1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Need Help With HJT Log

By TRSprayPaint
Feb 22, 2005
  1. I am the IT/tech Support for a small company and this one computer i cant seem to get rid of the popups and slowness on it... the other one that got infected with stuff cleaned with no probs

    Puter is a STOCK HP Pavillion a612x

    whats been done so far
    From SafeMode
    Turned Off System Restore
    Ran CW Shredder Removed 1 Strain
    Ran SpyBot S&D removed a few
    Ran AdAware removed a few
    Ran HJT and removed some stuff
    Deleted Associated Files

    Rebooted and checked again... nothing found!
    (I went home and was called back again this morning)
    found sidestep installed which i had removed yesterday

    so anyhow here is the HJT log while running in SafeMode
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Switch System Restore off

    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105 ==>> VX2 infection <<==
    If you have not done so yet, go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to get the AdAware plug-in for fixing VX2. To run it, go into Adaware ->Add-ons and select VX2 Cleaner. Click Run Tool and OK to start it. If it's clean, it'll say Status System Clean. If not, click the Clean button to remove the VX2 infection.
    Reboot in Safe Mode

    Next, press ctrl/alt/del and in Taskmanager try to STOP:

    msnavc32.exe (should be gone)

    Next, run HJT on its own and let it 'fix':
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
    O2 - BHO: SDWin32 Class - {2DF51DBE-26B8-4800-A556-0560649FF2F4} - C:\WINDOWS\System32\tonrn.dll
    O2 - BHO: SDWin32 Class - {B8DEDF2C-64A2-4CD0-9AE2-071EB5114D00} - C:\WINDOWS\System32\nnhtj.dll
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
    O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

    When done, delete the bold files.
    Clean all the Temp directories from ALL users
    Clean temp. internet files, cookies etc.

    Boot normal. If all OK, put System Restore back on.

    Install Firefox from www.getfirefox.com and stop using IE, except for windows-updates.
  3. TRSprayPaint

    TRSprayPaint TS Rookie Topic Starter

    That did it.... thank you very much...
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...