I need Help! Please take a look!

[kerespup]

Please help! I'm desperate!

Hey guys, I have a huge problem.

First of all I had the ishost and ismon problems, but I followed some steps here and so ishost and ismon problems are gone.

But now new problems emerged after it. EXPLORER.EXE and netwin.exe keep on showing up and slowing my computer down. I can't do anything anymore unless I'm in safemode.

I have a HJT log here (Please help!):

 

[Rik]

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Okay sir, I'll do as you say, but there is one problem.

It is said in that link you provided that I would have to run an online scanner?

But how can I do that when I can't even connect to the net anymore with my said computer?

 

[tomrca]

just do what you can, and at some stage through this operation you may be able to get your connection back, then run the online scan. i should think that the whole thing will not be in the desired order, that's all. just do your best:wave:

 

[kerespup]

Thanks for the advice! I'll work on it right away!

 

[kerespup]

Okay, I did everything in said in that link except the whole Online Scanner thing, since I still can't connect.

BUT I'M STILL HAVING Explorer.EXE problems. It's like, each time I open a foldelr or a file, that Explorer.EXE thing comes up and messes everything up. And if I try to open through Task Manager, it also crashes.

Please help

Here are the HijackThis and AVG logs

 

[howard_hopkinso]

Before deciding whether your computer needs cleaning or reformatting, I need to ask you some questions.

Do you use your computer for any of the following. Online banking/Business purposes/storing sensitive or very personal information?

If the answer to any of those questions is yes, then you should immediately disconnect your computer from the net and do a complete format and reinstall.

This is because you computer is infected with backdoor trojans. These will have sent your info to a third party who may use that info for their own purposes. If you use online banking, then your should contact your bank and arrange to have your password changed immediately. You should also, change any other passwords you use as these may have also been compromised.

Even if we cleaned the infections, it wouldn`t help to recover the info that may have been gleaned from your system.

If you only use your computer for music/games etc, then cleaning it of infections, is possibly a better option to a reformat.

Please let me know what you want to do in your next post.

See these two links before you decide what you want to do.

http://www.dslreports.com/faq/10063
http://www.dslreports.com/faq/10451


Regards Howard :wave: :wave:

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

Well, actually it's my Gaming computer, so I don't use it for any of the things that you mentioned.

So no, nothing important. How do I fix/clean it then hopkinso-sama?

 

[howard_hopkinso]

Ok then, let`s clean this sucker up.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Lightning Download

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

INS3DT.EXE
svchctrl.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll

O2 - BHO: bho2gr Class - {F1FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\program files\Lightning Download\LD_Catch.dll

O4 - HKLM\..\Run: [Ins3DT] E:\INSTALL4\INS3DT.EXE

O4 - HKLM\..\Run: [svchctrl] c:\windows\system\svchctrl.exe

O4 - HKCU\..\Run: [svchctrl] c:\windows\system\svchctrl.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

D:\program files\Lightning Download<Delete the entire folder.
c:\windows\system\svchctrl.exe
E:\INSTALL4\INS3DT.EXE

Delete all files in AVG Antispyware quarantine.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINDOWS\BHOBJ.dll

Once your system has rebooted, rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kerespup]

;____;

Thank you so much hopkinso-sama!!!
You saved my computer!!!

I am forever in your debt!~ *bows*

 

[howard_hopkinso]

I`d still like to see a fresh HJT log, but it`s up to you.

Regards Howard

This thread is for the use of kerespup only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.