OK, G, give it your best shot! - Tilted Forum Project Discussion Community

ngdawg · 02-28-2005, 02:56 PM

I have been having a problem with my XP home. seems the cmd prompt window keeps flashing on my screen, but not long enough to catch a glimpse of from where it's coming! The one time it stayed, my computer froze and I had to shut it off completely. I have run: Spybot, Norton, Registry Mechanic and Xoftspy. Many things have been found and deleted, but that damned flashing window remains. It pauses SNOOD and stops me in midtyping-it's like an auto-refresh. At any rate, here's the log from Hijack This.

Logfile of HijackThis v1.98.2
Scan saved at 5:50:30 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\WirelessUSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GTDesktop\Plugins\GTRipple.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Louise\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Wireless USB Adapter] WirelessUSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Wireless USB Adapter] WirelessUSB.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101605468730
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145

God of Thunder · 02-28-2005, 03:36 PM

Quote:

Originally Posted by ngdawg

I have been having a problem with my XP home. seems the cmd prompt window keeps flashing on my screen, but not long enough to catch a glimpse of from where it's coming! The one time it stayed, my computer froze and I had to shut it off completely. I have run: Spybot, Norton, Registry Mechanic and Xoftspy. Many things have been found and deleted, but that damned flashing window remains. It pauses SNOOD and stops me in midtyping-it's like an auto-refresh. At any rate, here's the log from Hijack This.

Logfile of HijackThis v1.98.2
Scan saved at 5:50:30 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

The Real Player and Quicktime references can be removed, but are not causing the problems,

The ones I left from the log above are the ones that concern me. I don't know what they are and look like random file names that are left from spyware programs. Get rid of them and see what happens.

phathom · 02-28-2005, 03:51 PM

I work on computers everyday identifying and removing numerous pieces of spyware, and as per my reccomendations I would remove the following

the
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
is definately going to be a piece of spyware if its not your isp, the
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
concerned me, the nwiz is actually norton's setup program so you can leave that one,
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145

I would also remove any programs such as real, quicktime, winamp, ect, that you use, but can open by yourself, it saves a lot of resources. o and a great preventive messure even though i hate microsoft is ms antispy, get it off their website, its in beta right now, but is rather effective.

vinaur · 03-01-2005, 06:06 AM

I wouldn't be so confident in removing GWMDMMSG.exe It might be necessary for your modem here's some info on the process.

Glory's Sun · 03-01-2005, 09:41 AM

the problem entries have been stated by other users already so I'm not going to repeat them. What I want to know is 1. Why the fuck are you using AOL.. jesus christ.. 2. Why do you have a google toolbar, an aol toolbar and yahoo buttons on your browser?

God of Thunder · 03-01-2005, 10:05 AM

Quote:

Originally Posted by guccilvr

the problem entries have been stated by other users already so I'm not going to repeat them. What I want to know is 1. Why the fuck are you using AOL.. jesus christ.. 2. Why do you have a google toolbar, an aol toolbar and yahoo buttons on your browser?

There's no need to bash someone's choice of ISPs in here. I'm not a fan of it either, but it's ngdawg's personal choice.

I do agree however that running all of the tool bars are a little too much. While they are not causing your original problem, they are taking up memory and slowing your PC down.

The less you have running in memory, the faster your PC will run. In general you can remove a lot of un-needed apps from that list.

Glory's Sun · 03-01-2005, 10:31 AM

Quote:

Originally Posted by God of Thunder

There's no need to bash someone's choice of ISPs in here. I'm not a fan of it either, but it's ngdawg's personal choice.

I do agree however that running all of the tool bars are a little too much. While they are not causing your original problem, they are taking up memory and slowing your PC down.

The less you have running in memory, the faster your PC will run. In general you can remove a lot of un-needed apps from that list.

yeah..but she knows I'm just teasing her.. sorry if it came out harsh.. anyway I agree with the application statements.. toolbars are unnecessary and if you don't need an app or use it very often I say just take it off the computer. It'll help in the long run.

ngdawg · 03-01-2005, 02:12 PM

I ended the processes of a few of those mentioned. I also went into add/remove and removed the multiple toolbars and most of Yahoo, except messenger. Then I went into Start menu, changed preferences there including unchecking run/cmd. No black box flash so far!!
Thanks for the advice, everyone!

God of Thunder · 03-02-2005, 10:10 AM

Glad to help

kurty[B] · 03-02-2005, 10:49 AM

Another thing to check is to go to Run and type msconfig. Go to the startup tab, and uncheck any processes that look fishy, or you don't want to start on Startup. Check liutilities, or google the processes to see if it is something that should be running off of startup.

Another process I'm worried about is the nvsvc32.exe. If it's nvsvc32 there's no big deal, if it's nvsc32.exe you may have a Bropia.A variant virus.

ngdawg · 03-04-2005, 10:28 PM

i found this in liutilities( now called Uniblue) regarding nvsvc32.exe:
nvsvc32 - nvsvc32.exe - Process Information
Process File: nvsvc32 or nvsvc32.exe
Process Name: NVIDIA Driver Helper Service

Description:
nvsvc32.exe is a process that belongs to the NVIDIA graphics card drivers. This process should not be removed to ensure that your graphics card drivers is working properly.

After 4 days without, my little flashing run/cmd box is back. I think I'm getting used to it now.

Church · 03-04-2005, 10:33 PM

ngdawg, here's a site that I frequent a lot. It may help you out some. And btw, nwiz is fine, its just something with Norton.

http://www.answersthatwork.com/Taskl...s/tasklist.htm

I hope this helps!

ngdawg · 03-05-2005, 05:34 PM

Finally, that cmd window got stuck long enough for me to see what it says:

c:docu alluse~1\applic~1symantrec\live-up~1downlo~1\exitem~1.cur\ducin~1.exe

think i need deworming?

Church · 03-05-2005, 06:18 PM

It very well could be a work, but judging by the abbreviated location, I'd say its just norton liveupdate being a pain in the ass. See what happens when you disable liveupdate. Just disable it for a day or two, and see if this stops. If it does stop, that doesn't necessarily mean you aren't infected, but it does mean that it could be using liveupdate to tunnel through your firewall.

02-28-2005, 02:56 PM	#1 (permalink)
ngdawg peekaboo Location: on the back, bitch	OK, G, give it your best shot! I have been having a problem with my XP home. seems the cmd prompt window keeps flashing on my screen, but not long enough to catch a glimpse of from where it's coming! The one time it stayed, my computer froze and I had to shut it off completely. I have run: Spybot, Norton, Registry Mechanic and Xoftspy. Many things have been found and deleted, but that damned flashing window remains. It pauses SNOOD and stops me in midtyping-it's like an auto-refresh. At any rate, here's the log from Hijack This. Logfile of HijackThis v1.98.2 Scan saved at 5:50:30 PM, on 2/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\GWMDMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\WINDOWS\system32\WirelessUSB.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\GTDesktop\Plugins\GTRipple.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOCUME~1\Louise\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [Wireless USB Adapter] WirelessUSB.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [Wireless USB Adapter] WirelessUSB.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101605468730 O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145

02-28-2005, 03:51 PM	#3 (permalink)
phathom Crazy	I work on computers everyday identifying and removing numerous pieces of spyware, and as per my reccomendations I would remove the following the O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray is definately going to be a piece of spyware if its not your isp, the O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe concerned me, the nwiz is actually norton's setup program so you can leave that one, O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145 I would also remove any programs such as real, quicktime, winamp, ect, that you use, but can open by yourself, it saves a lot of resources. o and a great preventive messure even though i hate microsoft is ms antispy, get it off their website, its in beta right now, but is rather effective. __________________ -snooch to the nooch

03-02-2005, 10:10 AM	#9 (permalink)
God of Thunder Talk nerdy to me Location: Flint, MI	Glad to help __________________ I reject your reality, and substitute my own -- Adam Savage

03-04-2005, 10:33 PM	#12 (permalink)
Church Tilted F*ckhead Location: New Jersey	ngdawg, here's a site that I frequent a lot. It may help you out some. And btw, nwiz is fine, its just something with Norton. http://www.answersthatwork.com/Taskl...s/tasklist.htm I hope this helps! __________________ Through counter-intelligence, it should be possible to pinpoint potential trouble makers, and neutralize them.

03-05-2005, 06:18 PM	#14 (permalink)
Church Tilted F*ckhead Location: New Jersey	It very well could be a work, but judging by the abbreviated location, I'd say its just norton liveupdate being a pain in the ass. See what happens when you disable liveupdate. Just disable it for a day or two, and see if this stops. If it does stop, that doesn't necessarily mean you aren't infected, but it does mean that it could be using liveupdate to tunnel through your firewall. __________________ Through counter-intelligence, it should be possible to pinpoint potential trouble makers, and neutralize them.

03-01-2005, 06:06 AM	#4 (permalink)
vinaur Insane	I wouldn't be so confident in removing GWMDMMSG.exe It might be necessary for your modem here's some info on the process.

03-01-2005, 09:41 AM	#5 (permalink)
Glory's Sun Registered User	the problem entries have been stated by other users already so I'm not going to repeat them. What I want to know is 1. Why the fuck are you using AOL.. jesus christ.. 2. Why do you have a google toolbar, an aol toolbar and yahoo buttons on your browser?

03-01-2005, 02:12 PM	#8 (permalink)
ngdawg peekaboo Location: on the back, bitch	I ended the processes of a few of those mentioned. I also went into add/remove and removed the multiple toolbars and most of Yahoo, except messenger. Then I went into Start menu, changed preferences there including unchecking run/cmd. No black box flash so far!! Thanks for the advice, everyone!

03-02-2005, 10:49 AM	#10 (permalink)
kurty[B] Sauce Puppet	Another thing to check is to go to Run and type msconfig. Go to the startup tab, and uncheck any processes that look fishy, or you don't want to start on Startup. Check liutilities, or google the processes to see if it is something that should be running off of startup. Another process I'm worried about is the nvsvc32.exe. If it's nvsvc32 there's no big deal, if it's nvsc32.exe you may have a Bropia.A variant virus.

03-04-2005, 10:28 PM	#11 (permalink)
ngdawg peekaboo Location: on the back, bitch	i found this in liutilities( now called Uniblue) regarding nvsvc32.exe: nvsvc32 - nvsvc32.exe - Process Information Process File: nvsvc32 or nvsvc32.exe Process Name: NVIDIA Driver Helper Service Description: nvsvc32.exe is a process that belongs to the NVIDIA graphics card drivers. This process should not be removed to ensure that your graphics card drivers is working properly. After 4 days without, my little flashing run/cmd box is back. I think I'm getting used to it now.

03-05-2005, 05:34 PM	#13 (permalink)
ngdawg peekaboo Location: on the back, bitch	Finally, that cmd window got stuck long enough for me to see what it says: c:docu alluse~1\applic~1symantrec\live-up~1downlo~1\exitem~1.cur\ducin~1.exe think i need deworming?