# what is my computer doing on start up?



## james76

The items in the tray of my xp computer load up fine. 
(microsoft anti spyware, mcafee, safely remove hardware and my speedtouch modem logo for my internet) 4 things, not alot you would agree?
Anyway wjhen everything starts up i have to wait an extra 2,3,4 mins for it to do something. I can see the light flikering showing that something is loading. some sort of process or something? How can i find out what it is doing and how to stop it doing it on start up? i have a feeling it is my mcafee 2005 version. i read somewhere something about a log file can be made so the computer saves a list of things that it does on start up, how can i access this or makeone?

thanks

james


----------



## james76

I have just read up some stuff about explorer.exe taking up cpu, i have an iexplore.exe what is this,? (in the processes list?)


----------



## apj101

iexplorer - internet explorer

best thing to do it post a HJT log here and we'll see what is loading on start up


----------



## james76

could you please tell me how to do that?

thanks


----------



## apj101

download hijacthis
http://www.majorgeeks.com/download3155.html
do a systems scan and post the log file, if should be clear from the log file what your start up items are


----------



## houssam_ballout

go to start --> run --> msconfig --> startup
and then uncheck the programs that u don't want to load when ur pc startsup, since there are some programs that highly load ur PC and take all the resources/
so try to do my way.


----------



## apj101

true and a good idea, but then he may not know what programs he needs running or not, if he did then he would have done this already

and thats were we come in


----------



## james76

ive done that already houssan. im checking out hijack this thing thanks apj


----------



## james76

ok i have hijack this, what now dude?


----------



## james76

this any use? process list: 

Process list saved on 14:06:40, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid]	[full path to filename]		[file version]	[company name]
580	C:\WINDOWS\System32\smss.exe		5.1.2600.2180	Microsoft Corporation
688	C:\WINDOWS\system32\csrss.exe		5.1.2600.2180	Microsoft Corporation
712	C:\WINDOWS\system32\winlogon.exe		5.1.2600.2180	Microsoft Corporation
756	C:\WINDOWS\system32\services.exe		5.1.2600.2180	Microsoft Corporation
768	C:\WINDOWS\system32\lsass.exe		5.1.2600.2180	Microsoft Corporation
928	C:\WINDOWS\system32\svchost.exe		5.1.2600.2180	Microsoft Corporation
980	C:\WINDOWS\system32\svchost.exe		5.1.2600.2180	Microsoft Corporation
992	c:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe		1.0.0.78	TuneUp Software GmbH
1152	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1276	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1412	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
1604	C:\WINDOWS\system32\spoolsv.exe		5.1.2600.2180	Microsoft Corporation
1620	C:\WINDOWS\Explorer.EXE		6.0.2900.2180	Microsoft Corporation
1796	C:\Program Files\Microsoft AntiSpyware\gcasServ.exe		1.0.0.509	Microsoft Corporation
1808	C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe		301.0.0.12	THOMSON Telecom Belgium
1844	C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe		9.1.0.6	McAfee, Inc.
1852	C:\PROGRA~1\mcafee.com\agent\mcagent.exe		5.1.0.2	McAfee, Inc
1864	c:\progra~1\mcafee.com\vso\mcvsescn.exe		9.1.0.4	McAfee, Inc.
1892	C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe		6.1.0.6	McAfee Inc.
1928	C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe		6.1.0.44	McAfee Security
1948	C:\Program Files\Messenger\MsgPlus.exe		3.54.0.132	Patchou
1964	C:\Program Files\iTunes\iTunesHelper.exe		4.7.1.30	Apple Computer, Inc.
1980	C:\WINDOWS\system32\ctfmon.exe		5.1.2600.2180	Microsoft Corporation
2028	C:\WINDOWS\system32\rundll32.exe		5.1.2600.2180	Microsoft Corporation
192	C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe		6.1.0.44	McAfee Security
340	C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe		1.0.0.509	Microsoft Corporation
964	C:\WINDOWS\System32\PackethSvc.exe		6.0.0.6	America Online, Inc.
1064	C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE		3.24.10.0	C-Dilla Ltd
1100	C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe		2.3.0.0	SEIKO EPSON CORPORATION
1344	c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe		9.1.0.8	McAfee, Inc
1448	C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe		6.1.0.44	McAfee Corporation
1540	C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe		6.1.0.7	McAfee Inc.
1824	C:\WINDOWS\System32\nvsvc32.exe		6.13.10.4104	NVIDIA Corporation
460	C:\WINDOWS\System32\svchost.exe		5.1.2600.2180	Microsoft Corporation
540	C:\Program Files\Raxco\PerfectDisk\PDSched.exe		7.0.0.34	Raxco Software, Inc.
1164	C:\Program Files\iPod\bin\iPodService.exe		4.8.0.32	Apple Computer, Inc.
2160	c:\PROGRA~1\mcafee.com\vso\mcshield.exe		6.0.0.100	
2500	C:\WINDOWS\System32\alg.exe		5.1.2600.2180	Microsoft Corporation
3832	C:\Program Files\Internet Explorer\iexplore.exe		6.0.2900.2180	Microsoft Corporation
4084	C:\WINDOWS\System32\wbem\wmiprvse.exe		5.1.2600.2180	Microsoft Corporation
2760	C:\DOCUME~1\Mezza\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe		1.99.0.1	Soeperman Enterprises Ltd.


----------



## apj101

bugger me this is a fek lot of stuff running, just quickly i can tell you that
540 C:\Program Files\Raxco\PerfectDisk\PDSched.exe 7.0.0.34 Raxco Software, Inc.
is know to cause problems
and you installed msg plus
1948 C:\Program Files\Messenger\MsgPlus.exe 3.54.0.132 Patchou
which can have adaware issues, are you a instant messenger user.


----------



## james76

yes i'am, i have had debates in the past about msn plus so i may remove that.

the other stuff....

please , what should i do?


----------



## apj101

your showing me a list of current running processors, but not a list of what is running at start up, post a complete Hijackthis log and i'll have a look.


----------



## james76

here i think:

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Mezza\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSKDetectorExe = C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MessengerPlus3 = "C:\Program Files\Messenger\MsgPlus.exe"
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
NVIEW = rundll32.exe nview.dll,nViewLoadHook
MSKAGENTEXE = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[Media Speak]
MediaSpeak = C:\Program Files\Microsoft Plus!\Voice Command\MpSpeak.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=MsgPlusLoader.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - (no file) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (MARYPC-Mezza).job
New Task.job


----------



## Buzz1927

Run Hijackthis. Click "Scan and save logfile". Post the log here.


----------



## james76

Logfile of HijackThis v1.99.1
Scan saved at 15:03:35, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Mezza\My Documents\Other\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer 
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O1 - Hosts: 208.56.190.43 view.atdmt.com
O1 - Hosts: 208.56.190.43 global.msads.net
O1 - Hosts: 208.56.190.43 ad.doubleclick.net
O1 - Hosts: 208.56.190.43 z1.adserver.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D} - (no file)
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4350/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E28D446-818A-4CC1-8EFD-2C055BE7B34A}: NameServer = 195.92.195.94 195.92.195.95
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


----------



## apj101

quickly are you using voip or do you recognise the hosts
 Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com


----------



## james76

yeh, thats something using my pc as a phone.


----------



## james76

some programe, yes im aware


----------



## apj101

well if those hosts are ok with you then we'll leave them, you log is not too bad, may want to:
run scan and select these, then click fix

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

these are you perfect disk entries (you may remove these if you dont use it)
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

if you want to get rid of msgplus then check these
O20 - AppInit_DLLs: MsgPlusLoader.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe"

you may need to boot to safe mode to complete a lot of these


----------



## james76

thats great thanks, should i go in safe mode now before the scan?


----------



## apj101

prob a good idea, since a lot of stuff wont let you delete in normal mode, be sure to print out the post as you may not be able to get online in sfe note unless you start it with networking


----------



## james76

i have just done it in normal mode,
than 1 minute later i had microsoft anti spyware notifying me that ctfmon.exe or whatever you said to fix added itself back to startup. should i just leave it?


----------



## apj101

yeah, it just belong to office, it not critical i just put it in there as a process of elimation. How is you boot time now?


----------



## Buzz1927

You got some spyware here.
O1 - Hosts: 208.56.190.43 view.atdmt.com
O1 - Hosts: 208.56.190.43 global.msads.net
O1 - Hosts: 208.56.190.43 ad.doubleclick.net
O1 - Hosts: 208.56.190.43 z1.adserver.com
Also, we can't see all your startup programs, you need to go to msconfig and check "normal startup".
Follow the steps in Byteman's sticky here, then reboot and post a new log.


----------



## Byteman

Note: Messenger Plus adds the Lop.com spyware (if you select to add 3 party apps during the initial install of MESSenger Plus).


----------



## apj101

Byteman said:
			
		

> Note: Messenger Plus adds the Lop.com spyware (if you select to add 3 party apps during the initial install of MESSenger Plus).



damn straight eluded to that in post 11, just couldn't remeber the name of the spyware


----------



## Buzz1927

Byteman said:
			
		

> Note: Messenger Plus adds the Lop.com spyware (if you select to add 3 party apps during the initial install of MESSenger Plus).


My first thought as well, tho I can't see any sign of it in the log. Wouldn't hurt to search for C2media tho.


----------



## james76

thanks buzz, normal start up:

Logfile of HijackThis v1.99.1
Scan saved at 20:39:59, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer 
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 - Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O1 - Hosts: 208.56.190.43 view.atdmt.com
O1 - Hosts: 208.56.190.43 global.msads.net
O1 - Hosts: 208.56.190.43 ad.doubleclick.net
O1 - Hosts: 208.56.190.43 z1.adserver.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D} - (no file)
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol02
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4350/mcfscan.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


----------



## Buzz1927

It's still showing as restricted, Spybot maybe? Anyhow, I think the problem is down to malware, have you followed the steps in the sticky?


----------



## jbrown456

*Remove That Darn Messenger Plus AND AND AND....LOP.com!!!!!*



			
				Byteman said:
			
		

> Note: Messenger Plus adds the Lop.com spyware (if you select to add 3 party apps during the initial install of MESSenger Plus).



I had messenger plus, it does add lop.com spyware (worst darn spyware i have ever had!), it wasn't wasy to remove (ya, you know, ya can't just uninstall messenger plus and it takes the spyware out for you!). Anyways that made my startup very slow too!

http://www.computerforum.com/showthread.php?p=94810
view hellbreather's comment

http://www.computerforum.com/showthread.php?t=11903&highlight=lop.com
also do you have a toolbar like shown in the thread above in internet explorer?
this also has some info on how to remove lop

http://www.computerforum.com/showthread.php?t=14397
You also may want to try any of this stuff too!


----------



## james76

can i just delete any unwanted stuff in the hijack this log when i scan?


----------



## Buzz1927

Don't delete anything before checking here first.


----------



## james76

so guys what you think? I really dont know mwhy my pc is slow in parts. I have no spyware or viruses or any programs that generate, my pc is fairly new, i have hardly any programs on start up (whats visible in the tray), i run disk degragmenter (certified by microsoft!) i always delete junk files. Maybe its because my music/ media files are so big? but when i think of friends who have tons of stuff on their pc's their start-ups are fine. oh deary me....


----------



## Buzz1927

Post a new Hijackthis log.


----------



## james76

i have posted one on normal start up already, see previous page.


----------



## Buzz1927

Ok, let's see if we can fix it as it is. Run Hijackthis, Check these entries
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
O1 - Hosts: 208.56.190.43 view.atdmt.com
O1 - Hosts: 208.56.190.43 global.msads.net
O1 - Hosts: 208.56.190.43 ad.doubleclick.net
O1 - Hosts: 208.56.190.43 z1.adserver.com
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E61EC6A-5F43-432B-92C1-8A8EE9A7267D} - (no file)
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Hit "Fix Checked". 
Reboot and let us know how things are now.


----------



## james76

can i trust you? im sure i can, your english.


----------



## Buzz1927

james76 said:
			
		

> can i trust you? im sure i can, your english.


Welsh actually, but yes.


----------



## houssam_ballout

I think that the problem has been solved,


----------



## james76

Well i removed that stuff and, well, my start up is still laging  
I think mcafee has something to do with it. The "M" by the clock is read on start up meaning everything is ok, then as things a loading it turns black and indicates it has disabled firewall and spam email (temporarily) than after a while it goes back red again and enables everything back. Any other users noticed this?


----------



## Buzz1927

You could uninstall Mcafee, then reinstall, see if that works (be sure to disable it first, and disconnect your internet connection)


----------



## james76

Hmmmm, im not sure. Is there something on that log that might be slowing me down? What about the programs that i only use occasionly like phoneserve for instance, there semms in the log that its doing something on startup.

Really all i want going is mcafee, speedtouch internet and anti spyware (microsoft). And ofcourse the microsoft stuff.


----------



## Buzz1927

When the red M turns black, press control, alt + delete and see whats running under "processes". That should show you the problem, has it always done this, or just recently?


----------



## james76

its always been doing this i think. Im just running disk degrag so ill have a reboot when its done.

Cheers


----------



## james76

there are a few svchost.exe's, mcshield.exe taking up a bit, MSKdetct and MSKAgent, mpftray and Mcvsshld, mcagent. there all takingup a bit ( 5,000, 7,000) all mcaffee i think.

explorer is like 20,00

maybe i should stop the start up of mcafee things, but let the actuall program start.


----------



## Buzz1927

Mcafee is a resource hog, do you really want to keep it? You can get the same stuff for free thats much lighter. You can't stop Mcafee running on startup, there'd be no point in having it.


----------



## james76

what like AVG?
I want a good one, not bothered about price just need a good one that does it all and does it quietly. Any other suggestions?


----------



## Buzz1927

AVG or Avast for antivirus, with either Zonealarm or Kerio firewall, all free  for homeusers, thats all you need. Get spyware protection as well, tho.


----------



## james76

is there not one that has virus protection and firewall in 1? also i will loose spam killer by mcafee if i uninstall


----------



## Buzz1927

There is, but it's better to have 2 specialized products rather than an all-in-one. The Firefox browser has got a built-in popup blocker, and you can get free anti-spam programs. There's not really any need to pay for anything.


----------



## james76

which do you have>?


----------



## Buzz1927

At the moment I use Avast and Kerio, Firefox browser and Adaware and Spybot for spyware. I haven't got an anti-spam, but I think Mailwasher is the best free one.


----------



## james76

How can i make a log of everything that the computer is doing on startup?

Cheers Buz


----------



## Buzz1927

Go start>run, type "msconfig", hit "startup" it'll list all the programs set to run at startup.


----------



## james76

Ye i know about this, but i duno. my computer never loads everything at once on startup , well it does, than 2 mins later its loadin something.


----------



## dyserq

houssam_ballout said:
			
		

> go to start --> run --> msconfig --> startup
> and then uncheck the programs that u don't want to load when ur pc startsup, since there are some programs that highly load ur PC and take all the resources/
> so try to do my way.



This is extremely useful
I personally disable everything to stop unnecessary programs eating up my CPU


----------



## james76

Yes but then you have to open up the programs you need such as virus protection manually so this takes up same amount of time. 

do you also stop the services aswell?


----------



## Buzz1927

You shouldn't stop your anti-virus from loading at startup, post all the programs listed in startup in msconfig and someone will tell you what's not needed.
Edit: Does this happen every time you startup, or now and then?


----------

