joe505505: Problems with rightfinder.net... Spyware??

Discussion in 'adware, spyware & hijack cleaning' started by joe505505, Nov 9, 2003.

Thread Status:
Not open for further replies.
  1. joe505505

    joe505505 Registered Member

    Joined:
    Nov 9, 2003
    Posts:
    2
    Hello
    sorry for my horrible englisch
    I have a problem with rightfinder.net
    I have run the HijackThis - program with the result you can read below
    I have the program C:\WINDOWS\Addclass.exe.
    I have not the program C:\WINDOWS\ScrSvr.exe

    My questions:
    Which lines should I mark with HijackThis, so that HijackThis can fix the checked lines or programs?
    Should I delete the program Addclass.exe?
    What does it mean that I don`t have the ScrSvr.exe program?
    Should I delete another programs?

    Thank you very much for your help
    joe


    Logfile of HijackThis v1.97.3
    Scan saved at 22:38:33, on 09.11.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\OpenOffice.org1.0.3\program\soffice.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LPS] C:\Programme\LPS\LPS.exe
    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe
    O4 - Startup: Verknüpfung mit quickstart.exe.lnk = C:\Programme\OpenOffice.org1.0.3\program\quickstart.exe
    O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
    O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB6049A-05EE-4363-BD0D-84057D19C7E8}: NameServer = 212.185.248.50 194.25.2.129
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    Welcome to the board. And your English is fine! :)

    Check, and have Hijack This fix the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/

    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddClass.exe


    Now restart your computer, and delete the C:\WINDOWS\AddClass.exe file itself.


    Good luck,
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    BTW, just out of curiosity, what exactly is that C:\Programme\LPS\LPS.exe file that's starting up as Windows starts?

    Could you tell us what program it belongs to, please?
     
  4. joe505505

    joe505505 Registered Member

    Joined:
    Nov 9, 2003
    Posts:
    2
    Re:problems with rightfinder.net... Spyware??

    Hello,

    thank you very much for your help.
    It works.

    I dont understand the letters "BTW" and the words "just out of curiosity" What does it mean?

    The program LPS is a Local Port Scanner.
    I was not able to find the LPS.exe on my computer.
    The only thing I found was a log file, which you can see at the end.
    I think I should delete the folder C:/Programme/LPS
    and with the msconfig program I can delete the start of the LPS.exe program
    Do you think it is ok
    cu
    joe

    Log File:
    09.09.2003 00:06:30: Started full TCP scanning on IP:XXX.0.0.1
    09.09.2003 00:06:30: Scanning TCP - port 1 ...
    09.09.2003 00:06:31: Scanning TCP - port 2 ...
    09.09.2003 00:06:32: Scanning TCP - port 3 ...
    09.09.2003 00:06:33: Scanning TCP - port 4 ...
    09.09.2003 00:06:34: Scanning TCP - port 5 ...
    09.09.2003 00:06:35: Scanning TCP - port 6 ...
    09.09.2003 00:06:36: Scanning TCP - port 7 ...
    09.09.2003 00:06:37: Scanning TCP - port 8 ...
    09.09.2003 00:06:38: Scanning TCP - port 9 ...
    09.09.2003 00:06:39: Scanning TCP - port 10 ...
    09.09.2003 00:06:40: Scanning TCP - port 11 ...
    09.09.2003 00:06:41: Scanning TCP - port 12 ...
    09.09.2003 00:06:42: Scanning TCP - port 13 ...
    09.09.2003 00:06:43: Scanning TCP - port 14 ...
    09.09.2003 00:06:44: Scanning TCP - port 15 ...
    09.09.2003 00:06:45: Scanning TCP - port 16 ...
    09.09.2003 00:06:46: Scanning TCP - port 17 ...
    09.09.2003 00:06:47: Scanning TCP - port 18 ...
    09.09.2003 00:06:48: Scanning TCP - port 19 ...
    09.09.2003 00:06:49: Scanning TCP - port 20 ...
    09.09.2003 00:06:50: Scanning TCP - port 21 ...
    09.09.2003 00:06:51: Scanning TCP - port 22 ...
    09.09.2003 00:06:52: Scanning TCP - port 23 ...
    09.09.2003 00:06:53: Scanning TCP - port 24 ...
    09.09.2003 00:06:54: Scanning TCP - port 25 ...
    09.09.2003 00:06:55: Scanning TCP - port 26 ...
    09.09.2003 00:06:56: Scanning TCP - port 27 ...
    09.09.2003 00:06:57: Scanning TCP - port 28 ...
    09.09.2003 00:06:58: Scanning TCP - port 29 ...
    09.09.2003 00:06:59: Scanning TCP - port 30 ...
    09.09.2003 00:07:00: Scanning TCP - port 31 ...
    09.09.2003 00:07:01: Scanning TCP - port 32 ...
    09.09.2003 00:07:02: Scanning TCP - port 33 ...
    09.09.2003 00:07:03: Scanning TCP - port 34 ...
    09.09.2003 00:07:04: Scanning TCP - port 35 ...
    09.09.2003 00:07:05: Scanning TCP - port 36 ...
    09.09.2003 00:07:06: Scanning TCP - port 37 ...
    09.09.2003 00:07:07: Scanning TCP - port 38 ...
    09.09.2003 00:07:08: Scanning TCP - port 39 ...
    09.09.2003 00:07:09: Scanning TCP - port 40 ...
    09.09.2003 00:07:10: Scanning TCP - port 41 ...
    09.09.2003 00:07:11: Scanning TCP - port 42 ...
    09.09.2003 00:07:12: Scanning TCP - port 43 ...
    09.09.2003 00:07:13: Scanning TCP - port 44 ...
    09.09.2003 00:07:14: Scanning TCP - port 45 ...
    09.09.2003 00:07:15: Scanning TCP - port 46 ...
    09.09.2003 00:07:16: Scanning TCP - port 47 ...
    09.09.2003 00:07:17: Scanning TCP - port 48 ...
    09.09.2003 00:07:18: Scanning TCP - port 49 ...
    09.09.2003 00:07:19: Scanning TCP - port 50 ...
    09.09.2003 00:07:20: Scanning TCP - port 51 ...
    09.09.2003 00:07:21: Scanning TCP - port 52 ...
    09.09.2003 00:07:22: Scanning TCP - port 53 ...
    09.09.2003 00:07:23: Scanning TCP - port 54 ...
    09.09.2003 00:07:24: Scanning TCP - port 55 ...
    09.09.2003 00:07:25: Scanning TCP - port 56 ...
    09.09.2003 00:07:26: Scanning TCP - port 57 ...
    09.09.2003 00:07:27: Scanning TCP - port 58 ...
    09.09.2003 00:07:28: Scanning TCP - port 59 ...
    09.09.2003 00:07:29: Scanning TCP - port 60 ...
    09.09.2003 00:07:30: Scanning TCP - port 61 ...
    09.09.2003 00:07:31: Scanning TCP - port 62 ...
    09.09.2003 00:07:32: Scanning TCP - port 63 ...
    09.09.2003 00:07:33: Scanning TCP - port 64 ...
    09.09.2003 00:07:34: Scanning TCP - port 65 ...
    09.09.2003 00:07:35: Scanning TCP - port 66 ...
    09.09.2003 00:07:36: Scanning TCP - port 67 ...
    09.09.2003 00:07:37: Scanning TCP - port 68 ...
    09.09.2003 00:07:38: Scanning TCP - port 69 ...
    09.09.2003 00:07:39: Scanning TCP - port 70 ...
    09.09.2003 00:07:40: Scanning TCP - port 71 ...
    09.09.2003 00:07:41: Scanning TCP - port 72 ...
    09.09.2003 00:07:42: Scanning TCP - port 73 ...
    09.09.2003 00:07:43: Scanning TCP - port 74 ...
    09.09.2003 00:07:44: Scanning TCP - port 75 ...
    09.09.2003 00:07:45: Scanning TCP - port 76 ...
    09.09.2003 00:07:46: Scanning TCP - port 77 ...
    09.09.2003 00:07:47: Scanning TCP - port 78 ...
    09.09.2003 00:07:48: Scanning TCP - port 79 ...
    09.09.2003 00:07:49: Scanning TCP - port 80 ...
    09.09.2003 00:07:50: Scanning TCP - port 81 ...
    09.09.2003 00:07:51: Scanning TCP - port 82 ...
    09.09.2003 00:07:52: Scanning TCP - port 83 ...
    09.09.2003 00:07:53: Scanning TCP - port 84 ...
    09.09.2003 00:07:54: Scanning TCP - port 85 ...
    09.09.2003 00:07:55: Scanning TCP - port 86 ...
    09.09.2003 00:07:56: Scanning TCP - port 87 ...
    09.09.2003 00:07:57: Scanning TCP - port 88 ...
    09.09.2003 00:07:58: Scanning TCP - port 89 ...
    09.09.2003 00:07:59: Scanning TCP - port 90 ...
    09.09.2003 00:08:00: Scanning TCP - port 91 ...
    09.09.2003 00:08:01: Scanning TCP - port 92 ...
    09.09.2003 00:08:02: Scanning TCP - port 93 ...
    09.09.2003 00:08:03: Scanning TCP - port 94 ...
    09.09.2003 00:08:04: Scanning TCP - port 95 ...
    09.09.2003 00:08:05: Scanning TCP - port 96 ...
    09.09.2003 00:08:06: Scanning TCP - port 97 ...
    09.09.2003 00:08:07: Scanning TCP - port 98 ...
    09.09.2003 00:08:08: Scanning TCP - port 99 ...
    09.09.2003 00:08:09: Scanning TCP - port 100 ...
    09.09.2003 00:08:10: Scanning TCP - port 101 ...
    09.09.2003 00:08:11: Scanning TCP - port 102 ...
    09.09.2003 00:08:12: Scanning TCP - port 103 ...
    09.09.2003 00:08:13: Scanning TCP - port 104 ...
    09.09.2003 00:08:14: Scanning TCP - port 105 ...
    09.09.2003 00:08:15: Scanning TCP - port 106 ...
    09.09.2003 00:08:16: Scanning TCP - port 107 ...
    09.09.2003 00:08:17: Scanning TCP - port 108 ...
    09.09.2003 00:08:18: Scanning TCP - port 109 ...
    09.09.2003 00:08:19: Scanning TCP - port 110 ...
    09.09.2003 00:08:20: Scanning TCP - port 111 ...
    09.09.2003 00:08:21: Scanning TCP - port 112 ...
    09.09.2003 00:08:22: Scanning TCP - port 113 ...
    09.09.2003 00:08:23: Scanning TCP - port 114 ...
    09.09.2003 00:08:24: Scanning TCP - port 115 ...
    09.09.2003 00:08:25: Scanning TCP - port 116 ...
    09.09.2003 00:08:26: Scanning TCP - port 117 ...
    09.09.2003 00:08:27: Scanning TCP - port 118 ...
    09.09.2003 00:08:28: Scanning TCP - port 119 ...
    09.09.2003 00:08:29: Scanning TCP - port 120 ...
    09.09.2003 00:08:30: Scanning TCP - port 121 ...
    09.09.2003 00:08:31: Scanning TCP - port 122 ...
    09.09.2003 00:08:32: Scanning TCP - port 123 ...
    09.09.2003 00:08:33: Scanning TCP - port 124 ...
    09.09.2003 00:08:34: Scanning TCP - port 125 ...
    09.09.2003 00:08:35: Scanning TCP - port 126 ...
    09.09.2003 00:08:36: Scanning TCP - port 127 ...
    09.09.2003 00:08:37: Scanning TCP - port 128 ...
    09.09.2003 00:08:38: Scanning TCP - port 129 ...
    09.09.2003 00:08:39: Scanning TCP - port 130 ...
    09.09.2003 00:08:40: Scanning TCP - port 131 ...
    09.09.2003 00:08:41: Scanning TCP - port 132 ...
    09.09.2003 00:08:42: Scanning TCP - port 133 ...
    09.09.2003 00:08:43: Scanning TCP - port 134 ...
    09.09.2003 00:08:44: Scanning TCP - port 135 ...
    09.09.2003 00:08:44: Warning! TCP port 135 open on IP: XXX.0.0.1
    09.09.2003 00:08:44: Scanning TCP - port 136 ...
    09.09.2003 00:08:45: Scanning TCP - port 137 ...
    09.09.2003 00:08:46: Scanning TCP - port 138 ...
    09.09.2003 00:08:47: Scanning TCP - port 139 ...
    09.09.2003 00:08:48: Scanning TCP - port 140 ...
    09.09.2003 00:08:49: Scanning TCP - port 141 ...
    09.09.2003 00:08:50: Scanning TCP - port 142 ...
    09.09.2003 00:08:51: Scanning TCP - port 143 ...
    09.09.2003 00:08:52: Scanning TCP - port 144 ...
    09.09.2003 00:08:53: Scanning TCP - port 145 ...
    09.09.2003 00:08:54: Scanning TCP - port 146 ...
    09.09.2003 00:08:55: Scanning TCP - port 147 ...
    09.09.2003 00:08:56: Scanning TCP - port 148 ...
    09.09.2003 00:08:57: Scanning TCP - port 149 ...
    09.09.2003 00:08:58: Scanning TCP - port 150 ...
    09.09.2003 00:08:59: Scanning TCP - port 151 ...
    09.09.2003 00:09:00: Scanning TCP - port 152 ...
    09.09.2003 00:09:01: Scanning TCP - port 153 ...
    09.09.2003 00:09:02: Scanning TCP - port 154 ...
    09.09.2003 00:09:03: Scanning TCP - port 155 ...
    09.09.2003 00:09:04: Scanning TCP - port 156 ...
    09.09.2003 00:09:05: Scanning TCP - port 157 ...
    09.09.2003 00:09:06: Scanning TCP - port 158 ...
    09.09.2003 00:09:07: Scanning TCP - port 159 ...
    09.09.2003 00:09:08:
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Re:problems with rightfinder.net... Spyware??

    BTW just means "By the way", and by "Out of curiosity" I meant that I didn't think there was anything wrong with that program, but I that I was just wondering what it was for.

    And it's quite all right to use Msconfig to stop it from starting up! :)
     
Thread Status:
Not open for further replies.