1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

OS startup is very slow--possible malware?

Discussion in 'Virus & Other Malware Removal' started by wayback, Nov 13, 2007.

Thread Status:
Not open for further replies.
  1. wayback

    wayback Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    2
    Hi. Lately, it has taken several minutes for the Windows 95b startup process to reach the desktop on my notebook pc. I'm also getting the Error message "Unable to load language resource DLL" every time I right click on a file. I've included a recent bootlog analysis below to assist in diagnosing the problem. I can also provide a HiJackThis log if requested. Please let me know if any further info is needed. Thanks in advance for any replies.


    10:52:05 0.44 LoadFailed = C:\WINDOWS\SETVER.EXE
    10:52:05 0.44 LoadFailed = C:\WINDOWS\SETVER.EXE
    10:52:06 0.44 C:\WINDOWS\COMMAND\DELTREE.EXE[000ABED6] starting
    10:52:06 0.33 C:\WINDOWS\COMMAND\DELTREE.EXE[000ABEDE] starting
    10:52:07 2.78 C:\WINDOWS\COMMAND\DELTREE.EXE[000ABEF0] starting
    10:52:10 0.28 Loading Vxd = C:\WINDOWS\system\VMM32\VMM.VXD
    10:52:12 0.28 LoadSuccess = ndis.vxd
    10:52:13 0.22 LoadFailed = ndis2sup.vxd
    10:52:13 0.28 LoadSuccess = vnetsup.vxd
    10:52:13 0.28 LoadSuccess = mtrr.vxd
    10:52:14 0.28 LoadSuccess = SAGE.VXD
    10:52:14 0.28 LoadSuccess = nwlink.vxd
    10:52:15 0.28 LoadSuccess = nscl.vxd
    10:52:15 0.28 LoadSuccess = vredir.vxd
    10:52:16 0.28 LoadSuccess = vnetbios.vxd
    10:52:16 0.50 Loading Vxd = C:\PROGRA~1\GRISOFT\AVG7\AVG7CORE.VXD
    10:52:17 0.00 LoadFailed = vshare
    10:52:17 0.00 LoadFailed = vpowerd
    10:52:17 0.28 LoadSuccess = vmouse
    10:52:18 0.00 DEVICEINITFAILED = MTRR
    10:52:18 1.00 DEVICEINITSUCCESS = FWDRV
    10:52:19 0.50 Dynamic load device pci.vxd
    10:52:20 0.33 Dynamic load success pci.vxd
    10:52:20 0.39 Dynamic load device isapnp.vxd
    10:52:21 0.50 Dynamic load device mmdevldr.vxd
    10:52:21 0.33 Dynamic load device cwbaudix.vxd
    10:52:22 0.28 Dynamic load device vwstream.vxd
    10:52:22 0.50 Dynamic load device dsound.vxd
    10:52:22 0.39 Dynamic load device mmdevldr.vxd
    10:52:23 0.33 Dynamic load device vjoyd.vxd
    10:52:23 0.33 Dynamic load device mmdevldr.vxd
    10:52:24 0.33 Dynamic load device cwbaudix.vxd
    10:52:24 0.28 Dynamic load success cwbaudix.vxd
    10:52:24 0.33 Dynamic load device NmgcVdd.vxd
    10:52:25 1.22 Dynamic load success NmgcVdd.vxd
    10:52:26 0.33 Dynamic load device dsound.vxd
    10:52:26 0.33 Dynamic load device PCCARD.vxd
    10:52:27 0.28 Dynamic load device cbss.vxd
    10:52:27 0.94 Dynamic load device PCCARD.vxd
    10:52:28 0.33 Dynamic load device cbss.vxd
    10:52:28 2.78 DEVICEINIT = VCDFSD
    10:52:31 0.44 DEVICEINIT = IOS
    10:52:33 0.06 Dynamic load failed C:\WINDOWS\system\MRCI.VXD : [000AC0BC] File not found
    10:52:33 0.83 DEVICEINITSUCCESS = VMOUSE
    10:52:34 0.44 Dynamic load device pppmac.vxd
    10:52:35 0.28 Dynamic load device C:\WINDOWS\system\spap.vxd
    10:52:35 0.56 Dynamic load device vtdi.386
    10:52:35 0.39 Dynamic load device vip.386
    10:52:36 0.33 Dynamic load device vtcp.386
    10:52:36 0.44 Dynamic load device vdhcp.386
    10:52:37 0.39 Dynamic load device netbeui.vxd
    10:52:37 0.56 Dynamic load success netbeui.vxd
    10:52:38 3.11 DEVICEINITSUCCESS = NWLINK
    10:52:41 0.28 Initing hsflop.pdr
    10:52:41 1.33 Initing esdi_506.pdr
    10:52:43 2.06 Initing esdi_506.pdr
    10:52:45 0.83 Init Success esdi_506.pdr
    10:52:46 29.39 INITCOMPLETE = AVGCORE
    10:53:16 293.50 INITCOMPLETESUCCESS = AVGCORE
    10:58:09 0.83 INITCOMPLETE = AVGTDI
    10:58:10 0.39 INITCOMPLETESUCCESS = VDMAD
     
  2. wayback

    wayback Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    2
    Bump. Clarification of symptoms is provided in the title to this post. Please see my HJT log below.


    Logfile of HijackThis v1.99.1
    Scan saved at 3:33:24 PM, on 11/14/07
    Platform: Windows 95 B (Win9x 4.00.1212)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
    C:\PROGRAM FILES\WINPATROL\WINPATROL.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\tapiexe.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\CMMON32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\ANTIMALWARE\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nastyz28.com/forum/index.php
    R3 - Default URLSearchHook is missing
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.webcrawler.com"); (C:\Program Files\Netscape\Users\wayback\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\WINPATROL\winpatrol.exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
    O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
    O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\npdyn32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} (CV3 Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
    O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = concentric
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.155.184.72,206.173.119.72
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651222

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice