Return to the Computer Help Forum | Post a Follow-Up

 o
Avast question

Posted by buyorsell888 (My Page) on
Sat, Sep 17, 11 at 15:39

Ok, while trying to restore my settings and shortcuts after the rogue HDD infection and my deletion of temp files I've been also taking a look at unnecessary settings as well as programs. I've always felt my computer ran too slow, especially starting programs.

Do I really need Avast to scan documents and files when I open them?

I am the only user of this computer. It is a home office computer and not networked with others.
I do not share MS Office documents with anyone.
I do not receive MS Office documents over the internet. 99.9% of the Excel and Word docs on my computer were created by me on this computer for my own personal use. Trying to reduce paper clutter, I tend to type up lots of info and save it rather than filing the papers. I use Word daily.

seems to me that it is safe to turn off the file system shield which should help excel and word to open faster.....


Follow-Up Postings:

 o
RE: Avast question

absolutely that is one of the best features of AVAST, you want it to catch it before it is on the pc and then find it.
For sure you want to leave that as it is set default, I would not mess with the AVAST settings, look elsewhere for why your pc might be slow like too many programs starting up.


 o
not arguing, just curious

If all of my office documents and files are created by me, on this computer, how would they get infected? It drives me crazy to wait for the scan every time I open a document, especially one that has been on my computer for years and scanned twenty or thirty times every time I open it...


 o
RE: Avast question

Also basic maintenance will help as well such as Disk CleanUp and Defragging.

Since Corrine is finished working her magic and if you would like, follow the instructions below and I'll take a look at your start ups that can be stopped with HiJackThis.

Click Here to download HJTInstall.exe
In the binary box that pops up click on Save File and
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into your next post.

DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System.


 o
I think I have start ups held down to essentials....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:52:07 PM, on 9/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PCCloneEX\PCCloneEX.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\4.0\AGCoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\LeeAnne Goen\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: agihelper.AGUtils - (0BC6E3FA-78EF-4886-842C-5A1258C4455A) - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - (0bc6e3fa-78ef-4886-842c-5a1258c4455a) - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Common\EpsonReg\Ereg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pacificsolutions.com
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.0\AGCoreService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6882 bytes


 o
RE: Avast question

Hi buyorsell888,

The program installed to the Documents and Settings folder. We need to move that to a permanent folder because if we don't we could lose the back up files if they are needed. We won't but I feel better knowing they are safe and secure.

First, we need to direct your downloads to the desktop so It can install properly.

Click on Tools in the Menu Bar of Firefox.
Click on Options
Then click on General at the top.
Under Downloads click the dial button left to Save files to
Then click on the Browse button and look for Desktop and click.
Click OK then click OK again.

Now to uninstall HiJackThis and get it in the correct folder.

I need you to click on Start > My Computer > Double click on Local Disk (C:) > click on Documents and Settings > LeeAnne Goen > My Documents > Downloads > then Right click on HijackThis.exe and delete. Click Yes

Click X to close that window.

Now let's install it into the programs folder. Here's how:

Click Here to download HJTInstall.msi

Click Save File
Double Click on the HiJackThis.msi icon placed on the desktop.
Click Run
Click Next
Click in the box to the left of where it says I accept the terms in the License Agreement
Click Next
Under where it says: Install HiJackThis to: it should say C:\Program Files\
Click Next
Click Install
Allow it time to install then click Finish

You will now find the icon on your desktop with the little guy in Red holding a magnifying glass.

Double click that icon.

Click on the Main Menu button at center bottom and click on Do a system scan and save a logfile.

Copy and paste the log as you did before in your next post. In the meantime I will be looking at the other log. The log is fine above, I just want to see the new log to confirm it is in the right folder.

Sorry about the delay. Back shortly.


 o
I had no idea how to change downloads from My Downloads to my des

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:02:52 PM, on 9/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PCCloneEX\PCCloneEX.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\4.0\AGCoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: agihelper.AGUtils - "0BC6E3FA-78EF-4886-842C-5A1258C4455A> - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - "06849E9F-C8D7-4D59-B87D-784B7D6BE0B3> - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - "0bc6e3fa-78ef-4886-842c-5a1258c4455a> - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - "3CA2F312-6F6E-4B53-A66E-4E65E497C8C0> - (no file)
O2 - BHO: Groove GFS Browser Helper - "72853161-30C5-4D22-B7F9-0BBC1D38A37E> - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - "8E5E2654-AD2D-48bf-AC2D-D17F00898D06> - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - "DBC80044-A445-435b-BC74-9C25C1C588A9> - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - "E7E6F031-17CE-4C07-BC86-EABFE594F69C> - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - "8E5E2654-AD2D-48bf-AC2D-D17F00898D06> - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Epson scanner Registration.lnk = D:\Common\EpsonReg\Ereg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - "2670000A-7350-4f3c-8081-5663EE0C6C49> - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - "2670000A-7350-4f3c-8081-5663EE0C6C49> - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - "92780B25-18CC-41C8-B9BE-3C9C571A8263> - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - "e2e2dd38-d088-4134-82b7-f2ba38496583> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - "FB5F1910-F110-11d2-BB9E-00C04F795683> - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pacificsolutions.com
O18 - Protocol: grooveLocalGWS - "88FED34C-F0CA-4636-A375-3CB6248B04CD> - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - "438755C2-A8BA-11D1-B96B-00A0C90312E1> - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - "8C7461EF-2B13-11d2-BE35-3078302C2030> - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.0\AGCoreService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6893 bytes


 o
RE: Avast question

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe <---Excellent! You're really fast. Caught me off guard!

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Next:
Best way to do this is to print it out or have another computer available to read as you go.
Please close all browser windows including this one, only have HiJackThis open. This time do System Scan only and place a check mark in front of the following entries.

  • O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - "3CA2F312-6F6E-4B53-A66E-4E65E497C8C0> - (no file)
  • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  • O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~\EEventManager.exe
  • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  • O4 - Startup: Dropbox.lnk = C:\Documents and Settings\LeeAnne Goen\Application Data\Dropbox\bin\Dropbox.exe
  • O4 - Startup: Epson scanner Registration.lnk = D:\Common\EpsonReg\Ereg.exe
  • O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.761\Launcher.exeli

Click Fix Checked.
Close HiJackThis.
Reboot the computer and post a fresh HiJackThis log in your next post.

The above is all I see that can be stopped at startup. Those programs can be started manually when needed and not interfere with your system running smoothly.

Please let me know how everything is running afterwards.


 o
RE: Avast question

Here's a few orphans that need to be tended to also. You can add them to be removed with the entries above.

R3 - URLSearchHook: agihelper.AGUtils - "0BC6E3FA-78EF-4886-842C-5A1258C4455A> - mscoree.dll (file missing)

O2 - BHO: agihelper.AGUtils - "0bc6e3fa-78ef-4886-842c-5a1258c4455a> - mscoree.dll (file missing)

Let me know how it goes.


 o
I left Webshots alone, I like the pretty pictures

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:26 AM, on 9/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PCCloneEX\PCCloneEX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\4.0\AGCoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pacificsolutions.com
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.0\AGCoreService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5604 bytes


 o
RE: Avast question

Good morning buyorsell888,

Great job on those deletions! Did you intentionally leave the following entries?

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe

If not, they are accessible through other means and are unnecessary at startup.

Also the following is not required to startup as well and can be fixed.

O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE

This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.

See --> HERE for more on that if you like.

A few more things:

Do you recognize the following entry? Specifically www.pacificsolutions.com

O14 - IERESET.INF: START_PAGE_URL=http://www.pacificsolutions.com

If you do not recognize the address, then you should also have it fixed. Otherwise leave it be.

For Java Quick Starter. It is running as a Service and is totally unnecessary.

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Here are the Steps to disable Java Quick Starter.

I also wanted to point out something. The entry below shows that Adobe Reader is way out of date! Adobe is vulnerable to infection.

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

You should definitely update it to version 10.1 If I remember correctly Corrine had also addressed this issue.

As a side note: Adobe Reader has been having issues lately. I'd suggest uninstalling it and using FoxIt Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt Reader. It's 'footprint' is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). I believe there are a few things Foxit Reader cannot do compared to Adobe, but I haven't come across them.

If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. I believe it offers the FoxIt Toolbar which is actually the Ask Toolbar in disguise. Choose custom install.

If you'd like, you can download Foxit Reader from here.

The choice is yours.

Here's a basic maintenance program that I have been using for some time now. Run the following steps in the order I have them. Ccleaner and TFC are both cleaners. What one doesn't target at cleaning the other does. Then run Disk Cleanup to reduce the number of unnecessary files on your hard disk and Defrag will perform much better and faster if all the useless files are cleaned up and removed before using it.
1st: Ccleaner: This program you already have I believe.

NOTE:
Ccleaner includes a Registry cleaner, and we advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

2nd: Not sure if you have TFC (Temporary File Cleaner) or not. Download from here if you don't.

Double-click TFC.exe to run it.

TFC will close all programs when run, so make sure you have saved all your work before you begin.

  • Click the Start button to begin the cleaning process.
  • Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
  • Please let TFC run uninterrupted until it is finished.

Don't be alarmed when the desktop disappears, it will reappear upon reboot.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

3rd: Disk CleanUp This will reduce the number of unnecessary files on your hard disk to free up disk space and help your computer run faster.

4th: Defrag: The one included with Windows is fine but I personally like Auslogics Disk Defrag because:

  • It does a more comprehensive job at Defragging
  • It will actually show you what it is doing
  • At the end of working it will show you how much speed you picked up
  • You can view an online log of the files that Auslogics defragged

Please do not run any other Auslogics programs other then this one as they may cause unwanted results.

Let me know how your computer is running. You may see a noticeable difference after the basic maintenance and defrag.


 o
RE: Avast question

Ooops! I just saw that you left webshots intentionally. Not a problem.


 o
RE: Avast question

I left webshots but everything else you listed in the first message should have been fixed. I checked them against the list I printed out.

I updated Adobe using the link Corrine gave me several days ago, no idea why it isn't showing up as updated.

I never use the PC Clone software, I never could figure it out, it never worked as it was supposed to for one touch back up. I use Windows Explorer to back up to the external drive or when uploading photos I upload directly to that drive. I wasn't sure if it would be ok to remove the software completely or if the drive needed it to function? It is a Kingwin external hard drive.

yes, I have CCleaner.

I have no preference for Adobe reader or Foxit reader, if Foxit uses less resources and can read the same files that would be fine by me.

I have Adobe Flash Player 10 Active X and Adobe Flash Player 10 Plug In, do they do the same thing? or do I need both?


 o
I swear I checked the Rundll32 entry and it's back again.....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:37 PM, on 9/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AGI\core\4.0\AGCoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - (8E5E2654-AD2D-48bf-AC2D-D17F00898D06) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - (438755C2-A8BA-11D1-B96B-00A0C90312E1) - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - (8C7461EF-2B13-11d2-BE35-3078302C2030) - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.0\AGCoreService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5434 bytes


 o
RE: Avast question

Boy! That booger doesn't want to stop running does it?

Try booting into Safe Mode and fix that entry. If it doesn't work then leave it be. It is classified as 'user's choice' meaning it is not essential.

The rest looks really good! You did a great job there. Makes it easy when the person I'm helping knows what they are doing.

How's your computer running? Any better? Little faster? Did you go over the basic maintenance tips I provided?


 o
RE: Avast question

I'm sorry, I had some issues come up and wasn't able to get back to this thread. Thank you for all your help.

It is certainly restarting a lot faster. Not sure I'm noticing much speed elsewhere but I've been preoccupied.


 o
RE: Avast question

Hi buyorsell888,

I'm glad to hear that you have noticed a difference at boot time.

There are many causes as to why a computer is slow that go beyond just startups.

Below is a link to just one of the many blog entries by a specialist named miekiemoes. You and others here at the GW may find it very educating so I thought that I would share it.

It is a bit outdated but the same principles do apply.

Here is a link that might be useful: Help! My computer is slow!


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here