trafficex.org HELP

Discussion in 'adware, spyware & hijack cleaning' started by swolfe66, May 14, 2004.

Thread Status:
Not open for further replies.
  1. swolfe66

    swolfe66 Registered Member

    Joined:
    May 14, 2004
    Posts:
    2
    Have ran Ad-Aware and Spybot. Both to no avail. My computer is on a network. I didn't know if that would make a difference. Thanks for taking the time to look at this....man this thing is annoying.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:21:50 PM, on 5/14/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    C:\WINNT\mstaskss.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINNT\webshots.scr
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Documents and Settings\stevew.PRMFGCO.001\My Documents\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
    O4 - HKLM\..\Run: [Cons] C:\WINNT\mstaskss.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prmfgco.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prmfgco.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prmfgco.com
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi swolfe66,


    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
    O4 - HKLM\..\Run: [Cons] C:\WINNT\mstaskss.exe

    Then reboot and delete:
    C:\WINNT\system32\pc32.exe bg
    C:\WINNT\mstaskss.exe

    Then download a free trial of TDS3 from here:
    http://tds.diamondcs.com.au/index.php?page=home
    Update as described here:
    http://tds.diamondcs.com.au/index.php?page=update
    When that is ready click System Testing > Full sytem scan

    Let us know the results.

    Regards,

    Pieter
     
  3. swolfe66

    swolfe66 Registered Member

    Joined:
    May 14, 2004
    Posts:
    2
    Awesome fix. I can keep my sanity intact now. Thanks a million.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.