Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Start My Computer


  • Please log in to reply
5 replies to this topic

#1 qiao_fan

qiao_fan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 June 2008 - 07:09 AM

Hi,

I've run into a strange problem and not sure if it's caused by virus. Here's what happened:

My computer freezes up once in a while. There's no clear pattern when it does that. Usually it happens when I switch from one program to another and use the mouse. Then I have to shut it down and reboot. One out of three times, it fails to reboot. It's stuck after loading mup.sys file. I've figured out a strange way to work around this problem. That is I can start the computer in "safe mode with network" mode. After that, I can start the computer normally without doing anything else. And "safe mode with network" option is the only way to start the computer. Not even "safe mode" or "safe mode with command line" modes. It's really strange. I wonder if someone can help me figure out what caused the problem?

My operating system is Windows XP professional. Thanks a lot!

Fan

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:50 AM

Posted 10 June 2008 - 07:38 AM

That is strange, it's almost like some malware or program is causing a conflict in startup and requires the internet at the same time

Let's get a scan only with smitfraudfix

http://www.bleepingcomputer.com/files/smitfraudfix.php

I do not recommend using the tool without guidance from a qualified malware removal specialist!


http://siri.geekstogo.com/SmitfraudFix.php

Just run part 1 in normal mode and post the log

Do not attempt a cleaning until someone can look at the log please

Edited by DaChew, 10 June 2008 - 07:41 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 qiao_fan

qiao_fan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 11 June 2008 - 09:01 AM

Thanks for the quick response. I've scanned the computer and here's the log:

SmitFraudFix v2.323

Scan done at 6:56:20.80, 2008-06-11
Run from C:\Documents and Settings\cma\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\SAS\SAS 9.1\objspawn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\JetBrains\IntelliJ IDEA 5.1\bin\idea.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\isqlw.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\emacs-21.3\bin\emacs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\cma


C:\Documents and Settings\cma\Application Data


Start Menu


C:\DOCUME~1\cma\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL"


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1
DNS Server Search Order: 168.126.63.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1A07B67-1BB4-4B91-BD68-828CC493FFD4}: DhcpNameServer=68.94.156.1 68.94.157.1 168.126.63.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1A07B67-1BB4-4B91-BD68-828CC493FFD4}: DhcpNameServer=68.94.156.1 68.94.157.1 168.126.63.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4988FA27-0826-4F25-A521-FF715D6D24D0}: NameServer=192.168.160.2 192.168.160.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1A07B67-1BB4-4B91-BD68-828CC493FFD4}: DhcpNameServer=68.94.156.1 68.94.157.1 168.126.63.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1 168.126.63.1


Scanning for wininet.dll infection


End

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:50 AM

Posted 11 June 2008 - 10:14 AM

http://www.malwareremoval.com/tutorials/safemodeboot.php

would you boot into safe mode and run a scan with norton's
Chewy

No. Try not. Do... or do not. There is no try.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:50 AM

Posted 11 June 2008 - 12:28 PM

If you do a Google search on mup.sys hangs, you will find a lot of similar reports about this issue with various causes and possible solutions. What works for one person may not work for another.

There are several suggestions in discussion threads here and here.

Also read "How to fix an XP\Win 2000 System that freezes after loading mup.sys while booting".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 qiao_fan

qiao_fan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 11 June 2008 - 02:51 PM

Thanks, guys. It's very helpful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users