Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

IE crash problems and PC infected suspect

Reply

Join Date: Jan 2005
Posts: 1
Reputation: Jwayne is an unknown quantity at this point 
Solved Threads: 0
Jwayne Jwayne is offline Offline
Newbie Poster

IE crash problems and PC infected suspect

 
0
  #1
Jan 26th, 2005
When I'm online my Explorer keep blocking and sometime sending me to a different site, and what's this Syncor.exe every time It start my browser crash. My hard drive is divide into 4 parts with two operating Systems drive F: for the Internet and drive C: for game and so on but not for Internet. here is my hijack this log, can someone please help me with this log.


Logfile of HijackThis v1.99.0
Scan saved at 11:24:56 AM, on 1/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
F:\WINNT\system32\hidserv.exe
F:\WINNT\System32\nvsvc32.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\Explorer.EXE
F:\Programmi\IPM\Adsl\DataWay\dslstat.exe
F:\WINNT\system32\dslagent.exe
F:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
F:\PROGRA~1\Hardware\Mouse\Amoumain.exe
F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\mail.com\mcalert.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
F:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Documents and Settings\administrator\Desktop\Virus Logs\Hijackthis\Update

jan 09\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.trafficswarm.com/cgi-bin/...e6cc507fbc1d58

99d5e6f8
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program

Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} -

F:\WINNT\system32\AlxTB1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

F:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} -

F:\WINNT\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] F:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [iKeyWorks] F:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] F:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program

Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Mail.com] F:\Program Files\mail.com\mcalert.exe -auto
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = F:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = F:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -

F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Alexa Web Search -

http://client.alexa.com/holiday/scri...ons/search.htm
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get Alexa Data -

http://client.alexa.com/holiday/scri...s/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... -

http://client.alexa.com/holiday/scri...ons/mailto.htm
O8 - Extra context menu item: Save Forms &[ - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: See Related Links -

http://client.alexa.com/holiday/scri...ns/related.htm
O8 - Extra context menu item: Write a Review... -

http://client.alexa.com/holiday/scri...ons/review.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} -

F:\WINNT\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar -

{9D74677A-E227-40fb-9511-F7E92EA4083A} - F:\WINNT\system32\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O12 - Plugin for .spop: F:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -

http://www2.incredimail.com/contents...r/imloader.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software

Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\Program

Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -

F:\WINNT\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - F:\Program

Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINNT\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - F:\Program

Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - F:\Program

Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: IE crash problems and PC infected suspect

 
0
  #2
Jan 26th, 2005
Hi. You should post your question in the Spyware/Viruses forum, that is where they deal with these types of issues, and its also the only place a hijackthis log should be posted. If your thread isn't moved there, post a new one there again describing your problem, any fixes you have tried, along with your hijackthis log.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC