54 replies to this topic

[eBayvictim]

I didn't have to open notepad....it produced this log upon rebooting (is it the correct log?) _______________________ All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry key HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Leonard Roe ->Temp folder emptied: 315862 bytes ->Temporary Internet Files folder emptied: 100847934 bytes ->Java cache emptied: 382273 bytes ->FireFox cache emptied: 36219662 bytes ->Google Chrome cache emptied: 11303870 bytes ->Flash cache emptied: 19634 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 499 bytes User: NetworkService ->Temp folder emptied: 5898 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Owner %systemdrive% .tmp files removed: 6597 bytes %systemroot% .tmp files removed: 20471 bytes %systemroot%\System32 .tmp files removed: 9455121 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5389 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 8876 bytes Total Files Cleaned = 151.00 mb OTM by OldTimer - Version 3.1.17.2 log created on 05032011_192824 Files moved on Reboot... Registry entries deleted on Reboot...

[Tomk]

Yeppers. Thats it.

Let's cleanup.

Time for some housekeeping

• Click START then RUN
• Now type Combofix /Uninstall in the runbox and click OK
• Note the space between the X and the U, it needs to be there.

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Cleanup

• Double click on OTM to run it.
• Click on CleanUp!
• When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.

You will probably have some files/ logs still on your desktop that we saved there throughout this process. You can go ahead and delete them.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

[eBayvictim]

I will follow your instructions right now....and then report back... As an ebay victim, I do have a paypal account, I'm not broke, but I am a little bent, but I'll still be making a donation You guys deserve more than I can give.....that's for sure Back as soon as I am done.....

[Tomk]

Donations are completely your call. They are not required nor are they expected. Mothers day is this weekend. Keep your priorities straight and don't put yourself in a bind.

[eBayvictim]

My mom gets her due hehe All that you instructed is completed and went fine. May I ask? ............. in your opinion, (and I understand it would be JUST an opinion), is there anything I'm running or using that I'd be better off without? like RUbotted, or maybe one of the browsers, etc etc? just curious for your observations. Thanks

Edited by eBayvictim, 03 May 2011 - 06:17 PM.

[Tomk]

eBayvictim,

I'm not a big fan of Trend Micro products in general. They aren't "bad". They're just resource hogs. I don't really know anything about RUbotted. In my never-to-be-humble opinion, you don't need it. Keep your MSSE up to date and supplement it with Malwarebytes'.. It won't run automatically so update it and run it once a week or so. From there... it is pretty much up to you to keep yourself safe by not browsing to questionable sites, not clicking on links in emails, stay away from file sharing sites.... the normal stuff.

Browsers are totally a personal choice. It's "fun" to try out different ones, but most people find they prefer one over the other for various reasons. I typically use FireFox, as much for a couple tools that I use in malware hunting that only run in FireFox, as for anything else. I tried Safari and didn't like it. I've heard good things about IE9, but I don't have any systems with anything newer than XP so I can't run it. Chrome has some good features, and a couple of the tools I use are being reworked to run on it. I'm not sure I can really say that any one browser is better than another.

[eBayvictim]

OK, great.... We're done, but one last question.... Maybe I'm losing my mind, but I could have sworn I saw a link for PayPal donations, and now I can't seem to find it. Please direct me to the proper link which will insure that I am sending to What the tech, and then shut this puppy down (as someone used to say on a photo-sharing site I frequent) haha....

[Tomk]

Donations. Ignore the "recommended download" ads. They are recommended by Google... not me or this site.

Thank you.

Good luck and be Well!

[eBayvictim]

done! and to you as well

[Tomk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.