Some how I got into some nasty stuff: "BetterInternet.nail" seems to be the recuring source (Ad-Aware finds in everytime, but its always there again. The Tea Timer part of SBS&D is non-stop blocking vgyjg and ajgigj. Anyway, I read that the "BetterInternet.Nail" was a VX2 "file" so I DL'd the VX2 Cleaner V2.0 from Lavasoft, but it never found the malware. It kept saying "system clean". Then I would do an Ad-Aware scan and the .Nail would be there.
I figured it was time I got Hijack This! and get some "professional" help.
Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 2:09:31 AM, on 4/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\hidserv.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
F:\Spy Bot\Spybot - Search & Destroy\TeaTimer.exe
F:\ZoneLabs\ZoneAlarm\zapro.exe
F:\Hijack This\HijackThis.exe
F:\FIREFOX\FIREFOX.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by InsightBB.com
F2 - REG:system.ini: Shell=Explorer.exe, E:\WINNT\system32\qcfug.exe
F2 - REG:system.ini: UserInit=E:\WINNT\system32\userinit.exe,cwmxqqm.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "F:\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spy Bot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = F:\ZoneLabs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} -
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...rsinstaller.cab
O18 - Protocol: bw+0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {440A0D91-41CD-4B33-AEBF-AAFD83314F02} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - E:\WINNT\system32\ZoneLabs\vsmon.exe
That is a lot of carp**; I would like to know what I can do to get rid of this .Nail garbage and also, what else, if anything can be cleaned up??
Thanks in Advance!
bobapunk