-
C:\Program Files\RadioPI_4eEI\Installr\2.bin\4eEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\RadioPI_4eEI\Installr\2.bin\NP4eEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\RegServe\SilentRemover.exe a variant of Win32/Adware.RegDefense application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
C:\Users\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
C:\Users\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
C:\Users\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe Win32/Toolbar.Zugo application
C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe a variant of Win32/Adware.RegDefense application
C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe Win32/Adware.1ClickDownload application
C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe a variant of Win32/SoftonicDownloader.A application
C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip Win32/Bagle.gen.zip worm
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
-
"Windows Defender" was still registered as active before the scan...hopefully that didn't affect anything.
-
Good Morning,
I would uninstall both of these programs
C:\Program Files\RadioPI_4eEI
C:\Program Files\RegServe
Then go into Spybots Recovery folder and remove it all
C:\ProgramData\Spybot - Search & Destroy\Recovery
Delete this from your desktop
C:\Users\richard\Desktop\uhhh\softonic-us-silent-2.exe
Go into the downloads folder and delete it all but not the download folder itself
C:\Users\richard\Downloads
Did you create this
C:\Windows.old <---
What I would do is rerun ESET, this time let it remove what it finds
-
I personally didn't intentionally create windows.old...it's possible someone else did but i have no idea.
there's two of them with the same date of creation from 2008...windows.old and windows.old.000
ESET ran and cleaned one issue after all preliminary actions were taken =).
-
Did it clean everything in the old folder ?
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:
:dir
C:\Windows.old
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
After the ESET fix scan i couldn't find a log, maybe because i didn't delete the first log beforehand, but i'm almost positive the entry that was "fixed" was C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application. There was definately only a single entry fixed.
You probably have already seen this but all the .old.000 entries from the first scan seem to be doubles of all the regular entries...maybe some mirror thing going on. wierd :euro:
Here's system look =D
--------------------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 21:26 on 01/06/2012 by richard
Administrator - Elevation successful
========== dir ==========
C:\Windows.old - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
-= EOF =-
-
Lets go here and do the same thing and delete those files
C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\Windows.old.000\Documents and Settings\richard\Desktop\uhhh\softonic-us-silent-2.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\regserve-setup.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\Saya_no_Uta___English.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\SoftonicDownloader_for_skype.exe
C:\Windows.old.000\Documents and Settings\richard\Downloads\vlcmediaplayer-setup.exe
C:\Windows.old.000\ProgramData\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws1.zip
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar
Let me know how it went .
Then run a new scan with ESET and post the log please
-
C:\_OTL\MovedFiles\05312012_134429\C_Program Files\Search Toolbar was the only file i could find and ESET turned up clean.
Things to note...C:\users\richard and C:\windows.old.000\documents and setting\richard are 100% identicle...i couldn't get into C:\windows.old.000\documents and settings\richard without using start search...the folder didn't exist going through computer-->local disk.
The exact same thing applied to C:\Windows.old.000\Users\All Users and C:\ProgramData...all files contained are identicle and i couldn't find C:\Windows.old.000\Users\All Users without using start search.
inside this C:\Windows.old\Users\All Users\Spybot - Search & Destroy\Recovery...WinAgentws1.zip was no longer there, but i did find a bunch of .zip files with names i recognized as malicious? There's about five in there but two examples are GameVancePlaySushi5.zip and WiIQfraud2.zip (there's multiple copies of all of them)...The GUI for spybot shows the recovery section as empty.
Here's ESET :D: I went to sleep when i started the scan so i wasn't able to get the regular looking log (as far as i know) hopefully this is the same thing.
--------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=edf20e162e4fdb4992401ab3118fe57f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 01:34:27
# local_time=2012-06-02 07:34:27 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 100 32636270 175245329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=269839
# found=0
# cleaned=0
# scan_time=6310
-
It looks like those folders may have been from a previous installation of windows. Did you buy this computer used ?
http://windows.microsoft.com/en-us/w...der?SignedIn=1
Lets go a bit further, plug these into System Look
:dir
C:\Windows.old
C:\Windows.old.000
-
This system was put together brand new by myself and a couple other highschool kids at the time :eek: so it's very possible we did something wierd.
SystemLook 30.07.11 by jpshortstuff
Log created at 16:36 on 02/06/2012 by richard
Administrator - Elevation successful
========== dir ==========
C:\Windows.old - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
C:\Windows.old.000 - Parameters: "(none)"
---Files---
autoexec.bat --a---- 24 bytes [10:23 02/11/2006] [21:43 18/09/2006]
config.sys --a---- 10 bytes [06:25 02/11/2006] [21:43 18/09/2006]
---Folders---
$Recycle.Bin d--hs-- [11:17 02/11/2006]
Documents and Settings d--hs-- [12:59 02/11/2006]
Program Files dr----- [11:18 02/11/2006]
ProgramData d--h--- [11:18 02/11/2006]
Users dr----- [11:18 02/11/2006]
Windows d------ [11:18 02/11/2006]
-= EOF =-