The Java is now showing correctly in the HijackThis log which confirms that we've fixed that registry key. The lack of the first reboot shouldn't matter. I wanted that to give me a trail if things didn't work out. Rebooting before running the batch was important because it shows me that the permissions didn't revert during a reboot. It looks as if we've done it.
-------------------------------------------------
We need to clear out the programmes we've been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
- Double click OTMoveIt.exe to launch the program.
- Click on the CleanUp! button.
- OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
- You will be prompted to the allow clean up procedure, click Yes
- When finished exit out of OTMoveIt
- Now delete OTMoveIt.exe
You also need to delete IceSword and runperm.bat.
-----------------------------------------------
Flush System RestoreNow that the computer is clean, we need to 'flush' your System Restore points and create a new clean one.
Turn
OFF System Restore.
- Click on Start
- Right-click My Computer
- Click Properties
- Click the System Restore tab
- Check Turn off System Restore
- Click Apply, and then click OK
Restart your computerTurn
ON System Restore.
- Click on Start
- Right-click My Computer
- Click Properties
- Click the System Restore tab
- Uncheck Turn off System Restore
- Click Apply, and then click OK
--------------------------------------
Have a look at this article,
How to prevent Malware by miekiemoes, which gives some very good advice.
Please let me know whether you have any questions.