I have a problem with this Vrape.hardloved bug. I've tried modifying my registry, but it's still there. I have scanned and saved my log but I'm not sure what I need to delete. Could someone help with this problem. I would greatly appreciate it. Thanks. Also, I went and uninstalled some programs which didn't seem familiar, but I think I messed up...my volume controls no longer function...This Sucks!!!!

Logfile of HijackThis v1.97.2
Scan saved at 12:01:20 PM, on 9/12/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\netDeploy\Launcher\ndserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\DOCUME~1\hamid\APPLIC~1\lopsearch.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\KaZaA\Kazaa.exe
C:\DOCUME~1\hamid\LOCALS~1\Temp\sfx58.tmp
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\winnt\winlogon.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\MSOffice\Office\findfast.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\hamid\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotpopup.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://vrape.hardloved.com/top/search.php?id=1&s=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://musiccity.streamcastnetworks.com/pop.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll (disabled by BHODemon)
O2 - BHO: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINNT\winshow.dll
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\Program Files\CommonName\Toolbar\BabeIE.dll (disabled by BHODemon)
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOCUME~1\hamid\APPLIC~1\plg_ie0.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOCUME~1\hamid\APPLIC~1\plg_ie0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [abtu] C:\DOCUME~1\hamid\APPLIC~1\lopsearch.exe -QuieT
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [spp] regedit -s C:\spp.reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [winlogon] c:\winnt\winlogon.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://vrape.hardloved.com/top/search.php?id=1&s=
O16 - DPF: Yahoo! Backgammon - http://download.yahoo.com/games/clients/y/as0_x.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://direct-certs.bankofamerica.com/xenroll.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/236744e8791b35ecc616/netzip/RdxIE2.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.3754976852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B1773A76-5F0E-46C6-B611-FB4E8704D9E9} (PlayBackX Control) - http://64.172.78.78/cab/PlayBackX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F7EC67-A0EE-49CD-B75A-82950577B351}: NameServer = 206.13.28.12,203.13.31.12

Do you use Spybot and Adaware, you can get them at http://www.wilders.org/ I see that you are another person that simply cannot live without Kazaa.

"I have a problem with this Vrape.hardloved bug. I've tried modifying my registry, but it's still there."

O13 - DefaultPrefix: http://vrape.hardloved.com/top/search.php?id=1&s=

Follow advice in response #1.

Dump Evil Kazaa virus sharing program.

Thanks for the help capt. I have uninstalled Kazaa. I went to the link you provided but all it does is send me to other pages where they rave about the software but never give me an opportunity to download it. Any suggestions?

Also, any suggestions as to how to re-install my volume controls??

Here is links to direct downloads...

spybot

http://wilders.org/HTMLobj-1590/spybotsd12.exe

ad-aware

http://www.lavasoft.de/

both are free, and make sure you UPDATE both programs before running them...
after running both removal programs and removed all what they can repost new hijack log and we will clean up the leftovers.
As for the sound....I don't know yet...we can get that later.
Good luck

Blender! You are a life savior. I downloaded both programs, ran them and they seemingly cleaned out my computer. I'm not ever getting popups anymore. The only thing is that now I have to type www before any address whereas I didn't need to do this before. I am pasting my new log file to see if anything else needs to be deleted. I appreciate all your help. Also, any suggestions for the volume control?
Thanks.

Logfile of HijackThis v1.97.2
Scan saved at 6:08:46 PM, on 9/15/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\netDeploy\Launcher\ndserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\MsgSys.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\hamid\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?344012 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?344012 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?344012 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchxp.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://musiccity.streamcastnetworks.com/pop.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?344012 (obfuscated)
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [iedll] c:\WINNT\iedll.exe
O4 - HKCU\..\Run: [loader] c:\WINNT\loader.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.yahoo.com/games/clients/y/as0_x.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://direct-certs.bankofamerica.com/xenroll.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/236744e8791b35ecc616/netzip/RdxIE2.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.3754976852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B1773A76-5F0E-46C6-B611-FB4E8704D9E9} (PlayBackX Control) - http://64.172.78.78/cab/PlayBackX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F7EC67-A0EE-49CD-B75A-82950577B351}: NameServer = 206.13.28.12,203.13.31.12

Did you update SpyBot and Ad-Aware?

You can try cwshreder,
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

You still have a dirty log.

This is not good,
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll

Spoted at a forum that reads logs.

Sorry all I can help.

what do you mean when you say UPDATE? I saved the programs onto my desktop and then installed them. They seemed to work out fine. Maybe I did s/thing wrong.

With SpyBot click (search for updates),
it will show available updates.
Then click download updates.

With Ad-Aware, look for (check for updates).
Again, download updates.

Try Ad-Aware first, then you graduate
to SpyBot.

Good luck

Report Offensive Follow Up For Removal

Ok Hamid...

This took me a while but we can fix this stuff.
Run hijack this again while OFFLINE, close all explorer windows just leaving the hijack screen open, and check the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotpopup.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?344012 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?344012 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?344012 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchxp.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.fastwebfinder.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://musiccity.streamcastnetworks.com/pop.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?344012 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?344012 (obfuscated)
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com

O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - C:\WINDOWS\SYSTEM32\shdocvw.dll (file missing)

O4 - HKCU\..\Run: [iedll] c:\WINNT\iedll.exe
O4 - HKCU\..\Run: [loader] c:\WINNT\loader.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/236744e8791b35ecc616/netzip/RdxIE2.cab

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB

O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll

double check to make sure you got them all checked, click fix checked, and once that is done REBOOT the pc

Then remove these files:

c:\WINNT\iedll.exe <- this file
c:\WINNT\loader.exe <- this file

let me know how that works out.

If you havnt already also update your ad-aware and spybot and run another scan just to make sure everything is gone.
Spybot update is in the main window when you start it up..."check for updates"
Ad-aware update is the globe icon in main window when it first starts up> then hit the connect button.
Run the scans with any explorer windows closed to make it easier for the programs to remove anything they find.

Good luck

I have just searched to see what comes up when i type in vrape.hardloved.com because for some reason i now have it whenever i look up something. When i first had this problem, when i opened internet explorer, my home page didn't come up anymore, just didn't connect at all..."page could not be displayed". It would have vrape.hardloved at the top of the page, as opposed to something like google or something.

Do i have a virus? Can someone please help?

The situation with it these days is, now i can get a homepage up by going into the properties of Internet Explorer, and making it whatever, but when i search for something now, in the address box at the top of the page, it always comes up with the homepage for Yahoo. It is so frustrating i just can't say. Can someone tell me what is happening with my computer?
By the way, when i click the little arrow in the box beside the address box to look at previous sites looked up, they show
"http://vrape.hardloved.com/top/search/php?id=1&s=....." WHAT IS GOING ON WITH MY INTERNET EXPLORER??????? SOMEONE PLEASE HELP ME. It would be much appreciated thanks.