Boot problems

Topic

New Reply

I’m new to this group, and guess what……….I have a problem with Windows7 (which has worked fine for about 12 months).
I switch on, sign on as Admin and use Password. Windows accepts these but then hangs on the blue Welcome Screen
In Safe Mode, the same procedure gets me to the desktop without hang-ups, which is correct.

Checking Device Manager indicates a problem with:- Non-Plug & Play Drivers….Security Processor Loader Driver located in C:WindowsSystem32driversspldr.sys.
The Event Viewer indicates controller errors in Admin Events in the User Profile Service.

I also noticed that all my Restore Points have gone.

Various scans have not produced problems.

What to do next……….any ideas?? I would appreciate help.

Reply | Quote

Replies

You should backup your system ASAP. Controller errors could be indicating an impending hardware failure. although, it is possible there is a corrupted driver also. Have you updated any drivers recently? Have you changed any hardware recently?

After your system backup, you could try a repair install using your installation DVD.

Joe

--Joe

Reply | Quote

Peter, Welcome to the Lounge.

I believe Joe is correct on this. Make an Image as soon as possible. I was going to say try a restore point but I see you say you do not have any. The repair install is perhaps youe best bet. Have you tried to right clicking on the problem child in Device Manager and choosing properties, then try to update the driver, or perhaps uninstall the device and let Windows find it at boot and reinstall? After making your Image, it might be worth trying these as well.

Reply | Quote

since it works in safe mode, Try the Clean Boot diagnostic procedure detailed at:
Clean Boot

Jerry

Reply | Quote

Thanks for the help. I have previously backed up the important stuff. I also did a BIOS disk scan which indicated no problems with either disc. I have the original Windows7 installation files in partition on hard drive so I will try the repair from there
I’m going to try to attach a file showing problem in Device Manager.
I uploaded a file but cannot see it….maybe it appears in the final post

Reply | Quote

Before the repair install…
Run a thorough checkdisk with the ‘R” switch not “F”, from a bootable disk if you haven’t already done so.

Reply | Quote

This reads like malware. Non plug and play drivers are mostly software or fallback generic hardware drivers; spldr.sys is security-related and your Restore points are gone …

Reply | Quote

Thanks for all the suggestions. I tried the CLEAN BOOT diagnostic and eventually isolated Avast Anti Virus program as the problem. I have now deleted Avast and things appear to be back to normal. I’ll try a few more boots to be sure.
Once again, thanks for the help.

Reply | Quote

Thanks for all the suggestions. I tried the CLEAN BOOT diagnostic and eventually isolated Avast Anti Virus program as the problem. I have now deleted Avast and things appear to be back to normal. I’ll try a few more boots to be sure.
Once again, thanks for the help.

You’re welcome. Hope you found it for sure. You may want to try Virus, Spyware & Malware Protection | Microsoft Security Essentials. Several Loungers are using it. It is free, lighweight, easy to install, & automatically updates definitions.

Joe

--Joe

Reply | Quote

You may want to try Virus, Spyware & Malware Protection | Microsoft Security Essentials. Several Loungers are using it. It is free, lighweight, easy to install, & automatically updates definitions.

My experience with it suggests that it’s usually lightweight, automatically updates – eventually (best to use Windows Updates prior to a scan to ensure you have the latest definitions) and can be very slow to detect pre-existing infections.

My thoughts are that it does not scan accessed files whilst it has a scan running (possibly why it feels lightweight?); I have, on several occasions, manually detected suspicious files 20-30 minutes before the scanner flags them; most other scanners I use will flag suspect files within seconds of me opening the folder with Explorer.

Reply | Quote

My experience with it suggests that it’s usually lightweight, automatically updates – eventually (best to use Windows Updates prior to a scan to ensure you have the latest definitions) and can be very slow to detect pre-existing infections.

My thoughts are that it does not scan accessed files whilst it has a scan running (possibly why it feels lightweight?); I have, on several occasions, manually detected suspicious files 20-30 minutes before the scanner flags them; most other scanners I use will flag suspect files within seconds of me opening the folder with Explorer.

My experience is the opposite. MSE will refuse to display a suspicious website; it will snag drive-by malware that tries to load in the background and suggest “Clean Computer”; it will refuse to download suspicious files. I’ve tested this on a number of known “bad” sites, and MSE just works like a charm. In my observations, it does appear to scan open files and running processes, even though they are in use.

I have made MSE the default anti-malware on all my machines, and I have yet to incur any problems whatsoever. I am particularly pleased with its ability to scan in the background without interrupting my use of the machine.

I bought my son a Lenovo G550 this past Thursday; it had McAfee preinstalled. We downloaded MSE, uninstalled McAfee using RevoUninstaller, then installed MSE. Saturday I bought my daughter an HP Laptop; it had Norton preinstalled. We downloaded MSE, uninstalled Norton using RevoUninstaller, then installed MSE.

In my use, it is extremely lightweight (hardly any footprint) yet extensively thorough in its protection.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

My experience is the opposite. MSE will refuse to display a suspicious website; it will snag drive-by malware that tries to load in the background and suggest “Clean Computer”; it will refuse to download suspicious files. I’ve tested this on a number of known “bad” sites, and MSE just works like a charm. In my observations, it does appear to scan open files and running processes, even though they are in use.

I have made MSE the default anti-malware on all my machines, and I have yet to incur any problems whatsoever. I am particularly pleased with its ability to scan in the background without interrupting my use of the machine.

I bought my son a Lenovo G550 this past Thursday; it had McAfee preinstalled. We downloaded MSE, uninstalled McAfee using RevoUninstaller, then installed MSE. Saturday I bought my daughter an HP Laptop; it had Norton preinstalled. We downloaded MSE, uninstalled Norton using RevoUninstaller, then installed MSE.

In my use, it is extremely lightweight (hardly any footprint) yet extensively thorough in its protection.

Sure, on known clean and new machines, it’s likely to be fine – BUT

My experience with it suggests that it’s usually lightweight, automatically updates – eventually (best to use Windows Updates prior to a scan to ensure you have the latest definitions) and can be very slow to detect pre-existing infections.

My thoughts are that it does not scan accessed files whilst it has a scan running (possibly why it feels lightweight?); I have, on several occasions, manually detected suspicious files 20-30 minutes before the scanner flags them; most other scanners I use will flag suspect files within seconds of me opening the folder with Explorer.

Reply | Quote

Sure, on known clean and new machines, it’s likely to be fine – BUT

I also switched to MSE on my main machine that is well over seven years old and has been through many, many hardware and software upgrades to the extent that is no longer the same machine, and has been through a half-dozen or so different AV applications, including Norton, Eset, Avast, etc. MSE still works just fine, and was my main reason for switching the new laptops to MSE right out of the box.

I have a Dell D800 that is 7 years old, and I switched it to MSE with nothing but great results.

I have found no other AV/AM that is as unobtrusive while at the same time maintaining a very high degree of protection on computers new or old. Eset was my former #1, but it pales in comparison to MSE in my experience.

I have also audited a number of scans, and it does indeed scan files that are open and in use.

I also do periodic scans with MalwareBytes and SuperAntiSpyware, and neither has found anything of any significance since I switched to MSE.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I have to agree with bbearren as well. I have MSE on a 1 year old laptop, 2 year old laptop, approx 7 year old desktop and on several of my childrens various age PCs and my mothers 4 year old PC all of which have Win 7, XP or Vista. On all these installations MSE works just fine. None have had successful attacks, although there have been a couple of the fraudulent Security attempts. Since these have to be stopped by other methods (task manager) they were. I swear by MSE. I have also used at various times, Norton (several versions), McAfee, Avira, Avast and a product from RR that I do not remember the name.

Reply | Quote

I think you’re both missing my point – pre-existing infections; which may well have been the issue with the OP’s PC given the initial description.

I have used MSE on infected machines.

On some of those machines, whilst MSE is running the first scan and also later, when forcing it to run a full scan, I have scrutinised files and folders looking for and finding suspicious files.

MSE did not flag any of my suspected files until some 20 – 30 minutes after I had closed the folders they were in.

My suspicion therefore, is that MSE does not check files accessed (by right-clicking and checking the Properties) whilst it is doing those scans.

Reply | Quote

I think you’re both missing my point – pre-existing infections; which may well have been the issue with the OP’s PC given the initial description.

I have used MSE on infected machines.

On a known infested machine I use an entirely different method; I use a parallel installation of the OS and then run the anti-malware from the parallel installation. Works like a charm. Once the machine is clean, the parallel installation can be uninstalled/deleted. For further information, see this link. (The powers that be at TechSupportGuy stopped the thread, but we continued to work through email, and got the machine spic and span).

It can be very difficult to decontaminate a machine without a parallel installation; it can be done, it’s just very difficult and requires in most cases several tools. Using a parallel installation, none of the infected files are in use, and the malware has no defense against an outside scan. I use at most three tools cleaning an infected machine, one of which now is MSE.

I still say that MSE is the best at preventing[/i] a malware infestation, and will continue to use it and recommend it.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

For further information, see this link. (The powers that be at TechSupportGuy stopped the thread, but we continued to work through email, and got the machine spic and span).

Nice of you to link to a somewhat O/T thread in which you previously participated but I think this thread has already strayed too far from the topic.

I still say that MSE is the best at preventing[/i] a malware infestation, and will continue to use it and recommend it.

Say it as often as you like, I still haven’t denied it.

Reply | Quote

Nice of you to link to a somewhat O/T thread in which you previously participated but I think this thread has already strayed too far from the topic.

I do believe that you suggested malware???

This reads like malware. Non plug and play drivers are mostly software or fallback generic hardware drivers; spldr.sys is security-related and your Restore points are gone …

And then you remarked about pre-existing infections–

I think you’re both missing my point – pre-existing infections; which may well have been the issue with the OP’s PC given the initial description.

I have used MSE on infected machines.

On some of those machines, whilst MSE is running the first scan and also later, when forcing it to run a full scan, I have scrutinised files and folders looking for and finding suspicious files.

MSE did not flag any of my suspected files until some 20 – 30 minutes after I had closed the folders they were in.

My suspicion therefore, is that MSE does not check files accessed (by right-clicking and checking the Properties) whilst it is doing those scans.

Anti-malware tools are not particlarly good at cleaning up an existing infestation. Many (if not most) boxed retail AV products advise against installation on an infected machine, and suggest scanning from the installation CD first. My suggestion regarding an infected machine was along that same line…

On a known infested machine I use an entirely different method; I use a parallel installation of the OS and then run the anti-malware from the parallel installation. Works like a charm. Once the machine is clean, the parallel installation can be uninstalled/deleted. For further information, see this link. (The powers that be at TechSupportGuy stopped the thread, but we continued to work through email, and got the machine spic and span).

It can be very difficult to decontaminate a machine without a parallel installation; it can be done, it’s just very difficult and requires in most cases several tools. Using a parallel installation, none of the infected files are in use, and the malware has no defense against an outside scan. I use at most three tools cleaning an infected machine, one of which now is MSE.

I still say that MSE is the best at preventing[/i] a malware infestation, and will continue to use it and recommend it.

The link I posted (if you had read a few of the posts and links) correlates the observation that installed AV products quite typically do not perform particularly well when an infestation has established itself on a machine, and that an infected machine can be quite intractable, to the extent that the malware “experts” on that other board had exhausted their methods and tools and suggested a complete reformat/reinstall, which was not really necessary.

The use of a parallel installation in cleaning a machine of malware is not common, but it is not too difficult, quite effective, and a boon to those who have not made a recent backup and are reluctant to reformat/reinstall and lose important files in order to get rid of recalcitrant malware.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I do believe that you suggested malware???

I did, and gave my reasons:

This reads like malware. Non plug and play drivers are mostly software or fallback generic hardware drivers; spldr.sys is security-related and your Restore points are gone …

And then you remarked about pre-existing infections–

As there was still some doubt about whether it was truly fixed, yes:

Thanks for all the suggestions. I tried the CLEAN BOOT diagnostic and eventually isolated Avast Anti Virus program as the problem. I have now deleted Avast and things appear to be back to normal. I’ll try a few more boots to be sure.

You’re welcome. Hope you found it for sure. You may want to try Virus, Spyware & Malware Protection | Microsoft Security Essentials. Several Loungers are using it. It is free, lighweight, easy to install, & automatically updates definitions.

Reply | Quote

Instructions for a parallel installation in XP and malware removal using a parallel installation can be found here.

For Windows 7 the instructions are quite similar, and the uses are equally effective. There is the requirement for a separate partition or hard drive in order to perform a parallel installation.

As there are over 175 views of this thread, there seems to be considerable interest in this subject.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

SNIP

Still O/T here.

Search spiders have no interest.

Reply | Quote

Still O/T here.

Search spiders have no interest.

I can’t speak for you, but I’m here to help folks with problems. When I post, I try to have the community in mind, as well as the OP.

As for search spiders, I don’t see a corresponding uptick in all other threads, which leads me to believe that there are other real members of the community interested in this thread; but I am through with you.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Well, I have to add my two bits to this
First I don’t think there was anything wrong with Avast
Now the questions are:

Did you have a program called Antivirus 2008, Antivirus 2009, Vista Antivirus 2008, Windows Antivirus 2008, Antivirus 2008 Pro, XP Antivirus 2008, Antivirus XP 2008, XP Antivirus 2009, XPAntiVirus, or any other Antivirus-named program variation that you did not consensually agree to download on your machine?

some good reading here on the subject:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=74100

I have to give credit to this site…gives very good info on what happened to your machine and I copied the beginnig quote
http://www.enigmasoftware.com/antivirus-2008-antivirus-2009-xp-antivirus-2008-infect-winlogon/

This is highjackware and affects the winlogon part of the operating system
from what I have seen is Anti-virus 2008 Trojan Family has changed tactics and now installs a root kit that is almost impossible to find as in installs as a driver now. none of the normal malware removal tools work to find it at all (this includes my favorite tool Malwarebytes)

also the new tactic of this program is to make it so the $MBR is infected… So if you don’t zero out the hard drive it will re-infect when the OS is re-installed ..even with a normal format
A re-install or repair install will not work

first you have to load the hard drive on another computer as a slave and do malwarebyte and any good antivirus scans

then you have to get it to boot and run Hitman pro 3.5
http://www.surfright.nl/en/hitmanpro/

it will detect the rootkit and fake drivers and remove them including fixing the $MBR issue
So far it is the only program I have found that works to find and fix it

And as far as I read..you have all the symptoms of a rootkit virus/trogan

I switch on, sign on as Admin and use Password. Windows accepts these but then hangs on the blue Welcome Screen
In Safe Mode, the same procedure gets me to the desktop without hang-ups, which is correct.

Not sure why anyone did not catch that?
Just to note…this is brand new behavior and I have fixed a few with this issue..

Reply | Quote

And as far as I read..you have all the symptoms of a rootkit virus/trogan

Not sure why anyone did not catch that?
Just to note…this is brand new behavior and I have fixed a few with this issue..

On a known infested machine I use an entirely different method; I use a parallel installation of the OS and then run the anti-malware from the parallel installation. Works like a charm. Once the machine is clean, the parallel installation can be uninstalled/deleted. For further information, see this link. (The powers that be at TechSupportGuy stopped the thread, but we continued to work through email, and got the machine spic and span).

It can be very difficult to decontaminate a machine without a parallel installation; it can be done, it’s just very difficult and requires in most cases several tools. Using a parallel installation, none of the infected files are in use, and the malware has no defense against an outside scan. I use at most three tools cleaning an infected machine, one of which now is MSE.

Sophos Anti-Rootkit (mentioned in the link) is an excellent and free tool for eliminating rootkit malware. I have not yet found it necessary to wipe a hard drive in order to clean out malware.

MSE is quite effecient (in my experience) in preventing this type of malware from downloading in the first place.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I had issues with MSE. it caused a lag in my start menu I could never figure out how to fix… I use Avast with no issues at all on most of my computers

Now as for parallel installation…it would become infected too because of the $MFT issue. only good way to clear most of the junk is to slave the drive in a working system…I have a computer that all it does is clean slaved drives…only thing you have to watch out for is folder permissions

Sophos Anti-Rootkit is a great program…but did not find what Hitman pro 3.5 did…just goes to show …you have to use multiple programs to really clean a system out

Reply | Quote

Now as for parallel installation…it would become infected too because of the $MFT issue. only good way to clear most of the junk is to slave the drive in a working system.

Evidently you haven’t used a parallel installation for this purpose.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I only install one OS per drive. I do not install 2 OS’s in the same partition on the same drive. as for the $MFT that is a the Root of the NTFS harddrive and that is not fixed just by adding a new OS.
It just becomes a headache installing OS’s when you can just fix the one you are using. I I get a customer that I am charging to install OS’s and go through that timeframe then do the installs for AV and malware removal then remove the issues….that is too many steps…I just pull the drive …scan it as a slave and repair what it finds…then I reload the drive and fix the boot process if need be…then run hitman pro…then it is pretty much done at a 1/4 of the time a parallel installation would require…my customer is happy and I am happy and my time is not wasted.

Reply | Quote

I only install one OS per drive. I do not install 2 OS’s in the same partition on the same drive.

Neither do I; the parallel installation goes on a separate partition, or a separate hard drive if one is available.

as for the $MFT that is a the Root of the NTFS harddrive and that is not fixed just by adding a new OS.

The separate partition on which the parallel installation resides has its own master file table. The infected partition/drive can be cleaned from the parallel installation without risk of infection.

It just becomes a headache installing OS’s when you can just fix the one you are using. I I get a customer that I am charging to install OS’s and go through that timeframe then do the installs for AV and malware removal then remove the issues….that is too many steps.

Evidently you haven’t used a parallel installation for this purpose.

I live in Florida; a little over a year ago I cleaned up a PC in California using a parallel installation. I didn’t leave Florida, and neither he nor his PC left California.

I don’t think your method can do that.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

hmmm! parallel installation and Remote Desktop/Assistance are two different beasts. Most of my customers are medical services related and have to comply with HEPPA laws. As a rule of thumb I do not create a security issue by using any remote desktop software. Corporate customers get very uncomfortable when someone has remote access to their data and drives like what it would take to access a drive for av and malware removal. Some things you just can’t fix unless you have your hands on the failed computer

Reply | Quote

hmmm! parallel installation and Remote Desktop/Assistance are two different beasts. Most of my customers are medical services related and have to comply with HEPPA laws. As a rule of thumb I do not create a security issue by using any remote desktop software. Corporate customers get very uncomfortable when someone has remote access to their data and drives like what it would take to access a drive for av and malware removal. Some things you just can’t fix unless you have your hands on the failed computer

I said nothing about Remote Desktop.

It was all accomplished through this forum thread and email. I never touched the computer physically or remotely; never needed to. Check the link.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

first you have to load the hard drive on another computer as a slave and do malwarebyte and any good antivirus scans

LOL, … That is pretty much the same thing I am doing as per your post ……then you put the drive back into the computer you got it out of…I pretty much I am done with this thread as I don’t see much more that can be done

Reply | Quote

LOL, … That is pretty much the same thing I am doing as per your post ……then you put the drive back into the computer you got it out of…I pretty much I am done with this thread as I don’t see much more that can be done

Hardly. You are not reading much at all, it seems. The OP in the other thread had a spare drive he preferred to use rather than partition his infected drive.

He put a spare drive in the infected PC; he did not put the infected drive in a spare PC. It’s rather the opposite of what you do.

That was his call, his preference, and he chose to leave the drive installed in the PC after the malware infestation was cleaned out.

A separate partition or a separate drive works just as well. But he still used a parallel installation within an infected PC to completely clean the infected PC.

The fact remains that I have used parallel installations (usually on a separate partition) a number of times to successfully clean malware infestations; it’s quick, it’s efficient, and I’ve had a 100% success rate, to include cleaning computers that the malware “experts” had completely given up on and declared “reformat/reinstall is the only solution.”

And I would hazard a guess that the time it takes to remove a hard drive, install it in another PC, then remove it from that PC and install it back into its original PC is about the same amount of time (or more) as performing a parallel installation on a separate partition. Running the scans is the same, either way, depending only on the number and type of scans one chooses to run.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote