joe505505: Problems with rightfinder.net... Spyware?? [Archive]

View Full Version : joe505505: Problems with rightfinder.net... Spyware??

joe505505

November 9th, 2003, 05:03 PM

Hello
sorry for my horrible englisch
I have a problem with rightfinder.net
I have run the HijackThis - program with the result you can read below
I have the program C:\WINDOWS\Addclass.exe.
I have not the program C:\WINDOWS\ScrSvr.exe

My questions:
Which lines should I mark with HijackThis, so that HijackThis can fix the checked lines or programs?
Should I delete the program Addclass.exe?
What does it mean that I don`t have the ScrSvr.exe program?
Should I delete another programs?

Thank you very much for your help
joe

Logfile of HijackThis v1.97.3
Scan saved at 22:38:33, on 09.11.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LPS] C:\Programme\LPS\LPS.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
O4 - Startup: Verknüpfung mit quickstart.exe.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB6049A-05EE-4363-BD0D-84057D19C7E8}: NameServer = 212.185.248.50 194.25.2.129

TonyKlein

November 9th, 2003, 05:09 PM

Welcome to the board. And your English is fine! :)

Check, and have Hijack This fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/

O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe

Now restart your computer, and delete the C:\WINDOWS\AddClass.exe file itself.

Good luck,

TonyKlein

November 9th, 2003, 05:11 PM

BTW, just out of curiosity, what exactly is that C:\Programme\LPS\LPS.exe file that's starting up as Windows starts?

Could you tell us what program it belongs to, please?

joe505505

November 9th, 2003, 06:13 PM

Hello,

thank you very much for your help.
It works.

I dont understand the letters "BTW" and the words "just out of curiosity" What does it mean?

The program LPS is a Local Port Scanner.
I was not able to find the LPS.exe on my computer.
The only thing I found was a log file, which you can see at the end.
I think I should delete the folder C:/Programme/LPS
and with the msconfig program I can delete the start of the LPS.exe program
Do you think it is ok
cu
joe

Log File:
09.09.2003 00:06:30: Started full TCP scanning on IP:XXX.0.0.1
09.09.2003 00:06:30: Scanning TCP - port 1 ...
09.09.2003 00:06:31: Scanning TCP - port 2 ...
09.09.2003 00:06:32: Scanning TCP - port 3 ...
09.09.2003 00:06:33: Scanning TCP - port 4 ...
09.09.2003 00:06:34: Scanning TCP - port 5 ...
09.09.2003 00:06:35: Scanning TCP - port 6 ...
09.09.2003 00:06:36: Scanning TCP - port 7 ...
09.09.2003 00:06:37: Scanning TCP - port 8 ...
09.09.2003 00:06:38: Scanning TCP - port 9 ...
09.09.2003 00:06:39: Scanning TCP - port 10 ...
09.09.2003 00:06:40: Scanning TCP - port 11 ...
09.09.2003 00:06:41: Scanning TCP - port 12 ...
09.09.2003 00:06:42: Scanning TCP - port 13 ...
09.09.2003 00:06:43: Scanning TCP - port 14 ...
09.09.2003 00:06:44: Scanning TCP - port 15 ...
09.09.2003 00:06:45: Scanning TCP - port 16 ...
09.09.2003 00:06:46: Scanning TCP - port 17 ...
09.09.2003 00:06:47: Scanning TCP - port 18 ...
09.09.2003 00:06:48: Scanning TCP - port 19 ...
09.09.2003 00:06:49: Scanning TCP - port 20 ...
09.09.2003 00:06:50: Scanning TCP - port 21 ...
09.09.2003 00:06:51: Scanning TCP - port 22 ...
09.09.2003 00:06:52: Scanning TCP - port 23 ...
09.09.2003 00:06:53: Scanning TCP - port 24 ...
09.09.2003 00:06:54: Scanning TCP - port 25 ...
09.09.2003 00:06:55: Scanning TCP - port 26 ...
09.09.2003 00:06:56: Scanning TCP - port 27 ...
09.09.2003 00:06:57: Scanning TCP - port 28 ...
09.09.2003 00:06:58: Scanning TCP - port 29 ...
09.09.2003 00:06:59: Scanning TCP - port 30 ...
09.09.2003 00:07:00: Scanning TCP - port 31 ...
09.09.2003 00:07:01: Scanning TCP - port 32 ...
09.09.2003 00:07:02: Scanning TCP - port 33 ...
09.09.2003 00:07:03: Scanning TCP - port 34 ...
09.09.2003 00:07:04: Scanning TCP - port 35 ...
09.09.2003 00:07:05: Scanning TCP - port 36 ...
09.09.2003 00:07:06: Scanning TCP - port 37 ...
09.09.2003 00:07:07: Scanning TCP - port 38 ...
09.09.2003 00:07:08: Scanning TCP - port 39 ...
09.09.2003 00:07:09: Scanning TCP - port 40 ...
09.09.2003 00:07:10: Scanning TCP - port 41 ...
09.09.2003 00:07:11: Scanning TCP - port 42 ...
09.09.2003 00:07:12: Scanning TCP - port 43 ...
09.09.2003 00:07:13: Scanning TCP - port 44 ...
09.09.2003 00:07:14: Scanning TCP - port 45 ...
09.09.2003 00:07:15: Scanning TCP - port 46 ...
09.09.2003 00:07:16: Scanning TCP - port 47 ...
09.09.2003 00:07:17: Scanning TCP - port 48 ...
09.09.2003 00:07:18: Scanning TCP - port 49 ...
09.09.2003 00:07:19: Scanning TCP - port 50 ...
09.09.2003 00:07:20: Scanning TCP - port 51 ...
09.09.2003 00:07:21: Scanning TCP - port 52 ...
09.09.2003 00:07:22: Scanning TCP - port 53 ...
09.09.2003 00:07:23: Scanning TCP - port 54 ...
09.09.2003 00:07:24: Scanning TCP - port 55 ...
09.09.2003 00:07:25: Scanning TCP - port 56 ...
09.09.2003 00:07:26: Scanning TCP - port 57 ...
09.09.2003 00:07:27: Scanning TCP - port 58 ...
09.09.2003 00:07:28: Scanning TCP - port 59 ...
09.09.2003 00:07:29: Scanning TCP - port 60 ...
09.09.2003 00:07:30: Scanning TCP - port 61 ...
09.09.2003 00:07:31: Scanning TCP - port 62 ...
09.09.2003 00:07:32: Scanning TCP - port 63 ...
09.09.2003 00:07:33: Scanning TCP - port 64 ...
09.09.2003 00:07:34: Scanning TCP - port 65 ...
09.09.2003 00:07:35: Scanning TCP - port 66 ...
09.09.2003 00:07:36: Scanning TCP - port 67 ...
09.09.2003 00:07:37: Scanning TCP - port 68 ...
09.09.2003 00:07:38: Scanning TCP - port 69 ...
09.09.2003 00:07:39: Scanning TCP - port 70 ...
09.09.2003 00:07:40: Scanning TCP - port 71 ...
09.09.2003 00:07:41: Scanning TCP - port 72 ...
09.09.2003 00:07:42: Scanning TCP - port 73 ...
09.09.2003 00:07:43: Scanning TCP - port 74 ...
09.09.2003 00:07:44: Scanning TCP - port 75 ...
09.09.2003 00:07:45: Scanning TCP - port 76 ...
09.09.2003 00:07:46: Scanning TCP - port 77 ...
09.09.2003 00:07:47: Scanning TCP - port 78 ...
09.09.2003 00:07:48: Scanning TCP - port 79 ...
09.09.2003 00:07:49: Scanning TCP - port 80 ...
09.09.2003 00:07:50: Scanning TCP - port 81 ...
09.09.2003 00:07:51: Scanning TCP - port 82 ...
09.09.2003 00:07:52: Scanning TCP - port 83 ...
09.09.2003 00:07:53: Scanning TCP - port 84 ...
09.09.2003 00:07:54: Scanning TCP - port 85 ...
09.09.2003 00:07:55: Scanning TCP - port 86 ...
09.09.2003 00:07:56: Scanning TCP - port 87 ...
09.09.2003 00:07:57: Scanning TCP - port 88 ...
09.09.2003 00:07:58: Scanning TCP - port 89 ...
09.09.2003 00:07:59: Scanning TCP - port 90 ...
09.09.2003 00:08:00: Scanning TCP - port 91 ...
09.09.2003 00:08:01: Scanning TCP - port 92 ...
09.09.2003 00:08:02: Scanning TCP - port 93 ...
09.09.2003 00:08:03: Scanning TCP - port 94 ...
09.09.2003 00:08:04: Scanning TCP - port 95 ...
09.09.2003 00:08:05: Scanning TCP - port 96 ...
09.09.2003 00:08:06: Scanning TCP - port 97 ...
09.09.2003 00:08:07: Scanning TCP - port 98 ...
09.09.2003 00:08:08: Scanning TCP - port 99 ...
09.09.2003 00:08:09: Scanning TCP - port 100 ...
09.09.2003 00:08:10: Scanning TCP - port 101 ...
09.09.2003 00:08:11: Scanning TCP - port 102 ...
09.09.2003 00:08:12: Scanning TCP - port 103 ...
09.09.2003 00:08:13: Scanning TCP - port 104 ...
09.09.2003 00:08:14: Scanning TCP - port 105 ...
09.09.2003 00:08:15: Scanning TCP - port 106 ...
09.09.2003 00:08:16: Scanning TCP - port 107 ...
09.09.2003 00:08:17: Scanning TCP - port 108 ...
09.09.2003 00:08:18: Scanning TCP - port 109 ...
09.09.2003 00:08:19: Scanning TCP - port 110 ...
09.09.2003 00:08:20: Scanning TCP - port 111 ...
09.09.2003 00:08:21: Scanning TCP - port 112 ...
09.09.2003 00:08:22: Scanning TCP - port 113 ...
09.09.2003 00:08:23: Scanning TCP - port 114 ...
09.09.2003 00:08:24: Scanning TCP - port 115 ...
09.09.2003 00:08:25: Scanning TCP - port 116 ...
09.09.2003 00:08:26: Scanning TCP - port 117 ...
09.09.2003 00:08:27: Scanning TCP - port 118 ...
09.09.2003 00:08:28: Scanning TCP - port 119 ...
09.09.2003 00:08:29: Scanning TCP - port 120 ...
09.09.2003 00:08:30: Scanning TCP - port 121 ...
09.09.2003 00:08:31: Scanning TCP - port 122 ...
09.09.2003 00:08:32: Scanning TCP - port 123 ...
09.09.2003 00:08:33: Scanning TCP - port 124 ...
09.09.2003 00:08:34: Scanning TCP - port 125 ...
09.09.2003 00:08:35: Scanning TCP - port 126 ...
09.09.2003 00:08:36: Scanning TCP - port 127 ...
09.09.2003 00:08:37: Scanning TCP - port 128 ...
09.09.2003 00:08:38: Scanning TCP - port 129 ...
09.09.2003 00:08:39: Scanning TCP - port 130 ...
09.09.2003 00:08:40: Scanning TCP - port 131 ...
09.09.2003 00:08:41: Scanning TCP - port 132 ...
09.09.2003 00:08:42: Scanning TCP - port 133 ...
09.09.2003 00:08:43: Scanning TCP - port 134 ...
09.09.2003 00:08:44: Scanning TCP - port 135 ...
09.09.2003 00:08:44: Warning! TCP port 135 open on IP: XXX.0.0.1
09.09.2003 00:08:44: Scanning TCP - port 136 ...
09.09.2003 00:08:45: Scanning TCP - port 137 ...
09.09.2003 00:08:46: Scanning TCP - port 138 ...
09.09.2003 00:08:47: Scanning TCP - port 139 ...
09.09.2003 00:08:48: Scanning TCP - port 140 ...
09.09.2003 00:08:49: Scanning TCP - port 141 ...
09.09.2003 00:08:50: Scanning TCP - port 142 ...
09.09.2003 00:08:51: Scanning TCP - port 143 ...
09.09.2003 00:08:52: Scanning TCP - port 144 ...
09.09.2003 00:08:53: Scanning TCP - port 145 ...
09.09.2003 00:08:54: Scanning TCP - port 146 ...
09.09.2003 00:08:55: Scanning TCP - port 147 ...
09.09.2003 00:08:56: Scanning TCP - port 148 ...
09.09.2003 00:08:57: Scanning TCP - port 149 ...
09.09.2003 00:08:58: Scanning TCP - port 150 ...
09.09.2003 00:08:59: Scanning TCP - port 151 ...
09.09.2003 00:09:00: Scanning TCP - port 152 ...
09.09.2003 00:09:01: Scanning TCP - port 153 ...
09.09.2003 00:09:02: Scanning TCP - port 154 ...
09.09.2003 00:09:03: Scanning TCP - port 155 ...
09.09.2003 00:09:04: Scanning TCP - port 156 ...
09.09.2003 00:09:05: Scanning TCP - port 157 ...
09.09.2003 00:09:06: Scanning TCP - port 158 ...
09.09.2003 00:09:07: Scanning TCP - port 159 ...
09.09.2003 00:09:08:

TonyKlein

November 9th, 2003, 06:30 PM

{QUOTE-> quoting: joe505505 link=board=21;threadid=15696;start=30#msg100167 date=1068419617]
Hello,

thank you very much for your help.
It works.

I dont understand the letters "BTW" and the words "just out of curiosity" What does it mean?

The program LPS is a Local Port Scanner.
I was not able to find the LPS.exe on my computer.
The only thing I found was a log file, which you can see at the end.
I think I should delete the folder C:/Programme/LPS
and with the msconfig program I can delete the start of the LPS.exe program
Do you think it is ok <-QUOTE}

BTW just means "By the way", and by "Out of curiosity" I meant that I didn't think there was anything wrong with that program, but I that I was just wondering what it was for.

And it's quite all right to use Msconfig to stop it from starting up! :)