1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can't seem to remove item in hyjack this

Discussion in 'Virus & Other Malware Removal' started by towens309, Jan 25, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. towens309

    towens309 Thread Starter

    Joined:
    Jan 1, 2004
    Messages:
    184
    Logfile of HijackThis v1.97.6
    Scan saved at 9:47:37 PM, on 1/25/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\AIM\AIM.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\PROGRAM FILES\TRANSPARENT ICON LABELS\TRANSPARENT ICON LABELS.EXE
    C:\PROGRAM FILES\SCREEN CALENDAR\SCRCAL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Transparent Icon Labels] "C:\PROGRAM FILES\TRANSPARENT ICON LABELS\TRANSPARENT ICON LABELS.EXE" 0
    O4 - HKCU\..\Run: [Screen Calendar] "C:\PROGRAM FILES\SCREEN CALENDAR\SCRCAL.EXE" -m
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\RunServices: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\RunServices: [Transparent Icon Labels] "C:\PROGRAM FILES\TRANSPARENT ICON LABELS\TRANSPARENT ICON LABELS.EXE" 0
    O4 - HKCU\..\RunServices: [Screen Calendar] "C:\PROGRAM FILES\SCREEN CALENDAR\SCRCAL.EXE" -m
    O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
    O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
    O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    seems i can't remove this line03- Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan and put a check next to it and close internet explorer then click "fix checked"
    If that doesn't work then do it in safe mode
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
     
  3. towens309

    towens309 Thread Starter

    Joined:
    Jan 1, 2004
    Messages:
    184
    well tryed all of the above but its still in there even went to safe mode but no luck i guess i'll just leave it in there
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Try a windows search for BA52B914-B692-46c4-B683-905236F6F655
     
  5. ong_pok

    ong_pok

    Joined:
    Jan 25, 2004
    Messages:
    6
    can anybody help this thread--- HELP ME IMMEDIATELY!!!about GOBACK AND PARTITION MAGIC (HEX 44)
    ???
     
  6. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    DO NOT! POST INTO OTHER PEOPLE'S THREADS! YOU'VE DONE THIS ABOUT 6 TIMES!!!!! :mad: :mad:
     
  7. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    And wonders why people will not respond
     
  8. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi Towens,

    Re the toolbar entry. It's McAffee's, so even if it still had the file present, it won't do any harm where it is. I guess you had their AV at some point, but got rid of it?... or most of it anyway.. :)

    As Mobo says, you may want to play in the registry to get rid of it, but unless you're very sure you want to do that for one orphaned entry, then I'd leave it.

    Cheers

    Liam
     
  9. towens309

    towens309 Thread Starter

    Joined:
    Jan 1, 2004
    Messages:
    184
    Thanks ladys and gentelmen for all the great help you all have given me in the past .I love comming here to this forum to get help. All the information I've gotten in the past has helped me more than anyone knows.As Im not the best at this computer stuff but i like to try
    Once again thanks to all those that help
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/198050

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice