# asviewer

Discussion in 'adware, spyware & hijack cleaning' started by FukenFooser 007.5, Nov 10, 2003.

Not open for further replies.
1. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho

Hello to all that read this post.
I am wondering if anybody out there can look over a "asviewer" report for e to see if I have anything wrong??

While trying to learn all about computer security, I seem to have way to much stuff running or installed and now I have been unistalling and only reinstalling the ones I understand and use. But could still use some guidance.

Have a great Day!!

Joined:
Aug 10, 2002
Posts:
18,150
Location:
New England
Hi again FF,

By all means, post an asviewer log here. And while you are at it post a HijackThis log. (Both tools have their uses and for various reasons, different people often review different logs.) Post a reply here for each log type. If you have any questions regarding HijackThis, see this post:

Also, since this is a log review I'm going to move it to our new forum that is meant for this type of review.

3. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho

Darn it, this is harder than I thought it would be, I can't figure out how to save a "asviewer" report and forgot to change the hijack to a txt and am now typing this all over again, (last time I hope), but it usualy takes me a couple of tries when I attach anything here. I did a "ad-aware" clean-up and would like to do a spybot also but that program and I are having a difference of opions at this time,(for about a month at least now). I played with the buttons,(can't help myself), and set it to start in 5 min. And it never starts? I have unistalled and reinstalled it dozens of times and it always remembers that setting?
Anyway this is about a post of my system and thats what I'm trying to do. This is the "hijack" post. And yes I do belive that something or body is inside. "Evil inside" is no joke. But I am famous for being wrong.

4. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho
It's me again and I'm pretty sure I got the asviewer report to post here now.

5. ### Pieter_ArntzSpyware Veteran

Joined:
Apr 27, 2002
Posts:
13,440
Location:
Netherlands
Hi FukenFooser 007.5,

HijackThis:

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

Optional:
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
+
under O16 the online scans you don't use regularly.

It looks to me like you have two AV's running resident. Not sure about that, but if so, this could cause problems.

Regards,

Pieter

6. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho

Hi, P.A., Thanks for looking it over!
I will be doing the item's listed in a moment.
And yes there is now two AV's running but one I just fired-up tonight, it's NOD32. I have had for a while but never got around to trying it out.Yep it's still scanning the SLOW way it looks like to me.? I always wonder. Anyway THANKS again and I will be back when I get this list worked over.

7. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho

Done with that and now have a much better understanding of how this works, thanks so much to the "WILDERS TEAM"
But I am wondering about the other stuff it listed like tds3,spyhunter,avg and so forth that I know I unistalled a couple days ago?
Should I let hijack fix them also?
I know where to find again if I want to reinstall them.
And can I totaly remove spybot with hijack? Everything I know, (thats not very much), has gotten me nowhere in my struggle to get it back up and working again.
Here is latest hijack scan.
HijackThis v1.97.5

Scan saved at 1:36:37 AM, on 11/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\computer tools\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TDS3] C:\Program Files\TDS3\TDS-3.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\COMPUT~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab

8. ### Pieter_ArntzSpyware Veteran

Joined:
Apr 27, 2002
Posts:
13,440
Location:
Netherlands
Hi FukenFooser 007.5,

Yes, everything you recognize as belonging to something that is no longer installed, can be Fixed.

But HijackThis does not uninstall anything, just disable. So it is not an advised tool to use as an uninstaller, because a lot of files and registry entries will be left behind.

For legitimate programs it is always advised to use the official uininstaller or uninstall through Add/Remove programs.

Regards,

Pieter

9. ### FukenFooser 007.5Registered Member

Joined:
Sep 28, 2003
Posts:
118
Location:
High Mnt West. Idaho

Ok thanks again for the help and Have A Great Day!!