Someone check my hjt results please.

hi, i have had probs with adware or something called teensexbaby which loads web pages. Someone else had the same prob on here and i noticed he sent you his hjt results which helped. i've done all the other scans i think and that may have got rid of it but im not sure.
thanx in advance if anything else needs doing.

 

Are you having any problems now? Let's fix these at least. Do not do this till you get HJT to a safe folder such as C:\program Files\HJT

Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

NOW:
Please look in Task Manager (ctrl-alt-del)and try to END the following running processes, if found:

stinger[1].exe

Now scan with HijackThis and Check the Boxes for the following:

O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
If you don't recognioze these next two lines then delete them, otherwise leave them alone.
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://chat-b3.freeserve.com/Java/cfs31229.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following file if they should remain:

C:\Documents and Settings\Chris!\Local Settings\Temporary Internet Files\Content.IE5\IMZLM8OV\stinger[1].exe (we may delete the IMZLM8OV folder later)

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions.

Good luck

 

Right now you are running HJT directly out of the Program Files folder.
C:\Program Files\HijackThis.exe
You do not want to do this because it will not make backups. Let me know if you don't know how to change it or go ahead and change it, resubmit log before making fix and I will tell you if you did it correctly - if you are not sure

 

Also be sure to close all browsers before fixing with HJT, it is open in you HJT log.
C:\Program Files\Internet Explorer\iexplore.exe

 

i dont understand this bit im afraid. where should i run it from?

 

You placed HJT directly into the Program Files folder. Make a new folder in in Program files and call it HJT and place it in there.

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HJT and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HJT Folder
(C:\Program Files\HJT) and click Next.

Can you do this? Let me know.

 

I see now that you may have had AVERT Singer running while you did your HJT log. Did you? If you did then you placed it in a place that often has malware files. If you were running it I should not have done the two recommendations:

Please put the programs in an appropriate folder to avoid confusion like this.

Look at the Tip in the READ ME FIRST.

TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your C:\ folder and create a right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the tools you will be downloading to this folder and if you prefer, create sub-folders named for each individual utility.

You may have to D/L stinger again if you need to use it.

 

hey man sos. i cant see that stinger thing in my task manager so i dunno what that means? hope its good. ive done a new hjt log properly (i hope)

btw my pc seems ok at the moment by using some of the scans this site has recomended, so thanx a lot! hope the log is ok

 

woop sos here is the log

 

not sure i closed everything when i did the last one so i did it again here.
sos im being a pain.

 

Your HJT is in the right place now. You still have IE open tho.
C:\Program Files\Internet Explorer\iexplore.exe
Make sure that is closed when you do the fix.
I am assuming that you didn't do any of the fixes because they are all still there.

SO let's begin:
Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
If you don't recognioze these next two lines then delete them, otherwise leave them alone.
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://chat-b3.freeserve.com/Java/cfs31229.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions. You should be clean after this and I will give you instructions for preventing malware.

Good luck

 

right "fixed" the two you said to do. kept the freeserve ones, i should think they are harmless. the pc seems gr8 "touch wood".
i use xp and there is another user account on the pc. this may be dim of me but should i log into that one and do anything aswell?

thanx for all your help (and patience)

hope the log is ok.

 

HJT log looks good. If you want to give me a HJT log on the other user that is OK.

You should check this out now: How to Protect yourself from malware!

Once everything seems OK be sure to remember to turn System restore back on.

 

Re: Someone check my hjt results please. other accounts one

everything is still working ok.

here is the log from the account. pretty sure i did it right.
cheers

 

Looks good.
Be sure to protect yourself as mentioned in previous thread. Use Firefox for browser, Spyware Blaster, Ad-Aware, Spybot, software firewall, and upgrade your AV and OS often.

Happy and safe surfing.

 

thanx again. You have been a great help!!