Hi pumpkin729,
Welcome to Tech Support Forum!
I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.
Do you have
Netpumper or
Bitgrabber or
BitRoll installed? If so, uninstall them via
Start -> Control Panel -> Software -> Add or Remove Programs. This is because they are bundled with the malware you are dealing with (Swizzor aka Lop).
Also, please check to see if the following are present in Add or Remove Programs and uninstall them if found:
CiD Manager
CiD Help
Download Plugin for Internet Explorer
EasySpyRemover
Messenger Plus
Messenger Plus 2
Messenger Plus 3
Zone Media
If during uninstall, you are asked for uninstall Verification, please enter the numbers that will appear in the window.
Then reboot.
<-- Important!
NEXT:
After reboot, please download
Deljob.exe and save it on your desktop.
Double-click
Deljob.exe.
A log named
logit.txt should open afterwards. This log will be present on your desktop.
Please post the contents of the
Deljob.exe log in your next reply.
NEXT:
Then please run HijackThis and click "
Scan." Place checks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Program two bib free] C:\Documents and Settings\All Users\Application Data\AntiToolProgramTwo\Wmastop.exe
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [Sectpart] C:\DOCUME~1\CRANKY~1\APPLIC~1\DOWNLO~1\signcast.exe
Close
ALL browsers (including this one) and other windows except for HijackThis, and click "
Fix checked".
NEXT:
Please download the
Killbox by Option^Explicit and save it to your desktop.
NOTE: In the event you already have Killbox, this is a new version that I need you to download.
- Please double-click Killbox.exe to run it.
- From the main Killbox window, select:
- "Delete on Reboot".
- "All Files".
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C:
c:\docume~1\cranky~1\applic~1\downlo~1
C:\Documents and Settings\All Users\Application Data\AntiToolProgramTwo
C:\Documents and Settings\Cranky Baby\Application Data\Download Lite Audio
C:\Program Files\Easy SpyRemover
C:\Documents and Settings\Cranky Baby\Local Settings\Temp\bis97.exe
C:\Documents and Settings\Cranky Baby\Local Settings\Temp\bis9D.exe
- Return to Killbox, go to the "File" menu, and choose "Paste from Clipboard".
- This is pasted into the "Full Path of File to Delete" field.
- There’s a little arrow (drop-down arrow) next to that field. If you expand it, the lines that you pasted must be there together (if the files are present!).
- Click the button with the red circle and white X ("Delete File" button). Click "Yes" at the "Delete on Reboot" prompt. Click "No" at the "Pending Operations" prompt.
If your computer does not reboot automatically, please reboot it manually.
NOTE: If you receive a message such as, "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox,
CLICK HERE to download and run
missingfilesetup.exe. Then try Killbox again.
NEXT:
Please
reboot your computer normally into Windows and then please post the
Deljob.exe log and a new
HijackThis log.
How are things running now? Please let me know of any problems that still persist.