Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
7671 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
aim
primaryArms
silencerShop
RS
DFC
bravocompany
magpul
brownells
Guns
midwest
colt
Holosun
GS
vortex
palmetto
geissele
cz
OSIGHT
springfield
fightlite
skd
JRH
7671 Online
primaryArms
magpul
colt
vortex
OSIGHT
JRH
Guns
RS
silencerShop
GS
aim
cz
DFC
Holosun
springfield
bravocompany
geissele
skd
midwest
fightlite
brownells
palmetto
Sponsor News Introducing TNVC's NEW and Exclusive Filmed SuperGain (FSG) and Chimera Panoramic Goggle Giveaway!
Site News The People of Virginia VS Grabigial BanBerger | ARFCOM News
12/4/2005 10:19:30 AM EDT
I have been have problems with my computer.  While playing Day of Defeat the program shuts-down and I am unable to install a new copy of Norton Anti-virus. The install sipmly doesn't finish.  I ran hijackthis, the log file is provided below.  Can you tell me what I can delete and what I can't?

Logfile of HijackThis v1.99.1
Scan saved at 2:38:52 PM, on 12/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSWB6.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:6711
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hp instant support.lnk.disabled
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: hpoddt01.exe.lnk.disabled
O4 - Startup: hp psc 1000 series.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ComcastHSI - {9FA4E300-1FEA-11D6-9B66-005004881047} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {9FA4E301-1FEA-11D6-9B66-005004881047} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {9FA4E302-1FEA-11D6-9B66-005004881047} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .scr: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: ConferenceRoom Java Client -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
12/4/2005 10:24:41 AM EDT
[#1]
reboot in safe mode.

try to install Norton.
12/4/2005 10:27:53 AM EDT
[#2]
Will Do
12/4/2005 11:59:08 AM EDT
[#3]
Norton set-up stopped when I tried to install it in safe-mode.

12/4/2005 12:02:40 PM EDT
[#4]
just noticed  that you have windows 98.

are you sure the version of norton you have is compatible with win 98?

i know version 10 of norton Corporate edition isn't.
12/4/2005 5:15:27 PM EDT
[#5]
Quoted:
just noticed  that you have windows 98.

are you sure the version of norton you have is compatible with win 98?

i know version 10 of norton Corporate edition isn't.


I downloaded a 98 ver of norton.  I did run norton  from their site and found two virus


"Adware Iefeats" and "Look n save"
12/4/2005 5:26:10 PM EDT
[#6]
Quoted:

C:\WINDOWS\SYSTEM\NVSVC.EXE


could be a virus or could be nvidia driver for your video card:

http://www.sophos.com/virusinfo/analyses/w32agobotel.html

removal instructions:
http://www.sophos.com/support/disinfection/agobot.html
12/4/2005 6:23:17 PM EDT
[#7]
post your logfile here hijackthis

do yourself a favor and uninstall goback.  that a HORRIBLE program.    run this tool to uninstall nav symnrt
blackhills
springfield
cmmg
SAS
brownells
silencerShop
LAPG
primaryArms
ar15com
palmetto
colt
Faxxon
ar15com
ar15com
gray
LAPG
THBRD
CA
fightlite
geissele
RS
bravocompany