As some others in this forum I do have problem with navcancl.htm. For me it makes some internet pages not to open.

I have read some answers in this forum and I have gotten to the conclusion that every HiJackThis file needs a specific solution.

I would greatly appreciate if someone could give me information what to check in the HJT file! I need a hero

/Janne

Logfile of HijackThis v1.99.1
Scan saved at 20:45:30, on 2006-03-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program\D-Link\Air USB Utility\AirCFG.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Program\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan\Mina dokument\Mina mottagna filer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [kdmzlnb] "C:\WINDOWS\System32\kdmzlnb.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RegKillTray] C:\Program\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
O4 - HKLM\..\Run: [ElbyCheckRegKill] "C:\Program\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OFFICEKB] C:\Program\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Genväg till ADSLlogin.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program\ATI Multimedia\TV\EXPLBAR.DLL
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129317293718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program\WZCBDL Service\WZCBDLS.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\Program\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

You have a few suspicious entries here.


Download The Stand Alone Version of CW Shredder,Spybot, AdAware, (Links at the bottom of my message) If you have them allready make sure they are up to date.


You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)

Delete this file


C:\WINDOWS\System32\kdmzlnb.exe

Still In Safe Mode Open up Hijack This and Place a check next to each of these and click Fix Checked.

O4 - HKLM\..\Run: [kdmzlnb] "C:\WINDOWS\System32\kdmzlnb.exe"
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot, Delete what they find , Empty Recycle Bin.

Plug the internet back in and Reboot to normal mode and post a new log..........Jim

Jim,

You made my day. It worked fine just as you said.

Thanks alot.

Regards Janne

Glad to help, Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/index.php?showtopic=405)


Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/index.php?showtutorial=60)


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/index.php?showtutorial=43)


Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/index.php?showtutorial=48)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.



Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.If you have more problems feel free to post a new log......Jim :vivi

Hi Jim,

I have tried to follow your instructions as carefully as possible but I am afraid that something has slipped through again.

I experience some strange things in IE. Some pages does not open or have very poor performance. e.g. my start page (aftonbladet) listed below doesn't open.

Would it be possible for you to have a look at the below logfile?

Regards Jan

Logfile of HijackThis v1.99.1
Scan saved at 01:48:49, on 2006-04-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program\D-Link\Air USB Utility\AirCFG.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Program\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan\Mina dokument\Mina mottagna filer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RegKillTray] C:\Program\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
O4 - HKLM\..\Run: [ElbyCheckRegKill] "C:\Program\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OFFICEKB] C:\Program\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Genväg till ADSLlogin.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129317293718
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program\WZCBDL Service\WZCBDLS.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\Program\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

I dont see much here but theres a few things we can try.

Download The Stand Alone Version of CW Shredder,Spybot, AdAware, (Links at the bottom of my message) If you have them allready make sure they are up to date.

You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)

Open up Hijack This and Place a check next to each of these and click Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot, Delete what they find , Empty Recycle Bin.

Plug the internet back in and Reboot to normal mode and post a new log..........Jim