malware or hacked

This forum is intended to help the users to disinfect their computers.
Post Reply
billfeht
Posts: 3
Joined: Fri Aug 15, 2014 6:19 am

malware or hacked

Post by billfeht »

Thankyou up front.. I have been haveing problems for a long while..I will touch on highlites.. I just did a new repair few hours ago.. Downloaded a windows 7 usb file so I could have a clean just did upgrade/repair..I lose my authority I can not get my dvd burner to work properly my aidio is not right.. I find many files in my recycle bin.. I willl attach a batch file that has the codes for gathering after deleting I have all kinds of stuff I did not put on this computer.. I could go on and on but here is your log file and that dat file ,,
Again Thankyou
Hope ok but could not get this to attach.. Found in recycle bin also a bunch of register merges......
@echo off
setlocal
setlocal ENABLEEXTENSIONS
setlocal ENABLEDELAYEDEXPANSION

set OUTPUTDIR=%USERPROFILE%\Desktop
set RETURNCODE=0

REM Set the CAB file name to include the date and time with
REM underscores substituted for the invalid characters.

set DATETIMESUFFIX=%DATE:/=_%_%TIME::=_%
set CABOUTPUT=OneDriveLogs_%DATETIMESUFFIX: =_%.cab

:ParseCommand
if "%1"=="/?" (
echo Usage: %0 [Options]
echo.
echo This script collects all the client logs and CABs them up for simple
echo upload. By default, it will drop the CAB file on your Desktop.
echo.
echo Options:
echo.
echo /OutputDir outputdirectory - Set output directory
echo /OutputFile outputFile - Filename of output file to use
echo.
goto :Return
) else if /i "%1"=="/OutputDir" (
for %%i in (%2) do set OUTPUTDIR=%%~i
shift /1
shift /1
) else if /i "%1"=="/OutputFile" (
for %%i in (%2) do set CABOUTPUT=%%~i
shift /1
shift /1
)

if not "%1"=="" (
echo Parsing %1
goto ParseCommand
)

echo OutputDir is %OutputDir%
echo OutputFile is %CabOutput%

echo UX Log Collection
echo.

REM -------------------------
REM * CLIENT PATH DISCOVERY *
REM -------------------------

if "%LOCALAPPDATA%"=="" (
set LOCALAPPDATA=%USERPROFILE%\Local Settings\Application Data
)
if not exist "%LOCALAPPDATA%" (
echo %LOCALAPPDATA% not found.
goto :Return
)

set CLIENTPATH=%LOCALAPPDATA%\Microsoft\SkyDrive

if not exist "%CLIENTPATH%" (
echo Error: No application data exists for OneDrive client.
echo.
goto :Return
)

REM -------------
REM * COPY LOGS *
REM -------------

pushd "%CLIENTPATH%"

set WORKINGDIR=%CLIENTPATH%\LogCollection
echo Working directory is %WORKINGDIR%.
echo.

if exist "%WORKINGDIR%" (
rd /s /q "%WORKINGDIR%"
)

mkdir "%WORKINGDIR%"

set > "%WORKINGDIR%\env.txt"
REM TaskList and SystemInfo are not available on XP Home.
tasklist /v > "%WORKINGDIR%\tasklist.txt"
systeminfo > "%WORKINGDIR%\systeminfo.txt"

REM Capture list of running services.
net start > "%WORKINGDIR%\services.txt"

REM OneDrive
set /p CRLF=Copying OneDrive logs <NUL

set WORKINGDIRONEDRIVE=%WORKINGDIR%\OneDrive
mkdir "%WORKINGDIRONEDRIVE%"

dir /S "%CLIENTPATH%" > "%WORKINGDIRONEDRIVE%\tree.txt"

REM Collect list of overlay handlers
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers /S > "%WORKINGDIRONEDRIVE%\overlayHandlers.txt"

for %%f in (
"%CLIENTPATH%\logs\*.*"
"%CLIENTPATH%\settings\*.*"
"%CLIENTPATH%\setup\logs\*.*"
) do (
if exist %%f (
set /p CRLF=.<NUL
xcopy "%%~f" "%WORKINGDIRONEDRIVE%" /qcy 2>&1>NUL
)
)


REM Setup
set WORKINGDIRSETUP=%WORKINGDIR%\WLSetup
set WLSETUPPATH=%PROGRAMDATA%\Microsoft\WLSetup\logs
if exist "%WLSETUPPATH%" (
mkdir "%WORKINGDIRSETUP%"
set /p CRLF=Copying WLSetup logs <NUL
for %%f in (
"%WLSETUPPATH%\*"
) do (
if exist "%%f" (
set /p CRLF=.<NUL
xcopy "%%~f" "%WORKINGDIRSETUP%" /siqcy 2>&1>NUL
)
)
echo.
)

echo.
echo.


REM Copy complete. CAB up files.

echo Writing CAB file to %CABOUTPUT%...

call :CABIT "%WORKINGDIR%"

if "%OUTPUTDIR%"=="%USERPROFILE%\Desktop" (
set SHFOLDER_REGISTRY_KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
for /f "tokens=2*" %%i in (
'REG QUERY !SHFOLDER_REGISTRY_KEY! /v Desktop'
) do (
call set OUTPUTDIR=%%~j
)
)

if not exist "%OUTPUTDIR%\" (
echo Error! %OUTPUTDIR% does not exist.
move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
set RETURNCODE=1
goto :Return
)

move /y "%WORKINGDIR%\%CABOUTPUT%" "%OUTPUTDIR%\." 2>&1>NUL

if ERRORLEVEL 1 (
echo error level 1
move /y "%WORKINGDIR%\%CABOUTPUT%" %USERPROFILE%\Desktop\. 2>&1>NUL
set RETURNCODE=1
)


rd /s /q "%WORKINGDIR%"

echo.
echo Log collection complete. Please upload the following file:
echo.
echo %OUTPUTDIR%\%CABOUTPUT%
echo.

goto :Return

REM -----------
REM * CAB IT! *
REM -----------
:CABIT
set DIRECTIVEFILE=%TEMP%\Schema.ddf
set TARGET=%1
set TEMPFILE=%TEMP%\TEMP-%RANDOM%.tmp

if not exist %TARGET% (
echo %TARGET% does not exist.
goto :Return
)

pushd %TARGET%

echo. > %DIRECTIVEFILE%
echo .set CabinetNameTemplate=%CABOUTPUT% >> %DIRECTIVEFILE%
echo .set DiskDirectoryTemplate= >> %DIRECTIVEFILE%
echo .set InfFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set RptFileName=%TEMPFILE% >> %DIRECTIVEFILE%
echo .set MaxDiskSize=0 >> %DIRECTIVEFILE%
echo .set CompressionType=LZX >> %DIRECTIVEFILE%

del /f %TEMPFILE% 2>NUL

call :CAB_DIR .

MakeCab /f %DIRECTIVEFILE%

del /f %DIRECTIVEFILE% 2>NUL
del /f %TEMPFILE% 2>NUL

popd
goto :Return

REM CAB Helper
:CAB_DIR
echo .set DestinationDir=%1 >> %DIRECTIVEFILE%
for /f "tokens=*" %%i in ('dir /b /a:-d %1') do (
echo "%~1\%%i" >> %DIRECTIVEFILE%
)
for /f "tokens=*" %%i in ('dir /b /a:d %1') do (
call :CAB_DIR "%~1\%%i"
)
goto :Return



REM ********************************************************************************
REM Discover ProcessId of given process (based on process name passed as parameter).
REM Store result in %CURRENTPID%
REM ********************************************************************************
:SetPid

set CURRENTPID=

set NTACCOUNT=%USERNAME%
if not "%USERDOMAIN%"=="" (
set NTACCOUNT=%USERDOMAIN%\%USERNAME%
)
for /f "tokens=2 delims=," %%i in (
'tasklist /FI "username eq %NTACCOUNT%" /FI "imagename eq %1" /fo csv /nh'
) do (
set CURRENTPID=%%i
)
goto :Return

:Return
exit /b %RETURNCODE%
Attachments
scan log.txt
(361.72 KiB) Downloaded 695 times
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: malware or hacked

Post by Fred »

Hi billfeht.

Your system does not show any signs of malware. I think the issues you're having are because the Windows 7 usb file you downloaded is not a genuine Windows installation, and was hacked, or built from a non compatible system.

I would recommend that you perform a clean Windows install from a genuine media. If you do not have one, you can find it at a fair price on ebay, or other commercial sites.

If you need to create a USB Windows setup media from a DVD, there are many free programs available for the effect. My favorite is Rufus.
http://rufus.akeo.ie/

Good luck.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
billfeht
Posts: 3
Joined: Fri Aug 15, 2014 6:19 am

Re: malware or hacked

Post by billfeht »

i APPRECIATE THE INPUT..If I could burn a cd That would help.. I agree there is a non authorized windows version.. I have been doing this for about three years.. I mean no disrepect I am sure you know more then me.. But No one will take a look at my system..I can put a oem windows disk in to load and take it out and it still acts like the disk is in..I find all kinds of interesting things In a app data file you can access my hole system. One of my favorites is the quick launch for internet explorer here is the open page url http://hp-desktop.us.msn.com/?pc=HPDTDF&OCID=HPDHP .. What is really cool about it any that has been opened is listed in drop down and can be opened...If you would please take a farther look I will do any thing I will mail you my computer PLEASE. This attachment is what was in my recycle bin this morning..Should SI identity files sid files what ever they are call be attached to a recyccle bin.. when I run UVK recent file search I get alot of those files but says can not be found..Anything you can do would be appreciated.. Again Thankyou
Attachments
Capture.PNG
Capture.PNG (192.66 KiB) Viewed 23363 times
billfeht
Posts: 3
Joined: Fri Aug 15, 2014 6:19 am

Re: malware or hacked

Post by billfeht »

So know one will help me
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: malware or hacked

Post by Fred »

billfeht, if no one is helping you, maybe it's because you are not explaining correctly what your problem is. For instance, what do you mean by "I lose my authority"?

As for those files in the recycle bin, most of the ones we can see are remnants of a SkyDrive installation. The mp3 audio files I have no idea, but you can get to know the original location of those files by double clicking them while they are in the recycle bin.

As for the DVD writer and sound device not working, you should try to download the chipset and audio drivers from the manufacturer's website, and install them.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Post Reply