124 replies to this topic

[sUΒs]

Did these characters '\0' get stripped from the log when you posted it ?

[sUΒs]

Please attach the log. The forum software is stripping characters from it

[Joecastle]

Sorry,

The first one I ran in safe mode. This I ran in normal mode but had to hard boot into safe mode to copy it to the junk drive..

catchme 0.3.1169.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 23:03:13
Windows 5.1.2600

scanning processes ...

System [4]
C:\WINDOWS\SYSTEM32\SMSS.EXE [400] 0xFFAFE1F0
C:\WINDOWS\SYSTEM32\CSRSS.EXE [476] 0xFFAC4DA8
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [500] 0xFFB30020
C:\WINDOWS\SYSTEM32\SERVICES.EXE [544] 0x8112AA58
C:\WINDOWS\SYSTEM32\LSASS.EXE [556] 0x811C3020
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [716] 0xFFB54DA8
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [848] 0x8119B020
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [952] 0xFFB54608
C:\WINDOWS\System32\alg.exe [1016] 0x81212BF8
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE [1028] 0xFFB16DA8
C:\WINDOWS\SYSTEM32\USERINIT.EXE [1124] 0xFFB97DA8
C:\WINDOWS\EXPLORER.EXE [1156] 0xFFBC61D8
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE [1168] 0xFFAD9118
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\aolserv.exe [1192] 0xFFB70020
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [1264] 0xFFB31BF0
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1344] 0xFFAA9BF0
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WLSERVICE.EXE [1368] 0xFFB0CDA8
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WUSB54GSC.EXE [1388] 0xFFB6E570
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE [1456] 0xFFAAD7D0
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [1464] 0xFFABF220
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE [1472] 0xFFB048E0
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE [1480] 0xFFBA33D0
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE [1492] 0xFF8F0020
C:\WINDOWS\System32\cmd.exe [1608] 0xFFB11A58
C:\WINDOWS\catchme.exe [1628] 0xFFBCB4E0




SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ helpsvcgpejsjbqhelpsvc\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

------ Services [Running]

SERVICE_NAME: ALG
SERVICE_NAME: AOL ACS
SERVICE_NAME: AOL TopSpeedMonitor
SERVICE_NAME: AOLService
SERVICE_NAME: AVG Anti-Spyware Guard
SERVICE_NAME: Eventlog
SERVICE_NAME: helpsvc
SERVICE_NAME: PlugPlay
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Spooler
SERVICE_NAME: WebClient
SERVICE_NAME: WUSB54GSCSVC

------ Services [Stopped]

SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: AudioSrv
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: cisvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: COMSysApp
SERVICE_NAME: CryptSvc
SERVICE_NAME: Dhcp
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: GoogleDesktopManager
SERVICE_NAME: gusvc
SERVICE_NAME: HidServ
SERVICE_NAME: HTTPFilter
SERVICE_NAME: ImapiService
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LmHosts
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: PolicyAgent
SERVICE_NAME: RasAuto
SERVICE_NAME: RasMan
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TlntSvr
SERVICE_NAME: TrkWks
SERVICE_NAME: uploadmgr
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: VSS
SERVICE_NAME: W32Time
SERVICE_NAME: winmgmt
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: WmdmPmSp
SERVICE_NAME: Wmi
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC

------ Drivers [Running]

SERVICE_NAME: ACPI
SERVICE_NAME: AegisP
SERVICE_NAME: AFD
SERVICE_NAME: ALiADWDM
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: ASCTRM
SERVICE_NAME: atapi
SERVICE_NAME: audstub
SERVICE_NAME: AVG Anti-Spyware Driver
SERVICE_NAME: AvgAsCln
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: Compbatt
SERVICE_NAME: Disk
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: E100B
SERVICE_NAME: Fastfat
SERVICE_NAME: Fdc
SERVICE_NAME: Fips
SERVICE_NAME: Flpydisk
SERVICE_NAME: Ftdisk
SERVICE_NAME: Gpc
SERVICE_NAME: i8042prt
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: IRENUM
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: MountMgr
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: Npfs
SERVICE_NAME: Null
SERVICE_NAME: P3
SERVICE_NAME: Parport
SERVICE_NAME: PartMgr
SERVICE_NAME: ParVdm
SERVICE_NAME: PCI
SERVICE_NAME: Pcmcia
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: rdpdr
SERVICE_NAME: redbook
SERVICE_NAME: ROOTMODEM
SERVICE_NAME: serenum
SERVICE_NAME: Serial
SERVICE_NAME: SMCIRDA
SERVICE_NAME: sr
SERVICE_NAME: swenum
SERVICE_NAME: TermDD
SERVICE_NAME: TOSHIBASoftModem
SERVICE_NAME: trid3d
SERVICE_NAME: Update
SERVICE_NAME: usbhub
SERVICE_NAME: usbohci
SERVICE_NAME: VgaSave
SERVICE_NAME: VolSnap
SERVICE_NAME: wanatw

------ Drivers [Stopped]

SERVICE_NAME: Abiosdsk
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: aec
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: amsint
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: Auq68
SERVICE_NAME: BCM42RLY
SERVICE_NAME: cbidf2k
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: CmdIde
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac960nt
SERVICE_NAME: dmboot
SERVICE_NAME: DMusic
SERVICE_NAME: dpti2o
SERVICE_NAME: drmkaud
SERVICE_NAME: gmer
SERVICE_NAME: GTNDIS5
SERVICE_NAME: hpn
SERVICE_NAME: hpt3xx
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntelIde
SERVICE_NAME: ip6fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IpNat
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: mraid35x
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: mssmbios
SERVICE_NAME: NetBT
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: PCIDump
SERVICE_NAME: PCIIde
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: Sparrow
SERVICE_NAME: splitter
SERVICE_NAME: Srv
SERVICE_NAME: swmidi
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: TosIde
SERVICE_NAME: Udfs
SERVICE_NAME: ultra
SERVICE_NAME: USBSTOR
SERVICE_NAME: USB_RNDIS
SERVICE_NAME: ViaIde
SERVICE_NAME: Wanarp
SERVICE_NAME: WDICA
SERVICE_NAME: wdmaud

I had to copy and paste these seperatley.. Don't know why it did'nt catch the first time..


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ helpsvcgpejsjbqhelpsvc\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\

Edited by Joecastle, 17 October 2007 - 09:23 PM.

[sUΒs]

The machine is missing some registry values.

Please download this file - http://download.blee.../XP_netsvcs.zip

Unzip the file contained within & double click on it. Allow it to merge into the registry

Reboot the machine to Normal Mode. Let me know if that gets the job done

[Joecastle]

Ok,

When I rebooted I finally can here the windows theme music, the task bar has its color back. The Windows - Virtual Memory Minimum Too Low still pops up and the Microsoft Visual C++ Runtime Library window pops up and in it says Program: C:\Program Files\Grisoft\AVG Anti-spyware 7.5\gaurd.exe R6016 not enough space for thread data. The system still freezes. The cursor freezes & I still have to hard boot to reboot.

[sUΒs]

Look in EventViewer again. See if there's any new errors.

[Joecastle]

WOW, The computer just shut down & rebooted on its own...

[sUΒs]

Did that happen when you tried to access EventViewer?

[Joecastle]

The computer was in normal mode & when it sits for a liitle while it starts to freeze up. I waited until I received your reply & then I clicked on START button and it shut down & rebooted.
I believe it might caused by Windows - Virtual Memory Minimum Too Low In the box below it says Your system is low on vitual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications maybe denied.
The Virtual Memory thing did not start until we did the tcpip change..

Edited by Joecastle, 18 October 2007 - 05:27 AM.

[sUΒs]

Have you retried accessing Event Viewer since then?

[Joecastle]

Hi,

I just got home from work. I did not try again last knight but here is waht is in Event Viewer when in safe mode. Cannot get in when in normal. It is too slow then begins to freeze & then you need to hardboot...

I coppied more than 10 in Applications & in System..

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 10/18/2007
Time: 6:28:13 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 30 37 00 00 00 00 2107....
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 30 37 32 00 00 00 00 2072....

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 10/18/2007
Time: 6:28:13 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 10
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event filter with query "select * from MSFT_SCMEventLogEvent" could not be (re)activated in namespace "//./root/CIMV2" because of error 0x8004100a. Events may not be delivered through this filter until the problem is corrected.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 10
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'" could not be (re)activated in namespace "//./root/subscription" because of error 0x80041006. Events may not be delivered through this filter until the problem is corrected.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __ClassOperationEvent" whose target class "__ClassOperationEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 10
Date: 10/17/2007
Time: 11:49:30 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be (re)activated in namespace "//./root" because of error 0x80041006. Events may not be delivered through this filter until the problem is corrected.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:28 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 24
Date: 10/17/2007
Time: 11:49:28 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
Event provider attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4612
Date: 10/17/2007
Time: 11:30:48 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The COM+ Event System ran out of memory during its internal processing, at line 34 of d:\nt_qxp\com\com1x\src\events\queryengine\pool.cpp.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


System

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The following boot-start or system-start driver(s) failed to load:
Auq68
AVG Anti-Spyware Driver
Fips
IPSec
MRxSmb
NetBIOS
P3
RasAcd
Rdbss

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The dependency service or group failed to start.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/18/2007
Time: 6:29:17 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/18/2007
Time: 6:28:13 PM
User: NT AUTHORITY\SYSTEM
Computer: ADMIN-ZCV957D57
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/18/2007
Time: 6:28:13 PM
User: ADMIN-ZCV957D57\admin
Computer: ADMIN-ZCV957D57
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/18/2007
Time: 6:28:13 PM
User: NT AUTHORITY\SYSTEM
Computer: ADMIN-ZCV957D57
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 10/18/2007
Time: 6:26:53 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 10/18/2007
Time: 6:26:53 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x4d0), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/17/2007
Time: 11:58:56 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The specified procedure could not be found.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/17/2007
Time: 11:58:56 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The TCP/IP Protocol Driver service failed to start due to the following error:
The specified procedure could not be found.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/17/2007
Time: 11:58:48 PM
User: N/A
Computer: ADMIN-ZCV957D57
Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The specified procedure could not be found.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

[sUΒs]

Please check if System Restore got fixed. If so, we can use it to go back to an earlier date.

[Joecastle]

No. System Restore is no longer in the START, Accesseries, SystemTools. The only thing there right now is Backup, Character Map, Disk Cleanup & Disk Defragmenter. The icons in System Tools are incomplete. They look like if there files were missing this is what was left behind..

[Joecastle]

Ok, I was able to access restore in safe mode. How far back do you want me to go...

[sUΒs]

The Registry is probably corrupt. Lol ... the canal option is beginning to look appealing again.
Let's see if there's any rabbits in the hat

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
if exist log.txt start notepad log.txt

Save this as query.bat Choose to "Save type as - All Files"
It should look like this:
Double click on query.bat & allow it to run

Post back to tell me what it says