DOWNLOADS
Download
CWShredder and run it. Click Check for Update. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.
--------------------
Download the
ISTBar Removal Tool and run it.
---------------------
SAFE MODE
Reboot into Safe Mode following the instructions given earlier.
---------------------
FIXES WITH HIJACK THIS
Fix the following lines with HJT, making sure all other windows are closed:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B1E676-E53E-492C-A5C4-240B3368DF39}: NameServer = 85.255.116.125 85.255.112.109
O20 - Winlogon Notify: sertgs - sertgs.dll (file missing)
--------------------
FILE DELETIONS
Please locate and delete the following files/folders:
C:\Documents and Settings\John McKenzie\DoctorWeb\Quarantine\yaemu.exe
---------------------
DELETE COOKIES
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies.
----------------------
ONLINE SCAN
Reboot into Normal mode.
Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------
UPDATE JAVA
Updating Java and Clearing Cache- Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
- It will say "Java Plug-in" under the icon.
- If it is not visible, click on 'Switch to Classic View' in the left pane of the Control Panel or 'Other Control Panel Options'
- Please find the Update button or tab in the Java Control Panel. Update your Java then reboot.
- If you are unable to update you can manually update by going here:
- After the reboot, go back into the Control Panel and double-click the Java Icon.
- Under the Advanced Tab, click <Applet> tag support and select the browser(s) you are using.
- Under "Temporary Internet Files", click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Java Control Panel.
-------------------------
Post the
Kaspersky log and a
new HJT log
How is the system performing now?