Author Topic: webtracer auto.search.msn.com (Read 1279 times)

raysdga · « **on:** May 10, 2005, 08:34:18 PM »

I can't get rid of this O1 - Hosts: 1159680172 auto.search.msn.com entry. It took over my startup process and can't get it back. It won't allow me access to delete it in hijack this. I can go to safe mode and delete it but it comes right back in regular windows. Here are some notes.

Logfile of HijackThis v1.99.1
Scan saved at 8:32:18 PM, on 5/10/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?gseka (obfuscated)

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
O1 - Hosts: 1159680172 auto.search.msn.com

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe /startupscan
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Here is a startdreck with kernels and binaries checked

StartDreck (build 2.1.7 public stable) - 2005-05-10 @ 20:35:50 (GMT -05:00)
Platform: Windows 2000 (Win NT 5.0.2195 )
Internet Explorer: 6.0.2800.1106
Logged in as ray at WORK-EETZASAVNZ

»Registry
»Files
»System/Drivers
»NT Kernel- and FS-drivers
*Abiosdsk   Abiosdsk   -   disabled
`binary:
*abp480n5   abp480n5   -   disabled
`binary:
*Microsoft ACPI Driver   ACPI   running   boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*ACPIEC   ACPIEC   -   disabled
`binary:
*adpu160m   adpu160m   -   disabled
`binary:
*AFD Networking Support Environment   AFD   running   auto
`binary: \SystemRoot\System32\drivers\afd.sys
*Aha154x   Aha154x   -   disabled
`binary:
*aic116x   aic116x   -   disabled
`binary:
*aic78u2   aic78u2   -   disabled
`binary:
*aic78xx   aic78xx   -   disabled
`binary:
*ami0nt   ami0nt   -   disabled
`binary:
*amsint   amsint   -   disabled
`binary:
*asc   asc   -   disabled
`binary:
*asc3350p   asc3350p   -   disabled
`binary:
*asc3550   asc3550   -   disabled
`binary:
*RAS Asynchronous Media Driver   AsyncMac   -   on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI Hard Disk Controller   atapi   running   boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk   Atdisk   -   disabled
`binary:
*ATM ARP Client Protocol   Atmarpc   -   on demand
`binary: System32\DRIVERS\atmarpc.sys
*Audio Stub Driver   audstub   running   on demand
`binary: System32\DRIVERS\audstub.sys
*AVG7 Kernel   Avg7Core   running   system
`binary: \SystemRoot\System32\Drivers\avg7core.sys
*AVG7 Rezident Driver   Avg7RsNT   running   system
`binary: \SystemRoot\System32\Drivers\avg7rsnt.sys
*AVG7 Wrap Driver   Avg7RsW   running   system
`binary: \SystemRoot\System32\Drivers\avg7rsw.sys
*AVG Network Redirector   AvgTdi   running   auto
`binary: \??\C:\WINNT\System32\Drivers\avgtdi.sys
*bdasupw   bdasupw   running   auto
`binary: \??\C:\WINNT\System32\drivers\bdasupw.sys
*Beep   Beep   running   system
`binary:
*BusLogic   BusLogic   -   disabled
`binary:
*Closed Caption Decoder   CCDECODE   -   on demand
`binary: System32\DRIVERS\CCDECODE.sys
*cd20xrnt   cd20xrnt   -   disabled
`binary:
*Cdaudio   Cdaudio   -   system
`binary:
*Cdfs   Cdfs   running   disabled
`binary:
*Cdr4_2K   Cdr4_2K   running   system
`binary:
*Cdralw2k   Cdralw2k   running   system
`binary:
*CD-ROM Driver   Cdrom   running   system
`binary: System32\DRIVERS\cdrom.sys
*Changer   Changer   -   system
`binary:
*Cpqarray   Cpqarray   -   disabled
`binary:
*cpqarry2   cpqarry2   -   disabled
`binary:
*cpqfcalm   cpqfcalm   -   disabled
`binary:
*cpqfws2e   cpqfws2e   -   disabled
`binary:
*Creative Audio Driver (WDM)   ctaud2k   -   on demand
`binary: system32\drivers\ctaud2k.sys
*Game Port for Creative SB Live!   ctljystk   -   on demand
`binary: System32\DRIVERS\ctljystk.sys
*dac960nt   dac960nt   -   disabled
`binary:
*deckzpsx   deckzpsx   -   disabled
`binary:
*Disk Driver   Disk   running   boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*Diskperf   Diskperf   -   disabled
`binary:
*D-Link DFE-530TX+ PCI Adapter   DLKRTS   -   on demand
`binary: System32\DRIVERS\DLKRTS.SYS
*dmboot   dmboot   -   disabled
`binary: System32\drivers\dmboot.sys
*Logical Disk Manager Driver   dmio   running   boot
`binary: \SystemRoot\System32\drivers\dmio.sys
*dmload   dmload   running   boot
`binary: \SystemRoot\System32\drivers\dmload.sys
*Microsoft DirectMusic SW Synth (WDM)   DMusic   -   on demand
`binary: system32\drivers\DMusic.sys
*EFS   EFS   running   disabled
`binary:
*Fastfat   Fastfat   running   disabled
`binary:
*Fd16_700   Fd16_700   -   disabled
`binary:
*Floppy Disk Controller Driver   Fdc   running   on demand
`binary: System32\DRIVERS\fdc.sys
*VIA Rhine Family Fast Ethernet Adapter Driver S   FETNDISB   running   on demand
`ervice
`binary: System32\DRIVERS\fetnd5b.sys
*fireport   fireport   -   disabled
`binary:
*flashpnt   flashpnt   -   disabled
`binary:
*Floppy Disk Driver   Flpydisk   running   on demand
`binary: System32\DRIVERS\flpydisk.sys
*Volume Manager Driver   Ftdisk   running   boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*Game Port Enumerator   gameenum   -   on demand
`binary: System32\DRIVERS\gameenum.sys
*Generic Packet Classifier   Gpc   running   on demand
`binary: System32\DRIVERS\msgpc.sys
*Creative Hardware Abstract Layer Driver   ha10kx2k   -   on demand
`binary: system32\drivers\ha10kx2k.sys
*i8042 Keyboard and PS/2 Mouse Port Driver   i8042prt   running   system
`binary: System32\DRIVERS\i8042prt.sys
*InCD EasyWrite Reader   incdrm   running   system
`binary:
*ini910u   ini910u   -   disabled
`binary:
*IntelIde   IntelIde   -   disabled
`binary:
*IP Traffic Filter Driver   IpFilterDriver   -   on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*IP in IP Tunnel Driver   IpInIp   -   on demand
`binary: System32\DRIVERS\ipinip.sys
*IP Network Address Translator   IpNat   -   on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC driver   IPSEC   running   on demand
`binary: System32\DRIVERS\ipsec.sys
*ipsraidn   ipsraidn   -   disabled
`binary:
*PnP ISA/EISA Bus Driver   isapnp   running   boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*Keyboard Class Driver   Kbdclass   running   system
`binary: System32\DRIVERS\kbdclass.sys
*Microsoft Kernel Wave Audio Mixer   kmixer   running   on demand
`binary: system32\drivers\kmixer.sys
*KSecDD   KSecDD   running   boot
`binary:
*lbrtfdc   lbrtfdc   -   system
`binary:
*lp6nds35   lp6nds35   -   disabled
`binary:
*mnmdd   mnmdd   running   system
`binary:
*Modem   Modem   -   on demand
`binary:
*Mouse Class Driver   Mouclass   running   system
`binary: System32\DRIVERS\mouclass.sys
*MountMgr   MountMgr   running   boot
`binary:
*BDA MPE Filter   MPE   -   on demand
`binary: System32\DRIVERS\MPE.sys
*mraid35x   mraid35x   -   disabled
`binary:
*MRxSmb   MRxSmb   running   system
`binary: System32\DRIVERS\mrxsmb.sys
*Msfs   Msfs   running   system
`binary:
*Microsoft Streaming Service Proxy   MSKSSRV   -   on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy   MSPCLOCK   -   on demand
`binary: system32\drivers\MSPCLOCK.sys
*Microsoft Streaming Quality Manager Proxy   MSPQM   -   on demand
`binary: system32\drivers\MSPQM.sys
*Microsoft Streaming Tee/Sink-to-Sink Converter   MSTEE   -   on demand
`binary: system32\drivers\MSTEE.sys
*Mup   Mup   running   boot
`binary:
*NABTS/FEC VBI Codec   NABTSFEC   -   on demand
`binary: System32\DRIVERS\NABTSFEC.sys
*Ncrc710   Ncrc710   -   disabled
`binary:
*NDIS System Driver   NDIS   running   boot
`binary:
*Remote Access NDIS TAPI Driver   NdisTapi   running   on demand
`binary: System32\DRIVERS\ndistapi.sys
*Remote Access NDIS WAN Driver   NdisWan   running   on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy   NDProxy   running   on demand
`binary:
*NetBIOS Interface   NetBIOS   running   system
`binary: System32\DRIVERS\netbios.sys
*NetBios over Tcpip   NetBT   running   system
`binary: System32\DRIVERS\netbt.sys
*NetDetect   NetDetect   -   on demand
`binary: \SystemRoot\system32\drivers\netdtect.sys
*Npfs   Npfs   running   system
`binary:
*Ntfs   Ntfs   running   disabled
`binary:
*Null   Null   running   system
`binary:
*nv   nv   running   on demand
`binary: System32\DRIVERS\nv4_mini.sys
*Service for NVIDIA® nForce(tm) Audio Enumerat   nvax   running   on demand
`or
`binary: system32\drivers\nvax.sys
*Service for NVIDIA® nForce(tm) Audio   nvnforce   running   on demand
`binary: system32\drivers\nvapu.sys
*NVIDIA NForce(tm) ATA RAID Class Driver   nvraid   running   boot
`binary: \SystemRoot\System32\DRIVERS\nvraid.sys
*NVIDIA nForce AGP Bus Filter   nv_agp   running   boot
`binary: \SystemRoot\System32\DRIVERS\nv_agp.sys
*IPX Traffic Filter Driver   NwlnkFlt   -   on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*IPX Traffic Forwarder Driver   NwlnkFwd   -   on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*Microsoft USB Open Host Controller Driver   openhci   running   on demand
`binary: System32\DRIVERS\openhci.sys
*Creative OS Services Driver   ossrv   -   on demand
`binary: system32\drivers\ctoss2k.sys
*oUltraf   oUltraf   -   on demand
`binary: \??\C:\DOCUME~1\ray\LOCALS~1\Temp\oUltraf.sys
*Parallel class driver   Parallel   running   on demand
`binary: System32\DRIVERS\parallel.sys
*Parallel port driver   Parport   running   system
`binary: System32\DRIVERS\parport.sys
*PartMgr   PartMgr   running   boot
`binary:
*ParVdm   ParVdm   running   auto
`binary:
*PCI Bus Driver   PCI   running   boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump   PCIDump   -   system
`binary:
*PCIIde   PCIIde   running   boot
`binary: \SystemRoot\System32\DRIVERS\pciide.sys
*Pcmcia   Pcmcia   -   disabled
`binary:
*WAN Miniport (PPTP)   PptpMiniport   running   on demand
`binary: System32\DRIVERS\raspptp.sys
*Direct Parallel Link Driver   Ptilink   running   on demand
`binary: System32\DRIVERS\ptilink.sys
*ql1080   ql1080   -   disabled
`binary:
*Ql10wnt   Ql10wnt   -   disabled
`binary:
*ql1240   ql1240   -   disabled
`binary:
*ql2100   ql2100   -   disabled
`binary:
*Remote Access Auto Connection Driver   RasAcd   running   system
`binary: System32\DRIVERS\rasacd.sys
*WAN Miniport (L2TP)   Rasl2tp   running   on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Direct Parallel   Raspti   running   on demand
`binary: System32\DRIVERS\raspti.sys
*Microsoft Streaming Network Raw Channel Access   RCA   -   on demand
`binary: system32\drivers\RCA.sys
*Rdbss   Rdbss   running   system
`binary: System32\DRIVERS\rdbss.sys
*Digital CD Audio Playback Filter Driver   redbook   -   system
`binary: System32\DRIVERS\redbook.sys
*Serenum Filter Driver   serenum   running   on demand
`binary: System32\DRIVERS\serenum.sys
*Serial port driver   Serial   running   system
`binary: System32\DRIVERS\serial.sys
*Sfloppy   Sfloppy   -   system
`binary:
*sglfb   sglfb   -   system
`binary:
*Simbad   Simbad   -   disabled
`binary:
*BDA Slip De-Framer   SLIP   -   on demand
`binary: System32\DRIVERS\SLIP.sys
*Sparrow   Sparrow   -   disabled
`binary:
*Srv   Srv   running   on demand
`binary: System32\DRIVERS\srv.sys
*BDA IPSink   streamip   -   on demand
`binary: System32\DRIVERS\StreamIP.sys
*Software Bus Driver   swenum   running   on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable Synthesizer   swmidi   -   on demand
`binary: system32\drivers\swmidi.sys
*symc810   symc810   -   disabled
`binary:
*symc8xx   symc8xx   -   disabled
`binary:
*sym_hi   sym_hi   -   disabled
`binary:
*Microsoft System Audio Device   sysaudio   running   on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP Protocol Driver   Tcpip   running   system
`binary: System32\DRIVERS\tcpip.sys
*tga   tga   -   system
`binary:
*Udfs   Udfs   -   disabled
`binary:
*ultra66   ultra66   -   disabled
`binary:
*Microcode Update Driver   Update   running   on demand
`binary: System32\DRIVERS\update.sys
*Microsoft USB 2.0 Enhanced Host Controller Mini   usbehci   running   on demand
`port Driver
`binary: System32\DRIVERS\usbehci.sys
*Microsoft USB Standard Hub Driver   usbhub   running   on demand
`binary: System32\DRIVERS\usbhub.sys
*USB 2.0 Root Hub Support   usbhub20   running   on demand
`binary: System32\DRIVERS\usbhub20.sys
*VgaSave   VgaSave   running   system
`binary: \SystemRoot\System32\drivers\vga.sys
*Remote Access IP ARP Driver   Wanarp   running   on demand
`binary: System32\DRIVERS\wanarp.sys
*Microsoft WINMM WDM Audio Compatibility Driver   wdmaud   running   on demand
`binary: system32\drivers\wdmaud.sys
*WINIO   WINIO   -   on demand
`binary: \??\D:\winio.sys
*World Standard Teletext Codec   WSTCODEC   -   on demand
`binary: System32\DRIVERS\WSTCODEC.SYS
»Application specific

I have locate but don't know how to post that info any help is appreciated.

raysdga · « **Reply #1 on:** May 11, 2005, 06:57:05 PM »

I actually found a fix for my problem at bullguard.com

Here it is if anyone is interested.

[color=\"blue\"]Reboot into Safe Mode - Hit F8 key untill menu shows up

Find:
C:\WINDOWS\System32\drivers\bdasups.sys
And rename it to:bdasups.old

Then run Hijackthis and place a check beside each of the following. Once you have checked them, click fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?gseka (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?gseka (obfuscated)
O1 - Hosts: 1159680172 auto.search.msn.com
O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Start-Search and delete
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
Delete bdasups.old
Reboot and post new hijackthis log[/color]

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

heres the link if anyone is interested
[color=\"purple\"]http://www.bullguard.com/forum/10/Utruuhglobe-findercc_13239.h[/color]tml

--------------------------------------------------------------------------------

guestolo · « **Reply #2 on:** May 11, 2005, 10:20:36 PM »

Well, here's hoping you have everything back to normal
I'll close this topic as your problems appear resolved

raysdga · « **Reply #3 on:** May 14, 2005, 08:29:26 PM »

Logfile of HijackThis v1.99.1
Scan saved at 8:23:25 PM, on 5/14/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [HijackThis startup scan] C:\HJT\HijackThis.exe /startupscan
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

[color=\"blue\"]Here is the new hjt log questolo. I was just curious I have had problems in the past with service pack 4 as soon as I install I lose internet connectivity. I just bought a digital camera and it wants me download the latest available upgrades before I can install the software. What are your thoughts on this.
I'll start a new thread, or direct me towards an old thread that may cover this topic.
I have 2 computers connecting through a linksys router with comcast cable. [/color]
thanks raysdga

guestolo · « **Reply #4 on:** May 15, 2005, 09:32:49 AM »

We should definitely restore your run key entries for AVG

Can you do the following

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

Double click on fix.reg and allow to add or merge to the registry

Restart your computer and post a fresh Hijackthis log

Not sure about your Camera software
Never heard of the problem with SP4 and loss of Internet connection
After installing SP4, did you try connecting directly into the modem to see if you had Internet connection
May be a Router problem, but not sure
Any firmware upgrades for your router at Linsky's site?

raysdga · « **Reply #5 on:** May 16, 2005, 03:41:02 PM »

Logfile of HijackThis v1.99.1
Scan saved at 3:41:18 PM, on 5/16/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [HijackThis startup scan] C:\HJT\HijackThis.exe /startupscan
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Here it is questolo. How does it look?

guestolo · « **Reply #6 on:** May 16, 2005, 07:18:27 PM »

Doesn't look too bad, but in your running processes I don't see all components for AVG running

It looks like the Email scanner isn't running or the Control center
Did you Restart the computer after merging that Reg file?
Can you open AVG and enable the Email scanner?

Or if you find you can't it may be best just to uninstall AVG and reinstall it, just to make sure everything is running properly with your Anti-Virus

Also, this entry in your log
O4 - HKCU\..\Run: [HijackThis startup scan] C:\HJT\HijackThis.exe /startupscan

Are you purposely running Hijackthis on startup?
If you want to disable that Open Hijackthis>>Open Misc tools section
Click MAIN
Uncheck run Hijackthis on Startup
Click BACK and then close Hijackthis
That's optional, totally up to you

TheTechGuide Forum

News:

Author Topic: webtracer auto.search.msn.com (Read 1279 times)

raysdga

webtracer auto.search.msn.com

raysdga

webtracer auto.search.msn.com

guestolo

webtracer auto.search.msn.com

raysdga

webtracer auto.search.msn.com

guestolo

webtracer auto.search.msn.com

raysdga

webtracer auto.search.msn.com

guestolo

webtracer auto.search.msn.com