Chkdsk ran automatically on startup now loooong shutdown

[Hski]

Hi:

I've got a Dell Latitude C400 1.33 running Win XP Pro sp3. The computer has been running fine and I regularly clean, defrag, and run checkdisk. The other day as I started up the computer, a blue screen came on saying the computer needed to run chkdsk. As it ran, I noticed it was removing a bunch of what looked like system type files and some exe's. It finished and the computer started up. Since then, the computer has had startup problems: once, it didn't recognize my firewall (it said it couldn't start it) so I removed the firewall and reinstalled. Firewall starts now. Overall, the startup is slower than previously, and most things are much slower.

More importantly, it is very difficult to shutdown and powerdown the computer. It take a few minutes (if ever) for the computer to shutdown (get to the part that asks if I want to restart etc.), and a few or more minutes for it to powerdown after that, if at all. I've had to push the power buttom a few times as well. Once it starts, everything runs, but the longer I'm on, the slower things run.

I've run a ton of virus and malware including: avira antivirus (running all the time), kaspersky internet suite 2009 (on demand), Spybot, Rogue Remover, Super Antispyware, and Malaware Anti-Malware. Nothing found. I also posted this earlier to the malware forum, where Jeanfrommontana helped me; nothing found and she said to post here. I also consulted the Microsoft page that discusses this, and tried most things, to no avai.

I then tried to run the Recovery Console at startup (which I installed with another forum's help--I don't have the XP disks anymore, to figure out a previous problem, but never actually ran it before). As the Recovery Console started up, I got the following error message: "The file Sym_U3.sys could not be found" . The Recovery Console wouldn't finish starting up after that so I had to exit and let the computer finish starting up normally. I also tried to search the computer for the Sym_U3.sys file but couldn't find it. I also managed to do a "normal" check disk; ran ok.

I also noticed that the longer I use the computer the harder and longer it takes to shutdown. If I start the computer, then shut it down, it shuts down fine. So...what's going on?

Today I re-installed uphclean.exe (I had installed it a few months ago). When I shutdown now, it more quickly gets to the part where it shows my options (restart, shutdown, log off), but still takes a long time to power down; faster than before, but still much longer than usual.

Any help would be appreciated.

[JeanInMontana]

What I said was to run the System File Checker as in the tutorial and see if it helped you. Did you do that?

The file Sym_U3.sys could not be found" . The Recovery Console wouldn't finish starting up after that so I had to exit and let the computer finish starting up normally. I also tried to search the computer for the Sym_U3.sys file but couldn't find it.

If the file can't be found, you won't find it. Google is your friend http://www.dynamiclink.nl/htmfiles/rframes.../info_s/178.htm

[Hski]

Thanks Jean:

I believe you said you hadn't used it on an SP3 machine, and so I didn't want to run it without knowing it was appropriate for my SP3 machine, especially considering it uses the i836 folder in the SP2 folder (I don't see a SP3 folder). If it uses this folder to check for missing files, then my concern is that it might replace files based on SP2 instead of SP3. So, are you saying it would do no harm to follow your tutorial and use the SP2 folder in my SP3 machine? If so, I'll do it right away.

Thanks as always for your help.

[Hski]

I meant the i386 folder; sorry

[Hski]

I just checked again, there's an i386 folder located in C:\windows\servicepackfiles. Should I use this one Jean?

[JeanInMontana]

Did you go to the link? I see now they are selling it. Yes any I386 is going to be the one. There should only be one. SP2 and SP3 where SP = Service Pack. You might be able to replace the driver files through Dell too. I'm not sure they are going to be in I386. Google search of the file name.

http://www.google.com/search?q=Sym_U3.sys&...lient=firefox-a

[Hski]

Thanks Jean, I'll do the i386 thing today, hopefully that will solve this problem; if not, I'll be back.

I did go to the link for the sym_U3.sys file long before I posted anything, but I was reluctant to download and pay for anything before I knew what was going on (it's still not clear if downloading that file is the thing to do...for instance, where do I put it? And is placing it in the correct place good enough or are registry changes needed as well?)

[JeanInMontana]

Well it's a driver, for a mini port, but I sent you over here because I am not at ease when it comes to hardware. LOL I'll stick a bug in an ear that is.

[Hski]

Thanks for your help Jean.

I've been following your tutorial on running the System File Checker, but have not had success; I'm unable to run it. I've been able to follow all the steps except #6 (after first trying step #1 and 2 without success then trying the others). I've used the i386 folder that resides in C:\WINDOWS\ServicePackFiles. So far, nothing has worked. I keep getting the "files that are required for Windows to run properly must be copied to the dll cache. Insert your Windows XP Professional CD-ROM now".

In trying to follow step 6, I should be able to find the registry key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection". In my sp3 machine, that key is missing the last file, Windows File Protection.

As you've directed, I'm trying to run the System File Checker to see if a corrupted or missing file is the cause of my problems. Any ideas? If not, can you ask one of your compatriots to assist me?

Many thanks as always.

[AdvancedSetup]

Hello Hski,

I've been asked to take a look at your issue. Please give me some time to review your post and see how we can assist you further.

Questions:

1. Do you have a CD or DVD burner, writer on your system or access to one if needed?

2. Do you have the Service Tag number. It should be like a 7 digit number on a label attached to the bottom of the unit.

[Hski]

Hi!

Yes, I have a cd/dvd burner and my service tag number..

Thanks!

[AdvancedSetup]

Can you please give me your Service Tag number so that I can check up on it. You can PM it to me if you don't want it in public on the board.

[Hski]

Thanks. What is PM?

[AdvancedSetup]

It's private message. Never mind though as I've located your system on Dell already.

Please do the following.

Click no START - RUN and type in devmgmt.msc and click OK

Near the top of the tree list you should find Disk drives click on the + sign and expand that list.

Please post back ALL the names and numbers shown there.

Also, while in there please let me know if you see any YELLOW or RED indicators for your hardware.

Then click on START - RUN and type in EVENTVWR and click OK

Look in the Application and System log sections for RED flags that indicate an error status.

Double click on the RED ones and see what they say. You can also look at the YELLOW ones. Your looking from anything to do with either Hard Drive, SCSI, IDE, EIDE, SATA errors.

Report back what you find on those please.

I'm guessing that you may have a hard drive that may be starting to fail. The event viewer may be able to tell us that.

[Hski]

Thanks:

Disk drive listed in device manager is WDCWD800VE-07HDT0

No red or yellow in any of the device manager entries .

Lots of error entries in the event viewer. Most of these are entered many times. All are from "system". They are as follows:

"The following boot-start or system-start driver(s) failed to load: AVG Clean Driver" I dont' know what this is. I don't have AVG, I have Avira Anti-Virus running. Maybe it's part of Avira? Also, I did run many things to eliminate the possibility of a virus so maybe it's related to that?.

"The Windows Service Pack Installer update service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." I enabled this.

"DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}". I have TONS of this message. DCOM service WAS running (automatic).

"The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." This was disabled so I re-enabled it. I know it was previously enabled.

" The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." Tons of these too. I enabled Telephony service. I think this was was previously enabled.

No errors found for any anything to do with either Hard Drive, SCSI, IDE, EIDE, SATA errors. The only errors were noted above (most were listed many times).

My hard drive is only 1, maybe 2 years old. I ran a disk check (with both boxes checked) after the start of my problems and it completed successfully.

Thanks for your help.

[Hski]

One more bit of info. I just rebooted and took an immediate look at the Event Viewer.

In the "Application" section it listed the following errors:

"A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. " This is noted twice in the Viewer.

This sounds ominous. What does it mean? Could this, combined with my previous list of errors be part of a remote attack of some sort?

In the "System" section, I didn't get the DCOM errors, but I did notice entries showing that the Event Viewer was stopped and started. I also noted the following again:

"The following boot-start or system-start driver(s) failed to load:

AVG Clean Drive"

[Hski]

Sorry...I forgot to tell you that the Event Viewer info that I noted earlier was only from the past few days. I had looked at the Event Viewer earlier and noted that the dates for the events seemed really messed up; after 2006 it was showing 2033 and dates like that so I couldn't tell what was what. So I saved the events then cleared the viewer (System and Application only).

[Hski]

and no, no hardware errors in the saved logs.

[AdvancedSetup]

It could be due to a few things. Obviously the system is not functioning properly.

Please do the following and let me know what you get.

Click on START - RUN and type in DCOMCNFG and click on OK

Click on the + sign for the Component Services and expand the tree. Click on Computers, then click on the + sign for My Computer then click on DCOM Config and you may be prompted for updating entries which is okay as long as it is applications you're aware of and you can click ok. If you get any other errors or can't get there let me know.

[AdvancedSetup]

Also please take a look at this article.

MS04-015 does not install correctly

Also check and verify if you can do Windows Updates properly.

[Hski]

Thanks once again.

Ran DCOMCNFG and got 2 error messages relating to yahoo messenger (I know and have it) so I clicked ok. I entered the console successfully with no other error messages.

Ran Windows update successfully (nothing critical to download).

Looked at the link you sent "MS04-015 does not install correctly". The resolution is to enable the Help and Support service, but it was already running and set at automatic. That link contained another link that said "To reinstall the security update that is documented in Microsoft Security Bulletin MS04-015, download and then run the appropriate package from the following Microsoft Web site". When I went there, there was no download for XP SP3, only XP and XP SP1 so I took no further action.

[AdvancedSetup]

No that is good. Was just wanting to confirm those items were working properly or not.

Please clear your logs again (you can save them if you like) and reboot. Then run the following tools on reboot.

Click on

START - RUN

and type in

SIGVERIF

and click OK

This is a Microsoft File Signature Verification program that will check some file status for us.

• Click on the
  START
  button and let it run.
• It will popup a box when it's done to show the status, you can close that box.
  
  
• Close the
  File Signature Verification
  application.
  
  
• Find and attach the file C:\WINDOWS\
  SIGVERIF.TXT
  to your reply.
  
  
• DO NOT
  post the log directly into your reply, attach the file please.
  
  

Then this one.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program

OTListIt.exe

to your desktop.

• Close all applications and windows so that you have nothing open and are at your Desktop
  
  
• Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  
  
• Place a checkmark in the
  "Scan All Users"
  checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  
  
• Click the Run Scan button
  
  
• NOTE:
  Please be patient and let the scan run without using the computer
  
  
• When the scan is complete, a text file (
  OTListIt.Txt
  ) will open in Notepad (if not, it can be found on your Desktop)
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  
  
• Submit your reply and close the Notepad window with
  OTList.txt
  
  
• Also OTListIt's
  Extras.txt
  log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  
  
• NOTE:
  If the files (
  OTListIt.txt, Extras.txt
  ) do not appear in your taskbar, just open the files in notepad from your desktop.

  
  

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

[Hski]

I've been unable to post since last night. This is a test

[AdvancedSetup]

Due to PC issues or was the board not responding?

Please post a status update or the requested logs.

Thanks.

[Hski]

It's not my computer, seems to be the site (browser seems to be working ok). Whenever I post the logs and try to upload the file, it seems the site tries to send the message but I get an error message that says unable to do so, or it freezes.

I'll try again