[Some random guy]

Hello anyone out there,
When I start my computer up everything is extremley slow so that i dont even bother running anything. When i check task manager Mcshield.exe is using 100 CPU. This wouldnt be a problem but it stays like this for quite some time. Ive tried defragmenting but it didnt help.
What could i do to fix this?

[Advertisements]

Hi Some random guy
It seems you are using McAfee's Internet Security suite. Is this correct?

Try this

• CTRL ALT DEL to bring up task manager.
• Kill the process Mcshield.exe so you can use your computer.
• Uninstall McAfee's Internet Security Suite.
• Reboot and Mcshield shouldn't be running now.
• Reinstall McAfee's Internet Security Suite. Reboot.

Did this fix it?

Some random geek

[StarHawk]

Hi Some random guy
It seems you are using McAfee's Internet Security suite. Is this correct?

Try this

• CTRL ALT DEL to bring up task manager.
• Kill the process Mcshield.exe so you can use your computer.
• Uninstall McAfee's Internet Security Suite.
• Reboot and Mcshield shouldn't be running now.
• Reinstall McAfee's Internet Security Suite. Reboot.

Did this fix it?

Some random geek

[Some random guy]

Thanks for the help but my startup is still screwed up
any other ideas?

[StarHawk]

You may have a spyware infection. I recommend you download Spybot S & D, this program also has a very useful Startup Tool. You can download the program Here

If you don't already have this program, download it, install it and update it's spyware database the first time you use it (It has a big Search for Update button). After you update it click the Check for problems button, and let it scan your system. this may take a while. After it scans your system let it fix any problems it finds.

I probably would reboot now especially if it found alot of problems.

Now to use Spybot S&D to manage the programs that start up when windows boots, start Spybot and click Mode in the main menu bar, be sure Advanced mode is checked. Now click Tools in the left panel and choose System Startup. In the right panel will be a list of programs which start up when windows boots. You can uncheck an item to stop it from starting, or you can delete an item to remove it's startup entry within your systems internal files. Be careful with delete.
As a general rule do not check or uncheck much less delete any entry here unless you are sure you do not need the program. I use Google for anything I don't recognize.

Spybot also has a useful tool built into it called tea timer. Tea timer prevents spyware from installing itself in your system startup. In essence it warns you if an application is trying to add itself to your startup, you can allow or deny such an attempt. To activate this you have to click on Resident under Tools and be sure both Resident SDHelper is checked as wells as Resident Tea Timer. This will add an icon to your system tray but it's a small price to pay for protecting your computer. It seems to use little resources as I use it on low memory systems with no problems.

You may also want to read the advice I gave another member on spyware prevention, see This thread

If your computer truly is a wreck, you should read This If you follow this advice you will be ask to post a Hijack This log here at geeks to go and if you do spyware experts here will help you clean whatever spyware is left on you machine.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[Some random guy]

Thanks for the help
I installed S&D and ound no problems except for the scan stopped near the end saying error checking Z-demon, which i heard is just an error of spybot.
I enabled teatimer and trimmed down my startup but I still startup with 100% CPU usage. 100% of that being used by Mcshield.exe.

[StarHawk]

I suspect a spyware problem. You need to read this and follow every step and post a Hijack this log. Do this and see if that clears the problem up. If you still have problems after your system si cleaned post back here again

Edited by StarHawk, 27 May 2005 - 01:46 PM.

[Some random guy]

Ya i gave it all a shot and got rid of some viruses and spyware, but mcshield.exe still eats all my CPU at startup

anyways heres my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:53:08 AM, on 28/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Owner.ANDREW\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mlrujkavi...bgCjrcjN7Oz.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTUpdate] ctupdclt.exe
O4 - HKCU\..\RunServices: [CTUpdate] ctupdclt.exe
O4 - Startup: Alarm Manager.LNK.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Image Transfer.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...390/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe


Thanks if you know what any of that means lol

[StarHawk]

Hi again Some random guy

I looked thru your Log and I can see several problems. For one McAfee is missing a file and that may be the mcshield problem at startup. But and this is a big but, that is probably the least of your problems. You seem to have a virus, VBS/Yosenio-A among other things. I can see where spybot S&D or some other program tried to fix a few problems, but what you need to do now is

First repost your Hijack this log in the malware section of this forum, Click Here

Second add a link to this thread in your Malware post, you can copy and paste the address from here:

http://www.geekstogo.com/forum/index.php?act=ST&f=3&t=26453

If you do this Malware removal experts will help you remove your problems and hopefully your machine will be running right soon. I've never dealt with this particular problem before and since I'm a Geek U student I can't help you remove it. It's a rule here and a good rule, since the malware removal experts are far better qualified to deal with these kind of problems. I'm going to follow this topic since I'm curious to see how they remove your problems, maybe I'll learn something.
Since Malware removal can be complicated it may take a while. Be patient, but if it takes more than 5 days to get any response there at all, post a topic Here.

Let me know when you post your Malware thread and I'm sorry I can't be of more help.

Edited by StarHawk, 28 May 2005 - 08:28 AM.

[bossmanuk]

I would just like to say, that i also purchased McAfee Internet Security Suite, and it used 100% of my system resources aswell. I tried everything to get it working without using all of my processor speed. I eventually uninstalled it, contacted McAfee, and got my money back. I then downloaded AVG Free, and just used McAfee Firewall
(Which i got free from my ISP).

[Some random guy]

Hey starhawk,
Thanks again for the help
heres the link to where i posted my log since you wanted to follow this.
http://www.geekstogo...showtopic=29723

[StarHawk]

that's very interesting bossmanuk. I saw online other users have the same problem. I wonder how common it is and what causes it. I have never used McAfee Internet Security Suite, but I have uninstalled it on friends machines after they were virus infected, fixed the problem with AVG and installed both AVG and Zone Alarm to replace McAfee. Of course the virus infected computers were infected because of the owners or their children had poor judgement, ie Kazaa or similar dangerous programs or practices.

in random guys case, I thought maybe it was because he seems to be viral infected and the mcshield was working to stop the spread. Don't know, but I certain advise using AVG and ZoneAlarm.

I believe the malware people will clear it up for him, just hope it's not too bad.

[StarHawk]

That's great randon guy thank you. I will keep an eye on it. Wish ya luck.

[Some random guy]

Hey starhawk,
While im waiting for a reply to my hijack this log there was another problem i was having that maybe you could help me out with (probably unrelated). Before i was able to open .avi in windows movie maker but now it doesnt work and says
The file C:\Documents and Settings\Owner.ANDREW\My Documents\My Videos\Shows\chappellesshow01.avi cannot be imported because the codec required to play the file is not installed on your computer. If you have already tried to download and install the codec, close and restart Windows Movie Maker, and then try to import the file again.
This came out of the blue because i had even opened this file before.
Also winamp cannot play .avi video files which might be related.
Thanks in advance for your help.

[StarHawk]

Hi again, random guy

Lot of problems, huh??

Let them fix your spyware first. That might even clear it up.

If that doesn't fix it. I'm going to advise a program I have never used this program before but it is a SourceForge project and I have only the highest respect for most of their programs and for the principles they stand for. So try AVIcodec

AVIcodec v1.2 - Free multimeda files analyser :
Gives detailled information, especially the codecs needed to play the file, and where to download those codecs if they are missing on your system.

Someone else may have better advice, but let us know how it goes. And by the way this is really a second topic you know?

Edited by StarHawk, 30 May 2005 - 11:21 AM.

[Starlight_Guided]

Im having the same problem!!! Ive been told to use another antivirus called "F-Secure" Im trying to fix alot of problems before I download it... you might want to give it a try....

Edited by Starlight_Guided, 17 June 2005 - 08:00 PM.