Sunday, April 13, 2008

Weekend HelpDesk Warrior: tfsnifs.sys

The Red Phone Rings

Friday night, a call came into to the Valca Help Line.

It was a voice I hadn't heard from in over a year...one of our former pastors (and who also officiated Lavie and I's wedding).

For the most part, there is a select handful of folks who I do "off-the-clock" system support for; parents, one or two friends, and this special pastor.  Other IT co-workers of mine seem to have a number of these side-job enterprises they engage in.  For some reason I prefer to share my help through this blog with the masses.

Anyway, like I said it had been just over a year since my last repair session.  I took it as a good sign that he hadn't called; either he was out of the country again on missionary work or my configurations have kept him out of trouble that long.

We agreed for me to stop by early Saturday morning and take a look at his system; a Dell 8300 desktop, running Windows XP Home.

Recon

So I showed up as scheduled.  I had spent the night before making fresh sysadmin tools to take with me.  In my new job a project-lead I don't generally bring my work laptop and software kit home with me on the weekends.  I burned up an older copy of my custom boot-disk and auto-run utility disk for which I keep an ISO around, along with a fresh version of VistaPE boot disk.  I also updated my USB-hockey-puck drive with my ever-growing collection of standalone sysadmin programs.

Armed with these tools I began assessing his system.

The primary problem was that his CD-ROM tray would not stay closed.  It would close, then pop-open again.  And the sound was out on his system.

Because the CD-ROM tray was wonky, he couldn't burn backup files of his extensive Quicken account.  This was the major concern.

First thing I did was to fire-up Process Explorer and AutoRuns for Windows looking for any malicious processes that might get in the way of any ongoing work.  Fortunately it was clean and clear.

A quick assessment told me that I needed to focus my attention on updating the system and programs before I dealt with the sound and CD-ROM issues.

Let the Updates Begin

I checked for Windows Updates.  Those were in good shape thanks to my setting Windows Update to automatically download and install.  I did have to manually install Internet Explorer 7 as he had waved that update off not knowing if it should be done.  I also had to bring Firefox out of the 1.5 build up to the 2.x builds.

A "Custom" Windows Update scan found about five hardware drivers that needed updating. Done.

He had already purchased Norton Security Suite (ugh) so his system was running a bit boggy, but as he had paid his hard-earned $, no sense in pulling it off right now.  We will consider moving to AVG Free or Avast! free once his "subscription" for Norton's ends in a few more months.  I did have to download and apply an update to Norton's.  That process took about forty minutes, even with a DSL connection.  Yuck.

We had previously disabled the firewall component of Norton's suite and he was using ZoneAlarm.  However, based on the system performance I was observing (just 512MB RAM) I took ZA off and switched to Sunbelt Personal Firewall instead.  It is considerably lighter in the system RAM needs and he just really needs inbound firewall protection only.

Curiously, when I applied the Norton's update, it re-engaged the Norton's firewall on-top of the already running Sunbelt Firewall.  Odd that it allowed two firewalls to run at the same time. Granted, it did present a dire warning about Norton not being compatible with Sunbelt Firewall and helpfully recommended I uninstall it first. I didn't.  I did re-disable the Norton Firewall and all was well again.

I had to install Java SE. I can't believe I hadn't done that before on this system.

Adobe Reader got updated to version 8 from 7.

I upgraded SpyBot to the latest version.  We pulled off Ad-Aware SE and installed Ad-Aware 2007.

Scans turned up a minor malware apps and a number of cruddy URL drops and cookies.

I then ran The Secunia Software Inspector.  It reported all was well expect for a Flash update (which was on my list of things still to do).

I disabled a few unnecessary auto-run items.

With the system humming along much nicer, I turned my attention to the CD-ROM tray and sound.

Houston, We have a problem....

First thing I wanted to to was review the status of the system Hardware/drivers

I right-clicked on the "My Computer" icon and selected "Properties".

And was slammed in face with a Windows dialog box notifying me that the security properties set on the system have restricted access to that element by the administrator. Something along the lines of "This operation has been canceled due to restrictions...”

Hmmm.  Don't recall doing that.

So I went looking for the Control Panel so I could check the user account. Only the Control Panel had been removed from the Start menu.

So I tried launching it via the Run box by typing "control" only I got the same error message.

Then I tried running specific control panel items to launch via the Run box.  None worked.

I booted in Safe Mode to get to the Administrator account on the system. Nope.  Same lockdown here.

Now I was getting frustrated.

In the end I fixed it by using Doug Knox's Windows XP Security Console utility.  I download this free (limited) tool and ran it.  Going through the options I found the setting where it had been disabled.  I re-enabled it and rebooted the system.  All was back to normal.  Seems like a malware event had tripped that setting.

I later found this post "Unable to open Control Panel In Windows XP" over at TechieZone that has some additional techniques for dealing with this "Restricted Control Panel" situation.

To the Drive!

Now that I was able to access the Device Manager view of the system, I checked the drivers and hardware device state.  All were well and no errors were seen.

I shut down the PC and opened up the case.  I extracted the CD-ROM drive from the chassis for inspection.  I had already counseled that my friend might need to make a trip to the local GoodPurchase store to pick up a new CD-ROM write drive.

Older Dell systems such as this have funny case inserts that create a facade in front of the CD-ROM drives.  As such it is hard to see them without the drive removed.

Looking at it I saw where the drive clearly was not allowing the tray to fully retract and when the tray was fully pushed in, it was sitting at an angle and not-flush to the drive body.

I opened and closed the tray a few times and finally with a bit of pressure on the tray "CLICK" the drive tray re-seated itself in its track.

A quick reassembly later and reboot showed the drive tray working perfectly again.  I took a music CD and it accepted it, closed fully, and played wonderfully...well, without sound, but to that in a minute.

That problem was fixed.

TFSNIFS.SYS BSOD?!!!

So we fired up Quicken and attempted to write a save of a Quicken backup file to the drive. Only it wouldn't save.

Seems the CR-ROM disk had gotten something corrupted on it as it would not be written to.

Happens.

In the process, Quicken would lock up (as well as the system).  This is what led originally to my friend borking the CD-ROM tray to begin with attempting to extract the "stuck" disk.

So we rebooted and set that disk to the side.

Then we tried a different CD-R disk which worked fine for the copy.

Only when I ejected it when done, the system BSOD'ed due to tfsnifs.sys.

Hmmm.  Anytime I see an unknown process, unfortunately named "*snifs*" I get concerned. Looks like a very bad thing.

Another reboot later and some Google work turned up that it was, in fact, a system driver related to Sonic's Drive Letter Access (DLA) which shipped with the Dell system and allowed direct writing/reading to a formatted (but not closed) CD-R disk. Not bad, but terribly named.

We tried two more fresh CD-R disks and they worked great, right up until ejection when the BSOD reared its head again.

I uninstalled the DLA software, then the Sonic software. Reboot.

We dusted off his original Dell system disks and I reinstalled the DLA software and the Sonic software. Reboot.

Further tests found no more BSOD's.  CD-R's formatted fine again and disks could be inserted, written to, then ejected with no more errors.

Whew.  That was a close one.

A Sound Ending

I figured the sound issue would be pretty easy to diagnose.

I checked the speaker cable connections and wiring.  All were correctly plugged in.

I checked the speaker set, it had power and the knobs were all turned up.  I could hear a faint "hum" from the speakers.  I checked the system sound settings. Drivers were good, mute was not enabled.  Various CD's and YouTube tests still presented no sound output.

So I checked the sound card.

I disconnected the speaker wire and connected a set of headphones directly to that output jack.

Yeah!  Sound spilled forth.

Turns out the external speaker set had gone bad in the amplifier unit.

Knowing my friend's sound needs, I simply recommended picking up a new set of two mini-speakers for his system for about a Jackson.

In all, I think I spent close to six hours visiting, working, and trading stories from our common past.

I did recommend he visit Crucial.com and showed him how to run a RAM scan test. I advised him to consider upgrading his 512MB RAM system to 1.5 or 2 GB of RAM.  Lucky guy's 8300 system actually comes with four slots on the system-board so he could (technically) upgrade to 4 GB.  However his needs would only justify a 1.5 to 2GB RAM configuration.  And the prices remain quite good.

It was a great system-repair visit and all turned out well.  He generously share a few $ with me for my efforts. Enough to get my hair skinned down and flat-topped and then take the girls and Mom out for a pleasant dinner at the local Dead Lobster.

Case closed.

--Claus

2 comments:

Anonymous said...

Your comments about Norton Firewall don't surprise me, it is a very dominating program, which was why I removed it as soon as I got my Vista system up and running. Thanks for the tip on The Secunia Software Inspector, I going to a blog entry on that little later, now busy upgrading applications that I didn't know where out-of-date.

Anonymous said...

Hi Guru,

It's nice to be "kick'in" it with the gang again.

I love Secunia's products; not just their on-line PSI scanner, but they also have a rockin' local application as well that you can download and install for free.

It is hands-down better for supporting your own system; while I do use and recommend the on-line version for quick checkups and field-visit support.

Check out these posts:

Secunia Personal Software Inspector RC-1: Wowzers!

Software Vulnerability Scanner for the Masses

Definately both winners.

I look forward to reading your post review on Secunia soon as well!

Cheers!