Question

Locked

Q re: XP Pro Sp3 DeviceMgr "Non-Plug & Play Drivers"

By TerryGH ·
I posted this question on the MS Hardware Newsgroup earlier so excuse the duplication. I'll save a long winded description for now, but essentially as a result of a major trojan virus infection (now deemed clean by Trend Micro), serious
damage was done to my network adapters (all showing yellow ! marks) and some of the non-plug and play drivers (e.g., AFD, IPSEC driver, TCP/IP Protocol
Driver). My tech friend and the manuf. of the Mavell Yukon PCI/PCI-E controllers have already walked me thru trying to update the drivers from the
Marvell site (mssg says no better driver found), so the next step seems to be to see if the non plug and play drivers are the underlying culprit.

So my initial question is since right-clicking on the non plug and play drivers only gives me a choice between disabling or uninstalling (no option
to update drivers), and the properties for each of the flagged drivers says "this device is not present or working properly etc (code 24)" ----- how do I go about reinstalling them? Will XP Pro automatically try to add them on a reboot like the main network adapters (which are reinstalled ok but still are
yellow ! flagged). Or maybe the on reboot I will be prompted to insert the XP install disk?

Or... am I doomed to having to reformat the HD and do a complete re-install of XP Pro since I see in the details tab of properties that the Device Instance
Id is something like "ROOT\LEGACY_TCIP\0000"?

Thanks in advance for any ideas ....

This conversation is currently closed to new comments.

38 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Well

by seanferd In reply to Q re: XP Pro Sp3 DeviceMg ...

A complete wipe (wipe!), then partitioning and formatting would probably best and safest.

But you can try this. For the network adapters, uninstall them from device manager. They will be detected and reinstalled on reboot. If there is no repository of these drivers on the disk, or they are damaged, have your install disk and/or any additional media you used to install the drivers handy.

As for the non-PNP drivers, some of them are a bit more scary, but they aren't working at all now, and the system still boots. Do the same for them, maybe one at a time. Those which you mention (IP security, TCP/IP, Ancillary function driver for windows sockets) are all network related, and not totally critical. You may or may not need the installation disk for these, but probably you will.

You may be able to fix some of these by running
sfc /scannow
from the run box or command prompt. Have the installation disk handy.

Otherwise, I'd suggest backing up all your files, then nuke and pave the drive.
http://www.killdisk.com/
http://www.dban.org/

Collapse -

Reply 1 to Seanferd

by TerryGH In reply to Well

Thanks for the feedback and ideas, Seanferd -- esp. re sfc /scannow which I had not previously tried. With the XP Pro disk in place, it took about 20 mins. to run and then the XP running/progress window closed and it just went back to the command line in the DOS window -- is that what should happen, e.g., no report ala "settings ok" or something?

In any case, it didn't work: IE8 cannot connect, ipconfig reports an internal error, ping google.com "could not find host", control panel's Network Connections still is empty, and in the Device Manager all of the Network Adapter items and the same non-PNP drivers as before still show the yellow !

Iknow I have a good DSL connection since I am typing from my wifi-connected laptop and I have previously checked the BIOS "on board devices configuration" and they are enabled. I have also uninstalled the two main controllers (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller and Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller (the packet scheduler miniports are removed automatically) and rebooted, with the same result after XP detects and installs the hardware (yellow !), but haven't tried deleting the others as well (1394 Adapter, bluetooth LAN access driver, direct parallel and then 4 WAN miniport drivers).

Can you by chance confirm that its unlikely that none of the non-PNP drivers showing the yellow ! could be responsible? The 8 drivers Device Manager shows as being not present, not working properly or does not have all its drivers installed" are ....
- AFD
-IP Network Address Translator
-IPSEC driver
-NDIS Usermode I/O Protocol
-NetBios over Tcpip
-Parport
-TCP/IP Protocol Driver

Apologies for the lenghty reply & potentially too much information, but I want to have this information all in one place, so the system information (built to order 7 months ago (March'09)is: Intel Core 2 Quad CPU Q6600 @ 2.40GHz w/4meg ram & ASUS P5Q Deluxe motherboard.

The most frustrating thing about this is that everything else on the machine is working great (all data files intact (and backed up), monitors and printing ok, MS Office programs work ok etc), hence my hesitancy of doing the diskwipe/reinstall.

Once again thanks for you help and any other ideas will be appreciated.... Terry

Collapse -

They are probably all responsible

by seanferd In reply to Reply 1 to Seanferd

for you lack of network connectivity. There are a couple you might not actually use, but Windows will probably choke on their absence.

Parport (Parallel ports) will show yellow if you don't have one, or also apparently if it is disabled in BIOS, so this could be normal.
http://support.microsoft.com/kb/883253

It looks like it would be quite safe to Uninstall these from Device Manager, one at a time, then reboot. Windows should detect and reinstall them. Have your XP disk handy in case the reinstall process needs it.

Some items may show yellow even after reinstallation because one of the others has not been fixed yet. Especially the network card driver - it will need some of those non-PNP drivers for sure. They are most all network-related.

Just in case, you may want to scan the system with MBAM, it is very good at checking for malware, just in case there is anything left over. It's free and small, so no big deal.
http://www.malwarebytes.org/mbam.php

Collapse -

Is the XP Recovery Console a Viable Option?

by TerryGH In reply to They are probably all res ...

I started things off about noon today feeling good about having a ?clean machine? with the objective of first uninstalling the bad non-PNP driver?s per Seanferd?s suggestion in post #4, with the idea that I would then try Jacky?s idea re updating the chipsets (post #7 & #14) if that didn?t work.

I first uninstalled TCP/IP Protocol Driver and it was added back on a reboot but Device Manager still had yellow !. I then did the same for the AFD driver but it would not reinstall with ?scan for any changes? or via Add Hardware(not found on XP CD) or on a reboot. I tried a number of other things but the bottom line is that based on my search for info on AFD (e.g., http://stammalammy.blogspot.com/2009/08/learning-more-about-afd-on-xp-than-i.html) and numerous other entries the fix would go way beyond my limited tech knowledge (or patience at this point). In one post it said to check for the 3 key files (AFD.sys,netbt.sys, & tcpip.sys) in the win/systtem32/drivers directory and they are there, but as mentioned, I?m way out of my league so also spent time verifying my data was backed up and mentally getting ready for a re-install of XP and mutlitple software packages I need for my business.

So at this stage before taking that final step to wipe and reinstall, I am wondering if it is worth a shot to try the XP Recovery Console per this MS article >> http://support.microsoft.com/kb/307654 e.g., might it automatically determine the non-PNP drivers are not installed and attempt to do so?

You guys have gone way beyond the call of duty and I truly appreciate it so thanks again.

ps to Jacky -- re post #14, I actually knew enough to unzip files but I appreciate your making sure this old guy's soggy brain had the info I needed just in case :)

Collapse -

Not recovery console, but repair install.

by seanferd In reply to Is the XP Recovery Consol ...

I'd think it should overwrite the OS entirely, as it will remove all service packs and updates, so have an AV to install before you go online to get updates and service packs.

http://www.webtree.ca/windowsxp/repair_xp.htm
How to Repair Windows XP by Installing Over top of Existing Setup

The link breaks when posted here. It is the one labeled: "How To Remove SP2 using a Repair Install".

Collapse -

To be honest

by Jacky Howe In reply to Is the XP Recovery Consol ...

I think that we have spent far too much time on this, and I have never been happy with a repair install. A repair install will probably require reactivation and service packs to be reinstalled. If you have your Data Backed up, try Sean's first suggestion and wipe the drive with either KillDisk or DBAN and do a fresh install.

Have your motherboard CD handy as well as your Video drivers.

Install your Antivirus software and let it update before accessing the internet. Then use Windows Updates to update the System.

I don't think that the recovery console will be any help here.

LOL.
I never know how much information is required.

Collapse -

Thanks.

by seanferd In reply to To be honest

I was hoping for you take on that. I've never done it myself.

Another note on re-installing:
For your installed software, especially if purchased online, or missing the original packaging, make sure you have any product keys written down so they are not entirely lost. It would be a pain to email multiple vendors to try and get your product key back, if even possible.

Collapse -

Sometimes I will

by Jacky Howe In reply to Thanks.

do a repair install to be able to access a disinfected System, to be able to access their Data and remove it along with product keys. Then it's DBAN for a new lease on life for the hard drive and a reinstall.

Belarc or Siw should give you a list of installed sofware and the product keys.

Collapse -

What other

by Jacky Howe In reply to Q re: XP Pro Sp3 DeviceMg ...

AV removal tools did you use? Do you know the Virus name.

Collapse -

TM trojan classification: Troj_Cutwail.I2

by TerryGH In reply to What other

Jacky -- I had Trend Micro Internet Security 2009 installed and updated, but the email filter disabled due to conflicts with Outlook 2003, and of course TM can't protect me from making a stupid mistake like clicking on a zip file attached to a scam email called "UPS Delivery Problem". Almost immediately I realized I screwed up and ran a full TM scan but it didn't detect it. The next day my net connection started to slow down and the day after that I had no connection at all when I started up the pc on Saturday morning.

Over the next two days or so, via chat with the TM folks, I downloaded and transferred to the infected machine TM's HijackThis which initially detected the malicious files and registry entries, sent them the log and they told me which entries to delete. The last step was TM prepared and I ran a "system cleaner" process which handled some other files not initially detected, ran a full disk cleanup and re-ran the programs which TM reviewed and said the bad files had been removed.

Just yesterday (11/12) they told me they are still working on a better solution, and that TM was calling this Troj_Cutwail.I2 and Spybot calls it Spy.Zbot.YETH. They couldn't find any reference for what Norton calls this virus.

I don?t know if any other a/v provider would have protected me from my own mistake in this case, but I was pleased with Trend Micro?s near 24/7 access to their tech support, especially over the weekend.

Terry

Back to Malware Forum
38 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums