I am getting inundated with popups when I'm online, I went through the steps to try to rid myself of the duce6.exe virus, including running the BFG program and running an anti-spyware to kill it as well. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:22:16 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblqqsi.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsp19.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

Can you please help me kill this once and for all.

Download The Stand Alone Version of CW Shredder,Spybot, AdAware, (Links at the bottom of my message) If you have them allready make sure they are up to date.

You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)

Delete this file

C:\WINDOWS\system32\Netverchk.exe

Still In Safe Mode Open up Hijack This and Place a check next to each of these and click Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblqqsi.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsp19.dll
Begin2Search adware variant
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
AdRotator/IconAds adware from trafficsector.com

O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe

O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab

Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot, Delete what they find , Empty Recycle Bin.

Plug the internet back in and Reboot to normal mode and post a new log..........Jim

Here is the updated hijackthis log now that I did what you mentioned previously.

Logfile of HijackThis v1.99.1
Scan saved at 5:19:28 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

Let me know if there is anything else I need to do, and thanks so much for responding :)

Garrick

Looks good, Lets run one more program just to make sure.

First download ewido anti-spyware from HERE (http://www.ewido.net/en/) and save that file to your
desktop.
This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition
files. On the main screen select the icon "Update" then select the "
Update now" link. Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found"Close ewido anti-spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting
your computer and continually tapping the F8 key until a menu appears.

Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or
programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all
actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important). Close ewido and reboot your system back into Normal Mode and post the
results of the ewido report scan...........Jim

Here is the AVG report after the scan. I don't get the popups anymore, but now when I go to safe mode and then back to windows it takes several reboots to actually get windows loaded up and it prompts to run scandisk on drive D: everytime I load regardless of me letting it do the complete scan. Also internet explorer randomly closes on me???

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:53:25 PM 10/25/2006

+ Scan result:



C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0391967.dll -> Adware.EZula : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392029.ocx -> Adware.MediaMotor : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392030.exe -> Adware.MediaMotor : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391936.exe -> Adware.MediaTicket : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0391956.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP318\A0388825.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391942.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392031.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391945.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391946.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0392001.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0392002.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392032.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392033.exe -> Adware.ZenoSearch : Ignored.
C:\Documents and Settings\Garrick\Cookies\garrick@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@giftscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@mcclatchy.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Temp\Cookies\garrick@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\WINDOWS\Temp\Cookies\garrick@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ehg-verizonwireless.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ehg-wchospitality.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Temp\Cookies\garrick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@data4.perf.overtu re[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adopt.specificcli ck[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Looks like Avg picked up some spyware.All these have been ignored for some reason. Run AVG again and have these deleted or quarantined.........Jim

Post another AVG log too.....

C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0391967.dll -> Adware.EZula : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392029.ocx -> Adware.MediaMotor : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392030.exe -> Adware.MediaMotor : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391936.exe -> Adware.MediaTicket : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0391956.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP318\A0388825.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391942.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392031.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391945.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP320\A0391946.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0392001.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP321\A0392002.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392032.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP322\A0392033.exe -> Adware.ZenoSearch : Ignored

OK, I re ran AVG and this time deleted/quarantined everything that came up. Let me know if I need to do anything else, and thanks again for your help



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:59:56 AM 11/1/2006

+ Scan result:



C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392294.dll -> Adware.BHO : Cleaned with backup (quarantined).
E:\Program Files\HijackThis\backups\backup-20061023-162329-731.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP325\A0392141.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP325\A0392142.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP325\A0392143.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP326\A0392155.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP326\A0392156.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP326\A0392157.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP327\A0392216.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP327\A0392217.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP327\A0392218.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP327\A0392219.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP328\A0392232.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP328\A0392233.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP328\A0392234.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP328\A0392242.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392253.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392254.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392255.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392290.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392291.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392295.dll -> Adware.EZula : Cleaned with backup (quarantined).
E:\Program Files\HijackThis\backups\backup-20061023-162329-879.dll -> Adware.EZula : Cleaned with backup (quarantined).
HKU\S-1-5-21-1644491937-261478967-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392285.exe -> Downloader.Agent.baf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6F032181-8910-43C6-A537-E4287A17568C}\RP329\A0392286.exe -> Downloader.Agent.baf : Cleaned with backup (quarantined).
C:\WINDOWS\bl4ck.com -> Downloader.Agent.baf : Cleaned with backup (quarantined).
C:\Documents and Settings\Garrick\Cookies\garrick@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@mcclatchy.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@server.iad.livepe rson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@data4.perf.overtu re[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@counter7.sextrack er[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@adopt.specificcli ck[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Garrick\Cookies\garrick@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

How are things running since you quarantined those items?........Jim :ioman

It seems to run a lot better, no popups like before and the system is much faster... thanks for all of the help!

Garrick

Thats great, Run your programs once a week to help it stay clean. Also download SpywareBlaster for prevention.(Link at the bottom of my message).........Jim :vivi