]

Error: (09/29/2013 05:04:10 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x02b20291.
Processing media-specific event for [fl.exe!ws!]

Error: (09/22/2013 07:50:43 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module kontakt 5.dll, version 5.0.3.5812, fault address 0x0038ca9d.
Processing media-specific event for [fl.exe!ws!]

Error: (09/11/2013 10:29:26 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module doubler.dll, version 5.0.4.0, fault address 0x00025202.
Processing media-specific event for [fl.exe!ws!]

Error: (09/11/2013 02:19:30 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module waves5.0.dll, version 5.0.0.0, fault address 0x00015aa0.
Processing media-specific event for [fl.exe!ws!]

Error: (09/07/2013 03:52:31 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module omnisphere.dll, version 1.0.1.0, fault address 0x000e9f39.
Processing media-specific event for [fl.exe!ws!]

Error: (09/07/2013 03:52:31 PM) (Source: Application Error) (User: )
Description: Faulting application fl.exe, version 0.0.0.0, faulting module omnisphere.dll, version 1.0.1.0, fault address 0x000e9f39.
Processing media-specific event for [fl.exe!ws!]


System errors:
=============
Error: (10/09/2013 09:35:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/08/2013 11:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/08/2013 06:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/08/2013 10:35:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/07/2013 11:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/07/2013 05:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/07/2013 11:35:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2013 11:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2013 06:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2013 01:35:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}


Microsoft Office Sessions:
=========================
Error: (08/19/2013 10:38:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135202 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/11/2013 00:08:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 167295 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (12/14/2012 10:59:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 123346 seconds with 540 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

???? ??? ?? Microsoft .NET Framework 3.5
7-Zip 9.20
Acapela Telecom (Version: 5.1.0.0)
Acapela Telecom HQ TTS 5.1.0.0 (Version: 5.1.0.0)
ACDSee 6.0 Standard (Version: 6.0.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Audition 1.5 (Version: 1.5)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS (Version: CS)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Setup (Version: 1.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.3)
ARIA Engine v1.5.0.4 (Version: v1.5.0.4)
ASIO4ALL (Version: 2.10)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.40)
AVG 2014 (Version: 14.0.3599)
AVG 2014 (Version: 14.0.4117)
AVG 2014 (Version: 2014.0.4117)
AVI & MPEG Splitter 1.48
AVI/MPEG/RM/WMV Joiner 4.11
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
CDBurnerXP (Version: 4.3.0.2015)
CDXtract 4.5
dBpowerAMP AAC Codec
dBPowerAMP AIFF codec r3
dBpowerAMP FLAC Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Shorten Codec
dBpowerAMP Wavpack Codec
dBpowerAMP WMA V9.1 Codec
dMC Power Pack
FL Studio 10
Garritan ARIA Player vAppVersion=v1.504 (Version: v1.5.0.4)
Garritan World Sample Pack1.000 (Version: v1.0.0.0)
Google Chrome (Version: 30.0.1599.69)
Google Update Helper (Version: 1.3.21.153)
IL Download Manager
Infovox Desktop 2.2 (Version: 2.20.0003)
Intel® Graphics Media Accelerator Driver
IsoBuster 2.8.5 (Version: 2.8.5)
iZotope Vinyl (Version: 1.61)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Codec Pack 5.8.3 (Full) (Version: 5.8.3)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - HEB (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - HEB (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft .NET Framework 3.5 Language Pack - heb (Version: 3.5.21022)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MidiEditor
Mono for Windows 2.10.9 (Version: 2.10.9)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Nikon Message Center 2 (Version: 2.0.1)
PDFCreator (Version: 1.6.2)
Picture Control Utility (Version: 1.2.2)
QuickTime (Version: 7.73.80.64)
reFX Nexus VSTi RTAS v2.2.0
Rhapsody Player Engine (Version: 1.1.0)
SAPI51 (Version: 1.00.0000)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.5 (Version: 6.5.158)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
Snagit 9.1.1 (Version: 9.1.1.261)
SubSync
TC Audio Interface Software (Version: 2.5.0.6906)
TT-Dynamic-Range 1.4
Type light 3.2.012 (Version: 012)
Ulead VideoStudio 10 (Version: 10.0)
ViewNX 2 (Version: 2.1.2)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.3 (Version: 2.0.3)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Windows Media Format Runtime
WinRAR archiver
WinSCP 5.1 (Version: 5.1)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect

========================= Devices: ================================

Name: Audio Device on High Definition Audio Bus
Description: Audio Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 3549.04 MB
Available physical RAM: 2808.52 MB
Total Pagefile: 5430.76 MB
Available Pagefile: 4004.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:102.32 GB) NTFS
2 Drive d: (WD2TB) (Fixed) (Total:1863.01 GB) (Free:68.49 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:232.88 GB) (Free:0.49 GB) NTFS
5 Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:27.02 GB) NTFS
6 Drive h: () (Removable) (Total:31.24 GB) (Free:30.9 GB) FAT32

========================= Users: ========================================

User accounts for \\1

1                        Administrator            Guest                    
HelpAssistant            SUPPORT_388945a0         

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini052813-01.dmp
C:\WINDOWS\Minidump\Mini061413-01.dmp
C:\WINDOWS\Minidump\Mini071313-01.dmp
C:\WINDOWS\Minidump\Mini072413-01.dmp
C:\WINDOWS\Minidump\Mini072513-01.dmp
C:\WINDOWS\Minidump\Mini080613-01.dmp
C:\WINDOWS\Minidump\Mini100712-01.dmp
C:\WINDOWS\Minidump\Mini100912-01.dmp
C:\WINDOWS\Minidump\Mini120212-01.dmp
========================= Restore Points ==================================

11-07-2013 12:52:27 System Checkpoint
12-07-2013 15:45:31 System Checkpoint
13-07-2013 09:03:18 Removed RealDownloader
13-07-2013 10:17:34 Restore Operation
13-07-2013 10:34:33 Restore Operation
14-07-2013 07:26:22 Removed Java 7 Update 21
14-07-2013 07:26:55 Installed Java 7 Update 25
16-07-2013 13:26:38 System Checkpoint
18-07-2013 13:19:38 System Checkpoint
19-07-2013 20:45:50 System Checkpoint
20-07-2013 14:20:15 Installed "ViewNX 2"
21-07-2013 19:56:15 System Checkpoint
24-07-2013 16:25:46 System Checkpoint
25-07-2013 17:14:28 System Checkpoint
28-07-2013 01:27:45 System Checkpoint
29-07-2013 23:06:21 System Checkpoint
31-07-2013 16:56:32 System Checkpoint
02-08-2013 08:58:58 System Checkpoint
03-08-2013 18:04:22 System Checkpoint
04-08-2013 18:11:53 System Checkpoint
06-08-2013 10:32:41 System Checkpoint
09-08-2013 09:02:57 System Checkpoint
10-08-2013 23:55:26 System Checkpoint
12-08-2013 19:59:47 System Checkpoint
13-08-2013 20:58:37 System Checkpoint
14-08-2013 21:02:23 System Checkpoint
16-08-2013 02:15:30 System Checkpoint
18-08-2013 02:12:51 System Checkpoint
19-08-2013 13:36:40 System Checkpoint
20-08-2013 15:22:51 System Checkpoint
21-08-2013 19:17:11 System Checkpoint
22-08-2013 20:42:35 System Checkpoint
23-08-2013 23:58:34 System Checkpoint
25-08-2013 00:31:06 System Checkpoint
26-08-2013 12:01:40 System Checkpoint
27-08-2013 18:26:49 System Checkpoint
28-08-2013 20:26:47 System Checkpoint
29-08-2013 21:07:14 System Checkpoint
31-08-2013 13:49:34 System Checkpoint
01-09-2013 14:32:54 System Checkpoint
02-09-2013 22:11:58 System Checkpoint
05-09-2013 10:46:49 System Checkpoint
06-09-2013 12:55:32 System Checkpoint
07-09-2013 13:03:20 System Checkpoint
08-09-2013 17:29:39 System Checkpoint
09-09-2013 17:30:28 System Checkpoint
11-09-2013 10:22:58 System Checkpoint
12-09-2013 15:59:54 System Checkpoint
14-09-2013 11:32:38 System Checkpoint
15-09-2013 21:13:16 System Checkpoint
17-09-2013 17:20:03 System Checkpoint
19-09-2013 20:32:15 System Checkpoint
21-09-2013 01:49:49 System Checkpoint
22-09-2013 13:24:22 System Checkpoint
23-09-2013 16:20:09 System Checkpoint
24-09-2013 21:28:22 System Checkpoint
25-09-2013 22:57:16 System Checkpoint
27-09-2013 20:18:12 System Checkpoint
28-09-2013 23:09:07 System Checkpoint
30-09-2013 09:49:42 System Checkpoint
01-10-2013 20:32:52 System Checkpoint
03-10-2013 12:39:54 Restore Operation
03-10-2013 13:07:42 Restore Operation
05-10-2013 00:07:37 Installed AVG 2014
05-10-2013 00:07:51 Removed AVG 2013
05-10-2013 00:08:10 Installed AVG 2014
06-10-2013 14:05:42 System Checkpoint
08-10-2013 18:09:05 System Checkpoint

**** End of log ****
 



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 09 October 2013 - 02:08 PM

"list any particular steps you have taken" < I meant any Anyivirus / Antimalware programs

 

Is there still a problrm now ??



#6 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 09 October 2013 - 03:14 PM

Yes, I ran a full AVG scan. It says that Fastfat.SYS in Drivers/System32 is infected by IRP hook, but I beleive it's a false alarm.

I haven't herad the voice anymore, but does it mean that I got rid of it? How such a voice message can be sent anyway?

Maybe it has something to do with this:

 

All our libraries are watermarked with your
personal data and IP address using proprietary
watermarking techniques developed by us.
Do not distribute, resell or torrent.


Edited by Chipopo, 09 October 2013 - 05:01 PM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 09 October 2013 - 06:05 PM

Hi -

Internet Explorer 6 Out of date! > This should be at least Internet Explorer 8 now.

Go to Start > Programs and see if Windows Updates is listed. Click this and Click Check for Updates

Tell me if you are not able to do this important step.

 

We only want Important Updates, do not Select any Optional Updates

This may take some time, but please let it run

 

Next update Java and remove all old versions from Control Panel > Add/Remove
Java 7 Update 25 Java version out of Date! Java7 Update40 is current
Do Not accept any Add-Ons or ToolBars offered with the download

 

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
This is important to Defrag your HDD (I see no mention of SolidStateDisk)
Go > Start > Programs > Accessories > System Tools > Disk Defragmenter > and press Defragment

 

Just to recheck if you like >>

 Please run a free online scan with the ESET Online Scanner
 
* Disable your antivirus program

* Press > Run ESET online Scanner    
* Tick the box next to YES, I accept the Terms of Use
* Click Start
* Accept any security warnings from your browser.
* Check Scan archives
* Click Start
* ESET will then download updates for itself, install itself, and begin scanning your computer.
* Please be patient as this can take some time.
* When the scan completes, click on List of found threats
* Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan.
* Include the contents of this report in your next reply.
NOTE. If Eset doesn't find any threats it'll NOT produce any log.

 

I see that Bittorrent is not listed as installed (good)



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 09 October 2013 - 06:16 PM

If you wish to double check, please use Malwarebytes' Anti-Malware for a Free Scanner -

 

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer after you post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt



#9 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 10 October 2013 - 03:36 AM

Thank you for your suggestions.

I ran the 2 scanners, no threats were found.

So, you can't tell me how did they know that I downloaded something and how they manage to send a voice message?



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 10 October 2013 - 04:41 AM

At this time I can not be sure why there was a "voice" on the system, but there may be an audio problem

If you look above, under "Devices" it lists a problem with "Audio Device on High Definition Audio Bus"

This shows that the "driver for these devices are not installed".

Go - Start > Control Panel > System > Hardware > Device Manager and see if there is a ( ! or ? ) beside any item.

We will then check to see the better way to update or replace the faulty drivers.

 

 

Next run a Disk Check on your system to see if this repairs any minor problems >

Run a Disk Check on your C: drive in Windows XP:
• Click Start and open My Computer

• Right-click on C:(or your main Hard Drive Letter) and select Properties

• Click on the Tools tab

• Under Error-checking click the Check Now... button

• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors

• Click on the Start button

• When the message box pops up, click the Schedule disk check button and Restart your computer

• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

This will take (on average) 15 to 20 minutes for the 5 stages, so please do not force a shutdown during the scan.

 

 

If you still wish to run a Rootkit Removing Tool, then see below >

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (eg. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
Do not use the computer during the scan
•If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (e.g. TDSSKiller.2.4.0.0_27.07.2013_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.
 

Thank You -



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 10 October 2013 - 06:01 AM

> > how they manage to send a voice message? < <

Apart from this being a random issue from a Torrent site that you were on (happens at times), read on.

 

An EXTRA item that you may be interested in from B.C. Tutorials.

 

Have I been Hacked This may also cover some of your concerns.



#12 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 12 October 2013 - 04:12 AM

Go - Start > Control Panel > System > Hardware > Device Manager and see if there is a ( ! or ? ) beside any item.

 

If you still wish to run a Rootkit Removing Tool, then see below >

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe)

 

 

 

Thank you, I did as advised.

 

Here are the snapshots:

 

DM.jpg

 

 

kasp+scan.jpg


Edited by Chipopo, 12 October 2013 - 04:14 AM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 12 October 2013 - 05:50 AM

Re: sptd.sys Program Information - Bleeping Computer This seems to be a safe item, just that the file was locked -

Leave the option at Skip.

 

 

Next - Make sure there are no CDs or USB Flash Drives plugged in
There seems to be a lot of drivers missing or in need of updating.
Start with the top items one at a time (Audio Device .........). Double click on the first line and a Sub Menu will open and there should be General / Driver / and Details headings. You want "Driver". 
First click on Update Driver then Next, and see what reaction you get. It may start to download the latest updated version. If nothing happens or there is no driver downloading after 5 minutes, then click on Uninstall, and wait to see what happens - If the Driver uninstalls wait for it to finish and Reboot your computer. At worst you will be back where you started, but at best you will be able to install the latest Drivers.

 

Now repeat this with each item that has a big ? or ! beside it. This should clear these marks eventually, and leave you with the latest versions installed.

 

Post back if there is any problem with this (there should not be any).



#14 Chipopo

Chipopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 13 October 2013 - 02:59 AM

Thanks so much for your help, appreciate the time you took.

Cheers!



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 AM

Posted 13 October 2013 - 03:44 AM

I will still keep a watch here for a week if you have the same (or similar) problems.

If you have unrelated problems, please start a new topic -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users