a new variant of the res://C:WINNT\system32\shdoclc.dll/navcancl.htm hijack

[freeone0]

Hi ,
Can someone help me with this one to delete it , please ?
This is the name of my one res://C:\WINNT\System32\shdoclc.dll/navcancl.htm#C:\WINNT\Web\desktop.html .
Here is my log file . Thanks in advanced .


Logfile of HijackThis v1.99.1
Scan saved at 23:17:14, on 15/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\internat.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.zapros.com/find.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7C04278-0031-4F57-B243-D7F93B55C711}: NameServer = 193.74.208.65 193.121.171.135
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Process list saved on 23:18:52, on 15/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\WINNT\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\WINNT\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\WINNT\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\WINNT\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
436 C:\WINNT\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
488 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
512 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
548 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
580 C:\WINNT\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
604 C:\WINNT\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
312 C:\WINNT\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
696 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
832 C:\WINNT\Explorer.exe 5.0.2920.0 Microsoft Corporation
848 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
860 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
1028 C:\WINNT\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1056 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1092 C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe 1.0.0.1 CyberLink
1100 C:\Program Files\Winamp\Winampa.exe
1124 C:\WINNT\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
1140 C:\WINNT\SOUNDMAN.EXE 5.0.0.5 Avance Logic, Inc.
1148 C:\WINNT\System32\internat.exe 5.0.2920.0 Microsoft Corporation
1160 C:\Program Files\Nikon\PictureProject\NkbMonitor.exe 1.0.0.3007 Nikon Corporation
1168 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1180 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1292 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1320 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1336 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1260 C:\Program Files\Internet Explorer\IEXPLORE.EXE 5.0.2920.0 Microsoft Corporation
1200 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\WINNT\system32\winlogon.exe:

[full path to filename] [file version] [company name]
C:\WINNT\System32\ntdll.dll 5.0.2163.1 Microsoft Corporation
C:\WINNT\system32\MSVCRT.DLL 6.1.8637.0 Microsoft Corporation
C:\WINNT\system32\KERNEL32.dll 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\ADVAPI32.DLL 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\RPCRT4.DLL 5.0.2193.1 Microsoft Corporation
C:\WINNT\system32\GDI32.DLL 5.0.2180.1 Microsoft Corporation
C:\WINNT\system32\USER32.DLL 5.0.2180.1 Microsoft Corporation
C:\WINNT\system32\USERENV.DLL 5.0.2185.1 Microsoft Corporation
C:\WINNT\system32\NDDEAPI.DLL 5.0.2137.1 Microsoft Corporation
C:\WINNT\system32\SFC.DLL 5.0.2164.1 Microsoft Corporation
C:\WINNT\system32\sfcfiles.dll 5.0.2195.1 Microsoft Corporation
C:\WINNT\system32\SECUR32.DLL 5.0.2154.1 Microsoft Corporation
C:\WINNT\system32\PROFMAP.DLL 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\NETAPI32.dll 5.0.2194.1 Microsoft Corporation
C:\WINNT\system32\NETRAP.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\SAMLIB.DLL 5.0.2160.1 Microsoft Corporation
C:\WINNT\system32\WS2_32.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WS2HELP.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WLDAP32.DLL 5.0.2168.1 Microsoft Corporation
C:\WINNT\system32\DNSAPI.DLL 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\WSOCK32.DLL 5.0.2152.1 Microsoft Corporation
C:\WINNT\system32\msgina.dll 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\SHELL32.DLL 5.0.2920.0 Microsoft Corporation
C:\WINNT\system32\SHLWAPI.DLL 5.0.2920.0 Microsoft Corporation
C:\WINNT\system32\COMCTL32.DLL 5.81.2920.0 Microsoft Corporation
C:\WINNT\system32\WINMM.dll 5.0.2161.1 Microsoft Corporation
C:\WINNT\system32\setupapi.dll 5.0.2183.1 Microsoft Corporation
C:\WINNT\system32\wintrust.dll 5.131.2143.1 Microsoft Corporation
C:\WINNT\system32\CRYPT32.dll 5.131.2173.1 Microsoft Corporation
C:\WINNT\system32\MSASN1.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\IMAGEHLP.dll 5.0.2195.1 Microsoft Corporation
C:\WINNT\system32\ole32.dll 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\mscat32.dll 5.131.2134.1 Microsoft Corporation
C:\WINNT\system32\rsabase.dll 5.0.2150.1 Microsoft Corporation
C:\WINNT\system32\wdmaud.drv 5.0.2147.1 Microsoft Corporation
C:\WINNT\system32\cscdll.dll 5.0.2189.1 Microsoft Corporation
C:\WINNT\system32\WlNotify.dll 5.0.2164.1 Microsoft Corporation
C:\WINNT\system32\WINSCARD.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WINSPOOL.DRV 5.0.2167.1 Microsoft Corporation
C:\WINNT\system32\VERSION.dll 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\LZ32.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\cscui.dll 5.0.2172.1 Microsoft Corporation
C:\WINNT\system32\OLEAUT32.DLL 2.40.4512.1 Microsoft Corporation
C:\WINNT\System32\CLBCATQ.DLL 1999.9.3422.14 Microsoft Corporation
C:\WINNT\system32\msacm32.drv 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\MSACM32.dll 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\msv1_0.dll 5.0.2164.1 Microsoft Corporation

[greyknight17]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.zapros.com/find.htm (file missing)

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINNT\netstat.exe

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

[freeone0]

Hello greyknight17 ,
First of all thanks for your reply .
I did al the things you said , but the problem is still there .
I deleted also a few others :
O4 - HKCU\..\Run: [internat.exe] internat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll but didn't work .

Here is a new log file .

Logfile of HijackThis v1.99.1
Scan saved at 23:13:48, on 16/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msiexec.exe
C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Process list saved on 23:16:17, on 16/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\WINNT\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\WINNT\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\WINNT\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\WINNT\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
436 C:\WINNT\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
488 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
504 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
540 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
580 C:\WINNT\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
604 C:\WINNT\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
660 C:\WINNT\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
708 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
780 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
796 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
872 C:\WINNT\Explorer.exe 5.0.2920.0 Microsoft Corporation
1068 C:\WINNT\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1072 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1076 C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe 1.0.0.1 CyberLink
1096 C:\Program Files\Winamp\Winampa.exe
1116 C:\WINNT\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
1036 C:\WINNT\SOUNDMAN.EXE 5.0.0.5 Avance Logic, Inc.
1128 C:\Program Files\Nikon\PictureProject\NkbMonitor.exe 1.0.0.3007 Nikon Corporation
1140 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1160 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1216 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1264 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1292 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1044 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

[greyknight17]

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

See if you can locate these two and delete them:

navcancl.htm
C:\WINNT\Web\desktop.html

Restart. How's it now?

[freeone0]

I downloaded cws shredder and run it ,the program deleted cws.tapicfg .
The other two I couldn't find them via search engine windows .
I also run adaware , spywareblaster ,spysweeper , spybot , ms antispy but they didn't find anything .

[greyknight17]

So is the problem still there now? Were you able to find those two files and delete them?

[freeone0]

The problem is still there now . I wasn't able to find those two files .
Maybe I have do do a format C and start all over again . What you think ?

[Lobos]

Hi freeone0

Could you please post another Hijack this log


losbo

[freeone0]

Here is an new hijack log . Maybe theis wil help . If you choose show source via right mouse button you get this info :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>

<head>
<style>
a:link {font:8pt/11pt verdana; color:red}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
<title>Geen weer te geven pagina </title>
</head>

<body bgcolor="white">

<table width="400" cellpadding="3" cellspacing="5">
<tr>
<td id="tableProps" valign="top" align="left"><img id="pagerrorImg" SRC="pagerror.gif"
width="25" height="33"></td>
<td id="tablePropsWidth" align="left" valign="middle" width="360"><h1 id="errorText"
style="COLOR: black; FONT: 13pt/15pt verdana">Bewerking is afgebroken</h1>
</td>
</tr>
<tr>
<td id="tablePropsWidth" width="400" colspan="2"><font
style="COLOR: black; FONT: 8pt/11pt verdana">Internet Explorer kan geen verbinding maken met de opgevraagde
webpagina. De pagina is mogelijk tijdelijk niet beschikbaar.</font></td>
</tr>
<tr>
<td id="tablePropsWidth" width="400" colspan="2"><font id="LID1"
style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade>
<p id="LID2">Probeer het volgende:</p><ul>
<li id="instructionsText2">Klik op de knop
<a href="javascript:location.reload()" target="_self">
<img border=0 src="refresh.gif" width="13" height="16"
alt="refresh.gif (82 bytes)" align="middle"></a> <a href="javascript:location.reload()" target="_self">Vernieuwen</a> of probeer het later opnieuw.<br>
</li>
<li id="instructionsText3">Als u deze pagina eerder bezocht hebt en u wilt bekijken wat
op uw computer is opgeslagen, klikt u op <b>Bestand</b> en vervolgens op <b>Off line werken</b>.<br>
</li>
<li id="instructionsText4">Voor informatie over off line surfen met Internet Explorer klikt
u op het menu <b>Help</b> en vervolgens op <b>Inhoudsopgave en index</b>.<br>
</li>
</ul>
<p><br>
</p>
<h2 id="ietext" style="font:8pt/11pt verdana; color:black">Internet Explorer </h2>
</font></td>
</tr>
</table>
</body>
</html>


Logfile of HijackThis v1.99.1
Scan saved at 15:20:27, on 19/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\winnt\System32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.exe
C:\winnt\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\winnt\System32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\liveupdate.exe 110
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7C04278-0031-4F57-B243-D7F93B55C711}: NameServer = 193.74.208.65 193.121.171.135
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Process list saved on 15:21:14, on 19/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\winnt\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\winnt\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\winnt\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\winnt\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
436 C:\winnt\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
488 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
508 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
544 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
580 C:\winnt\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
612 C:\winnt\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
648 C:\winnt\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
704 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
784 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
796 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
872 C:\winnt\Explorer.exe 5.0.2920.0 Microsoft Corporation
1048 C:\winnt\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1072 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1080 C:\winnt\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
1120 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1128 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1240 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
860 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1228 C:\Program Files\Internet Explorer\IEXPLORE.EXE 5.0.2920.0 Microsoft Corporation
1476 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

[Lobos]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.


[/b]Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Bouncer RunStartup] O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\liveupdate.exe 110


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:[b]


C:\Program Files\Bouncer\ <-------Folder


Download, install and run CCleaner to clean out your temp files, temp internet files and recycle bin. Note: This will remove all login cookies unless individually retained via Options> Cookies.


Lobos

[freeone0]

Hi ,
I did all the tings you said , but the problem is still there .
I also run ccleaner and he found 780mb of trash .

Here is a new hjt log file .
Logfile of HijackThis v1.99.1
Scan saved at 12:18:34, on 20/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\winnt\System32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.exe
C:\winnt\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\winnt\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\msiexec.exe
C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Process list saved on 12:35:05, on 20/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\winnt\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\winnt\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\winnt\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\winnt\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
404 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
432 C:\winnt\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
484 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
500 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
544 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
580 C:\winnt\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
620 C:\winnt\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
644 C:\winnt\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
692 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
780 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
792 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
868 C:\winnt\Explorer.exe 5.0.2920.0 Microsoft Corporation
1028 C:\winnt\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1060 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1068 C:\winnt\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
520 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1108 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1228 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1240 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1256 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1324 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
1320 C:\winnt\system32\NOTEPAD.EXE 5.0.2140.1 Microsoft Corporation

Now I'm going to try to say how my computer starts up . Maybe it helps.

First it starts up normal , windows 2000 is loaded - then my wallpaper is loaded - then the grey line bellow the wallpaper is loaded with these icons start button on the left clock on the right - then the icons on my desktop are shown for a few seconds -then beside the clock appear three icons , one for disconcting hardware , one for adjusting sound and one for my adsl modem at that point the unwanted desktop paper appear .
After that some more icons appear beside the clock .

[greyknight17]

Are those icons you are seeing ok? In other words, are they programs you recognize and use?

For that page, can you see where the file is located (the html file that is)? If so, look for it and delete that file.

Restart and see if it comes back.

[freeone0]

Hi ,
I can not see the location of this file .
The icons I'm seeing or al the normal icons I use .
Here is an other strage thing . When I whant to open the url from hotmail to check my mail , it wil not load . I can fill in my user name and password and push enter but it would not go further .

[freeone0]

I have found some dlls with the name shdoclc . Can this be the bad file ?Process list saved on 20:41:43, on 21/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\winnt\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\winnt\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\winnt\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\winnt\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
440 C:\winnt\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
492 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
512 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
548 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
584 C:\winnt\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
628 C:\winnt\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
652 C:\winnt\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
708 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
796 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
816 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
860 C:\winnt\Explorer.exe 5.0.2920.0 Microsoft Corporation
1096 C:\winnt\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1104 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1112 C:\winnt\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
332 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1152 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1016 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1172 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1212 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1404 C:\Program Files\Internet Explorer\IEXPLORE.EXE 5.0.2920.0 Microsoft Corporation
520 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\winnt\Explorer.exe:

[full path to filename] [file version] [company name]
C:\winnt\System32\ntdll.dll 5.0.2163.1 Microsoft Corporation
C:\winnt\system32\ADVAPI32.DLL 5.0.2191.1 Microsoft Corporation
C:\winnt\system32\KERNEL32.DLL 5.0.2191.1 Microsoft Corporation
C:\winnt\system32\RPCRT4.DLL 5.0.2193.1 Microsoft Corporation
C:\winnt\system32\GDI32.DLL 5.0.2180.1 Microsoft Corporation
C:\winnt\system32\USER32.DLL 5.0.2180.1 Microsoft Corporation
C:\winnt\system32\SHLWAPI.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\COMCTL32.DLL 5.81.2920.0 Microsoft Corporation
C:\winnt\system32\SHELL32.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\OLE32.DLL 5.0.2181.1 Microsoft Corporation
C:\winnt\System32\CLBCATQ.DLL 1999.9.3422.14 Microsoft Corporation
C:\winnt\system32\OLEAUT32.DLL 2.40.4512.1 Microsoft Corporation
C:\winnt\system32\MSVCRT.DLL 6.1.8637.0 Microsoft Corporation
C:\winnt\System32\SHDOCVW.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\browseui.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\USERENV.DLL 5.0.2185.1 Microsoft Corporation
C:\winnt\system32\URLMON.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\VERSION.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\system32\LZ32.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\mlang.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\mshtml.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\WININET.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\RASAPI32.DLL 5.0.2188.1 Microsoft Corporation
C:\winnt\System32\RASMAN.DLL 5.0.2188.1 Microsoft Corporation
C:\winnt\System32\WS2_32.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\WS2HELP.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\TAPI32.DLL 5.0.2182.1 Microsoft Corporation
C:\winnt\System32\RTUTILS.DLL 5.0.2168.1 Microsoft Corporation
C:\winnt\System32\sensapi.dll 5.0.2163.1 Microsoft Corporation
C:\winnt\System32\mydocs.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\ntshrui.dll 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\ATL.DLL 3.0.8449.0 Microsoft Corporation
C:\winnt\System32\NETAPI32.DLL 5.0.2194.1 Microsoft Corporation
C:\winnt\System32\SECUR32.DLL 5.0.2154.1 Microsoft Corporation
C:\winnt\System32\NETRAP.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\SAMLIB.DLL 5.0.2160.1 Microsoft Corporation
C:\winnt\system32\WLDAP32.DLL 5.0.2168.1 Microsoft Corporation
C:\winnt\System32\DNSAPI.DLL 5.0.2181.1 Microsoft Corporation
C:\winnt\System32\WSOCK32.DLL 5.0.2152.1 Microsoft Corporation
C:\winnt\System32\shdoclc.dll 5.0.2920.0 Microsoft Corporation
C:\WINNT\system32\NETSHELL.dll 5.0.2176.1 Microsoft Corporation
C:\Program Files\Microsoft AntiSpyware\shellextension.dll 1.0.0.509 Microsoft Corporation
C:\winnt\System32\webcheck.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\stobject.dll 5.0.2144.1 Microsoft Corporation
C:\winnt\System32\BATMETER.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\SETUPAPI.DLL 5.0.2183.1 Microsoft Corporation
C:\winnt\System32\POWRPROF.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\WINMM.DLL 5.0.2161.1 Microsoft Corporation
C:\winnt\system32\MPR.DLL 5.0.2146.1 Microsoft Corporation
C:\winnt\System32\MSI.DLL 1.10.1029.0 Microsoft Corporation
C:\winnt\System32\ntlanman.dll 5.0.2157.1 Microsoft Corporation
C:\winnt\System32\NETUI0.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\NETUI1.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\LINKINFO.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\cscui.dll 5.0.2172.1 Microsoft Corporation
C:\winnt\System32\CSCDLL.DLL 5.0.2189.1 Microsoft Corporation
C:\winnt\System32\MSLS31.DLL 3.10.337.0 Microsoft Corporation
C:\winnt\System32\IMM32.DLL 5.0.2180.1 Microsoft Corporation
C:\winnt\System32\wdmaud.drv 5.0.2147.1 Microsoft Corporation
C:\winnt\System32\msacm32.drv 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\MSACM32.dll 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\RASDLG.dll 5.0.2194.1 Microsoft Corporation
C:\winnt\System32\MPRAPI.dll 5.0.2181.1 Microsoft Corporation
C:\winnt\System32\ACTIVEDS.DLL 5.0.2172.1 Microsoft Corporation
C:\winnt\System32\ADSLDPC.DLL 5.0.2172.1 Microsoft Corporation
C:\Program Files\Alwil Software\Avast4\ashShell.dll 4.6.602.0 ALWIL Software
C:\winnt\System32\MSVCP71.dll 7.10.3077.0 Microsoft Corporation
C:\winnt\System32\MSVCR71.dll 7.10.3052.4 Microsoft Corporation
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1.0.0 WinZip Computing, Inc.
C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL 9.0.0.3503
C:\Program Files\WinRAR\rarext.dll
C:\winnt\System32\browselc.dll 5.0.2920.0 Microsoft Corporation
C:\WINNT\System32\mshtmled.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\OLEPRO32.DLL 5.0.4512.1 Microsoft Corporation
C:\WINNT\System32\jscript.dll 5.1.0.4615 Microsoft Corporation
C:\winnt\System32\CfgMgr32.dll 5.0.2134.1 Microsoft Corporation
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1.0.0.1
C:\WINNT\System32\webvw.dll 5.0.2920.0 Microsoft Corporation
C:\WINNT\System32\docprop2.dll 5.0.2178.1 Microsoft Corporation
C:\WINNT\System32\MSVFW32.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\System32\AVIFIL32.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\system32\faxshell.dll 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\USP10.DLL 1.325.2180.1 Microsoft Corporation



Process list saved on 20:53:05, on 21/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\winnt\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\winnt\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\winnt\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\winnt\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
440 C:\winnt\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
492 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
512 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
548 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
584 C:\winnt\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
628 C:\winnt\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
652 C:\winnt\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
708 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
796 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
816 C:\winnt\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
860 C:\winnt\Explorer.exe 5.0.2920.0 Microsoft Corporation
1096 C:\winnt\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1104 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1112 C:\winnt\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
332 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1152 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1016 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1172 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1212 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1404 C:\Program Files\Internet Explorer\IEXPLORE.EXE 5.0.2920.0 Microsoft Corporation
520 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\Program Files\Internet Explorer\IEXPLORE.EXE:

[full path to filename] [file version] [company name]
C:\winnt\System32\ntdll.dll 5.0.2163.1 Microsoft Corporation
C:\winnt\system32\KERNEL32.dll 5.0.2191.1 Microsoft Corporation
C:\winnt\system32\USER32.dll 5.0.2180.1 Microsoft Corporation
C:\winnt\system32\GDI32.DLL 5.0.2180.1 Microsoft Corporation
C:\winnt\system32\SHLWAPI.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\ADVAPI32.DLL 5.0.2191.1 Microsoft Corporation
C:\winnt\system32\RPCRT4.DLL 5.0.2193.1 Microsoft Corporation
C:\winnt\System32\shdocvw.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\COMCTL32.DLL 5.81.2920.0 Microsoft Corporation
C:\winnt\system32\SHELL32.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\ole32.dll 5.0.2181.1 Microsoft Corporation
C:\winnt\System32\BROWSEUI.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\CLBCATQ.DLL 1999.9.3422.14 Microsoft Corporation
C:\winnt\system32\OLEAUT32.DLL 2.40.4512.1 Microsoft Corporation
C:\winnt\system32\MSVCRT.DLL 6.1.8637.0 Microsoft Corporation
C:\winnt\System32\browselc.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\WININET.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\cscui.dll 5.0.2172.1 Microsoft Corporation
C:\winnt\System32\CSCDLL.DLL 5.0.2189.1 Microsoft Corporation
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1.0.0.1
C:\winnt\system32\URLMON.DLL 5.0.2920.0 Microsoft Corporation
C:\winnt\system32\VERSION.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\system32\LZ32.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\shdoclc.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\mlang.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\wsock32.dll 5.0.2152.1 Microsoft Corporation
C:\winnt\System32\WS2_32.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\WS2HELP.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\system32\msafd.dll 5.0.2153.1 Microsoft Corporation
C:\winnt\System32\wshtcpip.dll 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\RASAPI32.DLL 5.0.2188.1 Microsoft Corporation
C:\winnt\System32\RASMAN.DLL 5.0.2188.1 Microsoft Corporation
C:\winnt\System32\TAPI32.DLL 5.0.2182.1 Microsoft Corporation
C:\winnt\System32\RTUTILS.DLL 5.0.2168.1 Microsoft Corporation
C:\winnt\System32\USERENV.DLL 5.0.2185.1 Microsoft Corporation
C:\winnt\System32\netapi32.dll 5.0.2194.1 Microsoft Corporation
C:\winnt\System32\SECUR32.DLL 5.0.2154.1 Microsoft Corporation
C:\winnt\System32\NETRAP.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\SAMLIB.DLL 5.0.2160.1 Microsoft Corporation
C:\winnt\system32\WLDAP32.DLL 5.0.2168.1 Microsoft Corporation
C:\winnt\System32\DNSAPI.DLL 5.0.2181.1 Microsoft Corporation
C:\winnt\System32\rnr20.dll 5.0.2152.1 Microsoft Corporation
C:\winnt\System32\winrnr.dll 5.0.2160.1 Microsoft Corporation
C:\winnt\System32\msi.dll 1.10.1029.0 Microsoft Corporation
C:\winnt\System32\rasadhlp.dll 5.0.2168.1 Microsoft Corporation
C:\winnt\System32\mshtml.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\IMM32.DLL 5.0.2180.1 Microsoft Corporation
C:\WINNT\System32\jscript.dll 5.1.0.4615 Microsoft Corporation
C:\WINNT\System32\iepeers.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\MSLS31.DLL 3.10.337.0 Microsoft Corporation
C:\WINNT\System32\mshtmled.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\LINKINFO.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\ntshrui.dll 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\ATL.DLL 3.0.8449.0 Microsoft Corporation
C:\winnt\system32\MPR.DLL 5.0.2146.1 Microsoft Corporation
C:\winnt\System32\mydocs.dll 5.0.2920.0 Microsoft Corporation
C:\WINNT\System32\vbscript.dll 5.1.0.4615 Microsoft Corporation
C:\WINNT\System32\macromed\flash\Flash.ocx 7.0.19.0 Macromedia, Inc.
C:\winnt\System32\WINMM.dll 5.0.2161.1 Microsoft Corporation
C:\winnt\system32\comdlg32.dll 5.0.2920.0 Microsoft Corporation
C:\winnt\System32\wdmaud.drv 5.0.2147.1 Microsoft Corporation
C:\winnt\System32\msacm32.drv 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\MSACM32.dll 5.0.2134.1 Microsoft Corporation
C:\WINNT\System32\ddrawex.dll 5.3.0.900 Microsoft Corporation
C:\WINNT\System32\DDRAW.dll 5.3.0.900 Microsoft Corporation
C:\WINNT\System32\DCIMAN32.dll 5.0.2180.1 Microsoft Corporation
C:\WINNT\System32\csseqchk.dll 10.0.0.1008 Microsoft Corporation
C:\winnt\System32\CRYPT32.dll 5.131.2173.1 Microsoft Corporation
C:\winnt\System32\MSASN1.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\wintrust.dll 5.131.2143.1 Microsoft Corporation
C:\winnt\system32\IMAGEHLP.dll 5.0.2195.1 Microsoft Corporation
C:\winnt\System32\schannel.dll 5.0.2170.0 Microsoft Corporation
C:\winnt\System32\rsabase.dll 5.0.2150.1 Microsoft Corporation
C:\winnt\System32\dssbase.dll 5.0.2150.1 Microsoft Corporation
C:\winnt\System32\ntlanman.dll 5.0.2157.1 Microsoft Corporation
C:\winnt\System32\NETUI0.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\NETUI1.DLL 5.0.2134.1 Microsoft Corporation
C:\winnt\System32\Macromed\Common\SwSupport.dll 10.0.0.210 Macromedia, Inc.
C:\WINNT\System32\actxprxy.dll 5.0.2920.0 Microsoft Corporation

[freeone0]

I have don a search with the windows searchengine for the word navcancl and this is what I get .
software C:\WINNT\repair 11.116kB
software C:\WINNT\repair\RegBack 10.120kB
shdocvw.dll C:\ServicePackFiles\i386 1.080kB
shdocvw.dll C:\system32 1.079kB
software.sav C:\system32\config 11.200kB
shdocvw.dll C:\system32\dllcache 1.079kB

So what do you think ? Is the bad file in here ?

[greyknight17]

Those are all good, so don't remove them.

OK, take a look at this article. Look near the bottom. Also go to the Next Tip to read on. See if any of those will help resolve this problem you are getting.

[freeone0]

Hi ,
I want to thank you guy's for traying to help me out here . It did not work . I think I did too much wrong to tray to solve this problem .
I'm just going to to a format C and begin all over again .

Tanks