Roger Bromley's problems with rightfinder.net... Spyware??

Discussion in 'adware, spyware & hijack cleaning' started by Roger Bromley, Nov 8, 2003.

Thread Status:
Not open for further replies.
  1. Hi
    I too have a rightfinder problem which is changing my home page and slowing all my actions within IE. I also am not 'comoputer literate' but have downloaded Hijack this & enc. my log. Could you please tell me what to check and my next actions. Many thanks
    Roger :oops:
    Logfile of HijackThis v1.97.3
    Scan saved at 13:57:29, on 08/11/03
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.250.130.194/main/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ehttp.cc/?www.keme.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rightfinder.net/hp/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Karoo
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.rightfinder.net/search/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kingston-internet.net:8080
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.130.194/main/hp.php
    F1 - win.ini: run=hpfsched
    O1 - Hosts: 66.118.163.109 auto.search.msn.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\ADDCLASS.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O13 - DefaultPrefix: http://ehttp.cc/?
    O13 - WWW Prefix: http://ehttp.cc/?
    O14 - IERESET.INF: START_PAGE_URL=http://www.karoo.net/start/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.1093402778
    O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} -
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = keme.co.uk
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 193.164.179.2,193.164.179.3
    O19 - User stylesheet: C:\WINDOWS\my.css
    O19 - User stylesheet: C:\WINDOWS\my.css (HKLM)
     
  2. Roger

    Roger Guest

    Re:problems with rightfinder.net... Spyware??

    Hi
    I refer to my previous post #19
    Should I be doing anything to view a reply? I know I am only a guest and have not registered. i am having difficulty moving around in IE now so may have not found a reply.
    Thanks
    Roger
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Re:problems with rightfinder.net... Spyware??

    Hi Roger,

    Check the items I quoted above in HijackThis, close all windows except HijackThis and click Fix checked.

    Then reboot and delete:
    C:\WINDOWS\ADDCLASS.EXE
    C:\WINDOWS\my.css

    Your post must have been overlooked in the sudden rush of people, all having this new hijack.
    Sorry about that.

    Regards,

    Pieter
     
  4. Roger

    Roger Guest

    Re:problems with rightfinder.net... Spyware??

    Hi Pieter
    Thank you so much. I have fixed files as suggested & IE seems back to normal!!
    Do I need to do anything with CW Shredder? If not I leave you again with my eternal thanks. You're a star!
    Roger :D
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Re:problems with rightfinder.net... Spyware??

    You can run CWShredder, just to make sure. Some parts of it are hidden from HijackThis, but I think I got all of it. Make sure you have version 1.30.2 of CWShredder, if not, download that first.

    Glad we could help,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.