I have multiple issues with a laptop and suspect that they may all be somehow related, or were either caused by a rootkit, or simply by corrupted windows files. I thought I should present all issues together as they may give clues to a root cause.
Harware: Lennovo Notebook Model G570
OS: Win 7 Professional 64 bit +
1. Unable to start service: Diagnostic Policy Service (Error 5)
2. Windows unable to load drivers for ten Network Adapters (code 31)
3. Windows updates fail
1. Fixed three network adapters, and am able to detect wifi networks and connect to internet again
2. Restored windows firewall and related services
My wife asked me to fix her laptop when she lost the ability to connect to internet. I began investigating and found that the laptop was not able to discover any wireless networks.
Unable to start Diagnostic Policy Service (error 5)
I first tried to use the windows troubleshooting feature, but was unable to proceed. This is because the Diagnostic Policy Service cannot be started. I checked it in services.msc; It was set to automatic, but not started. When I attempt to start it manually, I receive the following error:
Windows could not start the Diagnostic Policy Service on Local Computer.
Error 5: Access is denied.
I searched for information on how to resolve this, and found some fixes that have worked for other users, but unfortunately not for me. For example, I checked some registry keys with regedit.exe, though did not identify anything that appeared in need of change. HKLM/system/currentcontrolset/services/DPS
Permissions of the above two keys showed that Administrators account has full control, and the account I log into is an Administrator account, and I always run regedit.exe, services.msc, and command prompts in Administrator mode.
Unable to start Windows Firewall Services
While investigating registry and service issues, I also discovered that the Windows Firewall services could not be started. I ran the MS windows FixIt application to no avail.
I was able to do that by verifying registry keys and using some command prompts, including
Net localgroup administrators /add network service
Net localgroup administrators /add localservice
Windows unable to load drivers for ten Network Adapters (code 31)
I opened device manager and discovered that every single device listed under network adapters indicated an error (as evidenced by the triangular yellow exclamation point symbol).
I checked the properties of each device and found the same status:
Device Status: This device is not working properly because Windows cannot load the drivers required for this device. (Code 31).
I intended to uninstall and reinstall the drivers for each. On first attempt, I was able to uninstall only 2 of 13 network adapters; Those the only two which are actual hardware devices (NIC card and Bluetooth card) or at least for which I had non-windows drivers.
For the two hardware network devices, I was able to install the latest drivers and they seem to be working properly (as indicated by their Device Status within properties window). From this point in time, the laptop was able to discover wifi networks and connect to the internet again.
I suspect that the remaining eleven network adapters, that they are either virtual devices or devices which normally rely upon windows drivers. Regarding these generic (or virtual) network adapters, I was able to disable them. After I disabled all eleven and then re-enabled them, one of them (Microsoft Virtual Wifi Miniport Adapter) seemed to have reloaded the windows driver correctly, as its status shows that it is now working properly.
Windows Updates Fail:
Something interesting I noted when comparing the registry of this problem laptop with a problem free laptop (which is running fine and has same OS installed) is that there are some differences in existing accounts.
On the problem laptop, there is a CREATOR OWNER account, which does not always have full control. And on the problem free laptop, there is the TrustedInstaller account, which has more control than even the admisitrator accounts in most cases. I read that Trusted Installer account has something to do with automated Windows updates being installed properly, so suspect that perhaps I need to create the trusted Installer account for some of the registry keys and make the TrustedInstaller account the owner” of some keys (?) – if so, then I do not know which registry keys TrustedInstaller needs to own.
I have tried to install the updates just after a fresh boot with all services except for Windows services turned off.
I suspect that the auto installation fail issue may be related to .NET framework. I used to use this laptop for business purposes and an IT guru was performing some tweaks (including installing the attest version of NET framework and some related configurations) in order to allow my laptop to run company custom software applications. I am no longer with that company, and have no contact with that particular IT person. I read one solution where the .NET Framework had to be uninstalled, then still, a windows repair disc (and I no longer have my disc) had to be used to resolve the windows update auto install fail issue. I am unsure as to whether I may uninstall .Net Framework without possibly causing more problems.
I should add that along the way, I have also done
full scans using Avast
full scan using Malaware bytes (fixed three minor issues)
performed scannow via command prompt and found no issues.
I performed disccheck and did recover a few bad sectors of the HD.
Ran Farbar, no issues found.
Ran combofix after which the laptop was unable to function beyond logging into user account and had to restore.
Ran online scan from eset: (in process)
Discovered that my antivirus (Avast) had been turned off – all shields were stopped and I am unable to start them again (unable to start the shield; Shield unreachable).
I have not yet ruled out Root Kits, as I have very little experience and proficiency with soft tools to handle them. I do suspect that the cause for all of these problems are corrupted windows files caused by sudden loss of power.
My wife often runs the laptop on adapter with no battery (so as to conserve battery life), and will sometimes not wait for the computer to shut down completely before moving it from one location to another. I suspect this has happened routinely. I had a chat with her today to emphasize the importance of allowing the computer to shut down completely, and she now understands, especially since I spent most of my free time over the past several days trying to fix these issues.
I should also note that I have only one restore point, which I made after I was just recently able to restore internet connectivity and windows firewall (not before all of these other issues appeared).
My apologies that I am not able to provide finer details of my troubleshooting efforts. I wish that I had kept. I used to keep more detailed troubleshooting logs while working on these kinds of issues all the time. But with both available information being shared on the internet, and my technical experience continuing to grow, I had become able to resolve most any of these kinds of problems quite proficiently, and somehow lost the good habit of keeping logs. I will regain that good habit.