Need Help With HJT Log

By TRSprayPaint
Feb 22, 2005
  1. I am the IT/tech Support for a small company and this one computer i cant seem to get rid of the popups and slowness on it... the other one that got infected with stuff cleaned with no probs

    Puter is a STOCK HP Pavillion a612x

    whats been done so far
    From SafeMode
    Turned Off System Restore
    Ran CW Shredder Removed 1 Strain
    Ran SpyBot S&D removed a few
    Ran AdAware removed a few
    Ran HJT and removed some stuff
    Deleted Associated Files

    Rebooted and checked again... nothing found!
    (I went home and was called back again this morning)
    found sidestep installed which i had removed yesterday

    so anyhow here is the HJT log while running in SafeMode
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Switch System Restore off

    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 ==>> VX2 infection <<==
    If you have not done so yet, go to to get the AdAware plug-in for fixing VX2. To run it, go into Adaware ->Add-ons and select VX2 Cleaner. Click Run Tool and OK to start it. If it's clean, it'll say Status System Clean. If not, click the Clean button to remove the VX2 infection.
    Reboot in Safe Mode

    Next, press ctrl/alt/del and in Taskmanager try to STOP:

    msnavc32.exe (should be gone)

    Next, run HJT on its own and let it 'fix':
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
    O2 - BHO: SDWin32 Class - {2DF51DBE-26B8-4800-A556-0560649FF2F4} - C:\WINDOWS\System32\tonrn.dll
    O2 - BHO: SDWin32 Class - {B8DEDF2C-64A2-4CD0-9AE2-071EB5114D00} - C:\WINDOWS\System32\nnhtj.dll
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

    When done, delete the bold files.
    Clean all the Temp directories from ALL users
    Clean temp. internet files, cookies etc.

    Boot normal. If all OK, put System Restore back on.

    Install Firefox from and stop using IE, except for windows-updates.
  3. TRSprayPaint

    TRSprayPaint TS Rookie Topic Starter

    That did it.... thank you very much...
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.