Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with Best-Search


  • This topic is locked This topic is locked
2 replies to this topic

#1 P-Well

P-Well

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 04 January 2005 - 01:43 PM

Hi.

I Recently got a problem with my internet explorer browser changing the startpage to "http://best-search.us/?page=home&pid=sext07". I've tried Adaware, Spysweeper and SpySubstract with CWShredder but nothing shows up.

This is my HijackThis log:

Logfile of HijackThis v1.99.0
Scan saved at 19:31:43, on 2005-01-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\Program\Logitech\Video\FxSvr2.exe
D:\Program\SlySoft\AnyDVD\AnyDVD.exe
C:\Program\ekort\ekort.exe
D:\Program\iTunes\iTunesHelper.exe
D:\Program\WinTools\RAM Saver Pro\ramsaverpro.exe
D:\Program\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program\ANTIVI~1\DefWatch.exe
D:\Program\Diskeeper\DkService.exe
D:\Program\ANTIVI~1\Rtvscan.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\hijackthis\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.us/?page=home&pid=sext07
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helgon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-search.us/?page=search&pid=sext07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
R3 - Default URLSearchHook is missing
O1 - Hosts: 212.33.69.3 js1.hitbox.com
O1 - Hosts: 212.33.69.3 stats.hitbox.com
O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com
O1 - Hosts: 212.33.69.3 m1.nedstatbasic.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - C:\DOCUME~1\IBM\LOKALA~1\Temp\MegaHost.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AnyDVD] D:\Program\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards
O4 - HKLM\..\Run: [iTunesHelper] D:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program\Ad-Aware\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [RAMSaverPro] D:\Program\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SpySubtract.lnk = D:\Program\SpySubstract\SpySub.exe
O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab
O16 - DPF: {563ED66E-531B-51D2-5DB0-5080C83DA4EE} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O23 - Service: DefWatch - Symantec Corporation - D:\Program\ANTIVI~1\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - D:\Program\ANTIVI~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLSRemote Service - Unknown - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks!

BC AdBot (Login to Remove)

 


#2 P-Well

P-Well
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 04 January 2005 - 05:39 PM

Nevermind :) solved it after reading some other posts in this forum. Apperently it was somthing called MegaInstaller causing the trouble. And some stuff in the host file. Well thx anyhow.

#3 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:03:01 AM

Posted 05 January 2005 - 10:02 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users