TechSpot

My HJT log - please can you help?

By nikkiy21
Mar 5, 2007
  1. :mad: Please find my HJT log attached. I have followed all the instructions from a previous thread before posting this log.

    View attachment 14327

    I currently have Norton Internet Security 2005, which is due for renewal at the end of this March, the full scan has not detected any virus. Upon running the several scanner software suggested at the beginning of the thread on here, a virus was detected: Trojan.Downloader.lstbar.JM and Trojan-Downloader.Win32.lstbar.jm - are these the same virus?

    Previously to discovering this, my laptop is always crashing, seems busy all the time & very slow. Also, when I do get on internet explorer and try typing anything, internet explorer help keeps coming up & I have to keep closing it after every couple of keystrokes - driving me mad!. I am still having all these problems after following the thread "on instructions before posting your HJT log."

    I would be really grateful for any advice you can provide. Also, could you advise if it is best to use Firefox instead of IE and what is the best alternative to Norton Internet Security.

    Many thanks
    Nikki
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    AQUATI~1

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    AQ3HEL~1.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START

    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\AQUATI~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :wave: :wave:

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Latest HJT & - still having probs

    Howard,

    Many thanks for your response . I followed all the instructions, please find my HJT & AVG log attached.

    Still having problems, laptop "busy" and very slow, although it hasn't crashed as yet, which it was doing. Again, when I'm on the internet (via IE), and trying to type stuff, IE help keeps popping up and it won't close - I have to press close loads of times before it will go.

    Any ideas?

    Many thanks
    Nikki
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, something`s obviously not right. With that in mind, please do the following.

    Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

    Run the programme and click the click "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
    * Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

    Download and run the Blacklight programme. Follow all the instructions carefully.

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here and let me know the results of the rootkit scans.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Followed as per your your last post. The AVG antirootkit found one file which was removed, which appeared to be some sort of driver file (sorry I clicked remove before making a note of the file name). Backlight didn't find anything. Please find attached the Autoruns log.

    As I am trying to type this, the internet explorer help window is still coming up all the time and I am having problems closing it.

    Many thanks for your help.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`d like you to have a couple of files checked.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\WINDOWS\system32\drivers\acpohpen.sys
    * Click Open
    * Please let me know the results.

    Then, do the same for C:\windows\system32\DRIVERS\MRV8335XP.sys

    Rehide your protected OS files and let me know the results.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Here's the scan results for the file acpohpen.sys.

    Tried to do the same for C:\windows\system32\DRIVERS\MRV8335XP.sys
    but the file isn't there. Should I be worried??!!

    I really appreciate all your help.

    Thanks
    Nikki
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Here's the avenger txt and new HRT log. It looks as though the Avenger program couldn't delete the file. I still had my OS files hidden when I ran this - should I have unhidden them and then run Avenger??

    Still experiencing same probs. Also the notepad kept coming up just now and that wouldn't close either (did eventually).
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It seems the The avenger couldn`t find the file.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    See if you can locate and delete this file.

    C:\WINDOWS\system32\drivers\acpohpen.sys

    Rehide your protected OS files and let me know the results.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    I managed to delete C:\WINDOWS\system32\drivers\acpohpen.sys but upon rebooting, my system seemed to go mad! It took ages to run through start up and when I managed to log on, the system was just stuck and busy for half an hour. I then got loads of windows opening up called MS visual C ++ runtime library with all different file errors. I couldn't get to read all these different windows as my laptop was stuck. The one I could see was a PC health file. There was also lots of "clicking" going on as if I was using the mouse but I wasn't. I have since had to remove the battery and reboot several times as the same thing keeps happening.

    Managed this morning to eventually get onto the internet to send this post -as I'm trying to type, IE help still keeps coming up. System is running incredibly slow.

    I did yesterday install AVG anti virus and Zone Alarm firewall. This is at the moment running alongside with Norton internet security 2005. Could this be causing problems?

    I have attached a fresh HJT log for info.

    Thanks so much for your help.
    Nikki
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, it appears you`re running both AVG free and Norton at the same time. This is not recommended, will slow your system down and can cause serious problems.

    Uninstall Norton. If you have any problems with the uninstall, see this thread HERE.

    Post a fresh HJT log after doing the above and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Hi Howard,

    I have managed to uninstall Norton internet security 2005 and my system is running much better. Still getting the odd error message but the main problem is that IE help still keeps coming up when I'm trying to type and it is difficult to close.

    I ran an AVG virus scan today which identified 1 item which was deleted. Ran AVG anti spyware too which found 8 items which were deleted.

    Do you think it would be a good idea for me to stop using IE and use Firefox instead??

    Here is a fresh HJT log.

    Thanks
    Nikki
     
  14. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Think my last post got missed somehow. Still having probs with IE help opening up when I'm typing stuff - do you think it could be anything to do with the keyboard??

    Also, laptop busy for ages when you log in to windows - wonder if this could be down to the software I downloaded (AVG antivirus, AVG antispyware & Zone Alarm). Got rid of Norton Internet Security 2005.

    Sent fresh HRT report on previous post. Would be really grateful it it could be checked out.

    Many thanks
    Nikki
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry, I must have missed you post of the 03/03/07.

    Your HJT log is clean.

    Disable the AVG Antispyware resident shield, as it only uses resources.

    Yes, I think it`d be a very good idea to use Firefox, rather than IE.

    However, I would still like to find out and rectify why your IE is opening when you type something.

    Maybe, try uninstalling and reinstalling IE and see if that helps.

    Regards Howard :)

    This thread is for the use of nikkiy21 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. nikkiy21

    nikkiy21 TS Rookie Topic Starter Posts: 19

    Hi Howard,

    Thanks for your reply. I have disabled the AVG antispyware resident shield.

    Sorry if I'm being a bit thick but if I uninstall Internet Explorer, I have no software disk to reinstall - can I download IE from Microsoft? Currently running IE 6, SP2.

    Thanks
    Nikki
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, you can download IE6 from HERE.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...