[habs]

Hi, I got hit with the ps gurd virus. Firefox still works well. There was also a virus on wininet.dll, but Norton deleted it. I get other error upon starting my computer. I'm afraid I may be infected with many things.

Heres my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:12:04 AM, on 8/21/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\INTELL32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM32\SVCNT32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SECRETMAKER\SECRETMAKER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...e.aspx?tb_id=61
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocvn.dll/errorAPI.htm#ID=PX8594;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...e.aspx?tb_id=61
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\SYSTEM\intell32.exe
O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: secretmaker.lnk = C:\Program Files\secretmaker\secretmaker.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\mpbtn.exe
O4 - Startup: Fix-It.lnk = C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.cab
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://216.176.203.2...m3/download.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 66.133.170.2,66.133.128.138
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll














Thanks!

[Advertisements]

OK, here's an update. I read many other posts relating to PS guard on this forum and I followed those instructions. I ran Spybot again, this time it removed 77 itemd including PS guard. I also ran SmitRem. Now the PS guard icons are gon, and the black background is gone. I only have 2 problems:

1) When I start my computer, I get a bunch of error messages.

2) Explorer won't work at all. Firefox works fine though.

Can I repair the damage done? Thanks a lot, everyone.

[habs]

OK, here's an update. I read many other posts relating to PS guard on this forum and I followed those instructions. I ran Spybot again, this time it removed 77 itemd including PS guard. I also ran SmitRem. Now the PS guard icons are gon, and the black background is gone. I only have 2 problems:

1) When I start my computer, I get a bunch of error messages.

2) Explorer won't work at all. Firefox works fine though.

Can I repair the damage done? Thanks a lot, everyone.