How do I know if I'm clean and secure

System Idle is not a process. It is the time your CPU spends relaxing. Thus having it at 99% is good.

Task Manager will show most of your running process (not always) but it will not show everything the loads at startup. Msconfig will also show some items that load but is also not going to show everything.

If you think you have malware problems, make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

As I said, System Idle Process is not a process. It is just how much idle time your processor actually has remaining. It shows in Task Manager just so that is easy to see how much free CPU time you have left.

I don't know what you mean your server cannot be found. What server are you talking about? Are you saying you are getting a message while trying to surf about a server being unavailable? That could be:
- due your ISP
- due to the site you're trying to connect to
- or it could be due to malware.

I do see some malware and I'll post a fix soon!

 

You appear to be running both Avast and Symantec antivirus programs. You must use only one and uninstall the other as per step 3 in the READ & RUN ME. However it looks like Symantec may be partially uninstalled. Had you previously tried to uninstall it?

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {798A115F-4CDC-085F-69E2-7E5DD1711A21} - C:\WINDOWS\sdkaj32.dll (file missing)
O2 - BHO: Class - {7E138803-B04F-E7FE-F90D-174F78CA6C63} - C:\WINDOWS\appso32.dll (file missing)
O2 - BHO: Class - {89AD1952-81D3-510D-278A-AD565369AC73} - C:\WINDOWS\ntdc.dll (file missing)
O2 - BHO: Class - {9341B059-25B9-C093-AEB4-FF0CB478B147} - C:\WINDOWS\sdkyz.dll (file missing)
O2 - BHO: Class - {954026FA-30BA-49A8-99A7-1546227CFE9F} - C:\WINDOWS\winit.dll (file missing)
O4 - HKLM\..\Run: [ipbi.exe] C:\WINDOWS\system32\ipbi.exe
O4 - HKLM\..\Run: [creu.exe] C:\WINDOWS\system32\creu.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
C:\WINDOWS\sdkaj32.dll
C:\WINDOWS\appso32.dll
C:\WINDOWS\ntdc.dll
C:\WINDOWS\sdkyz.dll
C:\WINDOWS\winit.dll
C:\WINDOWS\system32\ipbi.exe
C:\WINDOWS\system32\creu.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Well let's first try the simple method of fixing the Symantec stuff and if HijackThis complain, we will do the longer method.

Run HijackThis and select the below lines and click fix:

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

Did it work or did it complain?

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Symantec Event Manager (if that is not found use the short name ccEvtMgr ) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.


Now repeat the above for each of the below services (the short name is noted in the ( ):
Symantec Password Validation Service (ccPwdSvc)
Norton AntiVirus Auto Protect Service (navapsvc)
ScriptBlocking Service (SBService)
Symantec Network Drivers Service (SNDSrvc)
SymWMI Service (SymWSC)

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Symantec Event Manager

If the long name is not found, use the short name: ccEvtMgr

Now repeat the above for each of the below services (the short name is noted in the ( ):
Symantec Password Validation Service (ccPwdSvc)
Norton AntiVirus Auto Protect Service (navapsvc)
ScriptBlocking Service (SBService)
Symantec Network Drivers Service (SNDSrvc)
SymWMI Service (SymWSC)


Now exit HJT and reboot. After reboot, verify that all the O23 service lines no longer appear.
How are things working now?

 

You're welcome. Now that you are all cleaned up, work thru the below to help keep you that way:

How to Protect yourself from malware!