Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 02-28-2005, 02:56 PM   #1 (permalink)
peekaboo
 
ngdawg's Avatar
 
Location: on the back, bitch
OK, G, give it your best shot!

I have been having a problem with my XP home. seems the cmd prompt window keeps flashing on my screen, but not long enough to catch a glimpse of from where it's coming! The one time it stayed, my computer froze and I had to shut it off completely. I have run: Spybot, Norton, Registry Mechanic and Xoftspy. Many things have been found and deleted, but that damned flashing window remains. It pauses SNOOD and stops me in midtyping-it's like an auto-refresh. At any rate, here's the log from Hijack This.

Logfile of HijackThis v1.98.2
Scan saved at 5:50:30 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\WirelessUSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GTDesktop\Plugins\GTRipple.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Louise\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Wireless USB Adapter] WirelessUSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Wireless USB Adapter] WirelessUSB.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101605468730
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145
ngdawg is offline  
Old 02-28-2005, 03:36 PM   #2 (permalink)
Talk nerdy to me
 
God of Thunder's Avatar
 
Location: Flint, MI
Quote:
Originally Posted by ngdawg
I have been having a problem with my XP home. seems the cmd prompt window keeps flashing on my screen, but not long enough to catch a glimpse of from where it's coming! The one time it stayed, my computer froze and I had to shut it off completely. I have run: Spybot, Norton, Registry Mechanic and Xoftspy. Many things have been found and deleted, but that damned flashing window remains. It pauses SNOOD and stops me in midtyping-it's like an auto-refresh. At any rate, here's the log from Hijack This.

Logfile of HijackThis v1.98.2
Scan saved at 5:50:30 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
The Real Player and Quicktime references can be removed, but are not causing the problems,

The ones I left from the log above are the ones that concern me. I don't know what they are and look like random file names that are left from spyware programs. Get rid of them and see what happens.
__________________
I reject your reality, and substitute my own

-- Adam Savage
God of Thunder is offline  
Old 02-28-2005, 03:51 PM   #3 (permalink)
Crazy
 
phathom's Avatar
 
I work on computers everyday identifying and removing numerous pieces of spyware, and as per my reccomendations I would remove the following

the
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
is definately going to be a piece of spyware if its not your isp, the
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
concerned me, the nwiz is actually norton's setup program so you can leave that one,
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7841D22-2C36-4774-A857-734112D49524}: NameServer = 205.188.146.145

I would also remove any programs such as real, quicktime, winamp, ect, that you use, but can open by yourself, it saves a lot of resources. o and a great preventive messure even though i hate microsoft is ms antispy, get it off their website, its in beta right now, but is rather effective.
__________________
-snooch to the nooch
phathom is offline  
Old 03-01-2005, 06:06 AM   #4 (permalink)
Insane
 
I wouldn't be so confident in removing GWMDMMSG.exe It might be necessary for your modem here's some info on the process.
vinaur is offline  
Old 03-01-2005, 09:41 AM   #5 (permalink)
Registered User
 
the problem entries have been stated by other users already so I'm not going to repeat them. What I want to know is 1. Why the fuck are you using AOL.. jesus christ.. 2. Why do you have a google toolbar, an aol toolbar and yahoo buttons on your browser?
Glory's Sun is offline  
Old 03-01-2005, 10:05 AM   #6 (permalink)
Talk nerdy to me
 
God of Thunder's Avatar
 
Location: Flint, MI
Quote:
Originally Posted by guccilvr
the problem entries have been stated by other users already so I'm not going to repeat them. What I want to know is 1. Why the fuck are you using AOL.. jesus christ.. 2. Why do you have a google toolbar, an aol toolbar and yahoo buttons on your browser?
There's no need to bash someone's choice of ISPs in here. I'm not a fan of it either, but it's ngdawg's personal choice.

I do agree however that running all of the tool bars are a little too much. While they are not causing your original problem, they are taking up memory and slowing your PC down.

The less you have running in memory, the faster your PC will run. In general you can remove a lot of un-needed apps from that list.
__________________
I reject your reality, and substitute my own

-- Adam Savage
God of Thunder is offline  
Old 03-01-2005, 10:31 AM   #7 (permalink)
Registered User
 
Quote:
Originally Posted by God of Thunder
There's no need to bash someone's choice of ISPs in here. I'm not a fan of it either, but it's ngdawg's personal choice.

I do agree however that running all of the tool bars are a little too much. While they are not causing your original problem, they are taking up memory and slowing your PC down.

The less you have running in memory, the faster your PC will run. In general you can remove a lot of un-needed apps from that list.
yeah..but she knows I'm just teasing her.. sorry if it came out harsh.. anyway I agree with the application statements.. toolbars are unnecessary and if you don't need an app or use it very often I say just take it off the computer. It'll help in the long run.
Glory's Sun is offline  
Old 03-01-2005, 02:12 PM   #8 (permalink)
peekaboo
 
ngdawg's Avatar
 
Location: on the back, bitch
I ended the processes of a few of those mentioned. I also went into add/remove and removed the multiple toolbars and most of Yahoo, except messenger. Then I went into Start menu, changed preferences there including unchecking run/cmd. No black box flash so far!!
Thanks for the advice, everyone!
ngdawg is offline  
Old 03-02-2005, 10:10 AM   #9 (permalink)
Talk nerdy to me
 
God of Thunder's Avatar
 
Location: Flint, MI
Glad to help
__________________
I reject your reality, and substitute my own

-- Adam Savage
God of Thunder is offline  
Old 03-02-2005, 10:49 AM   #10 (permalink)
Sauce Puppet
 
kurty[B]'s Avatar
 
Another thing to check is to go to Run and type msconfig. Go to the startup tab, and uncheck any processes that look fishy, or you don't want to start on Startup. Check liutilities, or google the processes to see if it is something that should be running off of startup.

Another process I'm worried about is the nvsvc32.exe. If it's nvsvc32 there's no big deal, if it's nvsc32.exe you may have a Bropia.A variant virus.
kurty[B] is offline  
Old 03-04-2005, 10:28 PM   #11 (permalink)
peekaboo
 
ngdawg's Avatar
 
Location: on the back, bitch
i found this in liutilities( now called Uniblue) regarding nvsvc32.exe:
nvsvc32 - nvsvc32.exe - Process Information
Process File: nvsvc32 or nvsvc32.exe
Process Name: NVIDIA Driver Helper Service

Description:
nvsvc32.exe is a process that belongs to the NVIDIA graphics card drivers. This process should not be removed to ensure that your graphics card drivers is working properly.

After 4 days without, my little flashing run/cmd box is back. I think I'm getting used to it now.
ngdawg is offline  
Old 03-04-2005, 10:33 PM   #12 (permalink)
Tilted F*ckhead
 
Church's Avatar
 
Location: New Jersey
ngdawg, here's a site that I frequent a lot. It may help you out some. And btw, nwiz is fine, its just something with Norton.

http://www.answersthatwork.com/Taskl...s/tasklist.htm

I hope this helps!
__________________
Through counter-intelligence, it should be possible to pinpoint potential trouble makers, and neutralize them.
Church is offline  
Old 03-05-2005, 05:34 PM   #13 (permalink)
peekaboo
 
ngdawg's Avatar
 
Location: on the back, bitch
Finally, that cmd window got stuck long enough for me to see what it says:

c:docu alluse~1\applic~1symantrec\live-up~1downlo~1\exitem~1.cur\ducin~1.exe

think i need deworming?
ngdawg is offline  
Old 03-05-2005, 06:18 PM   #14 (permalink)
Tilted F*ckhead
 
Church's Avatar
 
Location: New Jersey
It very well could be a work, but judging by the abbreviated location, I'd say its just norton liveupdate being a pain in the ass. See what happens when you disable liveupdate. Just disable it for a day or two, and see if this stops. If it does stop, that doesn't necessarily mean you aren't infected, but it does mean that it could be using liveupdate to tunnel through your firewall.
__________________
Through counter-intelligence, it should be possible to pinpoint potential trouble makers, and neutralize them.
Church is offline  
 

Tags
give, ok, shot


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 10:34 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360