You're very welcome!Many thanks for your time.
OK that is fine and not a problem.I dont understand the question but if i may;
I did not sent up this program, i didnt touch anything; the only thing i did before i gave you the previous results (Rooter and RSIT) is I opened msconfig.exe and on Startup Selection I clicked normal startup
Next:
It looks like you have recently removed a Java installation, leaving the remnants behind can be used as a possible back-door for malware to infect a system. So I will be targeting all Java related entries for removal shortly.
Note: If you wish for instructions on how to download/install the latest version of Java correctly let myself know in your next reply.
Next:
Please re-run System Repair Engineer again as there is one more File Association - JS that still requires repairing.
Host File Reset:
We need to reset your Computers host file as follows:
- Open Notepad.
- Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
- Code: Select all
@Echo off pushd\windows\system32\drivers\etc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd del %0
- Go to File >> Save As
- Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
- Change Save as Type to All Files and save the file to your Desktop.
- It should look like this:
Now right click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.
Next:
Right click HiJackThis and select Run as Administrator to start the application. Then select the option Scan. Check the boxes next to all the entries listed below (if present):
O4 - Global Startup: AutorunsDisabled
Now click on Fix Checked. Close HiJackThis.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
- Please go here and download ERUNT.
- ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
- Right-click on erunt-setup.exe and select Run as Administrator to install ERUNT by following the prompts.
- Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
- Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
- Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
- Make sure that at least the first two check boxes are selected.
- Click on OK
- Then click on YES to create the folder.
Next:
Please download OTMoveIT3 to your Desktop.
- Right-click on OTMoveIt3.exe and select Run as Administrator to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
- Code: Select all
:Processes Explorer.exe :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] :Files C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job C:\Windows\tasks\Uniblue SpeedUpMyPC.job C:\Windows\tasks\Uniblue SpyEraser Nag.job C:\Windows\tasks\Uniblue SpyEraser.job C:\Program Files\AVG C:\Program Files\Java C:\ProgramData\SecTaskMan C:\Windows\sed.exe C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware C:\ProgramData\Kaspersky SDK :Commands [EmptyTemp] [Start Explorer] [Reboot]
- Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
- Then click the red MoveIt! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
- If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
- Close OTMoveIt3.
ESET Online Scanner:
Please go here to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
When completed the above, please post back the following:
- How is you computer performing now? Any problems encountered and or further symptoms?
- OTMoveIT3 Log.
- ESET Log.
- A new HijackThis Log. <-- Remember to right click on HiJackThis.exe and select Run as Administrator