Member Avatar for The Master

I've gone through the "Read me" threads on this forum, and I got rid of a virus that seemed to be making my rundll32.exe process take all of my 'CPU' usage.

I don't kno exactly what it was called, but the "Trojan Remover" got rid of it (tried checking the log files but couldn't find the name of what was removed). I also got rid of a bunch of files that I seemed to be 'adware'/'spyware' according to some other program I found on the threads.

Now I want to kno, how do I kno that everything bad is gone? Do I have to post a HiJackThis log? Is that the best way (because obviously Norton Anti-Virus and Ad-Aware wasn't enough) to ensure my computer is clean?

  • 6 Contributors
  • 6 Replies
  • 306 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by Gizmo78

Recommended Answers

All 6 Replies

Member Avatar for Rueful Rogue

Sometimes you won't know you have a bug until it's too late. Usual symptoms include slower operation, unsolicited pop ups that keep coming back, programs acting funny, trying to go to a web site, but ending up somewhere else, and more. The best prevention is to have a good anti-virus software updated on a regular basis (Norton is OK), a personal firewall of some sort, and a couple of other programs such as Spybot S&D, Ad-Aware, and CW Shredder. You'll only need "Hi Jack This" when all else fails, but if you start with a clean computer, the others will keep you clean. Just make sure to regularly update every one of them. Set up a maintenance schedule to suit your time (once a week, twice a month, etc.) and run an update on each program and then use it to sweep your PC HDD's. Dump your cookies, history, and temp files daily if you can. You'll find more on this stuff here:

Member Avatar for jwenting

and to remain free:
- don't use P2P networks
- don't use pirated software
- don't click on any popup ads
- be very careful about banner ads. Only click them if they're from reputable companies.
- get rid of Norton and get a GOOD virus scanner
- run a firewall

Member Avatar for dlh6213

Norton is as good as any of the other antivirus programs.

Go ahead and post a HJT log, that is the best way for us to see what you have.

Member Avatar for The Master

Thanks for all your help. I have a firewall built in (as I am connected through a wireless LAN), so that's taken care of. I haven't got Spybot S&D yet, but I will get it. Here is the log - I hope I have done this right.

Logfile of HijackThis v1.98.2
Scan saved at 6:52:33 PM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger Plus!\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\The Master\My Documents\Documents\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.2.38:8080;gopher=192.168.2.38:8080;http=192.168.2.38:8080;https=192.168.2.38:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!\MsgPlus.exe" /WinStart
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/082bcf2c6a69397ef404/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab


And that's it. Thanks again.

Member Avatar for crunchie

Only one.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/082bcf2...ip/RdxIE601.cab

Member Avatar for Gizmo78

I see that many people here recommend Norton, and I must say that I disagree with that.

One of the Norton processes uses up a lot of your CPU (can't remember what it's called, because I have deleted Norton of my System now, after using it for about a year). I think it was called "ccapp.exe" As a result it doesn't matter how much you try to optimize performance, it will still be slower than it needs to be.

I am trying out Panda internet security now, and PC is running much faster than with Norton. I can't really recommend Panda yet cause I have only been using it for a couple of weeks, but it seems to be a good Antivirus Program. The firewall is also much better in Panda then Norton I think. Norton would often pop up asking me to allow permision to programs that I had allowed allready.

As extra protection I also use:

Malware protection software:

MS Antispyware (beta 1) (formerly "Giant Antispyware")with all realtime protection enabled (Free)

Ad-Aware SE Professional (Not using Ad-watch, because I don't feel the need to)Only scan with it once a week

SpywareBlaster (Free) Everything enabled

Instead of using the option to clean tempfiles and cookies automaticly in IE I prefer doing it manually. If I have that setting on, I bookmark far to many pages. If I notice speed is slowing down or any other unusual performanceproblems, I use CCleaner (free), which I also can highly recommend for optimizing performance (just done't be too triggerhappy, instead, if you are unsure of which settings to use, try reading about what that particular option does before trying them out.

Peerguardian2 (free) Keep it running always, when connected to the internet. I can highly recommend, especially if you use P2P-sharing programs, but also if you are like most people, and feel that the Government and others corporations do not have any business looking through your Personal PC for whatever they likeBe very careful where you download your copy of Peerguardian, because there are people offering you the same program, that won't do what its suppose to !!! The official Peerguardian website is

Peerguardian 2

To optimize performance I use

Wintasks Pro (It has close to all the features your Taskmanager doesn't) I keep it running always, if not the settings you change won't effective

Registry Mechanic (maybe CCleaner does most of the things it can do, but I fell safer using RM for some of those tasks. I use it every 2-3 weeks

CCleaner

You will need a pretty fast CPU to have the same settings as I do, but nothing extraordinary. Mine is a 1700MHz Pentium M with 512 MB RAM and two 40GB Harddisks (Laptop)

Hope this helps out someone :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.