what is my computer doing on start up?

[james76]

The items in the tray of my xp computer load up fine.
(microsoft anti spyware, mcafee, safely remove hardware and my speedtouch modem logo for my internet) 4 things, not alot you would agree?
Anyway wjhen everything starts up i have to wait an extra 2,3,4 mins for it to do something. I can see the light flikering showing that something is loading. some sort of process or something? How can i find out what it is doing and how to stop it doing it on start up? i have a feeling it is my mcafee 2005 version. i read somewhere something about a log file can be made so the computer saves a list of things that it does on start up, how can i access this or makeone?

thanks

james

 

[james76]

I have just read up some stuff about explorer.exe taking up cpu, i have an iexplore.exe what is this,? (in the processes list?)

 

[apj101]

iexplorer - internet explorer

best thing to do it post a HJT log here and we'll see what is loading on start up

 

[james76]

could you please tell me how to do that?

thanks

 

[apj101]

download hijacthis
http://www.majorgeeks.com/download3155.html
do a systems scan and post the log file, if should be clear from the log file what your start up items are

 

[houssam_ballout]

go to start --> run --> msconfig --> startup
and then uncheck the programs that u don't want to load when ur pc startsup, since there are some programs that highly load ur PC and take all the resources/
so try to do my way.

 

[apj101]

true and a good idea, but then he may not know what programs he needs running or not, if he did then he would have done this already

and thats were we come in

 

[james76]

ive done that already houssan. im checking out hijack this thing thanks apj

 

[james76]

ok i have hijack this, what now dude?

 

[james76]

this any use? process list:

Process list saved on 14:06:40, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
580 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
688 C:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation
712 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
756 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
768 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
928 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
980 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
992 c:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe 1.0.0.78 TuneUp Software GmbH
1152 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1276 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1412 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1604 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2180 Microsoft Corporation
1620 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1796 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe 1.0.0.509 Microsoft Corporation
1808 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe 301.0.0.12 THOMSON Telecom Belgium
1844 C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe 9.1.0.6 McAfee, Inc.
1852 C:\PROGRA~1\mcafee.com\agent\mcagent.exe 5.1.0.2 McAfee, Inc
1864 c:\progra~1\mcafee.com\vso\mcvsescn.exe 9.1.0.4 McAfee, Inc.
1892 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe 6.1.0.6 McAfee Inc.
1928 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe 6.1.0.44 McAfee Security
1948 C:\Program Files\Messenger\MsgPlus.exe 3.54.0.132 Patchou
1964 C:\Program Files\iTunes\iTunesHelper.exe 4.7.1.30 Apple Computer, Inc.
1980 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2028 C:\WINDOWS\system32\rundll32.exe 5.1.2600.2180 Microsoft Corporation
192 C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe 6.1.0.44 McAfee Security
340 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
964 C:\WINDOWS\System32\PackethSvc.exe 6.0.0.6 America Online, Inc.
1064 C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE 3.24.10.0 C-Dilla Ltd
1100 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe 2.3.0.0 SEIKO EPSON CORPORATION
1344 c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe 9.1.0.8 McAfee, Inc
1448 C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe 6.1.0.44 McAfee Corporation
1540 C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe 6.1.0.7 McAfee Inc.
1824 C:\WINDOWS\System32\nvsvc32.exe 6.13.10.4104 NVIDIA Corporation
460 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
540 C:\Program Files\Raxco\PerfectDisk\PDSched.exe 7.0.0.34 Raxco Software, Inc.
1164 C:\Program Files\iPod\bin\iPodService.exe 4.8.0.32 Apple Computer, Inc.
2160 c:\PROGRA~1\mcafee.com\vso\mcshield.exe 6.0.0.100
2500 C:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation
3832 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
4084 C:\WINDOWS\System32\wbem\wmiprvse.exe 5.1.2600.2180 Microsoft Corporation
2760 C:\DOCUME~1\Mezza\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

 

[apj101]

bugger me this is a fek lot of stuff running, just quickly i can tell you that
540 C:\Program Files\Raxco\PerfectDisk\PDSched.exe 7.0.0.34 Raxco Software, Inc.
is know to cause problems
and you installed msg plus
1948 C:\Program Files\Messenger\MsgPlus.exe 3.54.0.132 Patchou
which can have adaware issues, are you a instant messenger user.

 

[james76]

yes i'am, i have had debates in the past about msn plus so i may remove that.

the other stuff....

please , what should i do?

 

[apj101]

your showing me a list of current running processors, but not a list of what is running at start up, post a complete Hijackthis log and i'll have a look.

 

[james76]

here i think:

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Mezza\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSKDetectorExe = C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MessengerPlus3 = "C:\Program Files\Messenger\MsgPlus.exe"
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
NVIEW = rundll32.exe nview.dll,nViewLoadHook
MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[Media Speak]
MediaSpeak = C:\Program Files\Microsoft Plus!\Voice Command\MpSpeak.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=MsgPlusLoader.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - (no file) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (MARYPC-Mezza).job
New Task.job

 

[Buzz1927]

Run Hijackthis. Click "Scan and save logfile". Post the log here.

 

[james76]

Logfile of HijackThis v1.99.1
Scan saved at 15:03:35, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Mezza\My Documents\Other\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O1 - Hosts: 208.56.190.43 view.atdmt.com
O1 - Hosts: 208.56.190.43 global.msads.net
O1 - Hosts: 208.56.190.43 ad.doubleclick.net
O1 - Hosts: 208.56.190.43 z1.adserver.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D} - (no file)
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4350/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E28D446-818A-4CC1-8EFD-2C055BE7B34A}: NameServer = 195.92.195.94 195.92.195.95
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

[apj101]

quickly are you using voip or do you recognise the hosts
Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com

 

[james76]

yeh, thats something using my pc as a phone.

 

[james76]

some programe, yes im aware

 

[apj101]

well if those hosts are ok with you then we'll leave them, you log is not too bad, may want to:
run scan and select these, then click fix

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

these are you perfect disk entries (you may remove these if you dont use it)
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

if you want to get rid of msgplus then check these
O20 - AppInit_DLLs: MsgPlusLoader.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe"

you may need to boot to safe mode to complete a lot of these