• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mak1989

HOTXXX Removal Please!

7 posts in this topic

O.k firstly i'm sorry if i wasnts supposed to name this thread HotXXX and apologies for my bad spelling. About 2 - 3 weeks ago i got these pop ups HotXXX and Nasty sex on my comp although iv'e never been on these sites! i also get pop ups when connected to the net saying free pholoyphonic ringtones. im a newbie to the comp and dont know much. i read a couple of threads stating the same problem but the replier said they needed a log.............what does that mean? suddenly today my MY Documents icon shriveled up and changed i need to sought that out as well.................some please help me fast!!! :weep: and please include clear step by step instrucions!!

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

I've done what was asked and this is the lof file that i have recieced please check it quickly and tell me what i need to do..................THANK YOU SO MUCH!

 

Logfile of HijackThis v1.98.0

Scan saved at 18:40:59, on 05/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\resetservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\zswozg.exe

C:\WINDOWS\qservice.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Zaman\My Documents\MAK Documents\Hijack This\HijackThis.exe

 

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll

O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [nmitjbzdr] C:\WINDOWS\System32\zswozg.exe

O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\qservice.exe /i

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B1ACB84-9DE7-4B50-8A81-4D451D825EF9}: NameServer = 195.92.195.95 195.92.195.94

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll

O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll

 

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [nmitjbzdr] C:\WINDOWS\System32\zswozg.exe

O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\qservice.exe /i

O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

 

O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

Reboot and delete

 

files

C:\WINDOWS\System32\automove.exe

C:\WINDOWS\System32\zswozg.exe

C:\WINDOWS\qservice.exe

 

folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

I have done as you asked but I can’t delete C:\WINDOWS\System32\zswozg.exe because it keeps saying that another program maybe using it…………………………… and I can’t find this folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1 but I’ve done all the rest and so far no pop-ups or HotXXX although they might come back (hope they don't) …………….keep you posted if anything comes again. Here’s my log file as you asked…………….and THANKS A LOT! :D

 

Logfile of HijackThis v1.98.0

Scan saved at 18:06:58, on 07/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\srvany.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\resetservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\zswozg.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

F:\Volume[01]\Hijack This\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nzocbchv] C:\WINDOWS\System32\zswozg.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

Share this post


Link to post
Share on other sites

You still need to fix this entry

O4 - HKLM\..\Run: [nzocbchv] C:\WINDOWS\System32\zswozg.exe

Fix it with Hijack this, reboot, and delete the file C:\WINDOWS\System32\zswozg.exe.

 

If you still get an error when deleteing the file, reboot into safe mode, (tap the F8 key as the computer boots, and choose safe mode from the menu,), run Hijack this again and fix the entry, then WITHOUT rebooting, delete the file.

Share this post


Link to post
Share on other sites

yeh i deleted it now....................thers been no popups ot hotxxx now for a couple days......................thanx alot! :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0