driver repair

[K27]

PCBruiser

the sp1 would of come from windows updates, either with a prompt or automatic a 3:00am as my system is set, i done a reinstall at the the end of feb using the vista cd,then the utilities disc and then downloading the drivers in order from dell as this is a hand me down laptop and was full of junk and as there is no restore point i done it manually.And for a week or so after i was always getting updates and am not sure if i agreed yes or it was auto.

here is the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:06, on 11/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\PROGRA~2\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238359139961&h=55e54539416cb9573458f250ae0807f7/&filename=jinstall-6u13-windows-i586-jc.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8611 bytes

[PCBruiser]

Hi,

Here's what I want to try to do.  I want to either verify or not that SP1 is the source of this issue.  So, go to your Programs and features CP, and see if there is an uninstaller listing for SP1.  Don't use it for the moment.  Simply tell me if it is there.  I suspect that  you may have had a bad install of SP1, that is known to happen.

My other question is do you have the Vista installer CD that came with your system?  If so, we may do a rescue reinstall ov Vista using that, or slipstream SP1 into that installer and then use the slipstreamed version for the rescue.

[K27]

hello PCBruiser

there is a programme in controll panel thats listed under name as "Microsoft .NET.Framework 3.5 SP1" then under publisher as "Microsoft" and under date as "1/3/2009" which is the same date as my update history has it listed under as the install.

Im also happy to say that yes i have got my vista reinstallaion disc as well as the drivers and utlities disc.

[PCBruiser]

Hi,

No that is not it at all.  That's the service pack for .NET 3.5.

I'd like to have you create a Vista installer DVD with SP1 slipstreamed into it.  This article gives you specific instructions on how to do that.  http://www.labnol.org/software/tutorials/slipstream-vista-sp1-bootable-windows-vista-dvd-integrated/2750/  Follow the instructions carefully.  The end result will be a fully legal Vista installer DVD that uses exactly the same activation codes, but now includes SP1.  You can use it in place of your current Vista installer DVD for all the same purposes.

Once you have made that DVD, post back for further information.

[K27]

PCBruiser

standalone sp1 has finished downloaded, when i went to start "vlite" it was prompted to download "wimfilter" to work propley, which im doing.

its given me a time of 3hour 10mins and ive read than the slipstream its self takes 60-90 minutes, so could be a wait till the disc is done, but ill get it done tonight.

cheers
kev.

[PCBruiser]

Yeah, it takes some time to do this.  What I think is that you had a bad update to SP1.  There is something called a recovery or rescue reinstall of Windows.  It is similar to a regular reformat and reinstall; however, you do not lose any data, settings or software.  All the system components are replaced.  If anything can fix a partially busted operating system, that can.  If it can't fix the system, then you are probably looking at having to do a full reinstall of the system to make things work correctly.  Having the slipstreamed DVD means that if it does become necessary to fully reinstall, you will install with Vista already updated to and including SP1.

As to what caused this?  It could have been as simple as a bad update install of SP1.  On the other hand, if the system is infected with malware when one tried to install a major update, that in itself can cause the update to fail.  Sometimes, trying to remove malware will cause similar problems, because most malware is not written with us in mind.  If the malware damages the system host, the malware developer couldn't care less.

So, we'll try this, and see if we can get the system working properly without losing anything.  Before we start, though, I strongly suggest you save any critical data to an external hard drive, a USB flash stick, burned to a DVD, etc.  Better to be safe than not.  And, if this doesn't work, then your data can be restored from that device after a full reformat and reinstall.

Had we been able to find the uninstaller reference for the SP1 update, we could have tried uninstalling it, and then reinstalling it from the large download you made today.  That should have had a similar effect to doing a rescue reinstall.  Unfortunately, that wasn't available to us.

[K27]

not to wprry about going a round the houses to do this as to me its all learning, as seeing as im looking to do malware training,comptia A+,cisco and then maybe MCSE or something along them lines, its all knowledge in the bank.

my broadband went of at 80% on the first attemp of downloading the filter and i found a loose connection in the BT extention lead, so im now plugged in to the main socket and back up to 70%.

all i keep on the laptop is my programmes, itunes,nokiaPCsuite,sonyericssonsuite and a few other stupid thing i can just download again,

all photos,music and films are already on a exturnal HD as this laptop only has 45gb of memory and even running clean its at half memory so with music and stuff its kinder slow.

im starting to understand alot more about the malware thing and how bad some of these infections can be, hence the reason i want to get trained and help others fight back against these people who have no regaurds what so ever about infecting people who like me, alot of the time cant afford to call a expert out at £30 an hour.

but for now thanks alot for all your help and advice PCBruiser.

it fills great to know every time i got on the PC these days im learning something new from experts.

[K27]

pcbruiser

i think im stuck, i downloaded the "wimfilter" and it went to "winrar" i then tried opening "vlite" and still got the same prompt to download it, so i then extracted it to downloads and tried "vlite" and still the same prompt"

when i looked in downloads as there is, is a read me file as below

This disc contains a "UDF" file system and requires an operating system
that supports the ISO-13346 "UDF" file system specification.

any ideas

[K27]

nope , no matter what i do all i get when i extract is the notepad read me file from above

the rar file is defently there at 1,408,927kb but all im getting is the read me file.

[K27]

PCBruiser. Sorry to milti post i fill like im being pushy but I think we have lift off. I'm not totally sure just yet but it is looking good. So I thought I'd give u a update. I've managed to get vlite working. To do this I uninstalled the1.2 version and in stalled the 1.1.6 version as after a hour on google I found this comes with WAIK installed. I then managed to get the vista disc into a folder after two attemps and then I choose the sp1 file and for a little while vlite said intergrating. I was then prompted to disable and told " this will take awhile( around 60-90min)please wait..."  so all in all I think it's done. Will report back soon as it's finished.

[PCBruiser]

Ah, good, I'm glad you got it to work.

[K27]

All done. I saved an ISO file first. Then done a direct burn which didn't work as when I ejected and then reinserted the disk it was still being read as blank. I then choose burn image and choose the vlite ISO file I'd saved. Now when I put the disc in it reads as "vistalite". The only thing is, is that the ISO file is in rar format and I just burnt and didn't extract. But it still seems I've now got a slipstreamed vista32bit sp1 bootable disc.

[PCBruiser]

ISO format is a direct disk image.  You do not burn it file-by-file, and if you do, it won't work.  It is literally the actual disk bit by bit.

OK, now we go on to the recovery reinstall.  MS calls this an "in-place" reinstall.  To do an "In-Place Reinstall" of Vista,  follow these steps:

1.  Insert the Vista Installer DVD into your computer's DVD-ROM drive, and then restart your computer.

2.  When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Vista DVD.

Note Your computer must be configured to start from the DVD-ROM drive.

3.  When you reach the "Which type of installation do you want?" screen, click Upgrade as if you want to upgrade the current operating system to Windows Vista.

Press ENTER to set up Vista.

4.  On the Licensing Agreement screen, press F8 to agree to the license agreement.

5.  This is a critical step, so be careful.  Make sure that your current installation of Vista is selected in the box, and then press R to repair Vista.  When the installer asks for your license key, use the one that came with your Vista installer DVD.

6.  Follow the instructions that appear on the screen to reinstall Vista. After you repair Vista, you may have to reactivate your copy of Vista.

7.  After the "In-Place Reinstall" completes, you will have to do all Windows Updates, possibly reinstall your video card drivers, sound card drivers, and maybe a few other drivers as well.

If you follow the instructions exactly, you should not lose any data, software or most settings.

[K27]

I'm at the upgrade screen now but it's saying it's diabled and to up grade I need to start the installation from windows. All I can choose is "custom (advanced)". Should I carry on with a clean in stall or abort and try from windows

[PCBruiser]

Boot into Windows.  Open the DVD with Explorer and double click on setup.exe.  That should start the thing going.  It should reboot almost immediately after that and go into the installer.