Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected driver problem


  • Please log in to reply
46 replies to this topic

#1 _Adi

_Adi

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 08 March 2012 - 07:53 AM

Hi,

I am continuing my problem thread in this forum at sempai's suggestion.
My WinXP Lenovo T500 laptop was infected with a root-kit and the AV cleaned up the infected files which were important system drivers.
Sempai helped me clean up the machine, and now (according to the logs) it is supposedly mal-ware free.

However, I am still suffering the consequences of the infestation.

The virus scan (Avast) found some infected files and root-kit and quarantined a bunch (8) of .sys files:
- afd.sys
- cdrom.sys
- redbook.sys
- serial.sys
- ipsec.sys
- netbt.sys
- i8042prt.sys
- mrxsmb.sys

Sempai has helped my restore my Internet connection and cleaned up my system.
However, there are still some remaining issues:
- No CD/DVD drive
- No built-in keyboard and trackpoint
- I cannot see other computers on the LAN, nor print to remote printer in my LAN.

There may be other issues that are due to the infected drivers, that I am just unaware of right now.

Can anyone help me restore functionality?
Thanks,
Adi

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 09:39 AM

Download Windows Repair (all in one) from the link below.
http://majorgeeks.com/downloadget.php?id=7141&file=15&evp=18a37c9c3804bd022748a38eb328614e


Run this program in advanced mode. :)
Install the program then run it go straight to option 4 Create a system restore point,Also back up the registry. leave all checked.Leave restart system when finished checked.And hit the start button this can take some time,just let it run Make sure and close all applications prior to running this even your browser. Post back and let me know how it goes.

sfc /scannow


Go Start and then to Run ("Start Search" in Vista),
Type in: sfc /scannow
Click OK (Enter in Vista).
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.
In Vista you will receive the following message: "Windows resource protection did not find any integrity violations".

For Vista users ONLY: Navigate to C:\Windows\Logs\CBS folder. You'll see CBS.log file.
Usually, it's pretty big file, so upload it to UploadMB.com - Free File Hosting, Upload unlimited files, Simple and Easy. 100% Free , and post download link.


If you don't have Windows CD....
This applies mostly to Windows XP, since Vista rarely requires use of its DVD while running "sfc"
Note This method will not necessarily work as well, as when using Windows CD, because not always ALL system files are backed up on your hard drive. Also, backed up files may be corrupted as well.

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup

You will see various entries Values on the right hand side.

The one we want is called: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePatch setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After this please open command prompt and type the following and reboot. chkdsk /r ( note the space between k / )

Edited by InadequateInfirmity, 08 March 2012 - 09:44 AM.


#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 09:55 AM

- afd.sys Ancillary Function Driver for WinSock Please set your winsock back to default.
http://majorgeeks.com/WinSock_XP_Fix_d4372.html
- cdrom.sys SCSI CD-ROM Driver Windows update
- redbook.sys Redbook Audio Filter Driver/Digital CD Audio Playback Filter Driver Windows update
- serial.sys ??
- ipsec.sys Windows update
IPSec Driver Windows update

- netbt.sys MBT Transport driver Windows update
- i8042prt.sys i8042 Port Driver Windows update
- mrxsmb.sys AVG This driver is related to Avg did you have it at some time if so run the avg removal tool.
http://majorgeeks.com/AVG_Remover_d7000.html

Please after setting your winsock back to default running the avg removal tool,running the windows all in one repair sfc /scannow and chkdsk /r I would like you to visit the windows update site. :)

http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5

Let me know how it goes for you. Also not sure If I edited my first post in time run the all in one repair in advanced mode and leave all items checked reboot the machine after it runs if it doesnt reboot itself.Yes even if you already ran it once.Then proceed with my other instructions. :)

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,738 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:21 PM

Posted 08 March 2012 - 09:58 AM

I have never heard of this program or the website proposing use of said program. In itself, that is a small thing, since many programs exist that I've not heard of or used.

Although I have no way of determining the usefulness or safety of the above referenced program...I believe it pertinent to note the phrasing at the webpage.

"The program is still young and needs to grow. My goal is to have a repair tool that can save someone from having to do a reinstall.
To help those people who can't afford a computer tech, and of course to help my fellow techs out there. So if you have any problems, repair ideas or suggestions to make the program better please post in the forum and let me know :-)."


I also noted that the tool asserts the following claims:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
and more...


For the record...

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
I would suggest...that the OP seek a cimpler way of determining what the problem might be...and how to overcome it, rather than a tool which promises to overcome everything which might possibly be incorrect (by whatever standards the developers of said program used) and which involves editing of the system registry in an unknown manner.

I would have started with simply uninstalling the current drivers for hardware items which malfunction currently...and then installing them anew. I would have followed that with simply running the sfc /scannow command. No 3d-party program required to do either of these things.

Louis

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 10:07 AM

This program is not a registry cleaner it only sets them back to default.I also help on many other forums other than this one and have pulled a few computers from the grave with this program.But your concern is appreciated.It also doesnt just claim to do...It does.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,738 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:21 PM

Posted 08 March 2012 - 10:34 AM

From http://www.tweaking.com/content/page/windows_repair_all_in_one.html : "Tweaking.com - Windows Repair is an all-in-one repair tool to help fix a large majority of known Windows problems including registry errors..."

"Registry errors" are not the same as permissions issues, which can be reset to default. A summary of how to do this without any 3d-party tool can be found Here and requires no 3d-party tool to do such.

"Registry errors" is the pitch used by most/all "registry cleaners/optimizers" IMO...just use Google to see what comes up with those two words.

I post the BC stance...because I want members to be aware of the policy. I feel that all members have a responsibility to make the mis- or uninformed users...aware that rhetoric can be misleading and "computer solutions" put forth may not necessarily be "solutions" of any sort.

Google Rexults For "registry errors"

Louis

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 11:21 AM

Open Command prompt and type the following easier to just copy and paste.
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Download and then install the Subinacl.exe (~370 KB) from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en


open note pad and copy and paste the info below into notepad then name it regfix.bat save it to your desktop run it and reboot.


cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive%\ /grant=administrators=f /grant=system=f


Here is the source of this info.
http://carrona.org/resetreg.html

#8 _Adi

_Adi
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 08 March 2012 - 11:24 AM

Hi,

Is this after the previous steps, or instead?

Thanks,
Adi

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 11:28 AM

The choice is yours. :) They do the same thing. Or do both wont hurt I would do both on my computer I help on many sites and have a test computer that I run apps on before telling anyone to run anything In certain cases I will try and duplicate the problem which doesnt apply in your case but I assure you this will not harm your pc.Yes just run both starting from top to bottom of what I suggested and let me know how it goes. :)

Edited by InadequateInfirmity, 08 March 2012 - 11:36 AM.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 11:39 AM

It is very important that you run the AVG removal tool. :) Avg is garbage and even if you uninstalled via add remove programs it it will hang around,causing issue after issue,that is why you need to run the tool. :) Also I am curious to know how it goes for you.Please post back the results. :)

#11 _Adi

_Adi
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 08 March 2012 - 11:57 AM

Hi,
I'll post as soon as I can. I'll be at my computer in about 2 hours.
thanks,
Adi

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 12:08 PM

No problem those instructions I posted are for users who do not have the xp disk if you have yours just pop it in and open command and type sfc /scannow
I think Broni is the original poster for those instructions.

#13 _Adi

_Adi
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 08 March 2012 - 12:14 PM

I'll try it. Remember that at the moment I don't have a visible cd drive. On the other hand, I did run sfc several time when cleaning up and it didn't ask for the cd.

#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 March 2012 - 12:21 PM

Most likely the first tool I suggested will give you access to your cd drive again.Then you can run sfc /scannow.The program that I suggested should do the job of the below.
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm
http://aumha.org/downloads/cdgone.zip
http://support.microsoft.com/mats/cd_dvd_drive_problems/en-us

The link below may also be of use to you.
http://www.dougknox.com/xp/file_assoc.htm


If you are able to boot from your xp disk then I am sure we will get it working.

#15 _Adi

_Adi
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 08 March 2012 - 04:25 PM

A status update:

sfc is still running.
What I got thus far:
1. Ran AVG remover successfully.
2. Ran Windows Repair (All in One) once in basic and once in advanced mode. This took a really long time.
3. Ran WinSock_XP_Fix and rebooted.
4. Now running sfc. Hasn't asked for the CD yet. It's been about an hour now. Should be done soon.

After each phase there is still no CD/DVD drive.
I am a bit confused. What should I try next? You suggested various options, some of which seem to be overlapping.

I haven't done any of the registry tweaks yet.

Please advise,
Thanks,
Adi

Edited by _Adi, 08 March 2012 - 04:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users