System lag on Windows Xp splash / boot screen with loadbar
I am helping my friend clean/remove viruses from his laptop. One issue he has is a few weeks ago his laptop started to hang on that Black xp splash screen with the loadbar. After about 5 minutes the screen advances and takes you to the logon screen as normal without any further boot problems. I booted with safe mode and it loads a bunch of drivers i guess, and it last displays mup.sys before it lags for ~5min and then just moves on. I enabled boot logging and got Service Pack 3 1 29 2011 18:42:36.375Loaded driver \WINDOWS\system32\ntkrnlpa.exeLoaded driver \WINDOWS\system32\hal.dllLoaded driver \WINDOWS\system32\KDCOM.DLLLoaded driver \WINDOWS\system32\BOOTVID.dllLoaded driver ACPI.sysLoaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYSLoaded driver pci.sysLoaded driver isapnp.sysLoaded driver ohci1394.sysLoaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYSLoaded driver compbatt.sysLoaded driver \WINDOWS\system32\DRIVERS\BATTC.SYSLoaded driver pciide.sysLoaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYSLoaded driver MountMgr.sysLoaded driver ftdisk.sysLoaded driver PartMgr.sysLoaded driver VolSnap.sysLoaded driver atapi.sysLoaded driver cercsr6.sysLoaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYSLoaded driver disk.sysLoaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYSLoaded driver fltmgr.sysLoaded driver sr.sysLoaded driver PCTCore.sysLoaded driver KSecDD.sysLoaded driver Ntfs.sysLoaded driver NDIS.sysLoaded driver Mup.sysLoaded driver \SystemRoot\system32\DRIVERS\intelppm.sysLoaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sysLoaded driver \SystemRoot\system32\DRIVERS\usbuhci.sysLoaded driver \SystemRoot\system32\DRIVERS\usbehci.sysLoaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sysLoaded driver \SystemRoot\system32\DRIVERS\bcmwl5.sysLoaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sysLoaded driver \SystemRoot\system32\DRIVERS\nic1394.sysLoaded driver \SystemRoot\system32\DRIVERS\sdbus.sysLoaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sysLoaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sysLoaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sysLoaded driver \SystemRoot\system32\DRIVERS\i8042prt.sysLoaded driver \SystemRoot\system32\DRIVERS\mouclass.sysLoaded driver \SystemRoot\system32\DRIVERS\kbdclass.sysLoaded driver \SystemRoot\system32\DRIVERS\imapi.sysLoaded driver \SystemRoot\system32\DRIVERS\cdrom.sysLoaded driver \SystemRoot\system32\DRIVERS\redbook.sysLoaded driver \SystemRoot\system32\DRIVERS\CmBatt.sysLoaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sysLoaded driver \SystemRoot\system32\DRIVERS\audstub.sysLoaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sysLoaded driver \SystemRoot\system32\DRIVERS\ndistapi.sysLoaded driver \SystemRoot\system32\DRIVERS\ndiswan.sysLoaded driver \SystemRoot\system32\DRIVERS\raspppoe.sysLoaded driver \SystemRoot\system32\DRIVERS\raspptp.sysLoaded driver \SystemRoot\system32\DRIVERS\msgpc.sysLoaded driver \SystemRoot\system32\DRIVERS\psched.sysLoaded driver \SystemRoot\system32\DRIVERS\ptilink.sysLoaded driver \SystemRoot\system32\DRIVERS\raspti.sysLoaded driver \SystemRoot\system32\DRIVERS\termdd.sysLoaded driver \SystemRoot\system32\DRIVERS\swenum.sysLoaded driver \SystemRoot\system32\DRIVERS\update.sysLoaded driver \SystemRoot\system32\DRIVERS\mssmbios.sysLoaded driver \SystemRoot\System32\Drivers\NDProxy.SYSDid not load driver \SystemRoot\System32\Drivers\NDProxy.SYSLoaded driver \SystemRoot\system32\DRIVERS\usbhub.sysLoaded driver \SystemRoot\system32\drivers\sthda.sysLoaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sysLoaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sysLoaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sysLoaded driver \SystemRoot\System32\Drivers\Modem.SYSDid not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYSDid not load driver \SystemRoot\System32\Drivers\Fdc.SYSDid not load driver \SystemRoot\System32\Drivers\Flpydisk.SYSDid not load driver \SystemRoot\System32\Drivers\Sfloppy.SYSDid not load driver \SystemRoot\System32\Drivers\i2omgmt.SYSDid not load driver \SystemRoot\System32\Drivers\Changer.SYSDid not load driver \SystemRoot\System32\Drivers\Cdaudio.SYSLoaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYSLoaded driver \SystemRoot\System32\Drivers\Null.SYSLoaded driver \SystemRoot\System32\Drivers\Beep.SYSLoaded driver \SystemRoot\System32\drivers\vga.sysLoaded driver \SystemRoot\System32\Drivers\mnmdd.SYSLoaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sysLoaded driver \SystemRoot\System32\Drivers\Msfs.SYSLoaded driver \SystemRoot\System32\Drivers\Npfs.SYSLoaded driver \SystemRoot\system32\DRIVERS\rasacd.sysLoaded driver \SystemRoot\system32\DRIVERS\ipsec.sysLoaded driver \SystemRoot\system32\DRIVERS\tcpip.sysLoaded driver \SystemRoot\System32\Drivers\aswTdi.SYSLoaded driver \SystemRoot\system32\DRIVERS\ipnat.sysLoaded driver \SystemRoot\system32\DRIVERS\wanarp.sysLoaded driver \SystemRoot\system32\DRIVERS\netbt.sysLoaded driver \SystemRoot\System32\drivers\ws2ifsl.sysLoaded driver \SystemRoot\System32\drivers\afd.sysLoaded driver \SystemRoot\system32\DRIVERS\arp1394.sysLoaded driver \SystemRoot\system32\DRIVERS\netbios.sysDid not load driver \SystemRoot\System32\Drivers\PCIDump.SYSLoaded driver \SystemRoot\system32\DRIVERS\rdbss.sysLoaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sysLoaded driver \SystemRoot\System32\Drivers\Fips.SYSLoaded driver \SystemRoot\System32\Drivers\aswSP.SYSLoaded driver \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYSLoaded driver \SystemRoot\System32\Drivers\Aavmker4.SYSLoaded driver \SystemRoot\System32\Drivers\Cdfs.SYSLoaded driver \SystemRoot\system32\DRIVERS\aswFsBlk.sysLoaded driver \SystemRoot\system32\DRIVERS\ndisuio.sysLoaded driver \SystemRoot\System32\Drivers\aswMon2.SYSDid not load driver \SystemRoot\system32\DRIVERS\rdbss.sysDid not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sysLoaded driver \SystemRoot\system32\DRIVERS\mrxdav.sysDid not load driver \SystemRoot\System32\Drivers\Parport.SYSDid not load driver \SystemRoot\System32\Drivers\Serial.SYSLoaded driver \SystemRoot\system32\drivers\AVRec.sysLoaded driver \SystemRoot\system32\DRIVERS\srv.sysLoaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sysLoaded driver \SystemRoot\system32\drivers\AVHook.sysLoaded driver \SystemRoot\system32\drivers\AVFilter.sysDid not load driver \SystemRoot\system32\DRIVERS\ipnat.sysLoaded driver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sysLoaded driver \SystemRoot\System32\Drivers\aswRdr.SYSLoaded driver \SystemRoot\system32\drivers\wdmaud.sysLoaded driver \SystemRoot\system32\drivers\sysaudio.sysLoaded driver \SystemRoot\system32\drivers\splitter.sysLoaded driver \SystemRoot\system32\drivers\aec.sysLoaded driver \SystemRoot\system32\drivers\swmidi.sysLoaded driver \SystemRoot\system32\drivers\DMusic.sysLoaded driver \SystemRoot\system32\drivers\kmixer.sysLoaded driver \SystemRoot\system32\drivers\drmkaud.sysLoaded driver \SystemRoot\System32\Drivers\HTTP.sysare the drivers that didn't load the culprate?I also tried a SFC and a CHKDSK /P /R and FIXBOOT.Nothing ive tried has seemed to help, so anyone have any ideasas to why it gets hung up on that splash loadbar screen?1 person needs an answerI do too
January 30th, 2011 2:59am

The issue is not with Mup.sys, but with whatever is loading IMMEDIATELY AFTER it.Since this PC has has malware, it is difficult to know if intelppm.sys is legit or not (there is malware that masquerades as this driver). My first hunch is to suspect the malware is still alive and well. So, let's start here:What is the name of the malware? What method was used to attempt to remove it?
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2011 9:17am

I ran Microsoft's Security Essentials scan on the computer and it found these threats:Exploit:Java/CVE-2010-0840.ANTrojan:Win32/Hiloti.gen!DI also ran a full scan with Avast Antivirus and it found:57b38d8-7926344 Win32:Dropper-FFC [Drp]A0130853.lnk.vir LNK:Lnkbaddst-S [Trj]A0142011.exe Win32:FakeSysdef-AO [Trj]A0142012.dll Win32:FakeSysdef-AO [Trj]A0142013.exe Win32:FakeSysdef-AO [Trj]A0142448.exe Win32:Crypt-IJJ [Trj]A0142449.exe Win32:Crypt-IJJ [Trj]A0142450.exe Win32:FakeSysdef-AO [Trj]KAVS.class Java:Jade-A [Heur]KABS.class Java:Jade-A [Heur]KB221863734.exe Win32:Crypt-IJJ [Trj]KB221895171.exe Win32:FakeSysdef-AO [Trj]nHkCpLd06504.exe Win32:Crypt-IJJ [Trj]pizdi.class Java:Agent-BM [Expl]purok.class Java:Agent-BW [Trj]svchost.exe.hdmp Win32:Alureon-LU [Trj]Then i also ran a Spybot S&D and it only came up with 2 registry entires that override windowssecurity center.Thats all ive been able to find, everything runs fine, except for the ~5min hang at boot.-phil
January 30th, 2011 4:29pm

Yup, this PC has really gotten infected.You can either perform a Clean Install or post to one of the specialty forums to get expert guidance to attempt to remove this apparent rootkit. Here are two examples:http://www.bleepingcomputer.com/forums/topic371159.htmlhttp://www.bleepingcomputer.com/forums/topic338921.html
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2011 11:07pm

Well i went there and sought advice. I ran all sorts of programs as they directed and found no rootkits or malware. I reran avast , spybot, and microsoft security essentials and they correspond with finding no malware. The laptop preforms normally all except for hanging at the loadbar on boot. Any other suggestions as to what i might be or how to find out whats running into boot issues?-phil
February 11th, 2011 10:45pm

As Daavee said, the problem is with the driver that loads after mup.sys (intelppm.sys), try here and see if it helps:http://en.community.dell.com/support-forums/software-os/f/3524/p/8117325/16898440.aspxJohn
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2011 7:31am

Please post a link to your thread.Assuming there is truly no malware left (and keep in mind that some malware is quite good at avoiding detection), then there is indeed something weird going on with your legit intelppm.sys driver.What is the make and model of the laptop? Have drivers been updated recently? Maybe (at least) one needs to be rolled back. Or updated!Keep in mind that a Clean Install is always an option, too.
February 12th, 2011 8:27am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics