Unattend0000000001 and C:\Windows\test.bat SPYWARE or ROOTKIT?

joecrash · 26 Mar 2011

I wanted to speed up the boot time of my PC, which was starting to become pretty sluggish.
So, I went to msconfig, and unchecked the following items:
Item: Manufacturer Command:
Unattend0000000001 Unknown c:\Windows\test.bat
Google Update Google
memeo dashboard Unknown
MobileMe Apple
Adobe Reader and Acrobat Manager Adobe Systems Inc.
Adobe Acrobat " "
BestBuy pc App Unknown
Java Auto Update Java
HP Digital Imaging Monitor Unknown

Then I got the message that I needed to restart - I did. I went back to confirm they weren't in the startup, but, all the changes I'd made did not keep - everything was checked again.
I was going to send c:\Windows\test.bat, but, I couldn't find the file in that spot - I couldn't find it at all even searching c:\

So, my question is, are those programs in the title malware/spyware/virus or worms, etc???

Maguscreed · 26 Mar 2011

You may want to give this a run
Welcome | The PC Decrapifier

Sounds like you have OEM installed garbage that you aren't using that was put on there by the people that sold you the computer.
That app isn't the greatest with 64 bit, but it should still help get rid of the extra garbage you apparently aren't using.

johnnya · 26 Mar 2011

Hi Joe. When you made the changes with Msconfig/Startup, did you hit the APPLY BUTTON before exiting.
If not the changes you thought you made would not take place.
Cheers
JohnnyA

essenbe · 26 Mar 2011

As maguscreed said, some of them are probably OEM programs. Adobe reader is a program that enables you to read PDF forms. Memo Dashboard is from a Memo backup program. If you have a Seagate external hard drive it comes pre-installed on them. It usually runs while your computer runs to keep up with the changes you make so it knows what changes it needs to make the next time you run a backup. If you don't use it, you should be able to uninstall it in control pannel. The Bust Buy and Google programs are probably from some program you have on your computer like a google tool bar or something similar.

joecrash · 26 Mar 2011

I don't think I described my problem well enough, as your answers are not pertaining to what I want to know.
I know what Adobe is and does, as well as every other program I listed with the exception of:
Unknown00000001 ; command= c:\Windows\test.bat

I've had this machine for 3 months now and am well aquainted with all OS's including Linux (although I've only used Win 7 for 3 months, I have years experience using all the previous Windows OS's and Linux and Unix and BSD)

My real question is: Is "Unknown000000001" and "c:\windows\test.bat a system file or anything I actually need? Is it an executable, a service or a process (obviously none of those it is a batch file)?" - WHY IS IT LISTED HERE AND WHY CAN'T I FIND IT When I GO TO C:\WINDOWS ???" Is this an indication of malware or a virus or is it something I can ignore? I recently had to use ESET's online scanner when a win32 reg hijacker got past Norton and CounterSpy and Malwarebytes (It disabled all the above and corrupted the av signatures) - could this be part of the infection I just had and it has eluded my security programs?

In my experience when programs start showing up that I didn't install, and my boot times double, triple or quadruple, it is an indication that something is amiss - as is Windows reporting that various files are in the startup app but can't be found - I've run progs similar to Decrapafier and Norton's reg cleaner, so this should not be left over from when I purchased it - The BestBuy pc app indeed came w/ the system and was probably the 1st thing I unintalled - why and how in the blazes is it still in the startup group and why haven't my various reg/junk file cleaners taken care of it by now? I have RevoUninstaller for progs that don't include there own, so it shouldn't have pieces left over.
Is there anyplace on this forum I can submit a HijackThis scan log file for someone to look at with fresh eyes and see something I am not?

Thank you for your help, I hope this clarifies things a bit.

allend66 · 26 Mar 2011

If you can't find it in the system directory, check to see you have "show hidden files and folders" & "show protected operating system files" checked in folder options --> view.

A bat file can be investigated - right click edit (opens in notepad) without running possible dangerous code. You shloud be able to see some indication as to what it is or where it came from.

If you don't reecognise them (and don't trust them), you could zip or rar them in place, delete the uncompressed file/folder and test your system. If every program works fine you could delete the zips/rars. If however you have a program, something legit stops working, just unzip/unrar and you should be ok.

Install Malware Bytes antimalware - it's highly regarded by those that know. Make sure you update signatures before running the full scan.

hangdawg · 26 Mar 2011

you can up load files to virus total VirusTotal - Free Online Virus, Malware and URL Scanner

Jacee · 26 Mar 2011

Ley's see if RSIT can find the super hidden location:

Download random's system information RSIT
http://images.malwareremoval.com/random/RSIT.exe
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Layback Bear · 26 Mar 2011

When Googling your problem I found in many cases it is a virus/malware/spyware.
I would suggest running Malwarebytes Anti Malware and Super Anti Spyware. Make sure you update them before using.

Maguscreed · 26 Mar 2011

.bat is just a batch file, it's really nothing more than a desktop shortcut.

I'm not quite certain why you are so concerned about it.
You should be able to open it with notepad and see the contents as they'll just be in text format.

Unattend0000000001 and C:\Windows\test.bat SPYWARE or ROOTKIT?

Unattend0000000001 and C:\Windows\test.bat SPYWARE or ROOTKIT?

I don't think you understand what I am asking, let me clarify.