This is part two of a three-part story. If you haven't read part one yet, you should do that first.
Back to diagnosing software then. First I check on the server end to see what it sees the client doing via the log kept by the DHCP daemon on my router (a Linux box). It received a discover and issued an offer, but it never received a request for an IP address (which it would respond to with an ack to complete the handshake). Something is very broken here. Next, I check the LSP list in Spybot to see if there's some residual brokenness from the malware I cleaned up--something in the form of a break in the chain caused by a file being deleted, say. No dice.
I check the Event Viewer (Start->Settings->Control Panel->Administrative Tools->Event Viewer or the "easy way" of Win+R, eventvwr.msc) for any hints as to where the failure is occurring. There are a couple of interesting System errors: A couple of services failed to start because "a device attached to the system is not functioning" (DHCP among them), "boot-start or system-start drivers" failing to load (I attributed this to my stint in Safe Mode), and "The Privacyware network service service failed to start due to the following error: The system cannot find the file specified." I check Windows' Services manager (in Control Panel, or Win+R, services.msc) and check the DHCP Client service's dependencies, then check to make sure they're all running. Check. Nothing else looks out of whack there. The Privacyware thing slips my mind and I move on to installed applications.
Now I don't use Add/Remove Programs under Control Panel, and I'll tell you why. I tend to be a power user (maybe you've noticed?), so I have lots of programs installed. The more programs you have, the (exponentially, or so it seems) longer it takes for Add/Remove Programs to populate the list of installed applications. What takes so long, I'm convinced (though I could be wrong) is calculating disk space. For each program, it looks at the location where it's installed and calculates the size of that directory tree. Not only does it take a long time, it's also often incorrect, for applications that share directories and the like. That all being irritating and useless to me, I instead choose to use MyUninstaller. So I load it up and sort by date of install, descending, and am looking through the most recently installed programs. What's interesting at this point isn't what I see, but what I don't see. The antivirus software is there, but Dynamic Security Agent isn't. Odd.
I check under the Start menu and don't find it (much less an uninstall option there). I look under Program Files but don't see it filed under the application name. I google it to find the company name. Privacyware...why does that sound familiar? I go back to Services and locate the Privacyware Network Service service, go to properties, note the file, and browse to it. It is, in fact, missing. Not having any clear way to uninstall it, I decide instead to reinstall it. This time the installation goes swimmingly. It wants to reboot. I reboot.
One of the first things I notice is that I have internet connectivity again. Having found the problem, I set about running all my internet applications (IM, torrent, web browser, etc.) I quickly realize that its process monitor is going to drive me up the wall, so I turn that off. I check in with AVG to see how its scan is going (it started a Complete Scan in the background hours ago, but with all my crap and the multiple reboots, it has yet to finish it). I open up AVG's Control Center by accident, instead. In just clicking around, getting used to the program, I go to open the Virus Vault.
Blue Screen of Death.
DRIVER_IRQL_NOT_LESS_OR_EQUAL in PWIPF6.SYS
As soon as I'm back into Windows, I google it. Nothing? Hmm. I google just PWIPF6.SYS. It's not an AVG driver that crashed--that driver belongs to DSA2. Thinking that maybe it's a fluke, I open up the AVG Control Center and try it again. Same BSOD. Next time I'm in, I try something different in the Control Center (can't recall what) and get the same BSOD.
Continue reading with part three.
No comments:
Post a Comment