Need Help!!!! Please!!!!

Discussion in 'adware, spyware & hijack cleaning' started by thatotherguy, Jun 2, 2004.

Thread Status:
Not open for further replies.
  1. thatotherguy

    thatotherguy Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    1
    Hi. I have this spyware or some program that keeps making these popups and prevents me from clicking on my desktop icons. I checked the processes that were running and I think it is called May17_loader.exe. It seems to be the one because I tried deleting it but it comes back after I restart my computer. I also have adware, spy doctor, spybot search and destroy, but they failed to get rid of it completely. I also noticed that I'm able to click on my desktop after restarting the computer, but popups are still created and when I click on windows media player, my desktop freezes again. Thank you for your help!

    Logfile of HijackThis v1.97.7
    Scan saved at 1:35:46 AM, on 6/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Promon.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\Sktempdm.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\WINDOWS\System32\Skdaemon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\WINDOWS\System32\ICO.EXE
    C:\WINDOWS\System32\FSRremoS.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\Pelmiced.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\Adstartup.exe
    C:\WINDOWS\System32\may17_loader.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\BMCENT~1\BMClient.exe
    C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEENHA~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
    O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
    O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
    O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe
    O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\System32\may17_loader.exe" /HideUninstall /HideDir /PC=AM.ALGX
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Startup: Knowledge Machine.lnk = C:\GALTWARE\MACHINE.EXE
    O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: =>&Spanish - http:\\wordreference.com\es\j\iees69.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .uk/~bates/: C:\Program Files\Internet Explorer\PLUGINS\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...r.viewpoint.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7861.7028472222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
     
    thatotherguy, Jun 2, 2004
    #1
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    First, from Add/Remove Programs, uninstall Apropos if listed.

    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

    O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEENHA~1.DLL

    O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe
    O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\System32\may17_loader.exe" /HideUninstall /HideDir /PC=AM.ALGX

    Reboot, and delete

    files
    C:\WINDOWS\System32\Adstartup.exe
    C:\WINDOWS\System32\may17_loader.exe

    These may be hidden files. See HERE for how to show hidden files.

    Please post a followup Hijack this log, and say if your problems persist.
     
    dave38, Jun 2, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...