Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1586
  • Last Modified:

Could it be a Trojan Horse that is slowing down the PC and re-direct to other websites?

My computer is quite slow and I would really like your help on trying to find out why it is so...I also receive lot of pop-up ads and sometimes the when I search for a particular page on Google or other search engines the URL automatically changes to "c\:documents\....<the actual URL I typed>" on the address bar or sometimes redirects to another search page which I do not wish to go to. This only happens occasionally and if I sometimes re-start my computer or end some of the suspicious processes that are running by ending it from the task manager it again works perfectly. I have noticed the processes "devldr32.exe" and  "Notifyphonebook" process in my taskmanager, which looked suspicious..I would really like to what is happening coz I am suspicious that a Trojan horse or some other software might be running on the background as I am connected via ADSL.
I read one of the articles(solutions) provided to a similar case and noticed that one of your Experts has asked to rum HijackThis and to let know what is contained in the log file. Therefore I did that and will be including that log also in this...pls let me know how to resolve this..Thank you.  Pooh,

=================================
Logfile of HijackThis v1.97.7
Scan saved at 7:39:41 PM, on 11/26/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\windows\temp\adware\fsg_4104.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\devldr32.exe
C:\DOCUME~1\Piyumika\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5d0633ff-c051-46ab-9366-6d7f90a58af5} - C:\DOCUME~1\Piyumika\APPLIC~1\jgrstbvsx.dll
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c0e9f786-fddb-4886-bc65-af25cb56a9e6} - C:\DOCUME~1\pc\APPLIC~1\jgrstbvsth.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: lmfflylfrsf - {e086dee5-0e29-41dc-9648-93a11f1ce54c} - C:\DOCUME~1\Piyumika\APPLIC~1\jgrstbvsx.dll
O3 - Toolbar: lmfflylfrsf - {e3aad2eb-c160-4fa5-8af7-2e85cbc8e98a} - C:\DOCUME~1\pc\APPLIC~1\jgrstbvsth.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [43239992.exe] C:\WINDOWS\System32\43239992.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [P2P Networking3] C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe /AUTOSTART
O4 - HKLM\..\Run: [Hacker Eliminator] C:\Program Files\Hacker Eliminator\HackerEliminator.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.mota.ru
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C553C37D-9EFA-4E75-9C96-C55F7E11E075}: NameServer = 203.115.0.1

==================================


0
Ppooh
Asked:
Ppooh
  • 3
  • 2
  • 2
1 Solution
 
sirbountyCommented:
For starters - get rid of Myway. . .
Run adaware...http://www.webattack.com/download/dladaware.shtml
0
 
sirbountyCommented:
Also - try disabling (temporarily) Norton's auto-protect (right-click from the tray icon).
I've seen this service cause probelms similar to this...
0
 
CrazyOneCommented:
Thise can be gotten rid of

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: lmfflylfrsf - {e086dee5-0e29-41dc-9648-93a11f1ce54c} - C:\DOCUME~1\Piyumika\APPLIC~1\jgrstbvsx.dll
O3 - Toolbar: lmfflylfrsf - {e3aad2eb-c160-4fa5-8af7-2e85cbc8e98a} - C:\DOCUME~1\pc\APPLIC~1\jgrstbvsth.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
sunray_2003Commented:
Check this


Computer slows down as Norton AntiVirus Auto-Protect CPU utilization reaches 95% or higher

http://service1.symantec.com/SUPPORT/nav.nsf/b69c799adfa31ecc85256aa30052f4d0/f0c69fcb50e2eeaa85256b180068dbf5?OpenDocument&src=bar_sch_nam

Sunray
0
 
sunray_2003Commented:
0
 
CrazyOneCommented:
Double Check for viruses
Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
 
Note: Scan for Viruses does not scan compressed files"
======================
 Trend Micro HouseCall        
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp
0
 
CrazyOneCommented:
Fast Boot / Fast Resume Design
Customer research shows a frequently requested feature that users want from their PCs is fast system startup, whether from cold boot or when resuming from standby or hibernation. The Windows development team at Microsoft has taken bold steps in making fast startup PCs a reality with the Microsoft Windows XP operating system.

http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/default.mspx
Download here
Thanks to Expert sramesh2k for having it on his site.
http://www.mvps.org/sramesh2k/utils/BootVis.exe 

Correcting System Hang at Startup
http://www.windowsxpatoz.com/cgi-bin/performance/index.cgi?answer=1036282950&id=1036282433

If your system hangs about 2 or 3 minutes at startup, where you can't access the Start button or the Taskbar, it may be due to one specific service (Background Intelligent Transfer) running in the background. Microsoft put out a patch for this but it didn't work for me. Here's what you do:

1. Click on Start/Run, type 'msconfig', then click 'OK'.
2. Go to the 'Services' tab, find the 'Background Intelligent Transfer' service, disable
3. Next go to the Startup tab and remove programs that you don't want to have launch as startup apply the changes & reboot.


Open the Windows Explorer and go to c:\WINDOWS\Prefetch folder.
Click the Edit menu
click the Select All command. This should highlight all the files in the folder.
Hit the DELETE key
Restart your computer.

I would strongly suggest using the following link to learn which Services can be disabled and why and to learn what each Service does.
Service Configurations (Which Ones to Disable)
http://www.blkviper.com/WinXP/servicecfg.htm

To set the Services listed in the above link

Start > Run services.msc
Double Click on the service
In the box labeled Startup Type select Disable
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now