Page 1 of 1

malware or hacked

Posted: Fri Aug 15, 2014 6:53 am
by billfeht
Thankyou up front.. I have been haveing problems for a long while..I will touch on highlites.. I just did a new repair few hours ago.. Downloaded a windows 7 usb file so I could have a clean just did upgrade/repair..I lose my authority I can not get my dvd burner to work properly my aidio is not right.. I find many files in my recycle bin.. I willl attach a batch file that has the codes for gathering after deleting I have all kinds of stuff I did not put on this computer.. I could go on and on but here is your log file and that dat file ,,
Again Thankyou
Hope ok but could not get this to attach.. Found in recycle bin also a bunch of register merges......
@echo off
setlocal
setlocal ENABLEEXTENSIONS
setlocal ENABLEDELAYEDEXPANSION

set OUTPUTDIR=%USERPROFILE%\Desktop
set RETURNCODE=0

REM Set the CAB file name to include the date and time with
REM underscores substituted for the invalid characters.

set DATETIMESUFFIX=%DATE:/=_%_%TIME::=_%
set CABOUTPUT=OneDriveLogs_%DATETIMESUFFIX: =_%.cab

:ParseCommand
if "%1"=="/?" (
echo Usage: %0 [Options]
echo.
echo This script collects all the client logs and CABs them up for simple
echo upload. By default, it will drop the CAB file on your Desktop.
echo.
echo Options:
echo.
echo /OutputDir outputdirectory - Set output directory
echo /OutputFile outputFile - Filename of output file to use
echo.
goto :Return
) else if /i "%1"=="/OutputDir" (
for %%i in (%2) do set OUTPUTDIR=%%~i
shift /1
shift /1
) else if /i "%1"=="/OutputFile" (
for %%i in (%2) do set CABOUTPUT=%%~i
shift /1
shift /1
)

if not "%1"=="" (
echo Parsing %1
goto ParseCommand
)

echo OutputDir is %OutputDir%
echo OutputFile is %CabOutput%

echo UX Log Collection
echo.

REM -------------------------
REM * CLIENT PATH DISCOVERY *
REM -------------------------

if "%LOCALAPPDATA%"=="" (
set LOCALAPPDATA=%USERPROFILE%\Local Settings\Application Data
)
if not exist "%LOCALAPPDATA%" (
echo %LOCALAPPDATA% not found.
goto :Return
)

set CLIENTPATH=%LOCALAPPDATA%\Microsoft\SkyDrive

if not exist "%CLIENTPATH%" (
echo Error: No application data exists for OneDrive client.
echo.
goto :Return
)

REM -------------
REM * COPY LOGS *
REM -------------

pushd "%CLIENTPATH%"

set WORKINGDIR=%CLIENTPATH%\LogCollection
echo Working directory is %WORKINGDIR%.
echo.

if exist "%WORKINGDIR%" (
rd /s /q "%WORKINGDIR%"
)

mkdir "%WORKINGDIR%"

set > "%WORKINGDIR%\env.txt"
REM TaskList and SystemInfo are not available on XP Home.
tasklist /v > "%WORKINGDIR%\tasklist.txt"
systeminfo > "%WORKINGDIR%\systeminfo.txt"

REM Capture list of running services.
net start > "%WORKINGDIR%\services.txt"

REM OneDrive
set /p CRLF=Copying OneDrive logs <NUL

set WORKINGDIRONEDRIVE=%WORKINGDIR%\OneDrive
mkdir "%WORKINGDIRONEDRIVE%"

dir /S "%CLIENTPATH%" > "%WORKINGDIRONEDRIVE%\tree.txt"

REM Collect list of overlay handlers
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers /S > "%WORKINGDIRONEDRIVE%\overlayHandlers.txt"

for %%f in (
"%CLIENTPATH%\logs\*.*"
"%CLIENTPATH%\settings\*.*"
"%CLIENTPATH%\setup\logs\*.*"
) do (
if exist %%f (
set /p CRLF=.<NUL
xcopy "%%~f" "%WORKINGDIRONEDRIVE%" /qcy 2>&1>NUL
)
)


REM Setup
set WORKINGDIRSETUP=%WORKINGDIR%\WLSetup
set WLSETUPPATH=%PROGRAMDATA%\Microsoft\WLSetup\logs
if exist "%WLSETUPPATH%" (
mkdir "%WORKINGDIRSETUP%"
set /p CRLF=Copying WLSetup logs <NUL
for %%f in (
"%WLSETUPPATH%\*"
) do (
if exist "%%f" (
set /p CRLF=.<NUL
xcopy "%%~f" "%WORKINGDIRSETUP%" /siqcy 2>&1>NUL
)
)
echo.
)

echo.
echo.


REM Copy complete. CAB up files.

echo Writing CAB file to %CABOUTPUT%...

call :CABIT "%WORKINGDIR%"

if "%OUTPUTDIR%"=="%USERPROFILE%\Desktop" (
set SHFOLDER_REGISTRY_KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
for /f "tokens=2*" %%i in (
'REG QUERY !SHFOLDER_REGISTRY_KEY! /v Desktop'
) do (
call set OUTPUTDIR=%%~j
)
)

if not exist "%OUTPUTDIR%\" (
echo Error! %OUTPUTDIR% does not exist.
move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
set RETURNCODE=1
goto :Return
)

move /y "%WORKINGDIR%\%CABOUTPUT%" "%OUTPUTDIR%\." 2>&1>NUL

if ERRORLEVEL 1 (
echo error level 1
move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
set RETURNCODE=1
)


rd /s /q "%WORKINGDIR%"

echo.
echo Log collection complete. Please upload the following file:
echo.
echo %OUTPUTDIR%\%CABOUTPUT%
echo.

goto :Return

REM -----------
REM * CAB IT! *
REM -----------
:CABIT
set DIRECTIVEFILE=%TEMP%\Schema.ddf
set TARGET=%1
set TEMPFILE=%TEMP%\TEMP-%RANDOM%.tmp

if not exist %TARGET% (
echo %TARGET% does not exist.
goto :Return
)

pushd %TARGET%

echo. > %DIRECTIVEFILE%
echo .set CabinetNameTemplate=%CABOUTPUT% >> %DIRECTIVEFILE%
echo .set DiskDirectoryTemplate= >> %DIRECTIVEFILE%
echo .set InfFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set RptFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set MaxDiskSize=0 >> %DIRECTIVEFILE%
echo .set CompressionType=LZX >> %DIRECTIVEFILE%

del /f %TEMPFILE% 2>NUL

call :CAB_DIR .

MakeCab /f %DIRECTIVEFILE%

del /f %DIRECTIVEFILE% 2>NUL
del /f %TEMPFILE% 2>NUL

popd
goto :Return

REM CAB Helper
:CAB_DIR
echo .set DestinationDir=%1 >> %DIRECTIVEFILE%
for /f "tokens=*" %%i in ('dir /b /a:-d %1') do (
echo "%~1\%%i" >> %DIRECTIVEFILE%
)
for /f "tokens=*" %%i in ('dir /b /a:d %1') do (
call :CAB_DIR "%~1\%%i"
)
goto :Return



REM ********************************************************************************
REM Discover ProcessId of given process (based on process name passed as parameter).
REM Store result in %CURRENTPID%
REM ********************************************************************************
:SetPid

set CURRENTPID=

set NTACCOUNT=%USERNAME%
if not "%USERDOMAIN%"=="" (
set NTACCOUNT=%USERDOMAIN%\%USERNAME%
)
for /f "tokens=2 delims=," %%i in (
'tasklist /FI "username eq %NTACCOUNT%" /FI "imagename eq %1" /fo csv /nh'
) do (
set CURRENTPID=%%i
)
goto :Return

:Return
exit /b %RETURNCODE%

Re: malware or hacked

Posted: Fri Aug 15, 2014 10:25 am
by Fred
Hi billfeht.

Your system does not show any signs of malware. I think the issues you're having are because the Windows 7 usb file you downloaded is not a genuine Windows installation, and was hacked, or built from a non compatible system.

I would recommend that you perform a clean Windows install from a genuine media. If you do not have one, you can find it at a fair price on ebay, or other commercial sites.

If you need to create a USB Windows setup media from a DVD, there are many free programs available for the effect. My favorite is Rufus.
http://rufus.akeo.ie/

Good luck.

Re: malware or hacked

Posted: Fri Aug 15, 2014 9:06 pm
by billfeht
i APPRECIATE THE INPUT..If I could burn a cd That would help.. I agree there is a non authorized windows version.. I have been doing this for about three years.. I mean no disrepect I am sure you know more then me.. But No one will take a look at my system..I can put a oem windows disk in to load and take it out and it still acts like the disk is in..I find all kinds of interesting things In a app data file you can access my hole system. One of my favorites is the quick launch for internet explorer here is the open page url http://hp-desktop.us.msn.com/?pc=HPDTDF&OCID=HPDHP .. What is really cool about it any that has been opened is listed in drop down and can be opened...If you would please take a farther look I will do any thing I will mail you my computer PLEASE. This attachment is what was in my recycle bin this morning..Should SI identity files sid files what ever they are call be attached to a recyccle bin.. when I run UVK recent file search I get alot of those files but says can not be found..Anything you can do would be appreciated.. Again Thankyou

Re: malware or hacked

Posted: Tue Aug 19, 2014 7:08 am
by billfeht
So know one will help me

Re: malware or hacked

Posted: Tue Aug 19, 2014 8:38 am
by Fred
billfeht, if no one is helping you, maybe it's because you are not explaining correctly what your problem is. For instance, what do you mean by "I lose my authority"?

As for those files in the recycle bin, most of the ones we can see are remnants of a SkyDrive installation. The mp3 audio files I have no idea, but you can get to know the original location of those files by double clicking them while they are in the recycle bin.

As for the DVD writer and sound device not working, you should try to download the chipset and audio drivers from the manufacturer's website, and install them.