0

When I'm online my Explorer keep blocking and sometime sending me to a different site, and what's this Syncor.exe every time It start my browser crash. My hard drive is divide into 4 parts with two operating Systems drive F: for the Internet and drive C: for game and so on but not for Internet. here is my hijack this log, can someone please help me with this log.


Logfile of HijackThis v1.99.0
Scan saved at 11:24:56 AM, on 1/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
F:\WINNT\system32\hidserv.exe
F:\WINNT\System32\nvsvc32.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\System32\mspmspsv.exe
F:\WINNT\Explorer.EXE
F:\Programmi\IPM\Adsl\DataWay\dslstat.exe
F:\WINNT\system32\dslagent.exe
F:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
F:\PROGRA~1\Hardware\Mouse\Amoumain.exe
F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\mail.com\mcalert.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
F:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
F:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
F:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Documents and Settings\administrator\Desktop\Virus Logs\Hijackthis\Update

jan 09\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.trafficswarm.com/cgi-bin/swarm.cgi?290311&b62b20d620e6cc507fbc1d58

99d5e6f8
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program

Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} -

F:\WINNT\system32\AlxTB1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

F:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} -

F:\WINNT\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [pccguide.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "F:\Program Files\Trend Micro\PC-cillin

2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] F:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [iKeyWorks] F:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] F:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program

Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Mail.com] F:\Program Files\mail.com\mcalert.exe -auto
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = F:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = F:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -

F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Alexa Web Search -

http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get Alexa Data -

http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... -

http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: Save Forms &[ - file://F:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: See Related Links -

http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... -

http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 -

{724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} -

F:\WINNT\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Alexa Toolbar -

{9D74677A-E227-40fb-9511-F7E92EA4083A} - F:\WINNT\system32\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O12 - Plugin for .spop: F:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -

http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software

Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - F:\Program

Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -

F:\WINNT\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - F:\Program

Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINNT\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - F:\Program

Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - F:\Program

Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by deonnanicole
0

Hi. :) You should post your question in the Spyware/Viruses forum, that is where they deal with these types of issues, and its also the only place a hijackthis log should be posted. If your thread isn't moved there, post a new one there again describing your problem, any fixes you have tried, along with your hijackthis log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.