Need help getting rid of popups

If you have run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and you still have a problem, follow the guidelines below and post your log. If you do not follow the guidelines below, your log will be deleted and you will be asked to post it again after following directions.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: (no name) - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Program Files\Lycos\sst.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
After clicking FIX, exit HJT!

Boot into safe mode and use Windows Explorer to delete:
C:\WINNT\BTGrab.dll

Now Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

The below service is associated with making your ZIP drive look like a floppy. Why is it missing? Did you delete it on purpose?
O23 - Service: ZipToA - Unknown - C:\WINNT\System32\ZipToA.exe (file missing)
For more info on the process, go here: http://www.answersthatwork.com/Tasklist_pages/tasklist_z.htm
And scroll down to ZipToA.exe

 

Look at that link I gave you again. They do say that this will happen if the drive letter is changed. They also basically say ZipToA is a piece of c%$p. I feel that way about evrything IOMEGA ever made. Everything they ever designed (Bernoulli drives, Jaz drives, Zip drives, etc) were garabage and unreliable especially Bernoulli and Jaz.

Sounds like we fix your popup problem though.

Your log is clean of malware. The only problem is
O23 - Service: ZipToA - Unknown - C:\WINNT\System32\ZipToA.exe (file missing)

due to the above topic. If you are happy with the way your system is working and don't need to have the Zip drve bootable, just have HJT fix that line. If you need it to be bootable, you may have to locate that file on you installation disk (or see if it is still on your computer) and get a copy back into C:\WINNT\System32