Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows XP Ran AVG8 restarted now windows won't load fully

  • This topic is locked This topic is locked
3 replies to this topic

#1 internaltheory


  • Members
  • 4 posts
  • Local time:04:40 AM

Posted 01 February 2009 - 07:13 PM

Sorry about the post in the wrong forum.
I recently ran a virus scan with AVG 8 on my windows xp and the scan went perfectly well and it healed everything. It did this all automatically and then said it needed to restart. I restarted the computer and it loaded windows but it seems to be stopping in the middle of starting windows. It shows my wall paper but it does not bring up any start menus or icons. I left it alone for about an hour and it did nothing. I took a look at the task manager and it seems like it's trying to load but something isn't letting it. I like to think of it as a skipping record. At least that what it looks like when I take a look at the CPU usage. I tired to do a system restore but it seems to do nothing. I actually tried this on more than one occasion and the second time I only saw one restore point and it was a point that was when my computer was not working. I know that's not super technical but I did get the dds log. Unfortunately I don't have my XP disc anymore, my old room mate stole it. I did recently try to update zone alarm and that's really when things started getting strange. I was able to get things back to normal, at least what I though was normal, when I did the virus scan.

DDS (Ver_09-02-01.01) - NTFSx86
Run by prPDMF at 18:58:59.51 on Sun 02/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.256.41 [GMT -5:00]

AV: avast! antivirus 4.7.1098 [VPS 080626-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\prPDMF\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,c:\windows\system32\ntos.exe,
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [winos32.exe] c:\windows\winos32.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [sdkvj.exe] c:\windows\sdkvj.exe
mRun: [ntjc.exe] c:\windows\ntjc.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [CTEMON.EXE] "" /h
mRun: [iexplore.exe] c:\program files\internet explorer\iexplore.exe
mRun: [iKeyWorks] c:\progra~1\labtec\keyboard\Ikeymain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [apivu.exe] c:\windows\apivu.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [RegistryMechanic]
mRun: [winlog] winlog.exe
mRunOnce: [<NO NAME>]
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -c
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program

uPolicies-explorer: NoInternetIcon = 1 (0x1)
mPolicies-system: NoDispAppearancePage: Hides Appearance Page = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
Trusted Zone: getmirar.com\click
Trusted Zone: mirarsearch.com\click
Trusted Zone: mirarsearch.com\redirect
Trusted Zone: net-nucleus.com\awbeta
Trusted Zone: skoobidoo.com
Trusted Zone: slotchbar.com
Trusted Zone: windupdates.com
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
TCP: {14E62A8A-DD14-44AE-ABF4-3FFF338832B6} =,
Notify: deskey - deskey.dll
Notify: pmnljkj - pmnljkj.dll
Notify: yaywt - c:\windows\system32\yaywt.dll
SSODL: MSTask - {85E39D00-03E4-4AA3-8895-FDB663945FD0} - logsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\prpdmf\applic~1\mozilla\firefox\profiles\wdl4of6f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\prpdmf\application


FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll

============= SERVICES / DRIVERS ===============

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-7-21 140664]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-7-21 345464]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\HCW848NT.sys [2006-6-7 140440]
S1 core;core;c:\windows\system32\drivers\core.sys --> c:\windows\system32\drivers\core.sys [?]
S2 LPVSXJEE;LPVSXJEE;\??\c:\windows\system32\lpvsxjee.cof --> c:\windows\system32\lpvsxjee.cof [?]
S2 NeroMessenger;Nero BackItUp Scheduler 3 NeroMessenger;c:\windows\temp\rdl203.tmp srv --> c:\windows\temp\rdl203.tmp srv

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-7-21 247160]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-5-7 20608]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2005-11-26 141056]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-4-21 42512]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 Fdccpuhnpp;Fdccpuhnpp; [x]

=============== Created Last 30 ================

2009-02-01 02:10 <DIR> --d----- c:\program files\AVG
2009-02-01 01:42 22 a------- c:\windows\system32\vsmon_2nd_2009_02_01_01_38_22_small.dmp.zip
2009-02-01 01:42 22 a------- c:\windows\system32\vsmon_2nd_2009_02_01_01_38_14_small.dmp.zip
2009-01-31 20:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2009-01-31 20:56 <DIR> --d----- c:\program files\Orb Networks
2009-01-24 18:54 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-01-24 16:25 <DIR> --d----- c:\program files\MediaMonkey
2009-01-23 11:55 32 a--s---- c:\windows\system32\1081827863.dat
2009-01-15 12:06 <DIR> --dsh--- c:\windows\system32\wsnpoem
2009-01-13 15:53 <DIR> --d----- c:\program files\Libra
2009-01-12 21:54 35 a------- c:\windows\Blink.ini
2009-01-12 20:51 <DIR> --d----- c:\program files\OrangeCD
2009-01-12 20:29 41 ----h--- c:\windows\trfntw32.cfg
2009-01-12 20:29 102 ---sh--- c:\windows\WSYS049.SYS
2009-01-12 20:27 210,032 a------- c:\windows\system32\DBCLIENT.DLL
2009-01-12 20:27 183,808 a------- c:\windows\system32\BDEADMIN.CPL
2009-01-12 20:27 <DIR> --d----- c:\program files\common files\Borland Shared
2009-01-12 20:21 <DIR> --d----- c:\program files\bnjr Enterprises

==================== Find3M ====================

2009-02-01 01:29 4,212 ac--h--- c:\windows\system32\zllictbl.dat
2008-12-25 01:16 71,936 a------- c:\windows\system32\tremir.bin
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2007-07-18 00:55 4,096 ac------ c:\documents and settings\prpdmf\ps.exe
2001-08-23 07:00 94,784 -c-sh--- c:\windows\twain.dll
2004-08-04 02:56 50,688 -c-sh--- c:\windows\twain_32.dll
2002-07-31 19:55 102 ---sh--- c:\windows\WSYS049.SYS
2005-06-10 20:13 56 -c-shr-- c:\windows\system32\CD291ECF6A.sys
2007-12-04 13:38 550,912 ---sh--- c:\windows\system32\oleaut32.dll
2004-08-04 02:56 11,776 ac-sh--- c:\windows\system32\regsvr32.exe
2007-07-25 19:54 1,764,360 -c-sh--- c:\windows\system32\twyay.bak1
2007-07-28 20:00 1,768,760 -c-sh--- c:\windows\system32\twyay.bak2
2007-07-21 06:12 1,804,548 -c-sh--- c:\windows\system32\twyay.ini2
2007-07-18 00:54 6,365 ac-sh--- c:\windows\system32\vyyay.bak1
2007-07-19 17:02 1,808,732 ac-sh--- c:\windows\system32\vyyay.bak2

============= FINISH: 19:00:18.07 ===============

BC AdBot (Login to Remove)


#2 internaltheory

  • Topic Starter

  • Members
  • 4 posts
  • Local time:04:40 AM

Posted 03 February 2009 - 01:01 PM

I fixed the problem and now I have windows loading correctly but I want to make sure everything is fine. Are there specific programs that need to run at startup when I look at my msconfig tool? I see a lot of stuff that looks crazy and I can't tell if it's something that is a problem or not. I ended up finding my fix for the previous problem here http://www.annoyances.org/exec/forum/winxp/t1117849180. I don't know if I am allowed to post that link but if it helps someone else out great. If not then I guess tell me to delete it.

#3 chryssi2001


  • Members
  • 1,930 posts
  • Local time:12:40 PM

Posted 14 February 2009 - 01:50 PM

Hello internaltheory,

I apologise for the delay the forum is busy.

I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
Your DDS report shows infection.
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 chryssi2001


  • Members
  • 1,930 posts
  • Local time:12:40 PM

Posted 19 February 2009 - 12:41 PM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users