Thanks for the attention on this!
Contents of the vundofix.txt file are:
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 8:30:27 AM 9/6/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\fccbcyv.dll
C:\WINDOWS\system32\fccdcya.dll
C:\WINDOWS\system32\kpbvnsto.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\xxmwipil.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\dccdd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqtwa.tmp Has been deleted!
Performing Repairs to the registry.
Done!
The hijackthis log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:15 AM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63B1434F-D307-432E-9292-18416A9B60CD} - C:\WINDOWS\system32\awtqr.dll (file missing)
O2 - BHO: (no name) - {6C46F34C-E1B4-4F36-B960-EE48CFAE69E0} - C:\WINDOWS\system32\ymjeglvf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E3076F73-D184-40BE-8217-CE9481BA1852} - C:\WINDOWS\system32\ymjeglvf.dll (file missing)
O2 - BHO: (no name) - {EFF4AC2A-0A2A-491C-9364-3B39B3A31ED0} - C:\WINDOWS\system32\ddccd.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [SC_Install] C:\Program Files\Install Express\SC.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm035KOUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Laura\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.comcast.com
O15 - Trusted Zone: *.comcast.net
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: *.gliconline.com
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) -
https://content.ilinc.com/clientdown...d/ilinci86.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) -
http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.4.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) -
https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://www6.glic.com/srvlw4/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {439AF17B-E5CF-41D4-963A-87F849576092} (SOConfig Class) -
https://ezdata.qa.glic.com/java/down...SOConfig32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9C57F717-5659-4657-89B7-5BA6F0EB37E1} (SmartBridge Class) -
https://ezdata.gliconline.com/java/d...OfficeLink.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C288BE80-60C2-4BFA-A080-452C0D0AF8C4} (SOCleanUp Class) -
https://ezdata.gliconline.com/java/d...SmartClean.cab
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll (file missing)
O20 - Winlogon Notify: fccbcyv - fccbcyv.dll (file missing)
O20 - Winlogon Notify: fccdcya - fccdcya.dll (file missing)
O20 - Winlogon Notify: gebyaby - gebyaby.dll (file missing)
O20 - Winlogon Notify: xxywutq - xxywutq.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 8007 bytes
Unsolved 
Online 
Offline 
