Log-on issue with computer

Good morning everyone,

 Since around January 11th, I have been experiencing an issue with my computer (system specs shown in signature line), not booting-up properly.  When doing a cold boot or restart, the computer will first hang at the Dell logo screen, until I press either the F8 key or F12 key.  (When it hangs here, I also notice a very low "whistling" type sound emitting from the computer). * Computer does NOT boot into Safe Mode after pressing F8 - only normal mode.

After pressing one of the aforementioned keys, the sound stops and the boot proceeds to the Microsoft logo screen. It next will hang at a partial display of the Windows Welcome log-on screen. I have to wait until the hard drive light goes out, and press the key 2 - 3 times, then the entire log-in screen will display, and I can log-on. NOTE: For some reason, pressing , , will NOT bring up the Windows DEFAULT Administrator log-in screen like it normally does. (I have to manually enter the username “Administrator” and the password, then the system will log me in).

Repeated full scans with Avast!, MBAM, and SAS do not reveal any malware issues. The following errors are seen in the Event Viewer SYSTEM log AND these same error messages are seen intermittently all the way back to November 2011, but NO problem like this has occurred previously until now:

Error: Service Control Manager

The following boot start or system start driver(s) failed to load: MpFilter

Error: The MsMpSvc service failed to start due to the following error:

System cannot find the path specified

Error: Initialization failed because the transport refused to open initial addresses

These errors ONLY correspond to LOG-ON times. At no other times are they seen. The first TWO error messages seem to involve items related to Microsoft Live One Care or Microsoft Secuity Essentials…NEITHER of which is installed on this computer, nor can I find any program files or folders for these programs anywhere on the computer.

I have posted in two other forums back on January 11th, including the Microsoft forum…yet no one seems to have any realistic idea as to how to resolve this problem. System Restore to points earlier than when this problem began have NO effect.

Regards & thanks for your time and review.

Since you see some symptoms already when you see the first Dell boot screen, and you also here some sounds, could this be related to your BIOS?

Have you tested the BIOS battery? Have you tried resetting the BIOS values to default? Take out the battery (if you can), test it, put it back, reset BIOS to default values and save them. Reboot again into the BIOS and set the values to the appropriate ones (according to your specific hardware and OS) and save them again.

Can you set the BIOS to display the POST screen (instead of the nice Dell screen)?

The sounds may be a translation of something else, so the list of sounds for your BIOS could be useful too. Each type of sound means something else.

Of course, the problem could be something else, not related to BIOS / battery. This is just an idea that you could review.

I appreciate your reply to my post, ady4um.

 The unfortunate thing is I would have no idea of what I would be doing inside the computer...even if I could figure out [b]HOW[/b] to get inside (which I've been unable to do).  As for resetting BIOS...I'd have no idea how to do that either.

Since I subsist upon a limited disability income each month, it will take quite a while to try and save enough to take this computer to some pc tech to get the things done.

Thanks very much again. At least I now have a starting point!

Best Regards,

Error: The MsMpSvc service failed to start due to the following error:

System cannot find the path specified

Have you had an infection recently ?

Hi essexboy,

 I have not had any malware infections lately (last time I encountered one was in April 2011.  It was a variety of fake anti-malware program).  Full scans with Avast! (free), MBAM and SAS have been clean.

Lets see what else is missing

run farbar service scanner

http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg

Tick “Internet services” and “Windows Firewall” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Greetings again essexboy,

 Here is the copy of the FSS log, and thanks very much for your responses!

Farbar Service Scanner
Ran by Administrator (administrator) on 16-01-2012 at 14:51:41
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:

Firewall Disabled Policy:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=DWORD:0

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

aswTdi(8) Gpc(3) IPSec(5) NetBT(6) Tcpip(4)
0x080000000500000003000000040000000800000006000000070000000100000002000000
IpSec Tag value is correct.

**** End of log ****

Did you have MSE on this system ? As that is the service it is related to

Download and run this tool to do a complete cleanup http://go.microsoft.com/fwlink/?linkid=81699

Hi once again essexboy,

 I completed running the program you provided a link to.  The computer still has the same boot problem as before.

Thanks again for the help.

OK lets now take a look see

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif

essexboy,

 I finished with the OTL scan; how do I go about posting the logs here?


http://my.jetscreenshot.com/2701/m_20120116-xysi-63kb.jpg

Select additional options and attach your text file

When you reply to the post on the bottom left of the screen is an additonal Options link
Click that and browse to the OTL log and select it.
It will be attached to the post

(For Bob3160):

 Thanks very much for your reply to my question too!

(For essexboy):

Here are the 3 logs you requested:

OK I found some malware folder remnants, but I also noticed that you still have some McAfee services running

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2011/05/04 03:41:10 | 000,012,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bo2p13123n7o17w3l [2011/05/04 03:41:10 | 000,012,492 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bo2p13123n7o17w3l [2011/03/30 19:41:12 | 000,013,614 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47 [2011/03/30 19:41:12 | 000,013,614 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks very much, essexboy. I’ll repost when everything is completed.

Morning essexboy,

 I believe there is a problem with running the "fix" with OTL.  I started at 5:56 p.m. last night.  The user interface showed the statement at the bottom which read, "Killing processes, "DO NOT INTERRUPT..."

There was no significant change on the screen, no icons disappeared, not even any hard drive activity. The only change I did see was the digital time display on the Taskbar was stopped at 5:57 p.m. last night, and just after the “fix” was started, and the OTL program icon showed up on the Taskbar, the MBAM program icon also showed up beside the OTL program on the Taskbar. Since it is now over 12 hours later, I would think that is far more than sufficient time for the fix to run, and something else must be hindering it functioning properly.

I have included the 2nd scan results for your review.

Thanks very much for the help though.

Best regards.

Do you have MBAM 1.6 ? If so you need to disable it prior to running OTL as MBAM blocks it

Hi again essexboy,

 Yes, I have MBAM Pro (latest version).  Do you want me to go back to your last post on page 1, copy that text in the quote box & try running the OTL fix again?  If so, how long does it usually take for it to complete?

Thanks again.

That size fix should take no more than two or three minutes max

Yes disable MBAM please as it takes umbrage at OTL trying to stop the process and blocks it