TechSpot

Clean infected ndis.sys using combo fix

By ASauce
Jul 18, 2010
  1. okay, i got this stupid virus two weeks ago, the av suite, i got majority of it off but im still gettin a message that ndis.sys is infected. Svchost keeps opening these ridiculous amounts of process and im not advanced enough to figure what i need to put in notepad to "KILLALL" so help would be greatly aprreciated. Runnig Xp Sp3 w\ 1 gb ram. (if anyone cares). It used to be so fast and now it takes forever to load..
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    And it's a good thing you didn't try this! I once saw the comment that running Combofix without guidance likened to doing open heart surgery on yourself. So in that same analogy, using the KillAll switch would liken to shutting down the heart/lung machine while you're still connected to it!


    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    When I see these logs, I will make the decision of what additional programs need to be run and if I instruct you to run Combofix, if needed. I will determine what needs to be moved and if the KillAll switch should be used.
     
  3. ASauce

    ASauce TS Rookie Topic Starter

    Okay, After the virus scans i lost access to the internet if that tells you anything but here are the logs....


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4291

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    7/19/2010 4:31:57 AM
    mbam-log-2010-07-19 (04-31-57).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 70275
    Time elapsed: 1 hour(s), 12 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-19 12:24:43
    Windows 5.1.2600 Service Pack 3
    Running: 60rf26q2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwqyyfob.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xB9F9E0D0]
    SSDT sptd.sys ZwEnumerateKey [0xB9FA3FB2]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9FA4340]
    SSDT sptd.sys ZwOpenKey [0xB9F9E0B0]
    SSDT sptd.sys ZwQueryKey [0xB9FA4418]
    SSDT sptd.sys ZwQueryValueKey [0xB9FA4298]
    SSDT sptd.sys ZwSetValueKey [0xB9FA44AA]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload B9DCB8AC 5 Bytes JMP 88ADE418

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [B9FB5018] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [B9FD79AE] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9F9EAD4] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9F9EC1A] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9F9EB9C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9F9F748] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9F9F61E] sptd.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 88BCE1E8
    Device \FileSystem\Fastfat \FatCdrom 88922790
    Device \FileSystem\Udfs \UdfsCdRom 8892E1E8
    Device \FileSystem\Udfs \UdfsDisk 8892E1E8
    Device \Driver\usbohci \Device\USBPDO-0 88B195D0
    Device \Driver\usbehci \Device\USBPDO-1 88B1E790
    Device \Driver\usbohci \Device\USBPDO-2 88B195D0
    Device \Driver\Ftdisk \Device\HarddiskVolume1 88B641E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 88B641E8
    Device \Driver\Cdrom \Device\CdRom0 88A8C790
    Device \Driver\usbstor \Device\00000065 88A5C790
    Device \Driver\Cdrom \Device\CdRom1 88A8C790
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\usbstor \Device\00000066 88A5C790
    Device \Driver\usbstor \Device\0000006b 88A5C790
    Device \Driver\usbstor \Device\0000006c 88A5C790
    Device \Driver\usbohci \Device\USBFDO-0 88B195D0
    Device \Driver\usbstor \Device\0000006d 88A5C790
    Device \Driver\usbohci \Device\USBFDO-1 88B195D0
    Device \Driver\usbstor \Device\0000006e 88A5C790
    Device \Driver\usbehci \Device\USBFDO-2 88B1E790
    Device \Driver\usbstor \Device\0000007c 88A5C790
    Device \Driver\usbstor \Device\0000006f 88A5C790
    Device \Driver\usbstor \Device\0000007d 88A5C790
    Device \Driver\Ftdisk \Device\FtControl 88B641E8
    Device \FileSystem\Fastfat \Fat 88922790
    Device \FileSystem\Cdfs \Cdfs 881681E8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...

    ---- EOF - GMER 1.0.15 ----



    DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
    Run by Owner at 12:30:20.54 on Mon 07/19/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.889 [GMT -7:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = <local>
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1112307167484
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276894607968
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
    AppInit_DLLs: c:\windows\system32\wbsys.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    S0 bmjxlfqf;bmjxlfqf; [x]
    S0 tovjlbv;tovjlbv;c:\windows\system32\drivers\xfmjqlin.sys --> c:\windows\system32\drivers\xfmjqlin.sys [?]
    S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-28 136176]
    S2 Runtime Service 3.0;Runtime Optimization Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\drivers\MAudioProducer.sys [2009-9-2 158344]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2005-3-30 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2005-3-30 251904]

    =============== Created Last 30 ================

    2010-07-18 22:48:07 0 d-----w- c:\docume~1\owner\applic~1\Avira
    2010-07-18 22:36:07 0 d-----w- c:\windows\system32\NtmsData
    2010-07-18 22:22:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-18 22:22:35 0 d-----w- c:\program files\Avira
    2010-07-18 22:22:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-07-16 23:45:05 412 ----a-w- c:\windows\system32\tmp.reg
    2010-07-16 07:37:52 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
    2010-07-16 04:49:56 0 d-----w- c:\program files\Support Tools
    2010-07-16 04:46:44 1917 ----a-w- c:\windows\imsins.BAK
    2010-07-16 04:16:20 90313 ----a-w- c:\windows\system32\drivers\NDIS.SY_
    2010-07-16 03:52:52 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-07-10 09:58:03 0 d-----w- c:\program files\Trend Micro
    2010-07-09 20:21:55 107846 ----a-w- C:\MGlogs.zip
    2010-07-09 20:21:49 0 d-----w- C:\MGtools
    2010-07-09 10:23:16 14 ----a-w- c:\windows\system32\tmpPrst.tgz
    2010-07-09 09:33:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-09 08:33:19 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-09 08:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-09 06:31:41 0 d-sha-r- C:\cmdcons
    2010-07-09 06:27:22 98816 ----a-w- c:\windows\sed.exe
    2010-07-09 06:27:22 77312 ----a-w- c:\windows\MBR.exe
    2010-07-09 06:27:22 256512 ----a-w- c:\windows\PEV.exe
    2010-07-09 06:27:22 161792 ----a-w- c:\windows\SWREG.exe
    2010-07-08 20:01:25 58 ----a-w- c:\windows\RegDefrag.ini
    2010-07-08 19:23:42 0 d-----w- c:\program files\WinASO
    2010-07-08 10:16:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-07-08 06:49:32 64 ----a-w- c:\windows\wininit.ini
    2010-07-07 21:20:09 47927 ----a-w- c:\windows\system32\ifarmed.html
    2010-07-06 10:55:52 0 d-----w- c:\docume~1\alluse~1\applic~1\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
    2010-07-06 07:02:05 38 ----a-w- c:\documents and settings\owner\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
    2010-07-03 10:29:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-03 08:59:08 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2010-07-03 08:46:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-03 08:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-03 08:46:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-03 08:46:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-07-03 08:05:29 38 ----a-w- c:\windows\system32\online_{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
    2010-07-03 08:05:22 38 ----a-w- c:\windows\system32\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
    2010-07-03 05:28:31 58 --sh--w- c:\windows\system32\User.ini
    2010-07-03 05:27:03 120 ----a-w- c:\windows\Llibe.dat
    2010-07-03 05:27:03 0 ----a-w- c:\windows\Wzevobu.bin
    2010-07-03 00:11:06 0 d-----w- c:\docume~1\owner\applic~1\Waves Preferences
    2010-07-03 00:00:37 0 d-----w- c:\program files\Waves
    2010-07-02 23:59:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-25 04:32:30 20480 ----a-w- c:\windows\system32\wbload.dll
    2010-06-22 12:15:34 0 ------w- c:\windows\WB.ini
    2010-06-22 12:06:54 42672 ------w- c:\windows\system32\wbsys.dll
    2010-06-22 12:06:53 0 d-----w- c:\program files\Stardock
    2010-06-22 09:53:31 0 d-----w- c:\program files\NCH Software
    2010-06-20 07:53:51 0 d-sh--w- c:\documents and settings\owner\IECompatCache
    2010-06-20 07:53:34 0 d-sh--w- c:\documents and settings\owner\PrivacIE
    2010-06-20 07:52:01 0 d-sh--w- c:\documents and settings\owner\IETldCache
    2010-06-20 07:44:06 0 d-----w- c:\windows\ie8updates
    2010-06-20 07:40:04 0 dc-h--w- c:\windows\ie8
    2010-06-20 07:38:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-20 07:38:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-20 07:38:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-20 07:37:57 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-06-20 01:26:40 0 d-----w- c:\windows\system32\wbem\Repository
    2010-06-20 01:25:11 0 d-----w- C:\Westwood
    2010-06-20 00:15:02 0 d-----w- c:\windows\Logs
    2010-06-19 20:13:54 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Pro
    2010-06-19 20:08:58 8650752 ----a-w- c:\documents and settings\owner\ntuser.dat.bak

    ==================== Find3M ====================

    2010-07-03 05:26:30 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
    2010-05-29 11:56:11 2048 ----a-w- c:\windows\system32\sysprs7.dll
    2010-05-28 22:12:20 348160 ------w- c:\windows\system32\msvcr71.dll
    2010-05-28 22:12:20 1060864 ------w- c:\windows\system32\mfc71.dll
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 12:30:54.25 ===============
     
  4. ASauce

    ASauce TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/30/2005 5:48:47 PM
    System Uptime: 7/19/2010 2:59:59 AM (10 hours ago)

    Motherboard: ASUSTek Computer INC. | | Amberine M
    Processor: AMD Sempron(tm) Processor 3400+ | Socket 939 | 1989/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 93 GiB total, 26.574 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (FAT32) - 112 GiB total, 17.349 GiB free.
    K: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
    Service: RTL8023xp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (L2TP)
    Device ID: ROOT\MS_L2TPMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (L2TP)
    PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
    Service: Rasl2tp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (IP)
    Device ID: ROOT\MS_NDISWANIP\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (IP)
    PNP Device ID: ROOT\MS_NDISWANIP\0000
    Service: NdisWan

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (PPPOE)
    Device ID: ROOT\MS_PPPOEMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (PPPOE)
    PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
    Service: RasPppoe

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (PPTP)
    Device ID: ROOT\MS_PPTPMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (PPTP)
    PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
    Service: PptpMiniport

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Packet Scheduler Miniport
    Device ID: ROOT\MS_PSCHEDMP\0000
    Manufacturer: Microsoft
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
    PNP Device ID: ROOT\MS_PSCHEDMP\0000
    Service: PSched

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Packet Scheduler Miniport
    Device ID: ROOT\MS_PSCHEDMP\0001
    Manufacturer: Microsoft
    Name: WAN Miniport (IP) - Packet Scheduler Miniport
    PNP Device ID: ROOT\MS_PSCHEDMP\0001
    Service: PSched

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Direct Parallel
    Device ID: ROOT\MS_PTIMINIPORT\0000
    Manufacturer: Microsoft
    Name: Direct Parallel
    PNP Device ID: ROOT\MS_PTIMINIPORT\0000
    Service: Raspti

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    ĀµTorrent
    AC3Filter 1.63b
    Adobe Flash Player 10 ActiveX
    Antares Autotune VST v5.09
    Antares AVOX Evo VST RTAS v3.0.2
    Arturia Arp2600 V VSTi RTAS v1.6
    ATI Display Driver
    Avira AntiVir Personal - Free Antivirus
    Command & Conquer Red Alert 2
    DivX Setup
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Loomer Aspect
    Luxonix Purity VSTi v1.1.2
    M-Audio Producer Driver 6.0.2 (x86)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC8 CRT for Loomer Applications
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Nero 7 Essentials
    PowerDVD
    Realtek AC'97 Audio
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    SUPERAntiSpyware Free Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    V-Station 1.50
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Support Tools
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    7/19/2010 4:02:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    7/19/2010 3:03:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb Fips IPSec MRxSmb NDIS NetBIOS NetBT SASDIFSV SASKUTIL ssmdrv Tcpip
    7/19/2010 3:02:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/19/2010 2:52:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD IPSec MRxSmb NDIS NetBIOS NetBT Tcpip
    7/19/2010 2:52:28 AM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
    7/19/2010 2:50:58 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
    7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Server service terminated with the following error: The specified driver is invalid.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Runtime Optimization Service service terminated with the following error: The specified module could not be found.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: The specified driver is invalid.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: The specified driver is invalid.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: The specified driver is invalid.
    7/19/2010 2:50:58 AM, error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The specified driver is invalid.
    7/19/2010 2:49:27 AM, error: Workstation [5727] - Could not load RDR device driver.
    7/19/2010 2:49:27 AM, error: Workstation [5727] - Could not load MRxSmb device driver.
    7/19/2010 2:46:10 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    7/19/2010 2:45:33 AM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.
    7/19/2010 2:45:33 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The specified driver is invalid.
    7/19/2010 2:45:33 AM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.
    7/19/2010 2:45:33 AM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The specified driver is invalid.
    7/19/2010 2:38:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/19/2010 2:38:49 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you disable all of the Services?
     
  6. ASauce

    ASauce TS Rookie Topic Starter

    Am i supposed to bcuz i havent
     
  7. ASauce

    ASauce TS Rookie Topic Starter

    done it before u asked me...sorry im writng this on a ps3 tryin to get this right
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please let me know what you current status is. You showed no restore points and it appears that most of the necessary Services aren't working.
     
  9. ASauce

    ASauce TS Rookie Topic Starter

    i had a broken hard drive. Had it replaced and now we are good to go. Thanks for your help. I appreciate the time
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks for the update.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...