-
I personally didn't intentionally create windows.old...it's possible someone else did but i have no idea.
there's two of them with the same date of creation from 2008...windows.old and windows.old.000
ESET ran and cleaned one issue after all preliminary actions were taken =).
-
Did it clean everything in the old folder ?
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:
:dir
C:\Windows.old
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
After the ESET fix scan i couldn't find a log, maybe because i didn't delete the first log beforehand, but i'm almost positive the entry that was "fixed" was C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application. There was definately only a single entry fixed.
You probably have already seen this but all the .old.000 entries from the first scan seem to be doubles of all the regular entries...maybe some mirror thing going on. wierd 
Here's system look =D
--------------------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 21:26 on 01/06/2012 by richard
Administrator - Elevation successful
========== dir ==========
C:\Windows.old - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
-= EOF =-
-
Lets go here and do the same thing and delete those files
C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe
C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar
Let me know how it went .
Then run a new scan with ESET and post the log please
-
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar was the only file i could find and ESET turned up clean.
Things to note...C:\users\richard and C:\windows.old.000\documents and setting\richard are 100% identicle...i couldn't get into C:\windows.old.000\documents and settings\richard without using start search...the folder didn't exist going through computer-->local disk.
The exact same thing applied to C:\Windows.old.000\Users\All Users and C:\ProgramData...all files contained are identicle and i couldn't find C:\Windows.old.000\Users\All Users without using start search.
inside this C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery...WinAgentws1.zip was no longer there, but i did find a bunch of .zip files with names i recognized as malicious? There's about five in there but two examples are GameVancePlaySushi5.zip and WiIQfraud2.zip (there's multiple copies of all of them)...The GUI for spybot shows the recovery section as empty.
Here's ESET 
I went to sleep when i started the scan so i wasn't able to get the regular looking log (as far as i know) hopefully this is the same thing.
--------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=edf20e162e4fdb4992401ab3118fe57f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 01:34:27
# local_time=2012-06-02 07:34:27 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 100 32636270 175245329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=269839
# found=0
# cleaned=0
# scan_time=6310
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
