Help - Search - Members - Calendar
Full Version: help again please!!!!! i used hijackthis
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
q-ster
Jul 28 2004, 08:49 PM
please help me again the problem r the same as before but there another

Glithing mouse

Right click problems

virus scan restart

and the new one is "out of range" when ever i go to a certain site or play a certain game, the screen will flash and say out of range. how can i fix it? crying.gif

these r the result of the hijackthis


Logfile of HijackThis v1.98.0
Scan saved at 5:01:49 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\3DMouse\3DMouse.EXE
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\PowerS.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rs movie 3.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NetMedia\Versato.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\NetMedia\OSD.EXE
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\lotus\organize\easyclip.exe
C:\WINDOWS\bootminder.exe
C:\Program Files\Emerald PopStop\ETIPopStop.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shopnbc.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [3DMouse] C:\PROGRA~1\3DMouse\3DMouse.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [rs movie 3] C:\WINDOWS\System32\rs movie 3.exe
O4 - Startup: Zip Up The Web Tray Icon.lnk = C:\Program Files\Insight Development\Zip Up The Web Pro\ZUTWTray.exe
O4 - Startup: Lotus SmartSuite 9.6 - English Registration.lnk = C:\Lotus\register\REMIND32.EXE
O4 - Startup: Sound Player.lnk = C:\MMACSE\SFSOUNDS\SP.EXE
O4 - Startup: Bootminder 2.lnk = C:\WINDOWS\bootminder.exe
O4 - Startup: Emerald PopStop.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NetMedia.lnk = C:\Program Files\NetMedia\Versato.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: TVSCHL.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus SuiteStart.lnk = C:\Lotus\smartctr\SUITEST.EXE
O4 - Global Startup: Lotus SmartCenter.lnk = C:\Lotus\smartctr\SMARTCTR.EXE
O4 - Global Startup: Lotus QuickStart.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.shopnbc.com
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
LoPhatPhuud
Jul 28 2004, 10:30 PM
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Check the following items in HijackThis.
O4 - HKCU\..\Run: [rs movie 3] C:\WINDOWS\System32\rs movie 3.exe


Close all windows except HijackThis and click Fix checked.

Reboot in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\System32\rs movie 3.exe


*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.


HiJackThis version 198.0 is now available.
If you do not already have it installed, download it from here:
http://209.133.47.12/~merijn/files/HijackThis.exe
http://downloads.net-integration.net/HijackThis.exe
http://www.computercops.biz/downloads-file-328.html

Then run HiJackThis again and post a new log in this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.