I am having a terrible time with pop-up adds on my computer, and with a ton of programs loading underneath Windows when I start up. I use spybot on a regular basis, but doesn't seem to help. I ran hijack this, and here is the log. Hopefully you can give me some help. Thanks!!! Logfile of HijackThis v1.97.7 Scan saved at 9:54:45 PM, on 11/24/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\HPOOPM07.exe C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe C:\WINDOWS\RUNDLL32.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.exe C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\BROWSER HIJACK BLASTER\BHBLASTER.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\PROGRAM FILES\SUPERBAR\SBHC.exe C:\PROGRAM FILES\WINZIP\WINZIP32.exe C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.68/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=135343 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fastmetasearch.com/bar.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=558AA588-3FD6-4D2A-B042-8E498A3104CE&version_id=18 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/main.html R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\PROGRAM FILES\COMMON FILES\OE\SEARCH.DLL O1 - Hosts: 216.65.3.76 auto.search.msn.com O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\PROGRAM FILES\COMMON FILES\OE\REDIRECTOR.DLL O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {96301920-1804-11D8-B683-CB4C7C537325} - C:\WINDOWS\SYSTEM\MSHXML.DLL O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O3 - Toolbar: SuperBar - {F8C4A2E0-193F-11D8-B683-DAD322C33625} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002111201/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37899.3658564815 O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.freescratchandwin.com/files/fswinst.cab O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.clock-sync.com/ClockSyncAutoSYNC0015.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/ASH19108/ashton.cab O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/payload2.cab O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v0d9.cab

I cannot go over your whole list although I did note you have gator with plugins downloaded which is known spyware. I would suggest you download Spyguard which is a proactive prevention program,spybot is after the fact.Regarding the popups a simple thing like downloading the goggle toolbar will help alleviate most popups, also hit Alt F4 and that will back them out.

JohnT is right in saying that gator is known spyware... Get rid of that crap and also download a program called, "Ad-aware 6.0". Its free for any kind of private use. A lot of times spyware, maleware will hide itself in the C:\Program Files\Common Files, directory. You might want to do a deap scan in that dir. Run through your program files directory and delete any folder that looks foreign; But first see if you can remove it through add/remove programs first. If you cant, try that method AND get rid of all the registry values by doin a reg. search for keywords contained in that folder or names. Dan,

http://www.spychecker.com/program/popthis.html Works great with IE Skip

Andy and SkipCox I tried out spyware checker and immediately found that IE and all .htm file windows had gone small (off-line). If they were either maximised or pulled out with the mouse, when I went back in they were small again. I tried unchecking "all" spyware checker options and ran spyware repair, rebooting after each try. Still the same. I then uninstalled spyware checker and this time although using maximise wouldn't keep the size it was fine on all pages after I had used mouse pull-out on just one of them. Not much more I can say really. I will obviously steer clear of the program but accept that it might have been some quirk of my machine. Couldn't find the authors email to update him. Restored my last saved good registry to be on the safe side (I have batch files) and I'm happy again. Derek

Andy Surprised that SpyBot didn't find Gator. Do you keep it updated? Sometimes Ad-Aware can find what SpyBot will miss and vice versa so it's still worth a shot. Derek

Run HT again and check the following items. Doublecheck so as to be sure not to miss one. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.68/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=135343 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fastmetasearch.com/bar.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135343 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=558AA588-3FD6-4D2A-B042-8E498A3104CE&version_id=18 R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\PROGRAM FILES\COMMON FILES\OE\SEARCH.DLL O1 - Hosts: 216.65.3.76 auto.search.msn.com O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\PROGRAM FILES\COMMON FILES\OE\REDIRECTOR.DLL O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {96301920-1804-11D8-B683-CB4C7C537325} - C:\WINDOWS\SYSTEM\MSHXML.DLL O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O3 - Toolbar: SuperBar - {F8C4A2E0-193F-11D8-B683-DAD322C33625} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89} (Fswinst Control) - http://www.freescratchandwin.com/files/fswinst.cab O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.clock-sync.com/ClockSyncAutoSYNC0015.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/ASH19108/ashton.cab O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/payload2.cab O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v0d9.cab After restarting delete the following: C:\Program Files\Media folder C:\Program Files\SuperBar folder C:\WINDOWS\SYSTEM\STLBDIST.DLL