Resolved Clean infected ndis.sys using combo fix

Status
Not open for further replies.

ASauce

Posts: 6   +0
okay, i got this stupid virus two weeks ago, the av suite, i got majority of it off but im still gettin a message that ndis.sys is infected. Svchost keeps opening these ridiculous amounts of process and im not advanced enough to figure what i need to put in notepad to "KILLALL" so help would be greatly aprreciated. Runnig Xp Sp3 w\ 1 gb ram. (if anyone cares). It used to be so fast and now it takes forever to load..
 
im not advanced enough to figure what i need to put in notepad to "KILLALL"

And it's a good thing you didn't try this! I once saw the comment that running Combofix without guidance likened to doing open heart surgery on yourself. So in that same analogy, using the KillAll switch would liken to shutting down the heart/lung machine while you're still connected to it!


If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

When I see these logs, I will make the decision of what additional programs need to be run and if I instruct you to run Combofix, if needed. I will determine what needs to be moved and if the KillAll switch should be used.
 
Okay, After the virus scans i lost access to the internet if that tells you anything but here are the logs....


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4291

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/19/2010 4:31:57 AM
mbam-log-2010-07-19 (04-31-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 70275
Time elapsed: 1 hour(s), 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-19 12:24:43
Windows 5.1.2600 Service Pack 3
Running: 60rf26q2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwqyyfob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9F9E0D0]
SSDT sptd.sys ZwEnumerateKey [0xB9FA3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB9FA4340]
SSDT sptd.sys ZwOpenKey [0xB9F9E0B0]
SSDT sptd.sys ZwQueryKey [0xB9FA4418]
SSDT sptd.sys ZwQueryValueKey [0xB9FA4298]
SSDT sptd.sys ZwSetValueKey [0xB9FA44AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9DCB8AC 5 Bytes JMP 88ADE418

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [B9FB5018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [B9FD79AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [B9FB506C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9F9EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9F9EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9F9EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9F9F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9F9F61E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 88BCE1E8
Device \FileSystem\Fastfat \FatCdrom 88922790
Device \FileSystem\Udfs \UdfsCdRom 8892E1E8
Device \FileSystem\Udfs \UdfsDisk 8892E1E8
Device \Driver\usbohci \Device\USBPDO-0 88B195D0
Device \Driver\usbehci \Device\USBPDO-1 88B1E790
Device \Driver\usbohci \Device\USBPDO-2 88B195D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 88B641E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 88B641E8
Device \Driver\Cdrom \Device\CdRom0 88A8C790
Device \Driver\usbstor \Device\00000065 88A5C790
Device \Driver\Cdrom \Device\CdRom1 88A8C790
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19 [B9F18B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbstor \Device\00000066 88A5C790
Device \Driver\usbstor \Device\0000006b 88A5C790
Device \Driver\usbstor \Device\0000006c 88A5C790
Device \Driver\usbohci \Device\USBFDO-0 88B195D0
Device \Driver\usbstor \Device\0000006d 88A5C790
Device \Driver\usbohci \Device\USBFDO-1 88B195D0
Device \Driver\usbstor \Device\0000006e 88A5C790
Device \Driver\usbehci \Device\USBFDO-2 88B1E790
Device \Driver\usbstor \Device\0000007c 88A5C790
Device \Driver\usbstor \Device\0000006f 88A5C790
Device \Driver\usbstor \Device\0000007d 88A5C790
Device \Driver\Ftdisk \Device\FtControl 88B641E8
Device \FileSystem\Fastfat \Fat 88922790
Device \FileSystem\Cdfs \Cdfs 881681E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x96 0x58 0x5E ...

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Owner at 12:30:20.54 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.889 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1112307167484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276894607968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S0 bmjxlfqf;bmjxlfqf; [x]
S0 tovjlbv;tovjlbv;c:\windows\system32\drivers\xfmjqlin.sys --> c:\windows\system32\drivers\xfmjqlin.sys [?]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-28 136176]
S2 Runtime Service 3.0;Runtime Optimization Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\drivers\MAudioProducer.sys [2009-9-2 158344]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2005-3-30 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2005-3-30 251904]

=============== Created Last 30 ================

2010-07-18 22:48:07 0 d-----w- c:\docume~1\owner\applic~1\Avira
2010-07-18 22:36:07 0 d-----w- c:\windows\system32\NtmsData
2010-07-18 22:22:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-18 22:22:35 0 d-----w- c:\program files\Avira
2010-07-18 22:22:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-16 23:45:05 412 ----a-w- c:\windows\system32\tmp.reg
2010-07-16 07:37:52 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-07-16 04:49:56 0 d-----w- c:\program files\Support Tools
2010-07-16 04:46:44 1917 ----a-w- c:\windows\imsins.BAK
2010-07-16 04:16:20 90313 ----a-w- c:\windows\system32\drivers\NDIS.SY_
2010-07-16 03:52:52 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-10 09:58:03 0 d-----w- c:\program files\Trend Micro
2010-07-09 20:21:55 107846 ----a-w- C:\MGlogs.zip
2010-07-09 20:21:49 0 d-----w- C:\MGtools
2010-07-09 10:23:16 14 ----a-w- c:\windows\system32\tmpPrst.tgz
2010-07-09 09:33:22 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 08:33:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-09 08:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-09 06:31:41 0 d-sha-r- C:\cmdcons
2010-07-09 06:27:22 98816 ----a-w- c:\windows\sed.exe
2010-07-09 06:27:22 77312 ----a-w- c:\windows\MBR.exe
2010-07-09 06:27:22 256512 ----a-w- c:\windows\PEV.exe
2010-07-09 06:27:22 161792 ----a-w- c:\windows\SWREG.exe
2010-07-08 20:01:25 58 ----a-w- c:\windows\RegDefrag.ini
2010-07-08 19:23:42 0 d-----w- c:\program files\WinASO
2010-07-08 10:16:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-08 06:49:32 64 ----a-w- c:\windows\wininit.ini
2010-07-07 21:20:09 47927 ----a-w- c:\windows\system32\ifarmed.html
2010-07-06 10:55:52 0 d-----w- c:\docume~1\alluse~1\applic~1\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}
2010-07-06 07:02:05 38 ----a-w- c:\documents and settings\owner\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 10:29:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-03 08:59:08 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-03 08:46:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 08:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 08:46:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 08:46:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-03 08:05:29 38 ----a-w- c:\windows\system32\online_{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 08:05:22 38 ----a-w- c:\windows\system32\{13ddd2b9-aaf0-4dc2-868a-a346a80869b6}
2010-07-03 05:28:31 58 --sh--w- c:\windows\system32\User.ini
2010-07-03 05:27:03 120 ----a-w- c:\windows\Llibe.dat
2010-07-03 05:27:03 0 ----a-w- c:\windows\Wzevobu.bin
2010-07-03 00:11:06 0 d-----w- c:\docume~1\owner\applic~1\Waves Preferences
2010-07-03 00:00:37 0 d-----w- c:\program files\Waves
2010-07-02 23:59:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-25 04:32:30 20480 ----a-w- c:\windows\system32\wbload.dll
2010-06-22 12:15:34 0 ------w- c:\windows\WB.ini
2010-06-22 12:06:54 42672 ------w- c:\windows\system32\wbsys.dll
2010-06-22 12:06:53 0 d-----w- c:\program files\Stardock
2010-06-22 09:53:31 0 d-----w- c:\program files\NCH Software
2010-06-20 07:53:51 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-06-20 07:53:34 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-06-20 07:52:01 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-06-20 07:44:06 0 d-----w- c:\windows\ie8updates
2010-06-20 07:40:04 0 dc-h--w- c:\windows\ie8
2010-06-20 07:38:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-20 07:38:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-20 07:38:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-20 07:37:57 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-20 01:26:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-20 01:25:11 0 d-----w- C:\Westwood
2010-06-20 00:15:02 0 d-----w- c:\windows\Logs
2010-06-19 20:13:54 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Pro
2010-06-19 20:08:58 8650752 ----a-w- c:\documents and settings\owner\ntuser.dat.bak

==================== Find3M ====================

2010-07-03 05:26:30 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-29 11:56:11 2048 ----a-w- c:\windows\system32\sysprs7.dll
2010-05-28 22:12:20 348160 ------w- c:\windows\system32\msvcr71.dll
2010-05-28 22:12:20 1060864 ------w- c:\windows\system32\mfc71.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 12:30:54.25 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2005 5:48:47 PM
System Uptime: 7/19/2010 2:59:59 AM (10 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3400+ | Socket 939 | 1989/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 26.574 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 112 GiB total, 17.349 GiB free.
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Service: RTL8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0000
Manufacturer: Microsoft
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0000
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0001
Manufacturer: Microsoft
Name: WAN Miniport (IP) - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0001
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
AC3Filter 1.63b
Adobe Flash Player 10 ActiveX
Antares Autotune VST v5.09
Antares AVOX Evo VST RTAS v3.0.2
Arturia Arp2600 V VSTi RTAS v1.6
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Command & Conquer Red Alert 2
DivX Setup
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Loomer Aspect
Luxonix Purity VSTi v1.1.2
M-Audio Producer Driver 6.0.2 (x86)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC8 CRT for Loomer Applications
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Nero 7 Essentials
PowerDVD
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
V-Station 1.50
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/19/2010 4:02:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/19/2010 3:03:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb Fips IPSec MRxSmb NDIS NetBIOS NetBT SASDIFSV SASKUTIL ssmdrv Tcpip
7/19/2010 3:02:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/19/2010 2:52:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD IPSec MRxSmb NDIS NetBIOS NetBT Tcpip
7/19/2010 2:52:28 AM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
7/19/2010 2:50:58 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
7/19/2010 2:50:58 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid.
7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Server service terminated with the following error: The specified driver is invalid.
7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Runtime Optimization Service service terminated with the following error: The specified module could not be found.
7/19/2010 2:50:58 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: The specified driver is invalid.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: The specified driver is invalid.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/19/2010 2:50:58 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
7/19/2010 2:50:58 AM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: The specified driver is invalid.
7/19/2010 2:50:58 AM, error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The specified driver is invalid.
7/19/2010 2:49:27 AM, error: Workstation [5727] - Could not load RDR device driver.
7/19/2010 2:49:27 AM, error: Workstation [5727] - Could not load MRxSmb device driver.
7/19/2010 2:46:10 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
7/19/2010 2:45:33 AM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.
7/19/2010 2:45:33 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The specified driver is invalid.
7/19/2010 2:45:33 AM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.
7/19/2010 2:45:33 AM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The specified driver is invalid.
7/19/2010 2:38:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/19/2010 2:38:49 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
 
Please let me know what you current status is. You showed no restore points and it appears that most of the necessary Services aren't working.
 
i had a broken hard drive. Had it replaced and now we are good to go. Thanks for your help. I appreciate the time
 
Status
Not open for further replies.
Back