• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

Vista Hardware Driver Removal

Sorry - I must admit it had slipped my mind!

Please download the latest SFCFix from here https://www.sysnative.com/forums/downloads/sfcfix/ and save it to your desktop (to make it easy to find!)
double-click on it to run it, and accept the UAC prompt.

It will create a log file on the desktop - please upload that to your reply.
That'll give me something to work with
Please also (just in case things have changed, please also run SFC and CheckSUR again and post the new CBS folder
 
OK - here's the 'bad news summary'...
CheckSUR
Code: 
Checking Component Watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
SFCFix
Code: 
AutoAnalysis::
WARNING: Failed to backup registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520.
FIXED: Orphaned component Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520) on component watchlist.
FIXED: Orphaned component Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520) on component watchlist.
FIXED: Orphaned component Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520) on component watchlist.
FIXED: Orphaned component Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520) on component watchlist.
WARNING: Failed to backup registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5.
FIXED: Orphaned component Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5) on component watchlist.
FIXED: Orphaned component Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5) on component watchlist.
FIXED: Orphaned component Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5) on component watchlist.
FIXED: Orphaned component Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 (x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5) on component watchlist.
 
SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     0
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          8
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.


SFC results weren't in the CBS.log - they must have rolled into the latest CBSPersist log - please post that.
Also, please run SFCFix again, and then upload the new SFCFix.txt log file.
 
Ah - scratch the request for the CBSPersist - our last posts crossed :)
There are no errors in the latest SFC log, and nothing in the background of the CBS data either.
 
Ok

So where are we at now then.

I still can not install the driver for the LAN Adapter.

The error message I get now in the device properties window is




The drivers for this device are not installed. (Code 28)
The requested device registry key does not exist.
 
Please upload your Event logs - I'll take a look when I get back this afternoon...

Please open Event Viewer


In the left pane, navigate to the Windows Logs


right-click on Applications and select 'Save all events as...' save as Apps.evtx


repeat for the System logs - save as Sys.evtx


Compress both files, and attach to your reply or upload to your reply

Also - please runSFCFix again and post the new SFCFix.txt log file - I need to check that it's clear now - and run CheckSUR again, and post the new CheckSUR log (which will hopefully be clear)
 
You have some odd errors in the System log -
Code: 
The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.
The following boot-start or system-start driver(s) failed to load: ElbyCDIO, nbraw
The risdptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
The Application logs also show some interesting errors (most from the above problems)...
IExplore crashed referencing d3d11.dll

ALso, I suspect that this one is the one that you are seeing when you attempt to install your drivers?
Product: Intel(R) Network Connections -- Cannot install drivers. No Intel(R) Adapters are present in this computer.

I see references to both AVG and MSE in there - which if this is the case, will certainly cause problems. you need to decide on one only, and uninstall the other ( would suggest keeping MSE, at least for the moment - and running the AVG 2013 remover tool from http://www.avg.com/gb-en/utilities )


The first error in the list is concerning - it may well be residuals from a cured rootkit (My skills in this area are limited - so I'm going to ask for assistance here)
The ElbyCDIO is from Elby Virtual CD - you should probably uninstall (and reinstall?) that.
The nbraw error - I can't find much/any information on, so we'll have to see if we can find something on your machine. (more later)




The CheckSUR result is disappointing -
Code: 
Checking Component Watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_28_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_0.0.0.0_en-us_41606b1d436caeb5 Package_103_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_26_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
(f) CBS Watchlist Component Missing 0x80070002 x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_0.0.0.0_none_9a2d0de766165520 Package_101_for_KB970158~31bf3856ad364e35~x86~~6.0.1.9 Package registry presence failed, possibly an orphaned package on package watchlist
I had hoped from the SFCFIx scan results, that it had fixed these errors :( - but it seems likely that there are deeper problems than normal, so I'll have to pass the buck back again.

Meanwhile, back to 'nbraw'

Please open an Elevated Command Prompt, and run the following commands

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\nbraw
REG QUERY HKLM\System\Enum\Root\LEGACY_nbraw
REG QUERY HKLM\System\Enum\Root\nbraw

Post the results.

Also, in Device Manager click on the View option in the toolbar, and select View hidden devices
with luck there will be an entry there for 'nbraw' - probably with an error flag on it - please copy the details to your reply, so we can try and find out what it is.
 
Results of Reg queries.



C:\Users\darren>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\nbraw
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nbraw
ImagePath REG_EXPAND_SZ System32\drivers\evffvxeh.sys
Start REG_DWORD 0x0
Type REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
eypuccu REG_SZ C:\Windows
rphyan REG_DWORD 0x2e9c6
Group REG_SZ System Reserved

C:\Users\darren>REG QUERY HKLM\System\Enum\Root\LEGACY_nbraw
ERROR: The system was unable to find the specified registry key or value.
C:\Users\darren>REG QUERY HKLM\System\Enum\Root\nbraw
ERROR: The system was unable to find the specified registry key or value.
C:\Users\darren>
 
I am almost certain that the nbraw service is the result of malware - there are no references to the filename in Google, and the other values present make no sense in normal terms.

I would recommend removing the key after backup
First, please check for the existence of that file - if present (it shouldn't be), then upload it to virustotal.com and see what that has to say about it.
 
I searched the entire harddrive for nbraw and evffvxeh.sys and they do not seem to exist on my drive.
 
OK - we'll delete the Key then.
First, the backup - just in case.
Run this command in an Elevated Command Prompt

REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\nbraw /S >%userprofile%\desktop\npbackup.txt

That will create a text file on your desktop (npbackup.txt) for safekeeping - not that I think you'll need it!
now the deletion...
Run this command

REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\nbraw

Assuming it completes OK, reboot.
Have you uninstalled Elby yet?
If not, please do so.
Please run the following commands in an Elevated Command Prompt -

SC QUERYEX risdptsk
REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\risdptsk

post the results.
 
C:\Users\darren>SC QUERYEX risdptsk
SERVICE_NAME: risdptsk
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1058 (0x422)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\darren>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\risdptsk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk
Type REG_DWORD 0x1
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\risdptsk.sys
Group REG_SZ SD / MMC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\risdptsk\Enum
 
This service appears to be related to Ricoh drivers - Do you have any such installed?
While the service is having problems starting, it doesn't appear to be because of being disabled.
The service is set to Auto (delayed start), but is failing to start properly.
Perhaps there are problems with its driver - let's see if there are any obvious errors there.
Please open Device Manager and click on the View option in the toolbar - click on View hidden devices.

Are there any items with yellow triangles and an exclamation mark? - or red crosses?

if so, please note their names and referenced driver files and post back with details.
 
The only device with a yellow triangle and exclamation mark is the manually installed "Intel PRO/1000 MT Mobile Connection" Lan Adapter device using driver e1g60i32.sys, please see screen shot image.

Intel PRO 1000 MT Drive SS 01.jpg
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top