Jump to content

edshead

Honorary Members
  • Posts

    66
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything appears to have uninstalled cleanly and I've gone through the rest of the post as well. Additionally, that one popup I was getting on startup returned, and I found it was due to the googletalk plugin registry key in HKCU/Software/Microsoft/Windows/CurrentVersion/Run not enclosing the path in quotes, so Windows wasn't reading the full path. Enclosed it in quotes, and it's all fixed. Thank you again for all of your time and insights. I believe this thread can now be closed.
  2. Bravo. Replaced autochk per your instructions while in Ubuntu. Booted to safe mode just fine. Started a chkdsk and it asked to schedule one for next startup. I said yes, rebooted, autochk ran and came up clean. Windows loaded fine (even without that popup I mentioned earlier). You've taken me from the brink of a reinstall and all the headache that goes with restoring all my programs... to 100% functional. You are truly amazing. Thanks for all of your help. There's no way I could've done this without you. As awesome as you are, no offense, but I hope you don't see me back here again. :-P Thank you.
  3. I was having problems with chkdsk running on restart, and I believe it would've been autochk that ran at that point so it would make sense that it's not in good health. Here's the combofix logs (quarantine log included). Note, I had a crash when I ran it the first time (froze like previous), so I ran with /nombr. The kicked myself a bit for not doing that the first time. ComboFix-quarantined-files.txt combolog.txt
  4. Sorry. That window that is in the image above pops up on startup. Thank again, so much, for all of your help!!!
  5. Following numbered section is to document your great work. I backed up the registry with ERUNT I started above. Then, I imported i8042prt.reg. Reboot. Keyboard works. Backup registry again with ERUNT. Import usbehci.reg. Reboot. No change in functionality. Backup registry again with ERUNT. Import HDAudBus.reg. Reboot. No change in functionality. Still, I check device manager and I see that the Code 39 errors are gone. Windows thinks that the Audio Codec and Touchpad are running fine. I uninstall the Dell Touchpad. Reboot. It auto-detects Dell Touchpad. It installs it, but it's still not working. I go to Device manager and tell it to uninstall and tell Windows to remove the driver software. Reboot. Install Touchpad driver from the Dell driver package mentioned above. (I think it's R286???) Reboot. Touchpad works. I install the IDT package (R226??? above). Reboot. Sound works. Okay. So now that we have all the old problems done, here's a couple new ones that popped up. At some point a window started popping up trying to open the file Ed. (no extension.) It asked for a program to open with. I opened with notepad, and it's a blank file. Is this possibly where the rootkit might've been doing the logging? Also, I got a pop up from AVG saying autochk.exe was infected, but it wouldn't clean it because it's a system file. Both a log from AVG (actually not txt, it's csv if you want) that shows the detection as well as an MBAM scan of that file are attached. MBAM picks up nothing. AVG-autochk.txt mbam-log-2012-02-20 (17-38-05)-autochk.txt
  6. Here's the details tab of each device that device manager is giving a Code 39 error on. Additionally, I provided the driver details, which includes the driver file list for each device. As a recap: Built-in keyboard has always used the default Windows driver as far as I know. I can't find a proprietary Dell driver for it anywhere. Touchpad does use a Dell driver, and I've installed the most current one from Dell's support site. That's the driver that gives the details you're looking at there. HD Audio driver: Made by Sigmatel (now IDT). Ever since I got the laptop, if I reinstalled Windows, or otherwise lost the driver, I had to use Dell's update for that. For my computer, the appropriate Dell update is R190517. Rather than attach the 8mb driver, you have a directory listing for the extracted Dell package. Installing the Sigmatel software from that Dell package now gives me an error saying I don't have that device. Similarly, pointing Windows' "update driver" at that folder says that it doesn't contain anything for my device. r190517.txt Note, the above update is for Windows Vista. There isn't one for Win7, and using the Vista driver in Win7 means the external mic jack doesn't work (which I use). The solution I found was installing a driver for a slightly newer device from IDT, which worked flawlessly. That is Dell update R226903, and a directory listing for that 24mb package is also attached. Right now, I get the same problem with this package as the one above, where it doesn't recognize the device, and Windows doesn't recognize it as being an appropriate driver. r226903.txt Thanks for your continued efforts!!!!
  7. Didn't see ERDNT\subs. "dir /s" from \ERDNT\ attached. Also, regarding wireless. Wireless adapter itself is fine, loading and showing no error in Device manager. Shows up in network connections as well. The WLAN service isn't starting though due to the ndisuio service not starting. I did try to reinstall the driver, and reached the same result. erdntdir.txt
  8. First off, bad news. Can't uninstall SP1. Not sure if that's because I used a Win7 SP1 DVD to upgrade from Vista, or if it's because the pre-SP1 files got deleted at some point. Bottom line, I don't have the appropriate KB update available in "installed updates" in order to remove SP1. Using wusa at the prompt also doesn't work. Oh well. Reinstalled AVG & Comodo, and the only log for an AVG scan where something turned up is attached.. (AVG is actually semi-colon delimited but it didn't let me upload csv files.) Comodo looks to have taken its log files with it when it uninstalled, or overwritten them in the reinstall. Still searching, but it's not looking good. Also, a majority of the damaging crashes happened while combofix was running. That is, it would be running with the /nombr switch, freeze, and I'd have to do a hard reboot. I'm nearly certain that's what caused the damage, as the initial failures happened immediately after each one of those reboots. First, CFscan, keyboard mouse go out, scan again, audio goes out, scan again, wireless goes out. It's one of the things that drove me here. Additionally, had another idea for pre-reinstall. I still have major problems in the attached sfctodo.txt according to SFC. I don't think SFC is working. We already knew that some of the files it has are corrupt and thus it's not copying them. It also looks like it's setting up "pending renames" that never actually execute. (I've checked for the folders that they should be renamed to, and they're not there.) I've found instructions on mounting the install image off of the install DVD within the recovery environment. (These detailed instructions fix a specific issue, but it can be generalized to other windows system files. And unfortunately I can't find a similar example in Win7, but it works the same.) My thoughts were to create a text file with commands to fix each issue (cmd1: rename old file to back it up, cmd2: apply fix by copying from DVD, cmd3: append to log that it completed those two commands). Reason I'm not doing that in a batch file is that I'm using a batch file to wrap that text file, so I can use a loop to check for a non-0 exit from each command, and if a given command does exit with an error, append error/command that caused error to the log file, and ECHO something like, "You'd save yourself any more of a headache if you just reinstalled already." It's a bit of a shot in the dark, but I figure that if Windows (sfc) is identifying core problems for me where there is something specific I can do (execute the commands that it's trying to), that might be better than digging around from the GUI. With backups of each of the things I'm touching, along with the fact I probably have to reinstall anyway, I'm not seeing many drawbacks other than the time suck. I welcome your thoughts though. Thanks again. You're the best! P.S. I'm glad I hit 50 posts in this thread. I was half-way to my old 20mb upload quota. 150mb quota should get me through at least another couple days of this. sfctodo.txt AVG_resshield.txt
  9. If this is a problem with the uninstall of Comodo and AVG (so the logs are unintelligible), I could always reinstall them to get a look at the logs if that could point us to the issue. If you want to go the SP1 route, I'll go that route. If it would be helpful to go with the reinstall of the overzealous scanners in order to read logs, I can do that as well. Let me know. I'm guessing SP1 is easier because it does't require diving through any more logs. Worst case, and all of this fails, what next? I realize it's likely still a long way from the root of the problem. But for things like my Wireless card, that's depending on WLAN Service which won't run because of the ndisuio.sys issue that is in the Non-PnP drivers area you had me look into. I haven't ever traced a driver issue this deep into the O/S, but it seems like you probably have. Is it worth me following these down the line to the root, or from your experience, do you know if I'm going to bump into some MS binary that's custom to my system 15 steps down the line which prevents further tracing/troubleshooting? If that's the case, I guess I'm forced to go with the reinstall.
  10. I'm going to ignore anything my computer says to the contrary and say yes, everything is perfect. After opening my eyes, unfortunately nothing has changed. Same problems as before in Device Manager (except the McAfee driver is gone). Audio and keyboard still behave the same but I don't know that I'd call completely not working a type of behavior. Although I don't know for certain, I believe the McAfee driver was level over from the Summer of 2010, as that was the last time I had any part of a McAfee suite installed on this computer (that was when the 24-months free with the laptop ran out). Uninstaller must've missed that driver.
  11. FSS: Farbar Service Scanner Version: 13-02-2012 Ran by edshead (administrator) on 19-02-2012 at 09:56:39 Running from "C:\Users\edshead\Desktop\fixes" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Running McAfee removal and rebooting now.
  12. And again with the forgetting to click attach. dvmg.zip
  13. Couldn't find those on the tree. Here's screenshots of the tree, plus hopefully detailed enough screenshots of the three 'devices' error'd out in the tree. (Screenshots for each device showing General tab, Driver tab + error when clicking Start service msgbox, and Driver Details.)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.