I am infected with trojan.vundo it seems to be located in nyniyhba.dll. Symantec corporate finds as does others but I cannot remove it. Now it has also disabled my symantec autoprotect. DDS file below. Thanks for the help.
Bruce
DDS (Ver_09-03-16.01) - NTFSx86
Run by speschel at 11:48:30.19 on Tue 04/28/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1395 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\AOL\1221593810\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\speschel\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {05e14694-1fb1-4445-b5db-b061e23cd663} - c:\windows\system32\nyniyhba.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: : {8f8b34e8-1430-44bb-aa42-c1cf8f7cb27c} - c:\windows\system32\dcizasm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] -
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [HostManager] c:\program files\common files\aol\1221593810\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netscr~1.lnk - c:\program files\juniper\netscreen-remote\SafeCfg.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: aoyewnxz - dcizasm.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
============= SERVICES / DRIVERS ===============
R0 qxdyplyq;qxdyplyq;c:\windows\system32\drivers\qxdyplyq.sys [2004-8-11 23424]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2008-9-15 138296]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2008-5-5 79168]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-11 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2008-9-15 536634]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-1 455960]
R2 mgzjaoyi;Floppy Disk Controller Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-8-1 69632]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-9-8 108160]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-9-15 36188]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-14 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-8 110080]
S1 SAVRT;SAVRT;- --> - [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090423.004\naveng.sys [2009-4-27 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090423.004\navex15.sys [2009-4-27 876144]
S4 ccEvtMgr;Symantec Event Manager;- --> - [?]
=============== Created Last 30 ================
2009-04-28 09:17 <DIR> --d----- C:\VundoFix Backups
2009-04-27 14:27 <DIR> --d----- c:\docume~1\speschel\applic~1\Malwarebytes
2009-04-27 14:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-27 13:56 5,752 a------- c:\windows\system32\tmp.reg
==================== Find3M ====================
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-23 19:37 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-20 04:11 3,068,416 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-20 04:10 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 08:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 08:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 08:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 08:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 08:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 06:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
============= FINISH: 11:49:01.04 ===============