[BillHates]

This has been happening since yesterday......If I am online or offline I get a pop-up from my IE program that is addressed to something called mmm-sites.com/toolbar.....It keeps on popping up...I tried getting rid of it with hijack this & spybot s and d......but it still happens......if you can please help me, it would be greatly appericated....thanx in advance!!!!!

 

[Lobos]

hi BillHates

can you run a hjt log maybe someone can see something in there you missed which might cause the problem

 

[mobo]

First please get Spybot S&D to clear out most of the spyware.

Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/

Fix everything SpybotSD labels in red.

Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
__________________

 

[BillHates]

Logfile of HijackThis v1.97.7
Scan saved at 7:39:36 AM, on 4/8/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WIN95\SYSTEM\KERNEL32.DLL
C:\WIN95\SYSTEM\MSGSRV32.EXE
C:\WIN95\SYSTEM\MPREXE.EXE
C:\WIN95\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON~1\SYSTEM\NPROTECT.EXE
C:\WIN95\EXPLORER.EXE
C:\WIN95\RUNDLL32.EXE
C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE
C:\WIN95\SYSTEM\SYSTRAY.EXE
C:\MSINPUT\POINT32.EXE
C:\WIN95\TASKMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WIN95\SYSTEM\A.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WIN95\SYSTEM\SPOOL32.EXE
C:\WIN95\SYSTEM\TAPISRV.EXE
C:\WIN95\SYSTEM\RNAAPP.EXE
C:\WIN95\SYSTEM\DDHELP.EXE
C:\WIN95\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-web-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F1 - win.ini: run=C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\NORTON~1\System\NuLaunch.exe C:\Program Files\NORTON~1\System\NPROTECT.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN95\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN95\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [xpsystem] C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [systray] C:\WIN95\SYSTEM\A.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\NORTON~1\System\NuLaunch.exe C:\Program Files\NORTON~1\System\NPROTECT.EXE
O4 - HKCU\..\Run: [xpsystem] C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Mx0n11n3.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

I always try and get rid of the fast-web-search but it always comes back......just thought i would say that.....

 

[mobo]

Rescan and put a check next to each of these then close all browser windows and click "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-web-search.com/

F1 - win.ini: run=C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O4 - HKCU\..\Run: [xpsystem] C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE

Then reboot into safe mode and delete :
C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE

Reboot and produce a fresh log.

 

[BillHates]

I think that worked.......

Logfile of HijackThis v1.97.7
Scan saved at 8:49:53 AM, on 4/8/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WIN95\SYSTEM\KERNEL32.DLL
C:\WIN95\SYSTEM\MSGSRV32.EXE
C:\WIN95\SYSTEM\MPREXE.EXE
C:\WIN95\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON~1\SYSTEM\NPROTECT.EXE
C:\WIN95\EXPLORER.EXE
C:\WIN95\RUNDLL32.EXE
C:\WIN95\SYSTEM\SYSTRAY.EXE
C:\MSINPUT\POINT32.EXE
C:\WIN95\TASKMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WIN95\SYSTEM\A.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\WIN95\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\NORTON~1\System\NuLaunch.exe C:\Program Files\NORTON~1\System\NPROTECT.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN95\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN95\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [systray] C:\WIN95\SYSTEM\A.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\NORTON~1\System\NuLaunch.exe C:\Program Files\NORTON~1\System\NPROTECT.EXE
O4 - HKCU\..\Run: [xpsystem] C:\WIN95\SYSTEM\SERVICES\SERVICES.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Mx0n11n3.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

 

[mobo]

Run a full system scan http://housecall.trendmicro.com/ and set it to auto clean as well.