Tech Support Forum - View Single Post - need some help

theJ · 05-28-2005, 04:54 PM

Thanks for your replies.

greyknight17: i uploaded both programs and nothing came up.

blackduck30: i've done what you asked more than once, because i thought i might have messed it up. but the fact is that both wmplayer.exe and the www.neededware.com keep showing up in my HJT, no matter how many times i eliminate them.

Cleanup!, Aw-aware, or Spyblaster fail to pick anything up, both regular and safe mode.

i have been noticing that windows media player automatically starts up when i load windows, even though i take it off the startup using msconfig.
Also, the IEXPLORER.exe keeps coming up, even though im not using any program that requires it. It's not a case of multiple windows, it just seems to be loading by itself.
The tricky thing is that i keep thinking it is fixed because it goes away for awhile, and then some time later i will run HJT and they will have come back - and IEXPLORER.exe starts loading by itself again.
I haven't noticed anything terrible from this happening, it is just very annoying and perplexing.

Thanks for your help, please let me know if there is anything you can do.

I think it would be a waste to post the HJT log because after i fix the problems, it looks like they have been eliminated, and then at a random time later i will run HJT again and they will have come back.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:53:17 PM, on 5/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Documents and Settings\Jeff\Desktop\Anti-Spyware\HJT\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

End of KRC HijackThis Analyzer Log.
====================================================================

The only thing missing from this log is the neededware.com, but that will come back later i suppose.

thanks again,
-j

05-28-2005, 04:54 PM	#11 (permalink)
theJ Registered User Join Date: May 2005 Posts: 8 OS: WINDOWs XP PRO	Thanks for your replies. greyknight17: i uploaded both programs and nothing came up. blackduck30: i've done what you asked more than once, because i thought i might have messed it up. but the fact is that both wmplayer.exe and the www.neededware.com keep showing up in my HJT, no matter how many times i eliminate them. Cleanup!, Aw-aware, or Spyblaster fail to pick anything up, both regular and safe mode. i have been noticing that windows media player automatically starts up when i load windows, even though i take it off the startup using msconfig. Also, the IEXPLORER.exe keeps coming up, even though im not using any program that requires it. It's not a case of multiple windows, it just seems to be loading by itself. The tricky thing is that i keep thinking it is fixed because it goes away for awhile, and then some time later i will run HJT and they will have come back - and IEXPLORER.exe starts loading by itself again. I haven't noticed anything terrible from this happening, it is just very annoying and perplexing. Thanks for your help, please let me know if there is anything you can do. I think it would be a waste to post the HJT log because after i fix the problems, it looks like they have been eliminated, and then at a random time later i will run HJT again and they will have come back. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 6:53:17 PM, on 5/28/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\PROGRA~1\Logitech\iTouch\iTouch.exe C:\Program Files\DU Meter\DUMeter.exe C:\Documents and Settings\Jeff\Desktop\Anti-Spyware\HJT\HijackThis1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/ O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe End of KRC HijackThis Analyzer Log. ==================================================================== The only thing missing from this log is the neededware.com, but that will come back later i suppose. thanks again, -j