May I post a hjt log / Few Problems

May I post a hjt log

I have a few things im unsure of

 

Re: May I post a hjt log

Welcome to MG

Hijack this is not the first step in solving the problems.. this forum has many good tools to use and we have a very good tutitorial and this should be done first prior to posting your HJT log.
Also, in order to help you better we need to know what kind of problems you are having, what your OS (operating system) is.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing ALL of the above if you still have a problem: make sure that you post back letting us know what you could and couldn't complete in the Read Me First guide and what problems still exist and in the meantime please read the following guide and then wait for us to ask you to post your HJT log as an attachment.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread
NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Again after you post back to let us know if you are still having the problems please be as specific as possible as to what you couldn't complete and as to what problems still exist as the more information we have the better we will be able to help you.

Please also be patient in waiting for replies and responses as there are a limited number of people who are able to help you and as you can see by the posts on this forum there are many people out there who have questions/problems. Thanks and again welcome to MG

sw

 

few problems

Here is hjt and startup I tried other required processes and and still having autoupdate and ctx... recurring
anything i shoud delete

 

Re: few problems

Hi Cronkhite,

Your XP is WAAAAY out of date. As soon as you get your machine cleaned up, you must visit Windows Updates and get Updated!!!!



Please look in Add or Remove Programs for the following and Uninstall it if found:

Parallel Tasking

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them if possible:

zliiop.exe
6tomg110.exe

Now scan with HijackThis and Check the Boxes for the following:
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [uF7W3me] 6tomg110.exe
O4 - HKCU\..\Run: [foo6RgK8O] zliiop.exe
Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\System32\zliiop.exe
C:\WINDOWS\System32\6tomg110.exe
C:\Program Files\Parallel Tasking ---> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

PP

 

follow up with new log thanks Phillie Phan

here it is also people on page keeps appearing in spybot

 

here is the hjt log with new version

not sure what gear security is

 

and here is the start up

Duplicate log??

 

Re: follow up with new log thanks Phillie Phan

Thanks Chas

I must be slipping to have missed that!

Cronkhite - Will await fresh log.

EDITP - Never mind . . . I merged your two threads together. Please stay in this one and please attach further logs.

PP

 

Hi cronkhite,

You should Uninstall Messenger Plus! 3 as it puts Malware on your computer!

Also, please relocate HijackThis to a Safer Folder - C:\Program Files\HijackThis

Please look in Add or Remove Programs for the following and Uninstall it:

Messenger Plus! 3

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O15 - Trusted Zone: http://maxebrdi.fnismls.com

O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://maxebrdi.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www2.priv.bareis.xmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} (SystemChecker.CheckerCtrl) - http://maxebrdi.fnismls.com/Paragon/Codebase/SystemChecker.cab
O16 - DPF: {E922EBC9-50D4-4B53-B454-73376453E98D} (LOSActiveX.MainForm) - https://www.xpertonline.net/losactivex/LOSActiveX.CAB
Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:

DELETE this Folder C:\Program Files\Messenger Plus! 3

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

ALSO, you really need to get to Windows Updates and get Updated!!!

Best luck
PP