Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Connected to net but cant not dl win updates connect to autolog and ma

Started by waynegr , Aug 21 2011 06:53 PM

  • This topic is locked This topic is locked

#31
waynegr
Posted 28 August 2011 - 05:30 PM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Aro is now uninstaled.

I did not have to right click the SystemLook.exe as it just poped up, and is also not on my desktop.


SystemLook 30.07.11 by jpshortstuff
Log created at 00:27 on 29/08/2011 by FLIPP
Administrator - Elevation successful

No Context: folderfind

No Context: ARO 2011

-= EOF =

Wayne

Edited by waynegr, 28 August 2011 - 05:32 PM.

  • 0

Advertisements

#32
waynegr
Posted 28 August 2011 - 06:26 PM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Bed time here, its 01.25, will check in first thing.

Wayne
  • 0

#33
Dakeyras
Posted 29 August 2011 - 07:55 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I did not have to right click the SystemLook.exe as it just poped up, and is also not on my desktop.

Some of the tools I ask you to run will actually auto run in a elevated admin mode but it is better to right click on and select run as admin etc I personally think.

Where did you save SystemLook to then? If say in the downlands folder please move it to the desktop. If in the event you cannot locate it merely download a new copy to the desktop:

Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select Run as Administrator to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
*ARO 2011*
*ARO2011*

:folderfind
*ARO 2011*
*ARO2011*

:Regfind
ARO 2011
ARO2011
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Now in the event the script above to be copied when pasted into SystemLook does not look like the above inside the codebox, delete it and click on the Compatibility View button once near the actual browser header(it is next to the refresh & stop buttons). Then copy it again, reason being sometimes this forums software hinders the correct copying of custom scripts.
  • 0

#34
waynegr
Posted 29 August 2011 - 11:31 AM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 18:27 on 29/08/2011 by FLIPP
Administrator - Elevation successful

No Context: filefind*ARO 2011**ARO2011*:folderfind*ARO 2011**ARO2011*:RegfindARO 2011ARO2011

-= EOF =-

Will check this forum for instructions from you all tonight, I am on UK time, and can chech for the next 8 hours.

Wayne
  • 0

#35
waynegr
Posted 29 August 2011 - 01:26 PM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Thought I best say, my anti virus is off, should I turn it on now ???

Wayne
  • 0

#36
Dakeyras
Posted 29 August 2011 - 05:07 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thought I best say, my anti virus is off, should I turn it on now ???

Aye do so...

Now with regard to SystemLook, copy the below script again in its entirety(do not copy the the word quote). IE from the colon : before filefind.

After cut n pasting the custom script run SystemLook per my prior instructions and post the new log in your next reply, thank you.

The SystemLook custom script to be copied:-

:filefind
*ARO 2011*
*ARO2011*

:folderfind
*ARO 2011*
*ARO2011*

:Regfind
ARO 2011
ARO2011


  • 0

#37
waynegr
Posted 29 August 2011 - 05:28 PM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
That worked better, sorry about that.

SystemLook 30.07.11 by jpshortstuff
Log created at 00:22 on 30/08/2011 by FLIPP
Administrator - Elevation successful

No Context: *ARO 2011*

No Context: *ARO2011*

========== folderfind ==========

Searching for "*ARO 2011* "
No folders found.

Searching for "*ARO2011* "
No folders found.

========== Regfind ==========

Searching for "ARO 2011 "
No data found.

Searching for "ARO2011"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"="Setup/Uninstall"

-= EOF =-

Wayne
  • 0

#38
Dakeyras
Posted 30 August 2011 - 06:08 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

That worked better, sorry about that.

No problem, however you did not quite copy the script in its entirety again. You missed out :filefind , hence the No Context: error in the log. We will rerun a small script again shortly.

Next:

Did you encounter any problems uninstalling ARO 2011?

Next:

A new SystemLook custom script to be copied and ran:-

:filefind
*ARO 2011*
*ARO2011*


  • 0

#39
waynegr
Posted 30 August 2011 - 06:34 AM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Aro seemed to have gone away fine.

I put exactly this in the box.
:filefind
*ARO 2011*
*ARO2011*

SystemLook 30.07.11 by jpshortstuff
Log created at 13:23 on 30/08/2011 by FLIPP
Administrator - Elevation successful

========== filefind ==========

Searching for "*ARO 2011* "
No files found.

Searching for "*ARO2011* "
No files found.

-= EOF =-

Will only be here for half an hour, then work, then back 18.00 UK time all night.

Wayne
  • 0

#40
waynegr
Posted 30 August 2011 - 07:23 AM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Have to go now, but thought I best say, tried to install windows up ups, not from the automatic dls that they give out, but went to the Micro site, it went good until the very end, then would not let me install. I expect you know this, but just thought it best to say.

Wayne
  • 0

Advertisements

#41
Dakeyras
Posted 30 August 2011 - 07:59 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Aro seemed to have gone away fine.

Good.

Will only be here for half an hour, then work, then back 18.00 UK time all night.

Not a problem.

Have to go now, but thought I best say, tried to install windows up ups, not from the automatic dls that they give out, but went to the Micro site, it went good until the very end, then would not let me install. I expect you know this, but just thought it best to say.

Best to leave trying to install any Windows Updates until the Malware Removal process is either complete and or close unless I advise otherwise. Then we can address this particular issue again if the need.

Now it appears there are only temp file/registry related entries left with regard to ARO2011, however giving the somewhat insidious nature of the application we will target all manually for removal too err on the side of caution as follows...

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Reg
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"="Setup/Uninstall"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp"=-
[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp"=-

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Download/Run ComboFix:

If ComboFix is still on your Desktop, delete it then empty the Recycle Bin. Then visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • ComboFix Log.

  • 0

#42
waynegr
Posted 30 August 2011 - 11:24 AM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-52RNI.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-GJ9RD.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-O33SN.tmp\ARO2011_bt.tmp not found.
Registry value HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\FLIPP\AppData\Local\Temp\is-A982A.tmp\ARO2011_bt.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FLIPP
->Temp folder emptied: 1774099 bytes
->Temporary Internet Files folder emptied: 24914838 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1054 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 454374 bytes

Total Files Cleaned = 26.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.5 log created on 08302011_173919

Files\Folders moved on Reboot...
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7B30.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7B3C.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7BF3.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7C16.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7CAC.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7CD5.tmp not found!
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJK3LY38\login_status[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H8P0JER9\tweet_button[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1OKKXAUQ\fastbutton[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1OKKXAUQ\like[5].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1OKKXAUQ\page__st__30[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...




Clicked on the link for combofix, it’s a bleeping computer . com, it’s says How to use ComboFix, tired of pc errors, scan and fix up to a 100 errors free, sponsered add by suport . com, but to the immediate right is AROtm 2011, that and the to click download, and fix up to a 100 errors free, all seem to clickable, meaning if I go from left, where the download is, right the way over to ARO, it seems click one part and all are download.

Here is the page I get to.

http://www.bleepingc...to-use-combofix

Thought I best say this, as we were trying to get rid of ARO. So should I still DL, combofix and give you the results ???

Wayne
  • 0

#43
Dakeyras
Posted 30 August 2011 - 01:08 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Clicked on the link for combofix, it’s a bleeping computer . com, it’s says How to use ComboFix, tired of pc errors, scan and fix up to a 100 errors free, sponsered add by suport . com, but to the immediate right is AROtm 2011, that and the to click download, and fix up to a 100 errors free, all seem to clickable, meaning if I go from left, where the download is, right the way over to ARO, it seems click one part and all are download.

Ah I see what is going on, ignore the adverts for anything/do not click on them. I do not see them myself because I am using a custom Host-File and you will because you merely have the default at present...When I give the all clear I will provide advice about custom Host-Files etc.

Thought I best say this, as we were trying to get rid of ARO. So should I still DL, combofix and give you the results ???

You did fine, as when in doubt about anything always check with myself first. So ignore all the adverts and merely download and run ComboFix OK.
  • 0

#44
waynegr
Posted 30 August 2011 - 02:09 PM

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
When I click download, it takes me to another page, then at the bottom of my screen, my computer asks me if I want to run or save the file ARO2011_bt exe 5.61mb from sammsift.com.

Is this want you want me to download ??? Thought best ask again, as thought we were downloading combofix, or is this combofix.

Should I download this please, sorry about all this.

Wayne

Edited by waynegr, 30 August 2011 - 02:10 PM.

  • 0

#45
Dakeyras
Posted 30 August 2011 - 02:25 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

When I click download, it takes me to another page, then at the bottom of my screen, my computer asks me if I want to run or save the file ARO2011_bt exe 5.61mb from sammsift.com.

OK this is not good at all, are you using a Router?

Is this want you want me to download ??? Thought best ask again, as thought we were downloading combofix, or is this combofix.

Should I download this please, sorry about all this.

No need to apologise, it is supposed to be ComboFix and something is just not quite right here so lets see if I can pinpoint what exactly. Answer my Router query please and run the custom OTL scan below and we will go from there.

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Copy the text in the quote box below(do not copy the word quote) and paste it into the Custom Scans/Fixes box:

netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
activex
drivers32
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my Router query.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP