Hello,

My problems all started when a friend put his usb, infected with WORM_AGENT.VDO into my computer. I have since removed this worm, however i am sure there are still other viruses on here. Ad Aware and Spybot both picked up Bifrose, as did NOD 32

Why i am so sure is that there are alot of annoying settings changes, for example:
My mouse wheel no longer works (definatly software, tried with other computer)
My middle mouse button cycles through open aplications, i can't click it in a window (mainly firefox).
Things are disapering from my start menu, eg favorites, pinned items,
My control panel reverted its self to "XP veiw"
I can not use system restore, as i cannot click the final restore button (i click it does nothing, i click again nothing ect)

My computer is definatly up to all these tasks:
Intel Pentium D 3.4 GHz
2GB SDD RAM
250 GB Hd
Nvidia 6000 and something GFX

HJT log attached:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:50:54 AM, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\Tom\LOCALS~1\Temp\suchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Swift To-Do List\Swift To-Do List.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Tom\My Documents\Programs\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {217D6A08-D4AE-432E-AD4D-005CEA36E85A} - (no file)
O2 - BHO: (no name) - {3BFBAFBF-0A70-435B-9302-A180ABE37A1D} - (no file)
O2 - BHO: (no name) - {41767516-1C71-49A8-B7B8-C9B55F3A68EA} - (no file)
O2 - BHO: (no name) - {4FFADED8-CE19-4FC5-9547-7881FDB5D120} - (no file)
O2 - BHO: (no name) - {5C0AEFFA-4423-42ED-BF11-9CE68A277D07} - (no file)
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: (no name) - {735D140E-F7C3-451F-8C22-C8549C337AE2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EA25F9D-6A06-4EDC-9C3A-E11B1754A857} - (no file)
O2 - BHO: (no name) - {9C46CBC5-766A-4518-8134-E36ACB49454D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE57B5C1-0F31-4192-B682-C87A7B8D0757} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B58A1CB9-90A4-429D-92B0-651F9515E8D2} - (no file)
O2 - BHO: (no name) - {EF5EFA56-A05F-46EC-8F7B-ADF30BADB8D3} - (no file)
O2 - BHO: (no name) - {F9AFAB94-4172-42C1-94DE-6F1FACD59A52} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SwiftToDoList] "C:\Program Files\Swift To-Do List\Swift To-Do List.exe" minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [scApp] C:\DOCUME~1\Tom\LOCALS~1\Temp\suchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Live™ Messenger.lnk = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7992 bytes

Hello,

My problems all started when a friend put his usb, infected with WORM_AGENT.VDO into my computer. I have since removed this worm, however i am sure there are still other viruses on here. Ad Aware and Spybot both picked up Bifrose, as did NOD 32

Why i am so sure is that there are alot of annoying settings changes, for example:
My mouse wheel no longer works (definatly software, tried with other computer)
My middle mouse button cycles through open aplications, i can't click it in a window (mainly firefox).
Things are disapering from my start menu, eg favorites, pinned items,
My control panel reverted its self to "XP veiw"
I can not use system restore, as i cannot click the final restore button (i click it does nothing, i click again nothing ect)

My computer is definatly up to all these tasks:
Intel Pentium D 3.4 GHz
2GB SDD RAM
250 GB Hd
Nvidia 6000 and something GFX

Another member has helped me and requested that i post report.txt. File is attached

Hello,

My problems all started when a friend put his usb, infected with WORM_AGENT.VDO into my computer. I have since removed this worm, however i am sure there are still other viruses on here. Ad Aware and Spybot both picked up Bifrose, as did NOD 32

Why i am so sure is that there are alot of annoying settings changes, for example:
My mouse wheel no longer works (definatly software, tried with other computer)
My middle mouse button cycles through open aplications, i can't click it in a window (mainly firefox).
Things are disapering from my start menu, eg favorites, pinned items,
My control panel reverted its self to "XP veiw"
I can not use system restore, as i cannot click the final restore button (i click it does nothing, i click again nothing ect)

My computer is definatly up to all these tasks:
Intel Pentium D 3.4 GHz
2GB SDD RAM
250 GB Hd
Nvidia 6000 and something GFX

Another member asked me to run SDFix and give and post report.txt. File is attached.

Cmon guys i need your help.

Hello.

I merged your four (4) topics.

The topic was started yesterday and you are bumping?

Please see: "BEFORE you POST"(READ this Procedure before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

Regards.

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.