PLEASE HELP! error with internet explorer res://C:\WINDOWS\system32\shdoclc.dll/nav

[Rhinezfinest]

Ok well anytime I go on Internet explorer some pages that I go on will start to work but then it seems they get cancelled and this shows up on the address bar, res://C:\WINDOWS\system32\shdoclc.dll/navcancl.htm I don't know what to do, I tried just about everything that I could think of and I am willing to try just about anything anyone else will suggest. Thank you very much in advance for anyone willing to help me out.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Rhinezfinest only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

Alright i did everything and after all that some viruses and spyware were picked up but my problem is still at large. Heres my hijackthis.

 

[momok]

Hi Rhinezfinest,

Your HijackThis log looks clean. However, please note the following.

Please do not copy and paste your logs. Instead, attach the .log or .txt files to your post in the future.

I also noticed you are running an outdated version of HijackThis.

You can obtain the latest version from the link in my signature.

Please also post the remaining requested logs (ComboFix and AVG Antispyware) as attachments to this thread.


Regards,
Your friendly Momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

I have removed your copy and pasted HJT log as all logfiles must be posted as attachments.

Please follow the instructions I gave you and post all the requested logfiles.

Regards Howard

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

ok

ok i have everything you want saved as .txt or .log files on my desktop, i just dont know how to put it into a reply.

 

[momok]

Hi,

Please see HERE on how to attach the files.


Regards,
Your friendly Momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

Alright finally i've done everything that you guys have asked. Here it is. Sadly the problem still occurs. But I put everything as attachments that was asked so hopefully we can get this problem fixed. Please help me make any changes that can benefit my computer possible. Thanksvery much again in advance.

Oh yeah and when I scanned with the AVG rootkit I also came up with something that was hidden. It also came up in the combofix. Here it is.

 

[momok]

Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

shellservice

After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

O21 - SSODL: shellservice - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll

Close HJT.

Run AVG AntiRootkit and fix these entries:
C:\WINDOWS\system32\config\atww
C:\WINDOWS\system32\config\atww\Cache
C:\WINDOWS\system32\config\atww\ccp.dll 282624 bytes
C:\WINDOWS\system32\config\atww\Config.xml 552 bytes
C:\WINDOWS\system32\config\atww\dprx.dll 122880 bytes
C:\WINDOWS\system32\config\atww\dtor.exe 581632 bytes
C:\WINDOWS\system32\config\atww\ffe.dll 282624 bytes
C:\WINDOWS\system32\config\atww\filesvc.sys 12288 bytes
C:\WINDOWS\system32\config\atww\mca.dll 454656 bytes
C:\WINDOWS\system32\config\atww\mcff.dll 212992 bytes
C:\WINDOWS\system32\config\atww\mcie.dll 278528 bytes
C:\WINDOWS\system32\config\atww\mck.dll 516096 bytes
C:\WINDOWS\system32\config\atww\mcmsg.dll 151552 bytes
C:\WINDOWS\system32\config\atww\mco.dll 258048 bytes
C:\WINDOWS\system32\config\atww\mcoexp.dll 286720 bytes
C:\WINDOWS\system32\config\atww\mcsc.dll 913408 bytes
C:\WINDOWS\system32\config\atww\mcy.dll 155648 bytes
C:\WINDOWS\system32\config\atww\procdrv.sys 8192 bytes
C:\WINDOWS\system32\config\atww\regfil.sys 8192 bytes
C:\WINDOWS\system32\config\atww\Settings.xml 12288 bytes
C:\WINDOWS\system32\config\atww\ShellService.dll 94208 bytes

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\config\atww\ < delete this entire folder

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.

Let me know if the AVG antirootkit deletions are successful.


Regards,
Your friendly momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

THANK YOU!!! It seems like my problem is gone, but there have been several occasions where the problem had left and come back in the past. It's weird like that but for now it seems good. If any other problems arise i'll let you know.

So my AVG rootkit scan was clean.
And i'll attach the Hijackthis and Combofix like you asked.
Also if theres anything else you can help me fix or improve outside of this problem please let me know.

 

[momok]

Hi,

I just realised, you are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.

I also realise that you are not running a firewall. This is not recommended. Here are some recommended firewalls and links to them.
Please use one and only one. Using more than one is not recommended as it will hog your system resources.
Zonealarm
Kerio
Comodo

In any case, your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

Ok so the problem I had before is completly gone, it hasn't come back in any way shape or form and I thank you very much for that.

Another thing with my computer which has become very annoying is that it is very slow and lags very much. For example if I am playing music and simply click on a application, the music from windows media player will start to freeze up and not play properly but when that application is done loading my music will be fine. Thats just an example. So all in all, my computer has become very slow and I do not know how to fix this. I have tried several things like disk cleanup and defragmenting. But none of these seem to make a big improvement. So if you can help me in anyway by telling me what to do to help my computer run more smoothly it would be greatly appreciated.

I updated my version of Hijackthis to the newest version and i will put it as an attachment if it will be of any help. Also if there is anything that i should get rid of which is useless or unecessery please let me know so I can get rid of it, im really trying to clean out and speed up my computer to the best of my ability.

And lastly you told me to put a firewall, and I am just wondering if the company that makes AVG or Ad-aware have free firewalls and if so are they any good because i greatly perfer those companies with my security.

Again thank you very much momok for all of your help in the past and future.

 

[momok]

Hi,

Terribly sorry about the late reply. I think I missed your post somehow.

I would recommend these to be fixed from your HijackThis as they are unnecessary:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

In order to disable them completely, you need to go under Start > Run and type services.msc
Search for:
Adobe LM Service
AOL Connectivity Service
AOL TopSpeed Monitor

With regards to your slow system, could you provide a description of the processes which take up alot of your system resources in task manager? I have a hunch that it is svchost.exe but I wouldn't provide the solution until I am sure.

For firewalls, the 3 that I recommended are actually very good to use, with 2 of them coming out tops in security and user-friendliness in a recent article. To my knowledge, Ad-aware does not have a firewall. Grisoft however has a firewall in their AVG set. You can peruse the list of downloads HERE.


Regards,
Your friendly momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rhinezfinest]

Ok i fixed and disabled what you asked me to do and I downloaded one of the three firewalls that you said was good orignally, Comodo.

Now there are about only 4 things that really consume any CPU usage. It is explorer.exe SynTPEnh.exe svchost.exe and csrss.exe. svchost.exe will get high at times but then drop down again at various times.

Also I use CCleaner and under tools and startup there are 2 things that I dont know is necessery or not, the programs are AVG7_CC and COMODO Firewall Pro and both of their keys it says are HKLM:Run. Can I get rid of either of these because I'd like to make my startup list as small as possible.

Again thanks for all your help and I'll post another HiJackThis log just in case theres anything I should change.

 

[momok]

Hi,

AVG CC is the antivirus control centre. I wouldn't actually recommend turning it off.

Regarding the other problems try visiting my post number 7 in this thread.


Regards,
Your friendly momok =)

This thread is for the use of Rhinezfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.