100% CPU usage on XP

Reply

Join Date: Oct 2004
Posts: 2
Reputation: Malkiel is an unknown quantity at this point 
Solved Threads: 0
Malkiel Malkiel is offline Offline
Newbie Poster

100% CPU usage on XP

 
0
  #1
Oct 28th, 2004
Hello - I am having a really bad day! I hope someone can help. My computer has been acting strage for a couple of days. I have problems printing and sending and receiving email. My Outlook hangs and doesn't operate normally.

I have a print out of what is going on below. I managed to remove a few things, but it has not helped. When I start my computer both MC_Shield.exe & MSKSrve.exe are the culprits in the CPU usage. When I delete these 2 processes my computer goes back to normal. I am not sure what these two programs are, but I suspect it may have something to do with McAffe. I have the whole McAffe suite running 24/7, with the exception of Spamkiller, which has been disabled for about 6 months.

I hope that I can find out what this is so that I can get back to normal. Wasted a whole day on this until I found out about this site.

Thank you in advance
Jeff

Logfile of HijackThis v1.98.2
Scan saved at 6:34:13 PM, on 10/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Documents and Settings\Jeff\Application Data\urpo.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Jeff\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.iwantsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

"C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: StartBHO Class -

{30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program

Files\rundlg32.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209

sitefinder.verisign.com
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA}

- C:\WINDOWS\System32\mpz300.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -

C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Cbho Object - {A096A159-4E58-45A9-8EE6-B11466851181} -

C:\WINDOWS\msiebho.dll
O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} -

C:\WINDOWS\bs3.dll (file missing)
O2 - BHO: McAfee Privacy Service -

{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program

Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common

Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program

Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up

Stopper\dpps2.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program

Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Free Mp3 Finder]

C:\PROGRA~1\CEQUAL~1\FreeMp3\MP3FIN~1.EXE
O4 - HKLM\..\Run: [MPFTray]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ITAO] C:\WINDOWS\ITAO.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee

Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online]

"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe]

C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program

Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Jeff\Application

Data\urpo.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria

Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Privacy Bar -

{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program

Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

http://support2.charter.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure

Postal Account Registration) -

https://secure.stamps.com/download/u...0_789/sdcregie.

cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -

http://www.silvercrk.com/php/hwsolii...119.7265109248

67141758_4993023.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -

http://www.xxxtoolbar.com/ist/softwa...0006_adult.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

Operating System Class) -

http://download.mcafee.com/molbin/sh...4,0,0,81/mcins

ctl.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} -

http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}

(MediaTicketsInstaller Control) -

http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr

Class) -

http://download.mcafee.com/molbin/sh...,0,0,19/mcgdmg

r.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class)

-

http://www.stamps.com/download/us/ca...r=0.4098815917

96875&file=stamps.cab
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 3,826
Reputation: Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough Catweazle is a jewel in the rough 
Solved Threads: 144
Team Colleague
Catweazle Catweazle is offline Offline
Grandad

Re: 100% CPU usage on XP

 
0
  #2
Oct 28th, 2004
You have a system which is riddled with spyware and other nasties! Please follow the advice contained in this topic:

http://www.daniweb.com/techtalkforums/thread5690.html

and then after you've finished using the various cleanup tools mentioned in the topic, you can generate a new log and post it in our 'Security' forum section, which is the ONLY section where Hijackthis logs are permitted.

Cheers, and welcome.
Need to install Windows again?

Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 2
Reputation: Malkiel is an unknown quantity at this point 
Solved Threads: 0
Malkiel Malkiel is offline Offline
Newbie Poster

Re: 100% CPU usage on XP

 
0
  #3
Oct 28th, 2004
Thank you for the response. I am sorry I put this in the wrong category. I have aluria's spyware eliminator already installed. I had problems in the past using it, but now that I delete the two processes that have been monopolizing my CPU I find that it is working correctly.

I have already found 42 items to delete.

I appreciate you letting me know about the other post. I will sure follow the advice.

Thanks Again,
Jeff
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 41
Reputation: I_Broke_My_Mhz is an unknown quantity at this point 
Solved Threads: 3
I_Broke_My_Mhz I_Broke_My_Mhz is offline Offline
Light Poster

Re: 100% CPU usage on XP

 
0
  #4
Oct 28th, 2004
If it isn't Spybot S&D or adaware, it is garbage. I suggest you use spybot anyway.
Reply With Quote Quick reply to this message  
Join Date: Oct 2004
Posts: 28
Reputation: abbasmj is an unknown quantity at this point 
Solved Threads: 3
abbasmj abbasmj is offline Offline
Light Poster

Re: 100% CPU usage on XP

 
0
  #5
Nov 2nd, 2004
Definitely spyware and also try to run stinger. I was also having the same problem. I ran Stinger and found the Spybot Trojan running in the backgroud. Once I got rid of it. My system was quite stable
Reply With Quote Quick reply to this message  
Join Date: Nov 2004
Posts: 18
Reputation: Packet.22 is an unknown quantity at this point 
Solved Threads: 1
Packet.22 Packet.22 is offline Offline
Newbie Poster

Re: 100% CPU usage on XP

 
0
  #6
Nov 3rd, 2004
One good web site i find is good if you dont know what your computer has in your startup list is: http://sysinfo.org/startuplist.php It is great.
Want to know what is in your startup?
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Windows NT / 2000 / XP Forum


Views: 7057 | Replies: 5
Thread Tools Search this Thread



Tag cloud for Windows NT / 2000 / XP
.net 2010 a.exe address appstore audio auto black blue bluescreen book boot bulletin cellphones collaboration computer computerfreezes crash cursor deployment deployments desktop dns dotnetnuke drive dual eartlink error errors explorer features folder fontmanagers framework gadgets hardware intel interoperability killprocess laptop laptops latitude lcd linux load login mac markshuttleworth memory microsoft minimalizes monitor motionle1600 netbooks novell operatingsystems oracle osx outlook palm partition port printer product proxy remotedesktop replacingraiddrive retail rootkit screen security sharepoint simplifiedchinese sitetositevpn sp3 spyware technology ubuntu uninstall unreadable update usb verizon videodrivers videogames virus vista visual wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC