Need Help With HJT Log

Status
Not open for further replies.
I am the IT/tech Support for a small company and this one computer i cant seem to get rid of the popups and slowness on it... the other one that got infected with stuff cleaned with no probs

Specs
Puter is a STOCK HP Pavillion a612x

whats been done so far
From SafeMode
Turned Off System Restore
Ran CW Shredder Removed 1 Strain
Ran SpyBot S&D removed a few
Ran AdAware removed a few
Ran HJT and removed some stuff
Deleted Associated Files

Rebooted and checked again... nothing found!
(I went home and was called back again this morning)
found sidestep installed which i had removed yesterday

so anyhow here is the HJT log while running in SafeMode
 
Boot in Safe Mode
Switch System Restore off


O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 ==>> VX2 infection <<==
If you have not done so yet, go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the AdAware plug-in for fixing VX2. To run it, go into Adaware ->Add-ons and select VX2 Cleaner. Click Run Tool and OK to start it. If it's clean, it'll say Status System Clean. If not, click the Clean button to remove the VX2 infection.
Reboot in Safe Mode

Next, press ctrl/alt/del and in Taskmanager try to STOP:

winupdt.exe
msnavc32.exe (should be gone)
netsync.exe

Next, run HJT on its own and let it 'fix':
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: SDWin32 Class - {2DF51DBE-26B8-4800-A556-0560649FF2F4} - C:\WINDOWS\System32\tonrn.dll
O2 - BHO: SDWin32 Class - {B8DEDF2C-64A2-4CD0-9AE2-071EB5114D00} - C:\WINDOWS\System32\nnhtj.dll
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

When done, delete the bold files.
Clean all the Temp directories from ALL users
Clean temp. internet files, cookies etc.

Boot normal. If all OK, put System Restore back on.

Install Firefox from www.getfirefox.com and stop using IE, except for windows-updates.
 
Status
Not open for further replies.
Back