Just a forework, I tried following some of the prementioned strategies that were already posted here, and it seems to have eliminated some of the viruses, but some are still being detected so I wanted to make sure that I got them all. SO here goes.

Logfile of HijackThis v1.99.1
Scan saved at 2:08:40 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\DOCUME~1\Justin\MYDOCU~1\FNTS~1\cmd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

68.13.157.97:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: COM+ Service - {2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} -

C:\WINDOWS\system32\winload.dll
O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} -

c:\windows\help\libcat.dll (file missing)
O2 - BHO: (no name) - {6BA20820-5492-47EF-8658-F34420501491} -

C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} -

C:\WINDOWS\system32\ljjgfde.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"

runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [RunOnce2Upd] "C:\WINDOWS\system32\KB_963493.exe"
O4 - HKCU\..\Run: [Oatp] "C:\DOCUME~1\Justin\MYDOCU~1\FNTS~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [Big] "C:\Documents and Settings\Justin\Application

Data\S?mantec\w?nspool.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google

Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.c

ab?1172171673546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.c

ab?1172171662968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EB01DE0-7A30-44DB-A6AA-C46A1E326C7B}:

NameServer = 68.13.16.25,68.13.16.30
O20 - Winlogon Notify: winxvb32 - C:\WINDOWS\SYSTEM32\winxvb32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown

owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini

(file missing)



eTrust Antivirus Web Scanner

Scan Results: 49326 files scanned. 12 viruses were detected.

File Infection Status Path
zaubxrb.exe Win32/Meyfew!generic infected C:\Documents and Settings\Justin\Local

Settings\Temp\
404-7[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local

Settings\Temporary Internet Files\Content.IE5\6YQ0A2CD\
404-4[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local

Settings\Temporary Internet Files\Content.IE5\G123VNOY\
counter21[1].php Win32/Meyfew!generic infected C:\Documents and

Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\G123VNOY\
404-6[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local

Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
new605[1].htm JS/MS06-014!exploit infected C:\Documents and Settings\Justin\Local

Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
packed_installer_cna[1] Win32/Pokier.AI infected C:\Documents and

Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
arr[1].ani Win32/MS07-017!exploit infected C:\Documents and Settings\Justin\Local

Settings\Temporary Internet Files\Content.IE5\ZRA2LD56\
Dc2.exe Win32/Seresp.F infected

C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\
0x57.exe Win32/Pokier.AI infected C:\WINDOWS\system32\
KB02054017.exe Win32/Pokier.AI infected C:\WINDOWS\system32\
wmvds32.dll Win32/Cadux.BM infected C:\WINDOWS\system32\

Elaborating more on the previous post, and realizing that you can't edit on this forum, the previous strategies I used involved using vundofix, and every time I run it now, it comes up with no further viruses being detected, but Spybot does, and since using vundofix I've noticed that the amount of pop-ups is zero now, and my computer is no longer slowing down, but since it is still "detecting" the viruses, I just wanted to make sure that I actually got rid of them so I won't have to come back and trouble shoot.

Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

Without the above instructions being followed, it's hard for us to help. You have formatted your log so I can not scan it and I have not seen a Vundofix log to be able to comment on those results.

Thanks

Sorry, I misread the instructions when they said uncheck. Also how would I generate a vundofix log? Whenever I run it, it scans the dll's and at the end it says no infected files detected.

Logfile of HijackThis v1.99.1
Scan saved at 2:08:40 AM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\DOCUME~1\Justin\MYDOCU~1\FNTS~1\cmd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.13.157.97:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: COM+ Service - {2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} - C:\WINDOWS\system32\winload.dll
O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - c:\windows\help\libcat.dll (file missing)
O2 - BHO: (no name) - {6BA20820-5492-47EF-8658-F34420501491} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - C:\WINDOWS\system32\ljjgfde.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [RunOnce2Upd] "C:\WINDOWS\system32\KB_963493.exe"
O4 - HKCU\..\Run: [Oatp] "C:\DOCUME~1\Justin\MYDOCU~1\FNTS~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [Big] "C:\Documents and Settings\Justin\Application Data\S?mantec\w?nspool.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172171673546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172171662968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EB01DE0-7A30-44DB-A6AA-C46A1E326C7B}: NameServer = 68.13.16.25,68.13.16.30
O20 - Winlogon Notify: winxvb32 - C:\WINDOWS\SYSTEM32\winxvb32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



eTrust Antivirus Web Scanner

Scan Results: 49326 files scanned. 12 viruses were detected.

File Infection Status Path
zaubxrb.exe Win32/Meyfew!generic infected C:\Documents and Settings\Justin\Local Settings\Temp\
404-7[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\6YQ0A2CD\
404-4[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\G123VNOY\
counter21[1].php Win32/Meyfew!generic infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\G123VNOY\
404-6[1].htm JS/MS05-054!exploit infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
new605[1].htm JS/MS06-014!exploit infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
packed_installer_cna[1] Win32/Pokier.AI infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\PQ01T3DE\
arr[1].ani Win32/MS07-017!exploit infected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\ZRA2LD56\
Dc2.exe Win32/Seresp.F infected C:\RECYCLER\S-1-5-21-842925246-651377827-725345543-1003\
0x57.exe Win32/Pokier.AI infected C:\WINDOWS\system32\
KB02054017.exe Win32/Pokier.AI infected C:\WINDOWS\system32\
wmvds32.dll Win32/Cadux.BM infected C:\WINDOWS\system32\

Thanks for returning you information, it looks like you may have removed the Vundo trojan but we have some much more serious problems. There is a PurityScan infection: http://www.castlecops.com/startuplist-11320.html
But that one does not concern me like this: C:\WINDOWS\system32\ntos.exe
http://www.sophos.com/security/analyses/trojagentecu.html

Allows others to access the computer
Steals information
Downloads code from the internet
Installs itself in the Registry

and like this one: http://www.castlecops.com/clsid-32419.html
If this computer is used for any secure reason, you need to know it has been compromised and you need this information:
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Please let us know what you have decided to do in your next post.

Thanks

OK, good to know. I built this computer and can figure out how to reformat it, I was just unsure if that was what had to be done. Thank you for the help.

I respect your decisions, were it one of my computers, that is what I would do. Here is some information that may help prevent future infections.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.