need some help with bit grabber

[richward]

I got adware from bit grabber and maybe a virus and some security issues now. I'm not really sure though. I can't change ie home page, get pop-up's and sometime freeze up with dr.watsons postmortum or something? I'v got norton firewall, and system works on my comp, so I don't know how it got pas them? Although I had a pay-pal identity thieft @ 1 1/2 months ago. Got alot on my comp so would like to repair rather than reboot if possible. I do, do some banking so would like your advise on how to proceed. hjt file is attached. One more thing I didn't get mail e-mail activation through verizon so I had to use another e-mail address and couldn't acesses google (not sure if related)
Thank-you so much for you time and effort!
Sincerly, Rich ward

p.s. os- is xp pro sp2 with amd 64 3200+ prcosser norton systemworks 2005 uptodate

 

[howard_hopkinso]

Your system is infected with a variety of nasties, the fact that you use your system for online banking etc, makes me think you`d be better off reformatting your system, but it`s upto you.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of richward only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[richward]

Please look over my hijackthis file

Thanks for taking the time to review this!
I ran hoster,avg anti-spy, spy bot,cwshredder,virtumundobegone, and virtumunofix. But I'm still getting pop-ups! I'v got an amd 64 3200 processor, running windows xp with sp2. Your help is greatly needed, thanks!

 

[howard_hopkinso]

I have merged your new thread into this one.

There`s no point in opening new threads, when you haven`t followed the instructions I gave you in this one.

Your System is infected with a variety of nasties, including a lop infection and vundo infection.

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

Then, go HERE and follow all the instructions exactly.

Post a fresh HJT log and the C:\Nolop log as well as an AVG Antispyware log, only after doing the above.

Regards Howard

This thread is for the use of richward only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[richward]

lastest reports

thanks again here they are.

 

[howard_hopkinso]

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\system32\pgooafwt.dll
C:\WINDOWS\system32\cbxxywt.dll
C:\WINDOWS\system32\mlljk.dll

Post a fresh HJT log after doing the above.

Regards Howard

This thread is for the use of richward only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.