Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

HiJack This log

(New)
(!)

LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
27-Nov-2004, 01:22 AM #1
HiJack This log
Hi Everyone. My first time posting and I'm not that computer literate so please go easy on me. I discovered today that my Dell computer, Windows XP system, has spyware and adware on it and I've been trying to learn what to do for hours. I downloaded HiJack This and ran it on my machine and, after reading several posts on Tech Support Guy, I'm here to paste the results of the HiJack This log and ask for any kind soul to tell me what to do. But remember, I'm really new at this and don't understand too much of the jargon. Talk to me like the dummy I am. And thanks for any help anyone can give me. Linda

Logfile of HijackThis v1.98.2
Scan saved at 5:11:09 PM, on 11/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\seyez.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\seyez.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\seyez.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\seyez.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\seyez.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {789633A1-F496-8010-8FAA-259360894C00} - C:\WINDOWS\syscd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HZaVX1JZ] C:\documents and settings\woman\local settings\temp\HZaVX1JZ.exe
O4 - HKLM\..\Run: [c1QnHy] C:\documents and settings\woman\local settings\temp\c1QnHy.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\DopwS4t.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\PROGRA~1\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [24ekfr.exe] C:\WINDOWS\System32\24ekfr.exe /k
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Woman\Application Data\eetu.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunOnce: [24ekfr.exe] C:\WINDOWS\System32\24ekfr.exe /k
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
27-Nov-2004, 02:05 AM #2
Hi, You definitely have a problem. Most of the people who can help you with this hijack (Coolwebsearch, About:blank hijacking) are not online at this time of day/nite....if you can, be around starting early Saturday A.M., for the help you will need.
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
27-Nov-2004, 02:11 AM #3
Thanks again, Byteman. You sure get around. OK, I'll try to be here when these people come online. Now I'm really nervous. I get so tense when I have to try to solve one of these problems with my computer, which, until now, have all been minor. The thing is, having someone help me, who really knows their way around a computer, they sometimes forget people like me don't always understand what all the terms mean and also get scared we're doing more harm than good when we're told to delete something or reboot or whatever.
Anyway, thanks again for your time. Sleep well.
Linda
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
27-Nov-2004, 02:17 AM #4
Hi, Good! You will get excellent help here. Wish I was up to working on this now, but I cannot...
Try to keep the computer offline as much as possible, shut it down for tonite, and if you are connected by cable or DSL pull the network cable out and/or switch the modem off for tonite. Turn it back on when you have to use the computer in the AM> if you have another computer handy that can connect it might be better to use that to view replies to you here except for the times you need to download the tools you will have to get.
They all can be burned to CD and installed. Please don't be nervous...
See if there is a friend who can make a CD or two for you with the tools and programs- and if you can, have the friend bring over a good working computer with a CD burner to help. Does that sound doable?

EDIT> the friend's computer will need the same type of connection you have, either a network card to plug your cable or DSL modem to or a telephone modem if you are using dialup to connect...
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
27-Nov-2004, 02:25 AM #5
One last reply to you Byteman and I'll leave you in peace for the rest of the night. And I'll shut down the computer as you suggested. I really want to thank you so much, again, for taking so much time to talk to me. I don't know which "tools" you mean when you mentioned that twice. And "programs" from a friend???? You mean the programs the computer came with in the very beginning? Well, I don't have anyone who could bring another computer over. I guess I should get up early and start copying things I want to save....my photos, mail, music, etc. I see you're quite experienced. For you to be saying I'm in trouble, I must really be in bad shape. I'm gonna shut down for the night and try to come back fresh tomorrow. With someone like me, do you think I'll wind up leaving something bad on my computer? Would it be a better idea to wipe everything out and start over? Guess I better go. Thanks so much. You're so kind.
Linda
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
27-Nov-2004, 02:46 AM #6
Hi- The hijacking you have changes randomly...about every time you start up or restart...so it takes some expertise to make sure that you are fixing the right things, you have to check the replies here often. You will have to get the advice on paper to have handy, as you will be required to stay in Safe Mode for at least part of the total fixing and cannot open Internet Explorer to read the advice here... what I mean by having a friend's computer brought over is so that you can keep the bad one off the Internet as much as possible. That is not a neccessity however, these hijacks are fixed everyday without the infected computers being kept off the Net...so dont worry about that. It might also be harder for you or the friend unless they were experienced with this type of thing...again, dont worry.
The programs (tools to us) you will need are most likely:

AboutBuster

CWShredder

GetServices.zip

and a couple more...depends on the person helping you. Then, you will also need to get AdAware and SpyBot. Also, you will have to patch the system to prevent being reinfected, a tricky thing to do in your situation...
Can be done, it might take some time, I would plan on a few hours minimum. Reinstalling everything takes only minutes compared to that.
Saving your important files can be done but do pull the Internet cable out..you don't need that except for important saved emails. Send those emails back to yourself, they should be kept online for days and you can get them back that way. Saves time putting them on disks... you can email yourself about anything, pics, docs, but only of course up to certain size files.
As long as the computer starts up, you can rescue the files you need by putting them on floppy disks or CDs etc. Since you have XP, I believe your CD drive works while in Safe Mode...I have worked on one XP machine that had use of CD drive in Safe Mode, in other operating systems the drive does not work in SM so that's a plus.

As long as you are able to get to the sites to get downloads of the tools you should have no problem... usually, the hijack is a big pain letting you get around. We will see.

You will need the Dell software discs that came with the computer if you do decide it would be less hassle to wipe everything and reinstall with tech support's help. There is no other option> only a total reinstall will work. XP does have a repair install but that will not remove the bad stuff.
Your antivirus program may pop up some alerts but will probably not be able to deal with the adware-type of problems you have...
Only a combination of using Hijackthis and the other programs you will be advised to download can fix these problems... Ok, good night, I should be around tomorrow morning and hope to see you getting helped.
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
27-Nov-2004, 04:39 PM #7
Hi Again Byteman. I just wrote a reply to you and lost it when I found out I wasn't logged on. At the time, I wrote that I missed you online by half an hour. That was an hour ago!! Anyway, what I said was that I got your last email and I'd been on earlier, trying to save my mail and files. Before I knew it, hours had passed. What happened was, I saved my mail to a disk and decided to check and see if they were saved. When I opened one of the emails, I saw that simple words and phrases here and there, like "family trip" were suddenly highlighted and when I put my cursor over them, it showed that they were now links to travel sites or whatever the word could be linked to. Like "dating" now linked to a dating site also. I went back and cut and pasted my emails to new emails to myself and put dashes or * in the middle of highlighted words to make them stop being links. I did that cause I was afraid that if I managed to fix my computer and put these disks in and read my mail, I might be hijacked again. Is that possible? Even if I don't click on the now highlighted words? I didn't even get to go over every email and do this because it was getting too time comsuming. Thought I'd ask first before I went crazy.
Also, I read what you said about XP service pack 1 and my computer didn't come with it. I'll call Dell and ask about it. And I got out the box with all the disks that came with my computer and found one labelled "tools" and know that's what you meant also last night. See how much trouble I'm in?
So, seeing what any helpful soul has to work with, trying to help me, do you think I'm just better off trying to wipe everything out and having a Dell Tech walk me through starting everything over? Better yet, if I can scrape the money together, does Dell and other computer companies just sell modems that I can start fresh with?
One way or another, it's gonna take me longer than I thought. I'll need a couple of days to get the programs and save things. I'm afraid to get the AdAware online. If I'm infected with spyware, I don't want to be giving my credit card number online.
Thanks for giving me so much of your time. I sat and thought about that last night. What patience you must have to come to a site like this and try to help people. Especially with something so complicated where most help has to be given in a step by step manor. Bless you.
Linda
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
27-Nov-2004, 06:18 PM #8
Hi, ALL of the small programs, tools as we call them...are totally free.

There is no need for you to pay anything, however the Deluxe version of AdAware you see at Lavasoft has some extra features that you might like...or perhaps not use. The personal edition is very good, and free...perhaps you missed the spot to get SE personal edition:
At the majorgeeks.com website, under Spyware Tools> in the list you will find "AdAware SE personal edition" that is it.

No- the tools I am talking about are ones you have to download from a few sites online> they did not come with your computer.

To email yourself saved emails, simply run your email program....find the emails you wish to keep, and send them to your email address...or forward them to yourself. I would say yes, they possibly could be infected but your ISP may filter attachments, which viruses create and you do not send or see...so they should not be there when you re-get your email.


What did come with your machine is what you probably will have to reinstall> there is usually a main Restore CD or two that reinstalls Windows, then there may be some other drivers to reinstall but with XP, it is a question that I cannot answer...they will have to tell you (make sure they realize you have not done this before) I do not know if Dell can walk you through a full install, and they will not surely for all your extra programs...only what came loaded on the computer. There may be a period where you cannot get online, depending on how well Dell and you do... you may have to reinstall the ISP software if there is any.... or get the cable modem or DSL modem connected to Internet Explorer....that is not too hard but be sure you ask them how to do it.
Your ISP may be able to help you over the phone with that.


You should call them and find out... I would tell them you are hopelessly infected with Coolwebsearch, an about:blank hijack and other trojans and need to wipe the hard drive and reinstall Windows...

There is a good chance you will be able to remove the spyware with some of our assistance, many people do just that- I hate to see you have to do that just yet.

It will take some time yes- but I do see the people around today that can work with what problems you have, and if I ask some, you will get that help today or when you can be there to do the fixing---so, think things over and let us know what is your preference- try to fix things or call Dell, OK?

Last edited by Byteman; 27-Nov-2004 at 06:27 PM..
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
28-Nov-2004, 01:40 AM #9
I've downloaded and installed AdAware on my computer. Did a scan and there were 495 things picked up!!!! Will wait till you tell me what to do. I tried to cut and paste the log but I can't seem to do it. If you want, I'll copy everything and type it. Lots of things are written over and over. Like Ezula, CoolWebsearch, memorywatcher, etc. I've just now read and see that there's a way to copy the log. Damn! Too much reading when a person is in a panic.
If you think we could try it, I'd like to give working with you guys a go. As it is, I'm already thinking I'll mess up and have to wipe it clean so what have I got to lose, right?
I sit here and still can't believe there's so many people willing to help like this. If there's anything I can do for you here in the city (oops, I mean the 5 boroughs of NYC. I see you're from New York too. An upstater. Let me know. I'm not to swift with the computers but I'm a pretty good gopher / go-for) Or, I'm pretty good at searching for stuff online, which is probably how I got in so much trouble in the first place. But, I could repay the time you or anyone else is spending to help me by searching online for things you might be trying to find but don't have the time cause you're helping people like me.
Anyway, I can print out directions from whoever tries to guide me through this, on my daughter's computer in the basement apartment. She says she uses AdAware and then just checks on the boxes to delete whatever it finds but I told her that I was told not to do anything till I get everything I needed to fix my problem and I also read that putting something in quarantine might affect something else on my machine. So......I left everything there, aside from one little "Bargain" thing (she said it was an obvious ad/spyware thing and that I wouldn't lose anything working on my computer) that she jumped the gun and isolated before I had a heart attack and screamed, "No, DON'T!!"
I realise you might work during the week so I can come online whenever it's convenient for whoever might be around to help me through this. Or.....I can just follow directions and keep coming back to say how things went. Either way, I'd like to say thank you again for the time and help. Whether I manage to follow it correctly and get myself out of this mess or not. I still thank you for trying.
Linda
Oh, one other thing. I don't have cable or dsl. I have the dial up connection to the phone line. And I downloaded Spyblocs. I just read you wanted me to get SpyBot. Should I delete Spyblocs and get the other one? What else should I go hunting for to download on my machine before I get started?
To make matters even BETTER, I just got the pop up from my antivirus saying my subscription is up on Dec 8th and I don't want to start messing with them online and give my credit card number while I'm so infested with all this spyware. When it rains, it pours, huh?
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
28-Nov-2004, 02:37 AM #10
Hi Linda Good to see you are surviving. I have to tell you that Spyblocs is a bad program, it produces false positives as an incentive for you to pay for the program which does not do a good job to say the least, please uninstall it now.

here is some info about it, you have to scroll down to the "S" section...they are in alphabetical order...
http://www.spywarewarrior.com/rogue_anti-spyware.htm

There are many fake, bad spyware removal programs around, so you can save this site as a Favorite to refer to in the future.

There is no need for you to post any log from AdAware, it only shows you things that should be removed...BUT--- you are not supposed to run AdAware to remove anything just yet! The hijack you have is dealt with using some other specific programs... Please read this entire post before you do anything else...download the two things posted and use them as instructed. (you can salute now I'm done "barking" orders

First- go from Start button, open the Control Panel, then open Add/Remove Programs and run the uninstallers for:

SpyBloc

Bullseye Network

eZula

WebOffers or similar...


Now, see if you can download this remover: to your desktop is fine.

http://www.spyware911.net/downloads/PeperFix.exe

You need to be connected to the Internet when you run that file...just be signed on to your ISP, have one Internet Explorer window open...double click that file on your desktop and it will run but not show anything usually...it just closes and that is normal. Then sign off your ISP, restart the computer, come back online and run the Peper fix again...and again sign off and restart.


That file is the Peper trojan remover-- that trojan is not the worst problem you have and it will require some other fixing with Hijackthis later on.

Also , see if you can get this downloaded and then, follow the instructions to post the log it makes into a reply. You want to be signed off the Net when using this one...

Quote:
Originally Posted by flrman1


Click here to download ServiceFilter.zip and unzip it to your desktop. Open the ServiceFilter folder and doubleclick on the ServiceFilter.vbs file to run it.

If your antivirus has a script blocker, you will get a warning asking if you want to allow ServiceFilter.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

When the script is finished it will open a wordpad document called POST_THIS.TXT. The script may not be able to access wordpad. If this happens, you will see a message box telling you so and you can doubleclick the POST_THIS.TXT to open it in notepad.
Copy and Paste the contents of POST_THIS.TXT in a reply to this thread

When you reply, post a new Hijackthis log AND the log from the ServiceFilter tool in the same posting. We use the Filter log to spot the service that is running that we have to shut down before continuing...and we use some other tools to do that...we will post the steps for each as we go along. It is critical that you post new Hijackthis logs when asked to, as this hijack can change over a little time so we need to be sure we are telling you the correct things to fix. Good work so far! Remember, please do not run AdAware to remove anything just yet. Do run the Peper remover twice...reboot in between after signing off your ISP....run it again.

Run the ServiceFilter tool and etc...post its log and the new HJT log when you can. Turn the computer completely off for the night when you are done. No need to stay up all night- it's late.
I grew up on East 12th St in Manhattan....Little Italy. Been upstate since 1959...my mother's family ran an Italian grocery and bakery in the city...I also lived in Brooklyn several years... The apartment building we lived in on E. 12th St (a real dump back in the 50's) was the one later bought and lived in by Abbie Hoffman...don't know if you are old enough to recognize the name or not...
I will be here in the morning- good luck and get some rest!
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
28-Nov-2004, 10:36 AM #11
Just one tiny question before I begin. I'm supposed to do all of this in safe mode, right? Every step of the way while I'm in the online parts, even when I download that spyware911?
I have the instructions for how to get to safe mode. Remember who you're dealing with here. It'll take me time to do these things. I'll have to read, step by step, how to put it in safe mode, then do the other instructions. You can go change the oil in your car, take a trip, etc. and come back when you're done.
Linda
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
28-Nov-2004, 10:43 AM #12
Sorry, one other thing. In the instructions to download ServiceFilter.zip, it says to download it and unzip it to my desktop. Does that mean it first gets downloaded to my downloads section and then placed there on the desktop? What does it mean to "unzip" it to my desktop. I'm sorry. I know these questions must sound stupid to you but I want to make sure I'm doing all of this correctly and the way those instructions are worded, it sounds as though it's not just a simple "open the file" type of instruction.
Linda
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
28-Nov-2004, 12:50 PM #13
Hi, You are using Windows XP which unzips files when you click that type of file....usually, a .zip file extension (the .3lettersafter bit). I am not sure just what you will see when you do this with winXP---should be similar though! You WILL first find the downloaded file wherever you had the file downloaded TO...My Document, etc....the default location is the temp folder but you can tell it where to send it, such as the desktop> where it might be easier to find...when you click SAVE when you see the grey file download box come up...change the download TO location to the desktop...if you just cannot do that, make a note of where the file is going before clicking OK....
Then you will have to open WINDOWS Explorer found from All Programs>Accessories and find the folder it went to, then on your right the file to double click on to unzip it and have the contained files sent to the desktop....

You then type a location to put the files contained in the .zip file---or there may be a browse button there that will allow you to go down a list of folders etc to click to tell it where you want the file(s) to be unzipped TO, the desktop is fine...the tool's executable or .exe file will be showing on your desktop screen then or should be....which is the one you are to click on to run and which creates the log we need you to save and post in your reply, along with a new Hijackthis log.

You will NOT be in Safe Mode when you do this:::

When you get the files unzipped to the desktop, you will see the Servicefilter FOLDER--double click on that to find the Servicefilter.vbs file which you are to double click to run--follow the directions in the quote box by flrman1 from then on. You may get a prompt from your antivirus program, as .vbs extensions are used sometimes by viruses...just tell it to allow the script as per the directions... then you should see the POST_THIS.TXT file open in WordPad or you can double click it to open in Notepad...the contents of the text is what you are to save and post in a reply along with a new HJT log. Simpler than it sounds- just try.
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
28-Nov-2004, 01:52 PM #14
Awww, I'm in trouble already. I had it downloaded to my desktop. When I read your post, I moved it to MY Documents. I clicked on it like you said but you lost me after that. When I clicked on it, I see 4 icons. 1st one is a folder that says "Data", 2nd one is what looks like a notepad that says "INSTRUCTIONS" under it. 3rd one is another notepad looking thing that says "License" and the last thing is what looks like a picture of a big sheet of paper with the top right corner bent. On this picture of the sheet of paper is a bluish scrolled paper. Under that picture is the word ServiceFilter.
I'm supposed to click on one of these and there'll be a gray drop down box asking where I want it saved to???? And then I send it to the desktop?
Also, I put my machine in safe mode and went to the control panel and opened Add/Remove programs link. I successfully removed MemoryWatcher. With Shopping Wizard, a little pop up screen came up and said "Problem with Shortcut. Unable to open Http://looking-for-.cc/uninstall/shoppingwizard.htm
With SpyBlocs, I got a box that said "The following file does not exist or is not a valid installation log file C:/ProgramFiles/SpyBlocs/uninstall.log
Ezula is in my Program Files (wasn't in the list of Add/Remove programs) So is another file folder saying MemoryWatcher. This Program Files I'm talking about is the one you get to when you click on "Local Disk (C)". I noticed some of these say they were created on a day that I KNOW I wasn't here.
OK, next, I tried signing on to aol in safe mode and it made 45 rapid fire attempts to sign on and told me the comunnication port is invalid or busy (02-01019). So I went back to this normal mode and saw your post. I was gonna try to do the rest of what you told me, in normal mode.
Should I continue in normal mode? What about that Service filter thing? So many words to get to 2 questions, right? If you need to go, I understand.
Linda
LindaNY's Avatar
LindaNY LindaNY is offline
Member with 48 posts.
THREAD STARTER
 
Join Date: Nov 2004
Experience: Computer Illiterate
28-Nov-2004, 02:00 PM #15
I've just accidentally clicked on the one with the blue scroll and it tried to run. I stopped it and moved it to my desktop. If you tell me to go ahead in normal mode, I'll do the Peperfix bit and the servicefilter, then a new HiJack This log and will post both logs, if I don't mess that up royally. Just waiting for the go-ahead to proceed in normal mode. (Can't sign on in safe mode for some reason)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑