I followed all of the directions. The Brute Force Uninstaller stopped at 88% complete, and then the program closed. Here are the 2 new logs.
Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 9:38:29 PM, on 4/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.charter.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NSAgent] C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\51KJW464\SaveKobeGameSetup03[1].exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
www.ameritrade.comO15 - Trusted Zone: *.ameritrade.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone:
http://Download.Windowsupdate.comO15 - Trusted Zone:
http://click.getmirar.com (HKLM)
O15 - Trusted Zone:
http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted IP range: 198.200.173.74
O15 - Trusted IP range: 198.200.173.139
O15 - Trusted IP range: 204.58.27.33
O15 - Trusted IP range: 204.58.27.41
O15 - Trusted IP range: 204.58.27.49
O15 - Trusted IP range: 204.58.27.57
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1121305959250O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1121307215421O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
http://ftp.us.dell.com/fixes/PROFILER.CABO16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://download.toontown.com/sv1.0.15.38/ttinst.cabO20 - AppInit_DLLs: iniwin32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iaspolcy - Unknown owner - C:\WINDOWS\System32\iaspolcy.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:55:53 AM, 4/29/2006
+ Report-Checksum: D5A11EC5
+ Scan result:
HKLM\SOFTWARE\Classes\BHO.Adware -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Adware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\Brian\Desktop\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\price_08.zip/price.html -> Dropper.RunMe : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\price_08.zip/price/price.exe -> Worm.Bagle.al : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/CSSecure.dll -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/dmproxy.dll -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/dmserver.exe -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/DMUpdate.exe -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/CSSecure.dll -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/dmproxy.dll -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/dmserver.exe -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\Jenn's Downloads\screensaversinstaller.exe/DMUpdate.exe -> Adware.Comet : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\price_08.zip/price.html -> Dropper.RunMe : Cleaned with backup
C:\Documents and Settings\Brian\My Documents\price_08.zip/price/price.exe -> Worm.Bagle.al : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0437A465-1DC0-4815-9E5F-568F57\EECE421A-7CC9-46F5-B951-CBB25A -> Adware.Mirar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0437A465-1DC0-4815-9E5F-568F57\F29AE417-7919-4A35-A910-A24466 -> Adware.Mirar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A74D6733-2782-44FD-B1BF-C4590C\0B3B15D9-3873-4470-B4A5-35638E -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A74D6733-2782-44FD-B1BF-C4590C\89019EAD-CD0D-4D40-BFF0-493798 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A74D6733-2782-44FD-B1BF-C4590C\8EA25652-024B-451E-96F8-FDE847 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A74D6733-2782-44FD-B1BF-C4590C\E1FDAB12-CD5C-49E7-BA0A-92A448 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A74D6733-2782-44FD-B1BF-C4590C\F4F968D8-CEF3-4062-8C49-58F066 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E05288CE-E7B9-462D-B877-7F4B72\9C0F0F4F-5736-4691-A3B8-9D1046 -> Adware.E2Give : Cleaned with backup
C:\unzipped\price_08\price.html -> Dropper.RunMe : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\elite.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\irsmsuly.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsz7.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\repairs302972940.dll -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\SYSTEM32\WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\SYSTEM32\аttrib.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\unstall.exe -> Adware.Zango : Cleaned with backup
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup
::Report End
Show Posts