HiJack This Log File- would someone please check

Here is my HJT log file if someone will be kind enough to check it out before I 'fix' anything. Some of the lines were beyond me:

04 Global Startup winlogon.exe. I found 'winlogon.exe' under Processes in the Task Manager but not sure it belongs to Global Startup in my log which is suppossedly associated with MS Office with the OSA9.exe?

08 I can't get to my IE Menu to right click as JUNO doesn't let me us IE. The only IE window I had was the one MYWEBSEARCH was attached to. It would come up when I would attempt to reach WWW without going through JUNO first. I thought JUNO was just doing this with their new Speedband browser, but it's on v. 6. I just downloaded and installed that version when all the parasite hit and I haven't been back to find out about IE. The 6th 08 line down with 'askbarAB.dll' is suspicious.

Otherwise, I would think I need to fix R3, and several 016's.
016:
1D4DB7D2-ak.imgfam.com or.funwebproducts or Smiley Central
4855C21B- sp.ask.com or ask bar.
DDFFA75A- bundleware.com.
F00F4763- incredimail.com (this program is suppose to be deleted.
However, I didn't find any of these numbers on the CLSID lists I downloaded.

I have XP Home SP1. If you need something else please advise.
Thanks, cranky
PS I have tried three times to attach the log file, it tells me it is uploading the file but I don't see it on the Preview, which I thought showed up there before Submit Thread. Excuse if extra logs turn up. c.

 

Concerning Cleaning Step 4
If you scan from Safe Mode aren't all running programs closed?

O8 - Extra items in IE right-click menu

Still working on the HJT log to send to you for evaluation. However, I ran into a big problem on O8, even bigger than what I thought I had to find out about IE. I can't find IE. This started I believe when I installed JUNO PLATINUM, my ISP or is it a 'browser'? Use to I connected to the Internet with Juno and use IE to surf the www. Now, Juno has its own browser and the only time I saw a IE home page was when I had set up one with Google, Ask Jeeves, and to my concern, MyWebSearch toolbars on it. So it was really screwed up and I deleted that home page.

I am in contact with Juno about this their comment was to do like I have been doing. Use Juno to get to the Internet and then set up my browser such as IE or FireFox, which I am trying to use now. I'll can start a new thread on this...but not sure if the spyware parasites didn't cause the problem to start with...everything started when I installed Juno Speedband/platinum..

But, concerning implementing O8. I went to Programs and click on IE and this weird window/web page came up. Its set up like I want it, minus MY-Way search program. Yes, I was fooled again while trying to set-up Firefox, but thats another story too. This web page has this string across the very top of the window:

http//www.microsoft.com/isapi/redir.dll?prd=ie&clcid=oxo409&pvr=6.0&ar=home - Microsoft Internet Explorer.

I would snap a picture of it, but evertime I fool with it, my cpu freezes. This happened yesterday but I didn't notice this line of script at the top of window until the second attempt. The 'busy or the don't be impatient i'm waiting on something' icon stays on the window the whole time.

I felt I would need to reinstall IE after the parasite problem or is this just because I may still have some parasite causing the problem. I can't do Step 08 until I can use IE can I?


Thanks, Cranky

 

Major

I have followed all the steps you posted in the HJT tutorial and did two online virus and spyware scans besides the ones I downloaded a few weeks ago: Avast, Spybolt Search and Destroy, CWShredder, and Ad-aware. Everyone says I am clean so here goes.

Now I ran the HJT log from the SAFE MODE, if that is not right, I have one I ran regularly. Thank you, Cranky

 

Did my HJT log get through? It said it was loaded and I could see the title of it. If it did not make it through any further suggestions? cranky

PS I will try it one more time. This time the HJT log was scanned out of SAFE MODE, don't know that it makes a difference but thought I would try it. c.

 

Thanks for the instructions. Hope it goes through this time. Everything but my mouse and keyboard were turned off but I seem to have more 02, 03, and 04 than I did on the first scan I did.

Here's hoping, cranky

 

I wondered about that one, thought it had something to do with my Hewitt Packard printer nad scanner.

Thank you for checking the log for me. I jus downloaded the newer version of HJT (I have been at this so long they had updated it in the mean time). Check for updates! I will remember in the future. I did another scan with the new version and have included just in case you wanted it. Thanks again. Now, I can get back to using my computer instead of fixing it...not that I didn't enjoy the process...and everyone has been so kind and patience, I appreciate it.. cranky

 

No, I thought you wanted me to turn in a log under the newest HJT version. Now, I did the scan again with HJT v/ 1.98.2 and am uploading the scanned log after I 'fix' the ones you suggested.

Thanks again, cranky

 

Thank you thank you! It takes me so long to complete a task sometimes, well mosttimes so I appreciate your patience.

I had a few questions:
1. Is HJT the only spy removal tool that should be executed from its own folder?

2. When I go to reinstate System Restore, alert alert for dumb question coming up, what date do I set it on? I'm assuming it will ask me for a date, I haven't used it before. Do I use today's date?

3. I still can't remove the My Way SpeedBar from Add&Remove in Control Panel. Last time I thought I did it with CWS. Actually, there is nothing there, like before it is just a line of address across the top of a window. Hopefully, it will upload correctly. It looks harmless, but I'm so paranoid now. I removed it before, but as I was installing FireFox their homepage came up almost simultaneously. And stupidly, I thought it was part of FireFox even though my inner voice was saying something is wrong here. It wasn't in the HJT log, but this 'shell' remains in Add&Remove.

Thanks again,

Not Cranky at all anymore

 

PS

Whoops...it is a .bmp file but that's ok right?.

In case it does'nt load this time I'll describe and write it out. There is an open window with script running across the top of it. There is a small window icon just ahead of the 'sentence'::
res://C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll/106/

Thanks again, cranky

 

<<You could edit your registry by hand to remove references to My Way SpeedBar but you should be very careful if you decide to do that>>​

Under some instructions from anddox I innocently wandered in ('where angels fear to tread' to paraphase Alexander Pope), to find the "HuntBar/Btin" parasite, so I did so again and found MYWEBSEARCH or MyWaySearch toolbar in: HKEY_LOCAL_Machine\Software\MicroSoft\Windows\Current Version\Uninstall and there it was. I deleted it.

I tried there because I had read another thread by chasland on how to find and remove HSA. Foolish I know, but I had already mucked around in there and I am pretty sure I will need to reinstall IE next anyway. Plus after the 4th download to teach myself to learn how to 'Backup' I knew this would take me a long time. So I risked it. So far everything seems to be working. .

<<Could you explain more clearly where you are see the below text:
res://C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll/106/>>

That line and an empty window was what came up when I tried to delete 'MySpeedBar' in Add &Remove.Software in the Control Panel. Same time as before, as I foolishly put MyWay right back on my hd after getting rid of it as MyWebSearch. In defense of my stupidity, I had just installed FireFox and the second time I opened it I was going to set some features and the MyWay homepage came up so naturally, I thought it was FireFox. I don't remember what I clicked on though before it opened.

In my A&R the description said was for Outlook and Incredimail. But on the 'more information' button Wintools is listed as the publisher(?). Which reminds me to ask, is Incredimail one of the programs that carries parasites? I'm pretty sure I downloaded it and Smiley Central the same day. Anyhoo...MyWay is now gone out of my A&R Software feature.

<<Did you mean in the IE Title Bar>>
This got confused back when I was trying to get rid of the HuntBar\Btin parasite. There was a strange URL in the IE title bar and I wasn't sure it was because of a parasite or a change by JUNO, my ISP(?). I needed IE to compete Line 08 in the HJT tutorial. I believe it was 08. it seemed that MYWEBSEARCH toolbar had taken over the IE window and I deleted it off the Desktop, although I had not put it on there. Now, I think it was the strange URL was the last site I was on while using IE.

Thank you, cranky

 

>>So where does everything stand right now. With that very long back and forth last message, I have no idea whether MYWEBSEARCH or MyWaySearch is fix or not<<

It's fixed! Now to reinstall IE. Thanks for your help. cranky