Dave Crosby,
Hi and welcome to the Daniweb forums :).
===============
Please visit at least two of the following sites for an online virus scan:
BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.
Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
===============
Go to Add/Remove programs and remove(uninstall) the following, if present:
NewDotNet
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Or by going here and scrolling down to the uninstall tool.
===============
Next, Open a command prompt by:
1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).
-
Now, locate and 'stop' the following services, if present:
Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) owner ... (C:\WINDOWS\ipeq.exe)
Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. Once stopped, set this service to disabled.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WINDOWS\ipeq.exe
C:\WINDOWS\d3nl.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Still in HiJackThis, click "Scan", then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0EB0BE7B-802B-0123-9B74-BBEE0BE22BA0} - (no file)
O2 - BHO: (no name) - {25CA841E-EB13-07D7-601D-62DEFB3D8069} - (no file)
O2 - BHO: (no name) - {2E37AB57-4349-4B71-18CD-81A11F180ADC} - (no file)
O2 - BHO: Class - {55E87116-EB4C-8F69-397B-DEC458BCE908} - C:\WINDOWS\sysvs.dll (file missing)
O2 - BHO: (no name) - {65B3984D-4121-3764-A50F-F02FE08EE0A8} - (no file)
O2 - BHO: (no name) - {E708191C-1CB1-5BDB-F5CF-1CFEA86716B8} - (no file)
O4 - HKLM\..\Run: [d3nl.exe] C:\WINDOWS\d3nl.exe
O4 - Startup: Shortcut (2) to Microsoft Outlook.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10fabd4...ip/RdxIE601.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipeq.exe" /s (file missing)
O23 - Service: ohrvrognqjmk (6) - Unknown owner - C:\WINDOWS\System32\6.exe (file missing)
Now, with all windows closed (including Internet Explorer) except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINDOWS\ipeq.exe
C:\WINDOWS\d3nl.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in " Safe Mode ".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster . If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.
