At startup, is Extreme_Live_Show.hta popup. I'm running Netscape now cuz my IE is on crack, I think from these popups. Sometimes while surfing on Netscape, an IE browser will open with porn sites. Here is my recenlt log, I hope some person can help. Thanks a million! Logfile of HijackThis v1.97.7 Scan saved at 8:29:32 PM, on 12/11/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\HIDSERV.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\ESSSPK.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\LOADQM.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\WINDOWS\SYSTEM\LVCOMS.exe C:\WINDOWS\SYSTEM\INTERNAT.exe C:\RAY.exe C:\WINDOWS\WINHOST.exe C:\WINDOWS\WINUPDATE.exe C:\WINDOWS\SYSTEM\MSHTA.exe C:\WINDOWS\LOOKUPSYS.exe C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.exe C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\LCPX.exe C:\PROGRAM FILES\WINZIP\WZQKPICK.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?vwjuo (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/hp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?vwjuo (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?vwjuo (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?vwjuo (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.rack.cc/hp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://t.rack.cc/sp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://t.rack.cc/sp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourbookmarks.ws/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?vwjuo (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?vwjuo (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://t.rack.cc/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/hp.php R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?vwjuo (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?vwjuo (obfuscated) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file) F1 - win.ini: load=essspk.exe F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\msinfo.exe hpfsched N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\8vrhh83y.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\8vrhh83y.slt\prefs.js) O1 - Hosts: 645238813 xuto.search.msn.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\WINDOWS\TEMP\MSBJFJ.DLL O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\SYSTEM32\QABAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS81F5.TMP /R /A O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\Program Files\SafeSurfing\SSUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [Shell] c:\ray.exe O4 - HKLM\..\Run: [Svchost] C:\WINDOWS\winhost.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\WINUPDATE.exe O4 - HKLM\..\Run: [winmain] winmain.exe O4 - HKLM\..\Run: [SystemBoot] C:/WINDOWS/SYSTEM/Mshta.exe file:///C:/Extreme_Live_Show.hta O4 - HKLM\..\Run: [Lookup_Sys] C:\WINDOWS\lookupsys.exe O4 - HKLM\..\Run: [DXK] C:\WINDOWS\DXK.exe O4 - HKLM\..\Run: [Soundmx] \soundmx.exe O4 - HKLM\..\Run: [QQUAEN] C:\WINDOWS\QQUAEN.exe O4 - HKLM\..\Run: [JAQX] C:\WINDOWS\JAQX.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.exe" O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\WINUPDATE.exe O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\Run: [Lookup_Sys] C:\WINDOWS\lookupsys.exe O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\wordi00022\1264482.exe -remove O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O4 - Global Startup: LCPX.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: ICQ (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O13 - DefaultPrefix: http://193.125.201.50/?trk= O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.yahoo.com/java/y/mlbst8298_x.cab O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://directplugin.com/dialers/109446.exe O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/253f63d9eadff4ebc600/netzip/RdxIE601.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members17.clubphoto.com/_img/uploader/atl_uploader.cab O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot3_x.cab O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/444/nCaseInstaller.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37945.6271643518 O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab O19 - User stylesheet: C:\WINDOWS\Web\tips.ini O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

Download Ad-aware from Lavasoft at http://www.lavasoftusa.com/software/adaware/ . It's free and will kill all the adware and spyware creating all these ads. CAUTION! You may also kill some software that expects spyware to be installed such as Kazaa, so you may have to reinstall any broken software afterwards (which will defeat the purpose as it will reinstall the spyware) if you want to use it again.

Look here: http://techies.co.za/phpBB2/viewtopic.php?p=1023&highlight=

Hello NeedHelp, First of all clean your internet explorer from all cookies installed in the temporary internet folder, you do that using the "option" from your IE directly. You can clean also your "hitory" file from the same place. Second you download as soon as possible program called AdAware 6.0 build 181 and run it into your system (perform an update right away): http://www.pcworld.com/downloads/file_description/0,fid,7423,00.asp Third you download as well program called SpywareBlaster (perform an update right away): http://www.wilderssecurity.net/spywareblaster.html Fourth don't watch too much porn site, not good for health :)))

Also to block third party porn ads, get this ad blocking host file. http://www.everythingisnt.com/hosts.html

Hi y'all, Do all of the above:)) Install the Google toolbar..Stops everything.. Read This Happy Holidays beansoup

Sounds like a trojan has changed your DNS setting. Go to My computor,then NETwork, then doubleclick TCP IP . click the DNS configuration and make sure DNS is disabled.If it is enabled and a domain name is there you have been hijacked.