trafficex.org HELP

Discussion in 'adware, spyware & hijack cleaning' started by swolfe66, May 14, 2004.

Thread Status:
Not open for further replies.
  1. swolfe66

    swolfe66 Registered Member

    Joined:
    May 14, 2004
    Posts:
    2
    Have ran Ad-Aware and Spybot. Both to no avail. My computer is on a network. I didn't know if that would make a difference. Thanks for taking the time to look at this....man this thing is annoying.

    Logfile of HijackThis v1.97.7
    Scan saved at 4:21:50 PM, on 5/14/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    C:\WINNT\mstaskss.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINNT\webshots.scr
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Documents and Settings\stevew.PRMFGCO.001\My Documents\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
    O4 - HKLM\..\Run: [Cons] C:\WINNT\mstaskss.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prmfgco.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prmfgco.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prmfgco.com
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi swolfe66,


    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
    O4 - HKLM\..\Run: [Cons] C:\WINNT\mstaskss.exe

    Then reboot and delete:
    C:\WINNT\system32\pc32.exe bg
    C:\WINNT\mstaskss.exe

    Then download a free trial of TDS3 from here:
    http://tds.diamondcs.com.au/index.php?page=home
    Update as described here:
    http://tds.diamondcs.com.au/index.php?page=update
    When that is ready click System Testing > Full sytem scan

    Let us know the results.

    Regards,

    Pieter
     
  3. swolfe66

    swolfe66 Registered Member

    Joined:
    May 14, 2004
    Posts:
    2
    Awesome fix. I can keep my sanity intact now. Thanks a million.
     
Thread Status:
Not open for further replies.