Solved Newcomer to this great forum who is anxious to remove malwares

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\_OTL\MovedFiles\03062012_223138\C_Users\2nd_Window\AppData\Roaming\Babylon
  C:\Users\All Users\Babylon
  C:\Users\2nd_Window\AppData\Local\Babylon
  C:\ProgramData\Babylon
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

 

[megaboy1]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\_OTL\MovedFiles\03062012_223138\C_Users\2nd_Window\AppData\Roaming\Babylon folder moved successfully.
C:\Users\All Users\Babylon folder moved successfully.
C:\Users\2nd_Window\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\2nd_Window\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\2nd_Window\AppData\Local\Babylon folder moved successfully.
File\Folder C:\ProgramData\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 2nd_Window
->Temp folder emptied: 3279689 bytes
->Temporary Internet Files folder emptied: 476637 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 175887243 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13429157 bytes

Total Files Cleaned = 184.00 mb


[EMPTYJAVA]

User: 2nd_Window
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.2nd_Window-PC

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: 2nd_Window
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03072012_153443

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Broni]

Proceed with other final steps.

 

[megaboy1]

Thanks a lot.

I will need to do the cleanup process in the evening once I finish my work.

I have a question though..

I have another laptop with 2 OSs. (partitioned)

And this desktop computer you just cleaned has another OS (for emergency) (It has 3 physical hard drives)


Do I need to bug you like this thread for each 3 remaining OS system ?
Or can I just follow the same steps in this thread..

 

[Broni]

Yes, each OS should be checked separately.
You'll need start new topic for each one.

 

[megaboy1]

Here is the OTL log. (It froze in the first attempt so I force restarted. Hope that's fine)
Now I'm clean and in final stage.. I will let you know how computer is doing after I finish all the remaining instructions...

***********




All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: 2nd_Window
->Temp folder emptied: 165087 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7424950 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: 2nd_Window
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: 2nd_Window
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.2nd_Window-PC

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.35.1 log created on 03082012_230151

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

OK.........

 

[megaboy1]

First of all, my huge gratitude to you Broni..

I have a few questions..


1.
I made OTL restore point as instructed. But doesn't this point disappear as new restore points take over the old restore points automatically by Windows 7?




2.
On my C drive, there are 2 folders that look like this.
2e710cf6bf33e2e20b762102e6f1ac
And inside, there is one folder named 'update'
I can't go inside the folder. Says i need permission and I get declined on attempt.

Also, In AppData/Local there are many emty folders named something like {1CFA94E6-60EF-4BEC-9A19-2350ED074F31}

What are these? Can I just delete those files?




3.
I have been having problem that computer doesn't wake up properly from sleep ( power turns on but blank monitor and I need to force restart)
So, I changed power manage setting never to sleep, but hibernate after some time.
It has been working okay that way, but after cleaning up malwares (I doubt it's related --- I think it's just coincidental) It's doing it again.. It turns on with fan and light and so on but blank screen. Need to force restart...

Do you know why it's happening?

 

[Broni]

1. When new restore point is created it'll erase the oldest one but it still leaves restore points in between.
We want to have just one, the newest, fresh and clean one.

2. Leave those folders alone.

3. That would be a subject to a different forum.

Any other issues?

 

[megaboy1]

I don't see any weird thing happening so I think my computer is clean. Thanks a lot again !

But I still can't get a clear understanding for the restore point ..
as the OTL restore point will eventually disappear as new restore points are created.
What's the point keeping it? You said We want to have just one, the newest, fresh and clean one. But how can i have only one restore point? Each window update will create new restore points and eventually remove OTL restore point. right?

And the empty folders in AppData/Local are system folders? Can you let me know what they are for?

 

[Broni]

OK, we removed all old restore points and we create new clean one.
Surely Windows or you will create new restore points after that.
That's OK. We only had to remove old restore points as some of them could be infected.

What particular folders are you talking about?
Some folders even if empty may be needed by Windows.
Since empty folder doesn't take nay space leave them alone.

 

[megaboy1]

Understood about restore point. Thanks!


In C:/Users/MyName/AppData/Local
There are 29 folders named like {1CFA94E6-60EF-4BEC-9A19-2350ED074F31} with number variation..
They are all empty.

Yes if they are windows files. I won't want to touch them.. but I suspected they were created by some sort fo malware...

 

[Broni]

No. Leave them alone.

 

[megaboy1]

Thanks a lot Broni. You guys r great

 

[Broni]

You're very welcome