Jump to content


Photo

Very Frustrated


  • Please log in to reply
4 replies to this topic

#1 srider

srider

    Member

  • New Member
  • Pip
  • 3 posts

Posted 11 June 2004 - 07:57 PM

I just found this site and I wish I would have found it a long time ago! I have really screwed up my computer I think and I'm scared it will never be right again. I downloaded Hijackthis and ran a scan and I think I deleted some items that I need on the startup menu. Most importantly, my problem still exists, and that is "coolwebsearch" is still in control of my browser. I have followed all the directions in the FAQ and still have the problem every time I reboot. My"systray" is no longer on my start menu so m computer runs very slowly intermittently and is very unstable. How can I get this machine back up to speed? Please help!!!!

#2 Nirvana

Nirvana

    In Bloom

  • Emeritus
  • PipPipPipPipPip
  • 1,614 posts

Posted 11 June 2004 - 11:51 PM

srider welcome. Please follow the instructions and someone will be along soon to help:

Please post a HijackThis log to the forum.

Launch HijackThis, then press Scan, and press Save Log.

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Open that file.
Go to Edit | Select all
Now click Edit | copy to copy it.

Do not change anything just yet.
Come back to the forum, Right Click and paste its contents here.
"Computers are useless. They can only give you answers." Pablo Picasso

Please help to keep the forums alive with a small donation

#3 srider

srider

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 08:19 AM

Logfile of HijackThis v1.97.7
Scan saved at 9:18:36 AM, on 6/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\BELLSOUTH\FASTACCESSCONNECTIONAGENT\FASTACC.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9CC09C24-BC4A-11D8-8E5B-0050417A4970} - C:\WINDOWS\SYSTEM\PJAC.DLL

#4 Swami

Swami

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 12 June 2004 - 08:32 AM

HI
Have Hijack-This fix all these ...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9CC09C24-BC4A-11D8-8E5B-0050417A4970} - C:\WINDOWS\SYSTEM\PJAC.DLL

Reboot into safe mode and delete the file "PJAC.DLL"

You may or may not want to delete this depending on your situation with your ISP ... but it is bigtime spyware...

cfd.exe -
Process File: cfd or cfd.exe
Process Name: Application Client Foundation
Description: Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.
Company: Motive Communications
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes

Edited by Swami, 12 June 2004 - 08:34 AM.


#5 srider

srider

    Member

  • New Member
  • Pip
  • 3 posts

Posted 12 June 2004 - 09:12 AM

Hi Swami,

Thanks for your quick response but how do I reboot into safe mode? I'm relatively computer savvy but this is something I don't know how to do. Please explain how this is done and thanks again for helping.

Srider




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button