Wilders Security Forums  

Go Back   Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning
Reload this Page valerio's problems with rightfinder.net... Spyware??
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware Cleaning Section Closed!!
Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services.
 
 
Thread Tools Search this Thread
  #1  
Old November 8th, 2003, 06:09 PM
valerio valerio is offline
Infrequent Poster
  
Join Date: Nov 2003
Posts: 3
Default valerio's problems with rightfinder.net... Spyware??
Hi tony,

I also had the "rightfinder problem", slow browser and some pages not even accesible.
I had installed and run Ad Aware 6, which helped a bit, but didn,t solve completely the problem.
Finally I read and follwed your instructions to the other "infected" users and now everything seems to work all right.
Just as a final check, seen your kindness, I attach the log of the last scan, the one I have done after cleaning.

Thank you very much indeed.
  #2  
Old November 8th, 2003, 06:11 PM
TonyKlein's Avatar
TonyKlein TonyKlein is online now
Security Expert
  
Join Date: Feb 2002
Location: The Netherlands
Posts: 3,947
Default Re:Problems with rightfinder.net... Spyware??
Hi Valerio.

No log, I'm afraid.

I suggest you don't attach it, but simply do a copy and paste of its contents.
__________________
Tony < > CLSID List - A Collection of Autostart Locations
  #3  
Old November 8th, 2003, 06:18 PM
valerio valerio is offline
Infrequent Poster
  
Join Date: Nov 2003
Posts: 3
Default Re:Problems with rightfinder.net... Spyware??
All right, here is the log file in text form:

Logfile of HijackThis v1.97.3
Scan saved at 23:56:54, on 08/11/03
Platform: Windows 98 Gold (Win9x 4.10.199
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FSMA32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FSMB32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FCH32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FNRB32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FAMEH32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\ANTI-VIRUS\FSGK32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FIH32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\COMMON\FSM32.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\ANTI-VIRUS\FSSM32.EXE
C:\WINDOWS\STARTER.EXE
C:\ARCHIVOS DE PROGRAMA\MATROX MGA POWERDESK\MGACTRL.EXE
C:\ARCHIVOS DE PROGRAMA\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\ARCHIVOS DE PROGRAMA\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
C:\ARCHIVOS DE PROGRAMA\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE
C:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elpais.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vnunet.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.123mania.com/ie.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por vnunet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: SrchHook Class - {582788CA-7014-4904-A4EE-6FB6108AFE8E} - C:\WINDOWS\SYSTEM\MSAPASRC.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Archivos de programa\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Matrox Control Center] C:\Archivos de programa\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Archivos de programa\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Archivos de programa\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [ScrSvr] C:\WINDOWS\ScrSvr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CXMon] "C:\Archivos de programa\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [fsaa] C:\Archivos de programa\F-Secure\Common\fsaa.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Archivos de programa\F-Secure\Common\FSMA32.EXE
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Archivos de programa\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\ADDCLASS.EXE
O4 - HKCU\..\RunServices: [Matrox QuickDesk] C:\Archivos de programa\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\RunServices: [AddClass] C:\WINDOWS\ADDCLASS.EXE
O4 - Global Startup: F-Secure BackWeb.lnk = C:\Archivos de programa\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe
O9 - Extra button: ActualizaMessenger (HKCU)
O9 - Extra 'Tools' menuitem: ActualizaMessenger (HKCU)
O12 - Plugin for .mov: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vnunet.es
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0000000C-0000-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {582788CA-7014-4904-A4EE-6FB6108AFE8E} (SrchHook Class) - http://www.123mania.com/asrcware.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D879A0F1-2B3B-4409-8879-FAD6E49E1EA9} - http://www.123mania.com/softhtml.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1064051746570
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = hetnet.nl

And thanks again.
  #4  
Old November 8th, 2003, 06:34 PM
TonyKlein's Avatar
TonyKlein TonyKlein is online now
Security Expert
  
Join Date: Feb 2002
Location: The Netherlands
Posts: 3,947
Default Re:Problems with rightfinder.net... Spyware??
You want to have Hijack This fix these:

R3 - URLSearchHook: SrchHook Class - {582788CA-7014-4904-A4EE-6FB6108AFE8E} - C:\WINDOWS\SYSTEM\MSAPASRC.DLL

O4 - HKLM\..\Run: [ScrSvr] C:\WINDOWS\ScrSvr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\ADDCLASS.EXE
O4 - HKCU\..\RunServices: [AddClass] C:\WINDOWS\ADDCLASS.EXE
O4 - Global Startup: F-Secure BackWeb.lnk = C:\Archivos de programa\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe

Now restart your computer, and delete the following files, if you still happen to have them:

C:\WINDOWS\ScrSvr.exe
C:\WINDOWS\Addclass.exe

Good luck,

__________________
Tony < > CLSID List - A Collection of Autostart Locations
  #5  
Old November 12th, 2003, 02:23 PM
valerio valerio is offline
Infrequent Poster
  
Join Date: Nov 2003
Posts: 3
Default Re:valerio's problems with rightfinder.net... Spyware??
It's done, and everything seems to work all right, so that we can close this problem
  #6  
Old November 12th, 2003, 04:59 PM
TonyKlein's Avatar
TonyKlein TonyKlein is online now
Security Expert
  
Join Date: Feb 2002
Location: The Netherlands
Posts: 3,947
Default Re:valerio's problems with rightfinder.net... Spyware??
Excellent!
__________________
Tony < > CLSID List - A Collection of Autostart Locations
 

Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:11 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums