Found this site through a google search. I recently updated to DSL and before I could add a firewall router to my computer I detected a virus. Norton Anti Virus Corporate edition found it and quarantined but I cannot remove it. I delete the quarantined files and it reppears. A full computer scan by Norton in safe mode does not detect the virus.
I ran HijackThis and this is the result.
Any help appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:23:18 PM, on 1/8/2006
Platform: Windows 2000 SP4 (WinNT
5.00.2195)
MSIE: Internet Explorer v6.00 SP1
(6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive
Software\DiskeeperWorkstation\DKService.ex
e
C:\Program Files\EarthLink
TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.ex
e
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\WkUFind.exe
C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe
C:\Program
Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Common Files\Microsoft
Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Call
Manager\ICM.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\
E_S10IC2.EXE
C:\Program Files\Internet
Explorer\IEXPLORE.EXE
C:\Program Files\NavNT\vpc32.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/more/msie/but
ton/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.earthlink.net/partner/more/msie/but
ton/search.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.earthlink.net/partner/more/msie/but
ton/search.html
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://groups.yahoo.com/mygroups
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.earthlink.net/partner/more/msie/but
ton/search.html
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program
Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [vptray] C:\Program
Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper]
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.ex
e"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe
/AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update
Detection] C:\Program Files\Common
Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program
Files\EarthLink TotalAccess\TaskPanl.exe"
-winstart
O4 - Startup: Internet Call Manager.LNK =
C:\Program Files\Internet Call
Manager\ICM.EXE
O4 - Global Startup: Adobe Gamma
Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: ELSBLaunch.lnk =
C:\Program
Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: EPSON Status Monitor 3
Environment Check 2.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_
SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar
Reminders.lnk = C:\Program Files\Common
Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program
Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v
6/V5Controls/en/x86/client/muweb_site.cab?11
26079634051
O20 - Winlogon Notify: NavLogon -
C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec
Corporation - C:\Program
Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software
International, Inc. - C:\Program Files\Executive
Software\DiskeeperWorkstation\DKService.ex
e
O23 - Service: Logical Disk Manager
Administrative Service (dmadmin) - VERITAS
Software Corp. -
C:\WINNT\System32\dmadmin.exe
O23 - Service: EarthLink Monitor Service
(EarthLinkMonitor) - Boingo Wireless, Inc. -
C:\Program Files\EarthLink
TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EPSON Printer Status Agent2
(EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Client (Norton
AntiVirus Server) - Symantec Corporation -
C:\Program Files\NavNT\rtvscan.exe