Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection but not sure what


  • This topic is locked This topic is locked
3 replies to this topic

#1 Laserpaddy

Laserpaddy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 11 September 2013 - 09:34 PM

I cannot find the old thread but its been about a week so assume it is closed-

 

What I have found is that after reformating many times and using the Dariks nuke your drive on dod passes- then I tried to reinstall windows 7 64 bit and wow old files still!!!! multiple user.dat files etc. I name 2 of them log1 and log2 to have a sanity check on things- trust me I am going crazy....

 

So I then removed the hard drive and looked into the bios settings again and I had never checked Qflash I have a gigabyte borad- and it said in the flash type / size- UNKNOWN for type and 4m for size,,,I found this alarming and odd.

 

So I reflashed the bios to a different version and on a known good computer and entered bios at startup and wow it listed the chip flash type and size still 4m.....then I rebooted and let it LOOK for the system disk- of course it failed and I reset the power and entered bios and there it was again- unknown in flash type-

 

I systematically removed cd drive- got new usb sticks to flash with- pulled out the bios battery- memory and let them sit a good 24 hours each time before removing the next part etc....

 

The evga gtx 560Ti superclocked card made the unknown appear in qflash...repeat the above steps and with it in it showed unknown with it out it showed the flash chip type-----

 

I thought awesome- so I ran 100 miles to a best buy- ya i am that far away from a city that big LOL- cheap hard drive new dvd rom burner all for about a 100 bucks...came home did a fresh install and WTF WTF WTF the old files are still there!!!

 

AVAST! says well $$$$$$$$$$$$

Gigabyte says there is NO WAY I could have a virus in my bios......maybe a pin in the socket is bent but now way a bios virus......

 

 

So please someone tell me how after all that I have done- new parts etc...can the exact same files be there!!!!

 

I was not and am not connected to the internet during all of this- the only possible thing that I did not change was the logitec usb key board and mouse- so please help- before I take a sledgehammer and have some fun--or spend more money without it working...

 

AM I CRAZY????



BC AdBot (Login to Remove)

 


#2 Laserpaddy

Laserpaddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 September 2013 - 12:06 AM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 
 
device: opened successfully
user: error reading MBR 
error: Read  The handle is invalid.
kernel: error reading MBR 
 
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Microsoft Windows MCE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Microsoft Windows MCE\PreferredDecoders]
"PrefSplitter"=dword:00000002
"UseLocalFilters"=dword:00000001
"PrefVideoDecoder"=dword:00000000
"PrefRequired"=dword:00000000
"PrefAudioDecoder"=dword:00000002
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Microsoft Windows MCE\PreferredDecoders\AC3Decoders]
"filter1"="{7E2E0DC1-31FD-11D2-9C21-00104B3801F6}"
"filter5"="{E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}"
"filter4"="{284dc28a-4a7d-442c-bc2e-d7480556e4d8}"
"filter3"="{6C0BDF86-C36A-4D83-8BDB-312D2EAF409E}"
"filter2"="{9BC1B780-85E3-11D2-98D0-0080C84E9C39}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC]
@=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Audio]
"{A0DF4AAB-18A7-482D-A80B-49AA499EA38A}"="0x00000000"
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{C1A7BF6C-0059-4BFA-94EF-EF747A768D52}"
"{1D3583C4-1583-474E-B71A-5EE463C198E4}"="0x00000002"
"{87626665-0736-40B2-84FC-3C9A6A714487}"="0x00000000"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00036b00"
"{667CAB02-B9AC-4F26-9274-AE435CBEB753}"="0x00000002"
"{E352E4C7-4268-4651-A366-99BACFC56B95}"="0x0000bb80"
"{C3E86F9F-186F-4811-BF6E-5284A2BE75CA}"="0x00000010"
"{1C0608E9-370C-4710-8A58-CB6181C42423}"="0x00000000"
"{9D2B5710-F43A-411F-9D7C-94AFC40FB76B}"="0x00000001"
"{E8CEFE95-0D82-4941-9734-ACD0CFF2CE63}"="0x00000000"
"{971D2723-1ACB-42E7-855C-520A4B70A5F2}"="0x0000bb80"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
"{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}"="0x00000000"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Audio\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{C1A7BF6C-0059-4BFA-94EF-EF747A768D52}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Video]
"{95F31B26-95A4-41AA-9303-246A7FC6EEF1}"="0x0000000d"
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{046DC19A-6677-4AAA-A31D-C1AB716F4560}"
"{B67D3215-829A-4A52-9F33-7D4E06929D22}"="0x00000019"
"{6ED9E124-7925-43FE-971B-E019F62222B4}"="0x00000000"
"{DE1AFD15-9ABA-45AD-B3DB-C0B4B4C127FA}"="0x0000004b"
"{EA85E7C3-9567-4D99-87C4-02C1C278CA7C}"="30000,1001"
"{9B46CEAD-E8AE-4DC2-A13E-92F8BA9FC90B}"="720,480"
"{1EF2065F-058A-4765-A4FC-8A864C103012}"="0x00000001"
"{E2E1BE38-6E29-4609-8BD3-FB4A75961F79}"="0x00000000"
"{993410D4-2691-4192-9978-98DC2603669F}"="0x00000001"
"{AFD5F567-5C1B-4ADC-BDAF-735610381436}"="0x00000000"
"{BEDE146D-B616-4DC7-92B2-F5D9FA9298F7}"="0x00000002"
"{1074DF28-7E0F-47A4-A453-CDD73870F5CE}"="720,480"
"{B1D5D4A6-3300-49B1-AE61-A09937AB0E49}"="0x00000000"
"{61E4BBE2-4EE0-40E7-80AB-51DDEEBE6291}"="0x00000000"
"{6EE40C40-A60C-41EF-8F50-37C2249E2CB3}"="0x00000002"
"{3CDC718F-B3E9-4EB6-A57F-CF1F1B321B87}"="0x00080009"
"{89792BC4-4A1D-45F3-8BFE-B6F46A0ED442}"="0x00000000"
"{DABB534A-1D99-4284-975A-D90E2239BAA1}"="0x00000002"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x006acfc0"
"{ACB5DE96-7B93-4C2F-8825-B0295FA93BF4}"="0x00000001"
"{CA212059-149E-49B1-970E-CD90C0AA68A4}"="0x00000001"
"{1C0608E9-370C-4710-8A58-CB6181C42423}"="0x00000000"
"{143A0FF6-A131-43DA-B81E-98FBB8EC378E}"="0x00000000"
"{6097B4C9-7C1D-4E64-BFCC-9E9765318AE7}"="0x00000003"
"{810167C4-0BC1-47CA-8FC2-57055A1474A5}"="0x00000001"
"{7F8A478E-7BBB-4AE2-B2FC-96D17FC4A2D6}"="0x00000002"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
"{9B0E39B4-EE09-4590-A20C-C3DFF170EE34}"="0x00000000"
"{8D390AAC-DC5C-4200-B57F-814D04BABAB2}"="0x00000002"
"{78A7F81D-AAF1-4E35-8341-79F456E13D58}"="0x00000004"
"{109B5838-DD20-4613-9036-BF4E41C01DEC}"="0x00000001"
"{FB3DC596-1A5C-4DA0-8723-201F03516687}"="0x00000007"
"{58089745-7EC5-4A87-9078-FC4EDF66EE1C}"="0,0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_NTSC\Video\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{046DC19A-6677-4AAA-A31D-C1AB716F4560}"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL]
@=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Audio]
"{A0DF4AAB-18A7-482D-A80B-49AA499EA38A}"="0x00000000"
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
"{1D3583C4-1583-474E-B71A-5EE463C198E4}"="0x00000002"
"{87626665-0736-40B2-84FC-3C9A6A714487}"="0x00000000"
"{B16ADE03-4B93-43D7-A550-90B4FE224537}"="0x00000001"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00036b00"
"{667CAB02-B9AC-4F26-9274-AE435CBEB753}"="0x00000002"
"{E352E4C7-4268-4651-A366-99BACFC56B95}"="0x0000bb80"
"{9D377230-F91B-453D-9CE0-78445414C22D}"="0x00000001"
"{C3E86F9F-186F-4811-BF6E-5284A2BE75CA}"="0x00000010"
"{1C0608E9-370C-4710-8A58-CB6181C42423}"="0x00000000"
"{9D2B5710-F43A-411F-9D7C-94AFC40FB76B}"="0x00000001"
"{E8CEFE95-0D82-4941-9734-ACD0CFF2CE63}"="0x00000000"
"{971D2723-1ACB-42E7-855C-520A4B70A5F2}"="0x0000bb80"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
"{B8BF51A6-0AB3-48F2-A38E-4E36CADC41AD}"="0x00000000"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Audio\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Video]
"{95F31B26-95A4-41AA-9303-246A7FC6EEF1}"="0x0000000d"
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{046DC19A-6677-4AAA-A31D-C1AB716F4560}"
"{B67D3215-829A-4A52-9F33-7D4E06929D22}"="0x00000019"
"{6ED9E124-7925-43FE-971B-E019F62222B4}"="0x00000000"
"{DE1AFD15-9ABA-45AD-B3DB-C0B4B4C127FA}"="0x0000004b"
"{EA85E7C3-9567-4D99-87C4-02C1C278CA7C}"="25,1"
"{9B46CEAD-E8AE-4DC2-A13E-92F8BA9FC90B}"="720,576"
"{1EF2065F-058A-4765-A4FC-8A864C103012}"="0x00000001"
"{E2E1BE38-6E29-4609-8BD3-FB4A75961F79}"="0x00000000"
"{993410D4-2691-4192-9978-98DC2603669F}"="0x00000001"
"{AFD5F567-5C1B-4ADC-BDAF-735610381436}"="0x00000000"
"{BEDE146D-B616-4DC7-92B2-F5D9FA9298F7}"="0x00000001"
"{1074DF28-7E0F-47A4-A453-CDD73870F5CE}"="720,576"
"{B1D5D4A6-3300-49B1-AE61-A09937AB0E49}"="0x00000000"
"{61E4BBE2-4EE0-40E7-80AB-51DDEEBE6291}"="0x00000000"
"{6EE40C40-A60C-41EF-8F50-37C2249E2CB3}"="0x00000002"
"{3CDC718F-B3E9-4EB6-A57F-CF1F1B321B87}"="0x00080009"
"{89792BC4-4A1D-45F3-8BFE-B6F46A0ED442}"="0x00000000"
"{DABB534A-1D99-4284-975A-D90E2239BAA1}"="0x00000002"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x006acfc0"
"{ACB5DE96-7B93-4C2F-8825-B0295FA93BF4}"="0x00000001"
"{CA212059-149E-49B1-970E-CD90C0AA68A4}"="0x00000001"
"{1C0608E9-370C-4710-8A58-CB6181C42423}"="0x00000000"
"{143A0FF6-A131-43DA-B81E-98FBB8EC378E}"="0x00000000"
"{6097B4C9-7C1D-4E64-BFCC-9E9765318AE7}"="0x00000003"
"{810167C4-0BC1-47CA-8FC2-57055A1474A5}"="0x00000001"
"{7F8A478E-7BBB-4AE2-B2FC-96D17FC4A2D6}"="0x00000002"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
"{9B0E39B4-EE09-4590-A20C-C3DFF170EE34}"="0x00000000"
"{8D390AAC-DC5C-4200-B57F-814D04BABAB2}"="0x00000002"
"{78A7F81D-AAF1-4E35-8341-79F456E13D58}"="0x00000003"
"{FB3DC596-1A5C-4DA0-8723-201F03516687}"="0x00000007"
"{58089745-7EC5-4A87-9078-FC4EDF66EE1C}"="0,0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\DVD_PAL\Video\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{046DC19A-6677-4AAA-A31D-C1AB716F4560}"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{CC9598C4-E7FE-451D-B1CA-761BC840B7F3}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_NTSC]
@=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_NTSC\Audio]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00036b00"
"{E352E4C7-4268-4651-A366-99BACFC56B95}"="0x0000ac44"
"{C3E86F9F-186F-4811-BF6E-5284A2BE75CA}"="0x00000010"
"{971D2723-1ACB-42E7-855C-520A4B70A5F2}"="0x0000ac44"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_NTSC\Audio\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_NTSC\Video]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{c8dafefe-da1e-4774-b27d-11830c16b1fe}"
"{EA85E7C3-9567-4D99-87C4-02C1C278CA7C}"="30000,1001"
"{9B46CEAD-E8AE-4DC2-A13E-92F8BA9FC90B}"="352,240"
"{BEDE146D-B616-4DC7-92B2-F5D9FA9298F7}"="0x00000002"
"{1074DF28-7E0F-47A4-A453-CDD73870F5CE}"="352,240"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00116520"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_NTSC\Video\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{c8dafefe-da1e-4774-b27d-11830c16b1fe}"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_PAL]
@=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_PAL\Audio]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00036b00"
"{E352E4C7-4268-4651-A366-99BACFC56B95}"="0x0000ac44"
"{C3E86F9F-186F-4811-BF6E-5284A2BE75CA}"="0x00000010"
"{971D2723-1ACB-42E7-855C-520A4B70A5F2}"="0x0000ac44"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_PAL\Audio\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{D4DD1362-CD4A-4CD6-8138-B94DB4542B04}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_PAL\Video]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{c8dafefe-da1e-4774-b27d-11830c16b1fe}"
"{EA85E7C3-9567-4D99-87C4-02C1C278CA7C}"="25,1"
"{9B46CEAD-E8AE-4DC2-A13E-92F8BA9FC90B}"="352,288"
"{BEDE146D-B616-4DC7-92B2-F5D9FA9298F7}"="0x00000001"
"{1074DF28-7E0F-47A4-A453-CDD73870F5CE}"="352,288"
"{F7222374-2144-4815-B550-A37F8E12EE52}"="0x00116520"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Sonic\AuthorScript\Profiles\VCD_PAL\Video\RequiredCapabilities]
"{08AF4AC1-F3F2-4C74-9DCF-37F2EC79F826}"="{c8dafefe-da1e-4774-b27d-11830c16b1fe}"
"{57CBB9B8-116F-4951-B40C-C2A035ED8F17}"="{95035bf7-9d90-40ff-ad5c-5cf8cf71ca1d}"
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software]
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Policies]
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Policies\Microsoft]
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Policies\Microsoft\Windows NT]
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Policies\Microsoft\Windows NT\Terminal Services]
 
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fUsbRedirectionEnableMode"=dword:00000000
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\CBSTEST]
"CurrentState"=dword:00000001
"AutoStart"=dword:00000000
"CBSTestWDSLogFile"="C:\BVTBin\Tests\installpackage\cbstest\AMD64\CBSTestWDS.log\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
"CBSTestWTTLogFile"="C:\BVTBin\Tests\installpackage\cbstest\AMD64\CBSTest-20101120-194801-957.wtl\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
 
BTW intel machine
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\South Bridge]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\South Bridge\ATI_AHCI_RAID]
"DisplayName"="AMD AHCI RAID"
"Version"="3.6.1540.127"
"Install"="Success"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\PSIS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\PSIS\PSIS_DECODER]
"MaxChannelNumber"=hex:44,00,00,00
"ChannelNumber"=hex:0a,00,00,00
"DvbNetwork"=hex:00,00,00,00
"EnableDVB_SI"=hex:00,00,00,00
"AtscNetwork"=hex:01,00,00,00
"EnableNetwkProvider"=hex:01,00,00,00
"GraphFile"="\\psistest.grf"
"VendorID"=hex:31,11,00,00
"AdapterID"=hex:46,71,00,00
"EnableAtsc_PSIP"=hex:01,00,00,00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework]
"InstallRoot"="C:\Windows\Microsoft.NET\Framework\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyFolders]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyFolders\Microsoft .NET Framework 3.5 Reference Assemblies]
@=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyFolders\v3.0]
"<IncludeDotNet2Assemblies>"=dword:00000001
"All Assemblies In"="C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyFolders\v3.5]
"<IncludeDotNet2Assemblies>"=dword:00000001
"All Assemblies In"="C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenQueue]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenQueue\WIN32]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenQueue\WIN32\PersistedPriorities]
"7"="install "System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1"
"5"="install "System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1"
"6"="install "System.Drawing.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1"
"3"="install "System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies /queue:1"
"8"="install "System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies /queue:1"
"4"="install "System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1"
"1"="install "mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies /queue:1"
"2"="install "System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1"
"10"="install "PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"11"="install "WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"12"="install "PresentationFramework.Aero, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"13"="install "PresentationFramework.Classic, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"14"="install "PresentationFramework.Luna, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"15"="install "PresentationFramework.Royale, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"16"="install "System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"17"="install "System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"18"="install "System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:1"
"9"="install "PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=x86" /NoDependencies /queue:1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\BTSNTSvc.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\BTSNTSvc.exe\{CA109828-7CE7-40F4-AD73-C7575455A7D5}]
"Minimum File Version"="3.0.0.0"
"Maximum File Version"="3.0.9999.9999"
"Target Version"="v1.1.4322"
"Internal Name"="BTSNTSvc"
"Company"="Microsoft Corporation"
"Product Name"="Microsoft\xae BizTalk\xae Server 2004"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\compeif.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\compeif.exe\{6AA1435F-1473-4A6D-B82A-1DD4E3A20E34}]
"Minimum File Version"="4.0.0.0"
"Company"="Microsoft Corporation"
"Maximum File Version"="4.0.9999.9999"
"Product Name"="Microsoft\xae BizTalk\xae Server"
"Target Version"="v1.1.4322"
"Internal Name"="compeif.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ConfigFramework.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ConfigFramework.exe\{CF59770F-C96E-472D-B532-2F9AE8D895DC}]
"Company"="Microsoft Corporation"
"Target Version"="v1.1.4322"
"Maximum File Version"="3.0.9999.9999"
"Internal Name"="ConfigFramework"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ConfigFramework.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ConfigFramework.exe\{CF59770F-C96E-472D-B532-2F9AE8D895DC}]
"Company"="Microsoft Corporation"
"Target Version"="v1.1.4322"
"Maximum File Version"="3.0.9999.9999"
"Internal Name"="ConfigFramework"
 
"Product Name"="Microsoft\xae BizTalk\xae Server 2004"
"Minimum File Version"="3.0.0.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\DW15.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\DW15.exe\{18B0BD4E-298B-4CB1-98E4-F49CFCE6CFB4}]
"File Size"=dword:0002da48
"Target Version"="v1.1.4322"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehmsas.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehmsas.exe\{04A93A93-ABBA-44AF-948F-50B7182C631A}]
"Product Name"="Microsoft\xae Windows\xae Operating System"
"Maximum File Version"="5.1.2600.9999"
"Target Version"="v1.0.3705"
"Minimum File Version"="5.1.2600.0000"
"Internal Name"="eHMSAS"
"Company"="Microsoft Corporation"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehrec.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehrec.exe\{44D9F380-9050-4365-AA06-DA121F6F2B7D}]
"Minimum File Version"="5.1.2600.0000"
"Internal Name"="eHRec"
"Maximum File Version"="5.1.2600.9999"
"Company"="Microsoft Corporation"
"Target Version"="v1.0.3705"
"Product Name"="Microsoft\xae Windows\xae Operating System"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehSched.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehSched.exe\{EE19C1D5-4D4B-4D19-874A-FD6633C9293E}]
"Minimum File Version"="5.1.2600.0000"
"Target Version"="v1.0.3705"
"Maximum File Version"="5.1.2600.9999"
"Internal Name"="ehSched"
"Company"="Microsoft Corporation"
"Product Name"="Microsoft\xae Windows\xae Operating System"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehShell.exe]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v2.0.50727.00000\ehShell.exe\{95736FC3-FC2F-4ED5-9632-0216DF1B8019}]
"Product Name"="Microsoft\xae Windows\xae Operating System"
"Internal Name"="ehshell.exe"
"Target Version"="v1.0.3705"

 

this is so large on the notepad it locks up

 

 

 

 

 

 

 

 



all of those are RED PLUS 5K MORE



#3 Laserpaddy

Laserpaddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 September 2013 - 12:29 AM

FOUND IT lol

 

https://malwr.com/analysis/YTEwN2IyYmE0NDBiNGQ2NDk3MmNlYTQ3ZTgyMDhkOTc/

 

 

help this has been around since 2009 thats where my computer had referenced files back to the first time i ran gre it didnot find all this- because of the drivers etc- i loaded no drivers also the usb front relocation terminal etc.... must be something in the wireless usb mouse and keyboard.... if someone can help I have 2 hard drives and the wireless stuff for forensic analysis...............



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 PM

Posted 15 September 2013 - 02:38 PM

As you are already being helped here, I am closing this topic. Please do not start new topics, instead keep to one topic to avoid confusion.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users