Ok so I read the stickies and i'm still a little lost. I downloaded Spybot and I ran it and it found AdRevolver, Advertising.com, Avenue A, inc., CasaleMedia, Clickbank, DoubleClick, FastClick, HitBox, MediaPlex, ReliableStats, Smitfraud-C.Toolbar888, Statcounter, SystemDocter2006, Winsoftwar WinAnitVirus Pro 2006, and Zedo I have no idea what these are really all I know is that I ran search and destroy and selected to fix them and they came back the second time I ran it, and I also know i have xloader and ipwins.
I'm a total n00b about computer fixing and all that other fun stuff so I might get confused but of course any help wold be appreciated. :red:

And I still can't figure out how to get a log file. Bah i'm sorry i'm so ignorant. :sad: Thanks so much.

I'm guessing that this is what you need? (Not sure if this is a log or not.)
626_101newer.exe Win32/Notiex.F infected C:\ Anima.class-489a4a59-4170eb8f.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\file\1.0\
Anima.class-51be0e97-5461a5af.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\file\1.0\
Anima.class-5f795742-3446f6e7.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\file\1.0\
Anima.class-6b4b0ba7-76ec11bd.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\file\1.0\
Anima.class-91d23f-4944c10a.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\file\1.0\
arc.zip-278bd03a-618aa473.zip>Gummy.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
count.jar-7b11336d-3799d83e.zip Java/Shinwow.AT!ZIP infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
count.jar-7b11336d-3799d83e.zip>BlackBox.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
count.jar-7b11336d-3799d83e.zip>VerifierBug.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
count.jar-7b11336d-3799d83e.zip>Dummy.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
count.jar-7b11336d-3799d83e.zip>Beyond.class Java/Shinwow.AT infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
version.jar-4d048a14-2fce44f1.zip>BaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0
\ version.jar-4d048a14-2fce44f1.zip>VaaaaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
version.jar-4d048a14-2fce44f1.zip>Baaaaa.class Java/Shinwow.BJ infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
version.jar-4d048a14-7f6421a1.zip>BaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
version.jar-4d048a14-7f6421a1.zip>VaaaaaaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
version.jar-4d048a14-7f6421a1.zip>Baaaaa.class Java/Shinwow.BJ infected C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\
1166727185Bgmda.exe Win32/Oneraw!generic infected C:\Documents and Settings\Administrator\Local Settings\Temp\
1168837633KnDba.exe Win32/Oneraw!generic infected C:\Documents and Settings\Administrator\Local Settings\Temp\
11746092258kJWa.exe Win32/Oneraw!generic infected C:\Documents and Settings\Administrator\Local Settings\Temp\
b116.exe Win32/Clspring.GA infected C:\Documents and Settings\Administrator\Local Settings\Temp\
lo1[1] Win32/Vundo!generic infected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GLTEAJR8\
lo1[2] Win32/Vundo!generic infected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GLTEAJR8\
lo1[3] Win32/Vundo!generic infected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GLTEAJR8\
123[1].htm Win32/MS07-017!exploit infected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOECSXX2\
lo1[1] Win32/Vundo!generic infected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOECSXX2\
kfzwl.exe Win32/SillyDl.NM infected C:\Program Files\Common Files\kfzw\
kfzwm.exe Win32/Sasla.A infected C:\Program Files\Common Files\kfzw\
system.dll Win32/Matcash infected C:\Program Files\Common Files\{94469AA9-0AF0-1033-1028-030307250001}\
Update.exe Win32/Matcash!generic infected C:\Program Files\Common Files\{94469AA9-0AF0-1033-1028-030307250001}\
jusched.exe Win32/Secdrop.MT infected C:\Program Files\Java\jre1.5.0_08\bin\ Dc111.exe Win32/Clspring.FA infected C:\RECYCLER\S-1-5-21-171638326-2616796488-909897393-500\
Dc71.exe Win32/Clspring.FA infected C:\RECYCLER\S-1-5-21-171638326-2616796488-909897393-500\
Dc73.exe Win32/Clspring.GO infected C:\RECYCLER\S-1-5-21-171638326-2616796488-909897393-500\
tskmgr.exe Win32/Clspring.FA infected C:\
optimize.exe Win32/Dyfuca.X infected C:\WINDOWS\
srvgtyvpyi.exe Win32/SillyDl.AZG infected C:\WINDOWS\
gebxyay.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\
jkkhifd.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\
ssqpnol.dll Win32/Chisyne!generic infected C:\WINDOWS\system32\
updater.exe.tmp Win32/Matcash.Q infected C:\WINDOWS\

Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

I have no idea what that is you posted. It looks like a Vundo infection in case you want to look at this self-help tutorial:
http://forums.spybot.info/showthread.php?t=4394

From all you mentioned it sounds like Vundo is not all you are infected with. At the very least, I will need a HJT log, here are a few tutorials to help you get it posted:
http://forums.security-central.us/showthread.php?t=112for
http://russelltexas.com/malware/createhjtfolder.htm
http://www.bleepingcomputer.com/forums/tutorial94.html

Thanks

Due to lack of a response, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Logfile of HijackThis v1.99.1
Scan saved at 9:44:31 AM, on 4/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehSched.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Furcadia\fsheditor.exe
C:\Program Files\Furcadia\Furcadia.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {250055b8-132e-4544-9f6f-ccbf407cf127} - C:\WINDOWS\system32\applay.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\System32\tmp245.tmp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\vtrrpq.dll",realset
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F1FBA239.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1FBA239.exe
O4 - HKCU\..\Run: [A00F1FBAAC4.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1FBAAC4.exe
O4 - HKCU\..\Run: [A00F1FBAE8D.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1FBAE8D.exe
O4 - HKCU\..\Run: [A00F1FBB2B4.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F1FBB2B4.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: applay - C:\WINDOWS\SYSTEM32\applay.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: __c0053D84 - C:\WINDOWS\System32\__c0053D84.dat
O20 - Winlogon Notify: __c006B924 - C:\WINDOWS\System32\__c006B924.dat
O20 - Winlogon Notify: __c00742D0 - C:\WINDOWS\System32\__c00742D0.dat
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Here's a Hijackthis log.

Hi there.

Looks like the forum notification didn't work for your helper, perhaps because the topic was previously archived.

If you are still in need of assistance please PM me and I will let Phil know.

Regards.

LunaYusema, please let me know. Thanks.

This topic has been archived.

If you need it re-opened and will be posting the information requested, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.