asviewer

Discussion in 'adware, spyware & hijack cleaning' started by FukenFooser 007.5, Nov 10, 2003.

Thread Status:
Not open for further replies.
  1. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O o_O o_O
    Hello to all that read this post.
    I am wondering if anybody out there can look over a "asviewer" report for e to see if I have anything wrong??
    If so please reply to this post or email me.

    While trying to learn all about computer security, I seem to have way to much stuff running or installed and now I have been unistalling and only reinstalling the ones I understand and use. But could still use some guidance.
    Thanks to all that read and to any reply's

    Have a great Day!!
    :)
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Hi again FF,

    By all means, post an asviewer log here. And while you are at it post a HijackThis log. (Both tools have their uses and for various reasons, different people often review different logs.) Post a reply here for each log type. If you have any questions regarding HijackThis, see this post:

    https://www.wilderssecurity.com/showthread.php?t=15913

    Also, since this is a log review I'm going to move it to our new forum that is meant for this type of review.
     
  3. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :oops:
    Darn it, this is harder than I thought it would be, I can't figure out how to save a "asviewer" report and forgot to change the hijack to a txt and am now typing this all over again, (last time I hope), but it usualy takes me a couple of tries when I attach anything here. I did a "ad-aware" clean-up and would like to do a spybot also but that program and I are having a difference of opions at this time,(for about a month at least now). I played with the buttons,(can't help myself), and set it to start in 5 min. And it never starts? I have unistalled and reinstalled it dozens of times and it always remembers that setting?
    Anyway this is about a post of my system and thats what I'm trying to do. This is the "hijack" post. And yes I do belive that something or body is inside. "Evil inside" is no joke. But I am famous for being wrong. ;)
     
  4. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    It's me again and I'm pretty sure I got the asviewer report to post here now.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi FukenFooser 007.5,

    HijackThis:

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

    Optional:
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    +
    under O16 the online scans you don't use regularly.

    It looks to me like you have two AV's running resident. Not sure about that, but if so, this could cause problems.

    Regards,

    Pieter
     
  6. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :)
    :cool:
    Hi, P.A., Thanks for looking it over!
    I will be doing the item's listed in a moment.
    And yes there is now two AV's running but one I just fired-up tonight, it's NOD32. I have had for a while but never got around to trying it out.Yep it's still scanning the SLOW way it looks like to me.? I always wonder. Anyway THANKS again and I will be back when I get this list worked over.


    :) :) :) :)
     
  7. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :D
    Done with that and now have a much better understanding of how this works, thanks so much to the "WILDERS TEAM"
    But I am wondering about the other stuff it listed like tds3,spyhunter,avg and so forth that I know I unistalled a couple days ago?
    Should I let hijack fix them also?
    I know where to find again if I want to reinstall them.
    And can I totaly remove spybot with hijack? Everything I know, (thats not very much), has gotten me nowhere in my struggle to get it back up and working again.
    Here is latest hijack scan.
    HijackThis v1.97.5

    Scan saved at 1:36:37 AM, on 11/11/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\computer tools\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Utilities\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [TDS3] C:\Program Files\TDS3\TDS-3.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SmcService] C:\COMPUT~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi FukenFooser 007.5,

    Yes, everything you recognize as belonging to something that is no longer installed, can be Fixed.

    But HijackThis does not uninstall anything, just disable. So it is not an advised tool to use as an uninstaller, because a lot of files and registry entries will be left behind.

    For legitimate programs it is always advised to use the official uininstaller or uninstall through Add/Remove programs.

    Regards,

    Pieter
     
  9. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :) :D :D
    Ok thanks again for the help and Have A Great Day!!



    :cool:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.