0

Found this site through a google search. I recently updated to DSL and before I could add a firewall router to my computer I detected a virus. Norton Anti Virus Corporate edition found it and quarantined but I cannot remove it. I delete the quarantined files and it reppears. A full computer scan by Norton in safe mode does not detect the virus.

I ran HijackThis and this is the result.

Any help appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:23:18 PM, on 1/8/2006
Platform: Windows 2000 SP4 (WinNT

5.00.2195)
MSIE: Internet Explorer v6.00 SP1

(6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive

Software\DiskeeperWorkstation\DKService.ex

e
C:\Program Files\EarthLink

TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.ex

e
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
C:\Program Files\EarthLink

TotalAccess\TaskPanl.exe
C:\Program

Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Call

Manager\ICM.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\

E_S10IC2.EXE
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\NavNT\vpc32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://www.earthlink.net/partner/more/msie/but

ton/search.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://www.earthlink.net/partner/more/msie/but

ton/search.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://www.earthlink.net/partner/more/msie/but

ton/search.html
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://groups.yahoo.com/mygroups
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://www.earthlink.net/partner/more/msie/but

ton/search.html
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager]

mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program

Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\Program

Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper]

"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.ex

e"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio]

C:\Program Files\Microsoft Works\WksSb.exe

/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update

Detection] C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program

Files\EarthLink TotalAccess\TaskPanl.exe"

-winstart
O4 - Startup: Internet Call Manager.LNK =

C:\Program Files\Internet Call

Manager\ICM.EXE
O4 - Global Startup: Adobe Gamma

Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: ELSBLaunch.lnk =

C:\Program

Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: EPSON Status Monitor 3

Environment Check 2.lnk =

C:\WINNT\system32\spool\drivers\w32x86\3\E_

SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar

Reminders.lnk = C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program

Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v

6/V5Controls/en/x86/client/muweb_site.cab?11

26079634051
O20 - Winlogon Notify: NavLogon -

C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec

Corporation - C:\Program

Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software

International, Inc. - C:\Program Files\Executive

Software\DiskeeperWorkstation\DKService.ex

e
O23 - Service: Logical Disk Manager

Administrative Service (dmadmin) - VERITAS

Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: EarthLink Monitor Service

(EarthLinkMonitor) - Boingo Wireless, Inc. -

C:\Program Files\EarthLink

TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EPSON Printer Status Agent2

(EPSONStatusAgent2) - SEIKO EPSON

CORPORATION - C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Client (Norton

AntiVirus Server) - Symantec Corporation -

C:\Program Files\NavNT\rtvscan.exe

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by dlh6213
0

Hi sueshi9, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below.

When you get to the Cleanup thread, download Ewido.

Reboot into Safe Mode and do a complete system scan with Ewido, allowing it to fix whatever it finds. Note: you will be posting the log with your next reply.

Reboot normally, close any open brower windows, scan with HJT, and post a new log along with the Ewido log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.