0

Hello - I am having a really bad day! I hope someone can help. My computer has been acting strage for a couple of days. I have problems printing and sending and receiving email. My Outlook hangs and doesn't operate normally.

I have a print out of what is going on below. I managed to remove a few things, but it has not helped. When I start my computer both MC_Shield.exe & MSKSrve.exe are the culprits in the CPU usage. When I delete these 2 processes my computer goes back to normal. I am not sure what these two programs are, but I suspect it may have something to do with McAffe. I have the whole McAffe suite running 24/7, with the exception of Spamkiller, which has been disabled for about 6 months.

I hope that I can find out what this is so that I can get back to normal. Wasted a whole day on this until I found out about this site.

Thank you in advance
Jeff

Logfile of HijackThis v1.98.2
Scan saved at 6:34:13 PM, on 10/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Documents and Settings\Jeff\Application Data\urpo.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Jeff\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.iwantsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

"C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: StartBHO Class -

{30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program

Files\rundlg32.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209

sitefinder.verisign.com
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA}

- C:\WINDOWS\System32\mpz300.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -

C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Cbho Object - {A096A159-4E58-45A9-8EE6-B11466851181} -

C:\WINDOWS\msiebho.dll
O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} -

C:\WINDOWS\bs3.dll (file missing)
O2 - BHO: McAfee Privacy Service -

{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program

Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan -

{BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common

Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program

Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up

Stopper\dpps2.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program

Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Free Mp3 Finder]

C:\PROGRA~1\CEQUAL~1\FreeMp3\MP3FIN~1.EXE
O4 - HKLM\..\Run: [MPFTray]

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ITAO] C:\WINDOWS\ITAO.exe
O4 - HKLM\..\Run: [MCUpdateExe]

C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE]

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask]

"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee

Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe]

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online]

"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe]

C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program

Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Jeff\Application

Data\urpo.exe
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria

Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Privacy Bar -

{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program

Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.yahoo.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure

Postal Account Registration) -

https://secure.stamps.com/download/us/registration/3_0_0_789/sdcregie.

cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -

http://www.silvercrk.com/php/hwsoliii_scecab_24.247.195.119.7265109248

67141758_4993023.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -

http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com

Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcins

ctl.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} -

http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}

(MediaTicketsInstaller Control) -

http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr

Class) -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmg

r.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class)

-

http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.4098815917

96875&file=stamps.cab

5
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by Packet.22
0

You have a system which is riddled with spyware and other nasties! Please follow the advice contained in this topic:

http://www.daniweb.com/techtalkforums/thread5690.html

and then after you've finished using the various cleanup tools mentioned in the topic, you can generate a new log and post it in our 'Security' forum section, which is the ONLY section where Hijackthis logs are permitted.

Cheers, and welcome.

0

Thank you for the response. I am sorry I put this in the wrong category. I have aluria's spyware eliminator already installed. I had problems in the past using it, but now that I delete the two processes that have been monopolizing my CPU I find that it is working correctly.

I have already found 42 items to delete.

I appreciate you letting me know about the other post. I will sure follow the advice.

Thanks Again,
Jeff

0

Definitely spyware and also try to run stinger. I was also having the same problem. I ran Stinger and found the Spybot Trojan running in the backgroud. Once I got rid of it. My system was quite stable

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.