Need Help With HJT Log

By TRSprayPaint
Feb 22, 2005
Topic Status:
Not open for further replies.
  1. I am the IT/tech Support for a small company and this one computer i cant seem to get rid of the popups and slowness on it... the other one that got infected with stuff cleaned with no probs

    Specs
    Puter is a STOCK HP Pavillion a612x

    whats been done so far
    From SafeMode
    Turned Off System Restore
    Ran CW Shredder Removed 1 Strain
    Ran SpyBot S&D removed a few
    Ran AdAware removed a few
    Ran HJT and removed some stuff
    Deleted Associated Files

    Rebooted and checked again... nothing found!
    (I went home and was called back again this morning)
    found sidestep installed which i had removed yesterday

    so anyhow here is the HJT log while running in SafeMode
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Boot in Safe Mode
    Switch System Restore off


    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 ==>> VX2 infection <<==
    If you have not done so yet, go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the AdAware plug-in for fixing VX2. To run it, go into Adaware ->Add-ons and select VX2 Cleaner. Click Run Tool and OK to start it. If it's clean, it'll say Status System Clean. If not, click the Clean button to remove the VX2 infection.
    Reboot in Safe Mode

    Next, press ctrl/alt/del and in Taskmanager try to STOP:

    winupdt.exe
    msnavc32.exe (should be gone)
    netsync.exe

    Next, run HJT on its own and let it 'fix':
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
    O2 - BHO: SDWin32 Class - {2DF51DBE-26B8-4800-A556-0560649FF2F4} - C:\WINDOWS\System32\tonrn.dll
    O2 - BHO: SDWin32 Class - {B8DEDF2C-64A2-4CD0-9AE2-071EB5114D00} - C:\WINDOWS\System32\nnhtj.dll
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

    When done, delete the bold files.
    Clean all the Temp directories from ALL users
    Clean temp. internet files, cookies etc.

    Boot normal. If all OK, put System Restore back on.

    Install Firefox from www.getfirefox.com and stop using IE, except for windows-updates.
  3. TRSprayPaint

    TRSprayPaint Newcomer, in training Topic Starter

    That did it.... thank you very much...
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.