joe505505: Problems with rightfinder.net... Spyware??

Discussion in 'adware, spyware & hijack cleaning' started by joe505505, Nov 9, 2003.

Thread Status:
Not open for further replies.
  1. joe505505

    joe505505 Registered Member

    Joined:
    Nov 9, 2003
    Posts:
    2
    Hello
    sorry for my horrible englisch
    I have a problem with rightfinder.net
    I have run the HijackThis - program with the result you can read below
    I have the program C:\WINDOWS\Addclass.exe.
    I have not the program C:\WINDOWS\ScrSvr.exe

    My questions:
    Which lines should I mark with HijackThis, so that HijackThis can fix the checked lines or programs?
    Should I delete the program Addclass.exe?
    What does it mean that I don`t have the ScrSvr.exe program?
    Should I delete another programs?

    Thank you very much for your help
    joe


    Logfile of HijackThis v1.97.3
    Scan saved at 22:38:33, on 09.11.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LPS] C:\Programme\LPS\LPS.exe
    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
    O4 - Startup: Verknüpfung mit quickstart.exe.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
    O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
    O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB6049A-05EE-4363-BD0D-84057D19C7E8}: NameServer = 212.185.248.50 194.25.2.129
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    Welcome to the board. And your English is fine! :)

    Check, and have Hijack This fix the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/

    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe


    Now restart your computer, and delete the C:\WINDOWS\AddClass.exe file itself.


    Good luck,
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    BTW, just out of curiosity, what exactly is that C:\Programme\LPS\LPS.exe file that's starting up as Windows starts?

    Could you tell us what program it belongs to, please?
     
  4. joe505505

    joe505505 Registered Member

    Joined:
    Nov 9, 2003
    Posts:
    2
    Re:problems with rightfinder.net... Spyware??

    Hello,

    thank you very much for your help.
    It works.

    I dont understand the letters "BTW" and the words "just out of curiosity" What does it mean?

    The program LPS is a Local Port Scanner.
    I was not able to find the LPS.exe on my computer.
    The only thing I found was a log file, which you can see at the end.
    I think I should delete the folder C:/Programme/LPS
    and with the msconfig program I can delete the start of the LPS.exe program
    Do you think it is ok
    cu
    joe

    Log File:
    09.09.2003 00:06:30: Started full TCP scanning on IP:XXX.0.0.1
    09.09.2003 00:06:30: Scanning TCP - port 1 ...
    09.09.2003 00:06:31: Scanning TCP - port 2 ...
    09.09.2003 00:06:32: Scanning TCP - port 3 ...
    09.09.2003 00:06:33: Scanning TCP - port 4 ...
    09.09.2003 00:06:34: Scanning TCP - port 5 ...
    09.09.2003 00:06:35: Scanning TCP - port 6 ...
    09.09.2003 00:06:36: Scanning TCP - port 7 ...
    09.09.2003 00:06:37: Scanning TCP - port 8 ...
    09.09.2003 00:06:38: Scanning TCP - port 9 ...
    09.09.2003 00:06:39: Scanning TCP - port 10 ...
    09.09.2003 00:06:40: Scanning TCP - port 11 ...
    09.09.2003 00:06:41: Scanning TCP - port 12 ...
    09.09.2003 00:06:42: Scanning TCP - port 13 ...
    09.09.2003 00:06:43: Scanning TCP - port 14 ...
    09.09.2003 00:06:44: Scanning TCP - port 15 ...
    09.09.2003 00:06:45: Scanning TCP - port 16 ...
    09.09.2003 00:06:46: Scanning TCP - port 17 ...
    09.09.2003 00:06:47: Scanning TCP - port 18 ...
    09.09.2003 00:06:48: Scanning TCP - port 19 ...
    09.09.2003 00:06:49: Scanning TCP - port 20 ...
    09.09.2003 00:06:50: Scanning TCP - port 21 ...
    09.09.2003 00:06:51: Scanning TCP - port 22 ...
    09.09.2003 00:06:52: Scanning TCP - port 23 ...
    09.09.2003 00:06:53: Scanning TCP - port 24 ...
    09.09.2003 00:06:54: Scanning TCP - port 25 ...
    09.09.2003 00:06:55: Scanning TCP - port 26 ...
    09.09.2003 00:06:56: Scanning TCP - port 27 ...
    09.09.2003 00:06:57: Scanning TCP - port 28 ...
    09.09.2003 00:06:58: Scanning TCP - port 29 ...
    09.09.2003 00:06:59: Scanning TCP - port 30 ...
    09.09.2003 00:07:00: Scanning TCP - port 31 ...
    09.09.2003 00:07:01: Scanning TCP - port 32 ...
    09.09.2003 00:07:02: Scanning TCP - port 33 ...
    09.09.2003 00:07:03: Scanning TCP - port 34 ...
    09.09.2003 00:07:04: Scanning TCP - port 35 ...
    09.09.2003 00:07:05: Scanning TCP - port 36 ...
    09.09.2003 00:07:06: Scanning TCP - port 37 ...
    09.09.2003 00:07:07: Scanning TCP - port 38 ...
    09.09.2003 00:07:08: Scanning TCP - port 39 ...
    09.09.2003 00:07:09: Scanning TCP - port 40 ...
    09.09.2003 00:07:10: Scanning TCP - port 41 ...
    09.09.2003 00:07:11: Scanning TCP - port 42 ...
    09.09.2003 00:07:12: Scanning TCP - port 43 ...
    09.09.2003 00:07:13: Scanning TCP - port 44 ...
    09.09.2003 00:07:14: Scanning TCP - port 45 ...
    09.09.2003 00:07:15: Scanning TCP - port 46 ...
    09.09.2003 00:07:16: Scanning TCP - port 47 ...
    09.09.2003 00:07:17: Scanning TCP - port 48 ...
    09.09.2003 00:07:18: Scanning TCP - port 49 ...
    09.09.2003 00:07:19: Scanning TCP - port 50 ...
    09.09.2003 00:07:20: Scanning TCP - port 51 ...
    09.09.2003 00:07:21: Scanning TCP - port 52 ...
    09.09.2003 00:07:22: Scanning TCP - port 53 ...
    09.09.2003 00:07:23: Scanning TCP - port 54 ...
    09.09.2003 00:07:24: Scanning TCP - port 55 ...
    09.09.2003 00:07:25: Scanning TCP - port 56 ...
    09.09.2003 00:07:26: Scanning TCP - port 57 ...
    09.09.2003 00:07:27: Scanning TCP - port 58 ...
    09.09.2003 00:07:28: Scanning TCP - port 59 ...
    09.09.2003 00:07:29: Scanning TCP - port 60 ...
    09.09.2003 00:07:30: Scanning TCP - port 61 ...
    09.09.2003 00:07:31: Scanning TCP - port 62 ...
    09.09.2003 00:07:32: Scanning TCP - port 63 ...
    09.09.2003 00:07:33: Scanning TCP - port 64 ...
    09.09.2003 00:07:34: Scanning TCP - port 65 ...
    09.09.2003 00:07:35: Scanning TCP - port 66 ...
    09.09.2003 00:07:36: Scanning TCP - port 67 ...
    09.09.2003 00:07:37: Scanning TCP - port 68 ...
    09.09.2003 00:07:38: Scanning TCP - port 69 ...
    09.09.2003 00:07:39: Scanning TCP - port 70 ...
    09.09.2003 00:07:40: Scanning TCP - port 71 ...
    09.09.2003 00:07:41: Scanning TCP - port 72 ...
    09.09.2003 00:07:42: Scanning TCP - port 73 ...
    09.09.2003 00:07:43: Scanning TCP - port 74 ...
    09.09.2003 00:07:44: Scanning TCP - port 75 ...
    09.09.2003 00:07:45: Scanning TCP - port 76 ...
    09.09.2003 00:07:46: Scanning TCP - port 77 ...
    09.09.2003 00:07:47: Scanning TCP - port 78 ...
    09.09.2003 00:07:48: Scanning TCP - port 79 ...
    09.09.2003 00:07:49: Scanning TCP - port 80 ...
    09.09.2003 00:07:50: Scanning TCP - port 81 ...
    09.09.2003 00:07:51: Scanning TCP - port 82 ...
    09.09.2003 00:07:52: Scanning TCP - port 83 ...
    09.09.2003 00:07:53: Scanning TCP - port 84 ...
    09.09.2003 00:07:54: Scanning TCP - port 85 ...
    09.09.2003 00:07:55: Scanning TCP - port 86 ...
    09.09.2003 00:07:56: Scanning TCP - port 87 ...
    09.09.2003 00:07:57: Scanning TCP - port 88 ...
    09.09.2003 00:07:58: Scanning TCP - port 89 ...
    09.09.2003 00:07:59: Scanning TCP - port 90 ...
    09.09.2003 00:08:00: Scanning TCP - port 91 ...
    09.09.2003 00:08:01: Scanning TCP - port 92 ...
    09.09.2003 00:08:02: Scanning TCP - port 93 ...
    09.09.2003 00:08:03: Scanning TCP - port 94 ...
    09.09.2003 00:08:04: Scanning TCP - port 95 ...
    09.09.2003 00:08:05: Scanning TCP - port 96 ...
    09.09.2003 00:08:06: Scanning TCP - port 97 ...
    09.09.2003 00:08:07: Scanning TCP - port 98 ...
    09.09.2003 00:08:08: Scanning TCP - port 99 ...
    09.09.2003 00:08:09: Scanning TCP - port 100 ...
    09.09.2003 00:08:10: Scanning TCP - port 101 ...
    09.09.2003 00:08:11: Scanning TCP - port 102 ...
    09.09.2003 00:08:12: Scanning TCP - port 103 ...
    09.09.2003 00:08:13: Scanning TCP - port 104 ...
    09.09.2003 00:08:14: Scanning TCP - port 105 ...
    09.09.2003 00:08:15: Scanning TCP - port 106 ...
    09.09.2003 00:08:16: Scanning TCP - port 107 ...
    09.09.2003 00:08:17: Scanning TCP - port 108 ...
    09.09.2003 00:08:18: Scanning TCP - port 109 ...
    09.09.2003 00:08:19: Scanning TCP - port 110 ...
    09.09.2003 00:08:20: Scanning TCP - port 111 ...
    09.09.2003 00:08:21: Scanning TCP - port 112 ...
    09.09.2003 00:08:22: Scanning TCP - port 113 ...
    09.09.2003 00:08:23: Scanning TCP - port 114 ...
    09.09.2003 00:08:24: Scanning TCP - port 115 ...
    09.09.2003 00:08:25: Scanning TCP - port 116 ...
    09.09.2003 00:08:26: Scanning TCP - port 117 ...
    09.09.2003 00:08:27: Scanning TCP - port 118 ...
    09.09.2003 00:08:28: Scanning TCP - port 119 ...
    09.09.2003 00:08:29: Scanning TCP - port 120 ...
    09.09.2003 00:08:30: Scanning TCP - port 121 ...
    09.09.2003 00:08:31: Scanning TCP - port 122 ...
    09.09.2003 00:08:32: Scanning TCP - port 123 ...
    09.09.2003 00:08:33: Scanning TCP - port 124 ...
    09.09.2003 00:08:34: Scanning TCP - port 125 ...
    09.09.2003 00:08:35: Scanning TCP - port 126 ...
    09.09.2003 00:08:36: Scanning TCP - port 127 ...
    09.09.2003 00:08:37: Scanning TCP - port 128 ...
    09.09.2003 00:08:38: Scanning TCP - port 129 ...
    09.09.2003 00:08:39: Scanning TCP - port 130 ...
    09.09.2003 00:08:40: Scanning TCP - port 131 ...
    09.09.2003 00:08:41: Scanning TCP - port 132 ...
    09.09.2003 00:08:42: Scanning TCP - port 133 ...
    09.09.2003 00:08:43: Scanning TCP - port 134 ...
    09.09.2003 00:08:44: Scanning TCP - port 135 ...
    09.09.2003 00:08:44: Warning! TCP port 135 open on IP: XXX.0.0.1
    09.09.2003 00:08:44: Scanning TCP - port 136 ...
    09.09.2003 00:08:45: Scanning TCP - port 137 ...
    09.09.2003 00:08:46: Scanning TCP - port 138 ...
    09.09.2003 00:08:47: Scanning TCP - port 139 ...
    09.09.2003 00:08:48: Scanning TCP - port 140 ...
    09.09.2003 00:08:49: Scanning TCP - port 141 ...
    09.09.2003 00:08:50: Scanning TCP - port 142 ...
    09.09.2003 00:08:51: Scanning TCP - port 143 ...
    09.09.2003 00:08:52: Scanning TCP - port 144 ...
    09.09.2003 00:08:53: Scanning TCP - port 145 ...
    09.09.2003 00:08:54: Scanning TCP - port 146 ...
    09.09.2003 00:08:55: Scanning TCP - port 147 ...
    09.09.2003 00:08:56: Scanning TCP - port 148 ...
    09.09.2003 00:08:57: Scanning TCP - port 149 ...
    09.09.2003 00:08:58: Scanning TCP - port 150 ...
    09.09.2003 00:08:59: Scanning TCP - port 151 ...
    09.09.2003 00:09:00: Scanning TCP - port 152 ...
    09.09.2003 00:09:01: Scanning TCP - port 153 ...
    09.09.2003 00:09:02: Scanning TCP - port 154 ...
    09.09.2003 00:09:03: Scanning TCP - port 155 ...
    09.09.2003 00:09:04: Scanning TCP - port 156 ...
    09.09.2003 00:09:05: Scanning TCP - port 157 ...
    09.09.2003 00:09:06: Scanning TCP - port 158 ...
    09.09.2003 00:09:07: Scanning TCP - port 159 ...
    09.09.2003 00:09:08:
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    BTW just means "By the way", and by "Out of curiosity" I meant that I didn't think there was anything wrong with that program, but I that I was just wondering what it was for.

    And it's quite all right to use Msconfig to stop it from starting up! :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.