I cleaned a lot of this problem (or so it seems) using the tools outlined in the prerequisite steps. So far, I seem to have gotten my desktop and homepage back, but a few nasty things still remain according to both Hijack This and Ewido security. Plus, I have some strange Bloodhound Virus that keeps causing my Norton to pop-up without actually fixing it.
Here is my Hijack this log, an exact copy of what appears in my Norton pop up regarding Bloodhound, and my Ewido Scan report. Thank you very much to whomever is reading this for helping all us ignorant PC users - we need it.
*******************************************
Logfile of HijackThis v1.99.1
Scan saved at 7:24:43 PM, on 21/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\AOL 8.0\aol.exe
C:\Program Files\AOL 8.0\waol.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\system32\hp6F53.tmp (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [THGuard] "C:\Documents and Settings\HEWWO\Desktop\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\HEWWO\Desktop\Fix my Computer\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
***************************************************************************************
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.W32.EP
File: C:\WINNT\system32\wininet.dll
Location: C:\WINNT\system32
Computer: HEWWOPC
User: HEWWO
Action taken: Clean failed : Quarantine failed : Access denied
***************************************************************************************
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:44:19 PM, 18/10/2005
+ Report-Checksum: 47184FF7
+ Scan result:
HKLM\SOFTWARE\ShudderLTD -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Spyware.PSGuard : Cleaned with backup
[1052] C:\WINNT\system32\msole32.exe -> Not-A-Virus.Hoax.Renos.q : Cleaned with backup
[1172] C:\WINNT\system32\intmon.exe -> Trojan.Puper.bh : Cleaned with backup
[1552] C:\WINNT\system32\hp6F53.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\Documents and Settings\HEWWO\Cookies\hewwo@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HEWWO\Cookies\hewwo@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\ghgldpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\heehlomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\lipfgmmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\HEWWO\Local Settings\Temp\pebflomd.exe -> Dialer.Generic : Cleaned with backup
C:\WINNT\popuper.exe -> Trojan.Puper.bi : Cleaned with backup
C:\WINNT\sites.ini -> Spyware.PSGuard : Cleaned with backup
C:\WINNT\system32\hp2638.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp2690.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp2BF6.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp4BD4.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp4FBE.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp5332.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp542D.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp59BB.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp5B41.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hp6F53.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\hpB2BA.tmp -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\intmon.exe -> Trojan.Puper.bh : Cleaned with backup
C:\WINNT\system32\msole32.exe -> Not-A-Virus.Hoax.Renos.q : Cleaned with backup
C:\WINNT\system32\shnlog.exe -> Trojan.Puper.bh : Cleaned with backup
::Report End