Ran HSRemove HiJackThis Log/ Win XP

Here is my log AFTER I ran HSRemove. Can you tell me if everything is good now?

I have control of my homepage back and my re-boot time is back to normal (It was taking 4-5 minutes to startup my computer) and I THOUGHT all the porn pop-ups were gone as well, but 5 minutes ago had a "pussy pool" pop-up come up and another "Hard Sex Land and "Teeny Girls"" one came up right now.

Please let me know if this is okay. I did not unplug from the internet and did not go to safe mode when I ran HSRemove yesterday, because I did not see it in the threads until today. Should I try that to rectify the pop-ups?

All "Home Search Assistent" (sic), HSA and HS stuff that was in my registry is GONE and has not reappeared, also.

Thanks for any assistance. It is much appreciated.


An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=C:\WINDOWS\control.ini, sSection=don't load, sValue=inetcpl.cpl)
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.0
This message has been copied to your clipboard.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crbl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\mcc.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by University of Phoenix Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\RunOnce: [ntnt32.exe] C:\WINDOWS\ntnt32.exe
O4 - HKLM\..\RunOnce: [iprx32.exe] C:\WINDOWS\iprx32.exe
O4 - HKLM\..\RunOnce: [sysay32.exe] C:\WINDOWS\sysay32.exe
O4 - HKLM\..\RunOnce: [winpa.exe] C:\WINDOWS\winpa.exe
O4 - HKLM\..\RunOnce: [d3do32.exe] C:\WINDOWS\system32\d3do32.exe
O4 - HKLM\..\RunOnce: [appvs32.exe] C:\WINDOWS\appvs32.exe
O4 - HKLM\..\RunOnce: [ipvr.exe] C:\WINDOWS\system32\ipvr.exe
O4 - HKLM\..\RunOnce: [addhs32.exe] C:\WINDOWS\addhs32.exe
O4 - HKLM\..\RunOnce: [d3rw.exe] C:\WINDOWS\system32\d3rw.exe
O4 - HKLM\..\RunOnce: [addzc32.exe] C:\WINDOWS\addzc32.exe
O4 - HKLM\..\RunOnce: [ntyp.exe] C:\WINDOWS\system32\ntyp.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ecampus.phoenix.edu
O16 - DPF: {00000000-0000-0000-0000-d4c4b96b0d97} -
O16 - DPF: {00000000-8c7d-4ea8-b113-9163c935d38e} -
O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} - http://www.mediaforge.com/downloads/xmirage.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_1.cab

 

You have an excellent memory.

I made that posting right after running HSRemove and thought all was back to normal as no porn pop-ups were coming up.

The following day (yesterday) I started getting the same old porn pop-ups, though not as frequently as prior to running HSRemove.

Now, this morning I have been on IE for about two hours and not one pop-up came up?

Did you see anything in my hijackthis log?

I can't thank you geeks enough for returning my computer to me.

 

Okay. I'll try what you suggested.

 

Chaslang,

I did exactly what you said to do below.

After running HiJackthis and "fix"ing the files you suggested, I searched my files for the files I just deleted and found them.

All of the files were located in a "Prefetch" folder in Windows. That is where I deleted them from.

Does that sound right? I just checked my "processes" that are running and crbl.exe is gone. I will leave IE open for a while and see if the pop-ups continue.

We'll see what happens.

Oh, yeah,,,,,Are you a person or a computer? Do you have a job? Just the few times I've been here asking for help you always answer and I see you helping MANY other "threads"....

Either way, come over for a beer and a game of 8 ball anytime.