Thread: a new variant of the res://C:WINNT\system32\shdoclc.dll/navcancl.htm hijack
View Single Post
Old 03-15-2005, 03:24 PM   #1 (permalink)
freeone0
Registered User
 
Join Date: Mar 2005
Posts: 10
OS: windows 2000


a new variant of the res://C:WINNT\system32\shdoclc.dll/navcancl.htm hijack
Hi ,
Can someone help me with this one to delete it , please ?
This is the name of my one res://C:\WINNT\System32\shdoclc.dll/navcancl.htm#C:\WINNT\Web\desktop.html .
Here is my log file . Thanks in advanced .


Logfile of HijackThis v1.99.1
Scan saved at 23:17:14, on 15/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\internat.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.zapros.com/find.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7C04278-0031-4F57-B243-D7F93B55C711}: NameServer = 193.74.208.65 193.121.171.135
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Process list saved on 23:18:52, on 15/03/2005
Platform: Windows 2000 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
108 C:\WINNT\System32\smss.exe 5.0.2170.1 Microsoft Corporation
196 C:\WINNT\system32\winlogon.exe 5.0.2182.1 Microsoft Corporation
224 C:\WINNT\system32\services.exe 5.0.2134.1 Microsoft Corporation
236 C:\WINNT\system32\lsass.exe 5.0.2184.1 Microsoft Corporation
408 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
436 C:\WINNT\system32\spoolsv.exe 5.0.2161.1 Microsoft Corporation
488 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
512 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.6.602.0
548 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
580 C:\WINNT\System32\nvsvc32.exe 6.14.10.6693 NVIDIA Corporation
604 C:\WINNT\system32\regsvc.exe 5.0.2155.1 Microsoft Corporation
312 C:\WINNT\system32\MSTask.exe 4.71.2137.1 Microsoft Corporation
696 C:\WINNT\system32\ZoneLabs\vsmon.exe 3.7.143.0 Zone Labs Inc.
832 C:\WINNT\Explorer.exe 5.0.2920.0 Microsoft Corporation
848 C:\WINNT\System32\mspmspsv.exe 7.1.0.3055 Microsoft Corporation
860 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
1028 C:\WINNT\System32\rundll32.exe 5.0.2134.1 Microsoft Corporation
1056 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.6.585.0
1092 C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe 1.0.0.1 CyberLink
1100 C:\Program Files\Winamp\Winampa.exe
1124 C:\WINNT\System32\RUNDLL32.EXE 5.0.2134.1 Microsoft Corporation
1140 C:\WINNT\SOUNDMAN.EXE 5.0.0.5 Avance Logic, Inc.
1148 C:\WINNT\System32\internat.exe 5.0.2920.0 Microsoft Corporation
1160 C:\Program Files\Nikon\PictureProject\NkbMonitor.exe 1.0.0.3007 Nikon Corporation
1168 C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe 3.7.143.0 Zone Labs Inc.
1180 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.509 Microsoft Corporation
1292 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.6.602.0 ALWIL Software
1320 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.6.622.0 ALWIL Software
1336 C:\WINNT\system32\msiexec.exe 1.10.1029.0 Microsoft Corporation
1260 C:\Program Files\Internet Explorer\IEXPLORE.EXE 5.0.2920.0 Microsoft Corporation
1200 C:\Documents and Settings\terminator\TIJDELIJK4\hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\WINNT\system32\winlogon.exe:

[full path to filename] [file version] [company name]
C:\WINNT\System32\ntdll.dll 5.0.2163.1 Microsoft Corporation
C:\WINNT\system32\MSVCRT.DLL 6.1.8637.0 Microsoft Corporation
C:\WINNT\system32\KERNEL32.dll 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\ADVAPI32.DLL 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\RPCRT4.DLL 5.0.2193.1 Microsoft Corporation
C:\WINNT\system32\GDI32.DLL 5.0.2180.1 Microsoft Corporation
C:\WINNT\system32\USER32.DLL 5.0.2180.1 Microsoft Corporation
C:\WINNT\system32\USERENV.DLL 5.0.2185.1 Microsoft Corporation
C:\WINNT\system32\NDDEAPI.DLL 5.0.2137.1 Microsoft Corporation
C:\WINNT\system32\SFC.DLL 5.0.2164.1 Microsoft Corporation
C:\WINNT\system32\sfcfiles.dll 5.0.2195.1 Microsoft Corporation
C:\WINNT\system32\SECUR32.DLL 5.0.2154.1 Microsoft Corporation
C:\WINNT\system32\PROFMAP.DLL 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\NETAPI32.dll 5.0.2194.1 Microsoft Corporation
C:\WINNT\system32\NETRAP.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\SAMLIB.DLL 5.0.2160.1 Microsoft Corporation
C:\WINNT\system32\WS2_32.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WS2HELP.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WLDAP32.DLL 5.0.2168.1 Microsoft Corporation
C:\WINNT\system32\DNSAPI.DLL 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\WSOCK32.DLL 5.0.2152.1 Microsoft Corporation
C:\WINNT\system32\msgina.dll 5.0.2191.1 Microsoft Corporation
C:\WINNT\system32\SHELL32.DLL 5.0.2920.0 Microsoft Corporation
C:\WINNT\system32\SHLWAPI.DLL 5.0.2920.0 Microsoft Corporation
C:\WINNT\system32\COMCTL32.DLL 5.81.2920.0 Microsoft Corporation
C:\WINNT\system32\WINMM.dll 5.0.2161.1 Microsoft Corporation
C:\WINNT\system32\setupapi.dll 5.0.2183.1 Microsoft Corporation
C:\WINNT\system32\wintrust.dll 5.131.2143.1 Microsoft Corporation
C:\WINNT\system32\CRYPT32.dll 5.131.2173.1 Microsoft Corporation
C:\WINNT\system32\MSASN1.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\IMAGEHLP.dll 5.0.2195.1 Microsoft Corporation
C:\WINNT\system32\ole32.dll 5.0.2181.1 Microsoft Corporation
C:\WINNT\system32\mscat32.dll 5.131.2134.1 Microsoft Corporation
C:\WINNT\system32\rsabase.dll 5.0.2150.1 Microsoft Corporation
C:\WINNT\system32\wdmaud.drv 5.0.2147.1 Microsoft Corporation
C:\WINNT\system32\cscdll.dll 5.0.2189.1 Microsoft Corporation
C:\WINNT\system32\WlNotify.dll 5.0.2164.1 Microsoft Corporation
C:\WINNT\system32\WINSCARD.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\WINSPOOL.DRV 5.0.2167.1 Microsoft Corporation
C:\WINNT\system32\VERSION.dll 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\LZ32.DLL 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\cscui.dll 5.0.2172.1 Microsoft Corporation
C:\WINNT\system32\OLEAUT32.DLL 2.40.4512.1 Microsoft Corporation
C:\WINNT\System32\CLBCATQ.DLL 1999.9.3422.14 Microsoft Corporation
C:\WINNT\system32\msacm32.drv 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\MSACM32.dll 5.0.2134.1 Microsoft Corporation
C:\WINNT\system32\msv1_0.dll 5.0.2164.1 Microsoft Corporation
freeone0 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here