Log-on issue with computer

Essexboy,

 Encountered another problem while the fix was running & then stopped.  I received the following error message:

Access violation at address 0040295B in module ‘OTL.exe’. Read of address 001F8000.

After getting back on the computer, I got the Security Warning message about a program still being open (OTL.exe).

Regards.

A question … How many memory sticks do you have in your computer ?

Besides the C drive (hard drive), there are two USB flash drives connected to the computer, but access to them is controlled by Outpost Firewall’s File & Folder Lock feature which I have enabled on them. Access to them was blocked at the time I ran the fix.

Shall I remove them from the computer and try running the fix again?

Sorry I meant how many modules of RAM are in your system 1 or 2

There are two 1 GB sticks. Another note…these are NEW RAM chips which were installed back on Janury 6th.

OK lets do a final confirmatory run that it is not a malware problem

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hi again essexboy,

 First, I appreciate all your help on this one!  It appears the problem has not been resolved.  When ComboFix went to reboot, the system generated an error message on the screen [b]behind[/b] the ComboFix window.  After waiting 15 minutes and nothing happening, I minimized the CF window to read the error message which was this:

Unable to create backup of current registry file C:\Windows\System32\config\Security! Continue with restoration of this file?

I clicked on YES. A second error box opened after this one with a similar type message (didn’t recall the exact wording though). I clicked YES on that one too. CF finally rebooted, but the computer again hangs at the Dell logo screen with that whistling sound until I pressed the F12 key. Then it displayed a partial section of the Windows log-on screen, until about 20 seconds after I pressed the key, then I was able to log back on. The computer will still NOT display the Windows DEFAULT Administrator account after I press , , , like it used to do. Still have to manually type it in the username box.

The CF log is appended here for your review.

Could you download the McAfee removal tool and run please http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

This is starting to look like a definite hardware problem

Especially as the registry is not being saved in a timely manner

Have you done a chkdisc lately ?

Hi again,

 I'll try that MCPR tool, though I've run it before, but don't think it removed everything.  It's been a month or so since the last chkdsk was done.  The only way the system will do it is on a reboot though.  For some reason, it always generates a message that some program it needs is in use by another program.

Will run the chkdsk also and post back.

Aye thats right as it can only check the primary disc when it is not in use

O.k. essexboy,

 The chkdsk C:/r command does not find any problems.  I removed the McAfee SiteAdvisor from the computer running the MCPR tool. However, the Add/Remove Programs listing still shows the McAfee Virtual Technician which will not delete.  Some odd message is generated about looking for another path for the program.  I cannot find anything within the Program Files list for the MVT program.  Computer boot problem is still present.

(I’ve tried repeatedly in the past to get rid of it from the Add/Remove Programs list without any luck). Always generates the same message when I try to get rid of it.

Thanks again for all the help!

OK time for me to dive into the technical tools that I have

Please download SINO by Artellos.
[*]Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
[*]Then please check the following checkboxes:

System Info Services Boot Check Tasklist Startup Items Event Log Ipconfig Ping Netstat Hosts file Shares Routing Table
[*]Once checked, hit the [b]Run Scan![/b] button and wait for the program to finish the scan. [*]A notepad window will pop up. Please copy all of the content into your next reply. Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

Hi essexboy,

 Here's the log you requested.

Could you do me a favour and disable outpost friewall and then reboot keeping it disabled

Does that make a difference

Sorry essexboy…no luck there either.

Shucks and it did show a high usage

OK back to the drawing board

The next option would be a clean boot, but that is a tedious process if you are prepared to do it

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don’t show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts. The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts. Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

Essexboy,

 I got to the end of Step 2 - and rebooted the computer.  The problem is still present.  I went as far as the first part of Step 3, since Windows did not "behave itself."  I re-activated the firewall until I hear back from you.  (Didn't think it would be a good idea to be without it during the wait).  Everything else is the way you told me to change it in Step 2.

One other note: In Step 2, where you told me to Click Disable All, and then click , I received a message which read as follows:

An access denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the changes.

I was logged on under the Windows DEFAULT Administrator account at the time. ???

What would you like me to do next?

Bear with me whilst I chat with some techs

O.k.

One other note…in re-checking the Event Viewer SYSTEM log again, I have noticed a change. At each log-on time, there are now only 2 error messages + 1 warning message shown. I have uploaded a screenshot of one of the messages for your review. The 2nd error message is still the same as before (the one about the transport not initializing the addresses). [Unable to upload a screenshot of the other message as I keep getting a file too large message here].

Lets have a proper look at them using VEW

  1. Please download the Event Viewer Tool by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe and save it to your Desktop:
  2. Right-click VEW.exe and Run AS Administrator
  3. Under ‘Select log to query’, select:
    * System
  4. Under ‘Select type to list’, select:
    [b]* Error
  • Warning[/b]

Then use the ‘Number of events’ as follows:

  1. Click the radio button for ‘Number of events’
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.