Hello everyone, I'm at my wits end with this bloody computer and am on the verge of reformatting it (cutting my losses)

Here
s what I've tried so far:

Tried removing bad items in HIjackthis, I ran an AVG (firewall installed too) scan, and I've ran vundofix, as well as look2me destroyer.

I keep getting constant pop-ups with partypoker, spyware cleaner, etc...

For programs I have installed MSN Live Messenger, AVG Antivirus, Pop-up stopper free (not blocking these pop-ups tho) is there something I'm missing in this log? (overlooking?)

I should also add that I emtied ALL Internet explorer cache, erased all firefox cache and cookies.. deleted all restore information (I had worse viruses than this but cleared them). I even emtied the recycle bin...

I dont know whats left!
Here's the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 19:37:45, on 2006-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\Anti-Spyware Apps\VundoFix.exe
F:\ANTI-S~1\hijackthis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158682378592
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe


Any insight you can provide would be greatly appreciated. I'm extremey computer savvy especailly when it comes to this stuff, but I'm lost with this thing.

Welcome to the forum, if you have not reformatted yet, I will see what I can do. If you have I would appreciate a quick post letting us know to close your topic...thanks.

1) I do not know what F:\ is, but we need to run from a drive. please move HJT to here: C:\ANTI-S~1\hijackthis.exe, during this process, rename it in case the hackers are hiding Vundo. Call it C:\ANTI-S~1\MyFix.exe or whatever you wish.

2) Delete this: F:\Anti-Spyware Apps\VundoFix.exe if we need it we will download it again.

3) You are running MSConfig in Selective Startup mode. Please post all logs in Normal Startup mode unless I request otherwise. You may return to Selective Startup mode to save your resources when we finish.

4) In your Security Center please make sure you are not running the SP2 firewall since you are using AVG's third party firewall. The antivirus setting should be on as well as autoupdates.

5) Post a new HJT log once the above instructions are followed. Please include any information you think will help, include any error messages "word for word" and describe any popups you are receiving, let me know if you are getting these popups offline as well as on.

Thanks

Hi there, I will post a new HJT Log as soon as I have access to that computer again (will be in a few days)

I have downloaded Vundofix and tried running it but it came up clean and I used it twice. I will try the rename HJT trick to see if anything comes up that may be hiding.

F:\ is my portable USB Drive that I run EVERYTHING from, so it is safe, trust me on that one.

1) I do not know what F:\ is, but we need to run from a drive. please move HJT to here: C:\ANTI-S~1\hijackthis.exe, during this process, rename it in case the hackers are hiding Vundo. Call it C:\ANTI-S~1\MyFix.exe or whatever you wish.

Will do

3) You are running MSConfig in Selective Startup mode. Please post all logs in Normal Startup mode unless I request otherwise. You may return to Selective Startup mode to save your resources when we finish.

ok if you insist, its slow enough already as it is.

4) In your Security Center please make sure you are not running the SP2 firewall since you are using AVG's third party firewall. The antivirus setting should be on as well as autoupdates.

AV Setting should be ON (unless hijackers have decided otherwise :) and SP2 is set to disabled)

5) Post a new HJT log once the above instructions are followed. Please include any information you think will help, include any error messages "word for word" and describe any popups you are receiving, let me know if you are getting these popups offline as well as on.

Great! Will do as soon as I can.

Please follow all of the directions as posted, HJT can not save backups unless it is running from a drive. I would appreciate it if you do not copy my instructions again, it is just a waste of space. If you feel the need to respond using a number, then use only the number and your response.

Thanks

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.