Hi
Thank you for the kind words and you are welcome!Pity about the death of Phil Kelley. The world needs more like him (and all the other Spybot crew)- people giving their time and effort to help others. Thanks for taking on my problem.
Strange indeed, you could try the below site and or visit any reputable IT/Laptop Repair Centre in your locality.Re: your advice. I looked at the “Crucial” website. They did not have the Acer Aspire model SA XP-H MHD11927 listed, so it seems they do not cater for RAM expansion on that model. Perhaps it is not a common model outside of Australia?
http://www.pcworld.idg.com.au/
Even another 256 MB module of installed memory will improve performance overall.
O6 - This relates to the Administrative lock down of the Control Panel, it was either due to malware and or set inadvertently during the installation of Spybot. Either way it is deemed unnecessary in a home use environment.For my education, can you give me a brief and simple explanation for the HJT “fix” of;
06 HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
014 IERESET.INF.START_PAGE_URL=http://www.optusnet.com.au/
014 - This relates to Reset Web Settings hijack that basically means it is what Internet Explorer uses when you reset options back to their Windows default.
In the case of your mothers computer it was set by Optuszoo website and though not malware related it should not be there at all in my humble opinion overriding the IE default.
On a diff note I have noticed the Erunt is set to create a registry backup with every system reboot, did you set this purposely during the installation or not? As not really needed and creating a backup manually once per week should suffice.
Next:
Thank you for the overall situation update, it has proved to be quite useful to myself and with this in mind I think it prudent to run a deeper benign scan before proceeding with the malware removal process.
Scan with RSIT:
- Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
- Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following in the order asked for:
- How is you computer performing now, any further symptoms and or problems encountered?
- Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.