Inadvertently disabled of NDIS.sys

Running XP Pro- SP3!
While searching for suspected lingering virus problems I disabled the NDIS.sys, and ndisuio files thinking they were something they aren't. From that point I have not been able to get the system to boot in any mode.
I pulled the drive, put it in another system to be able to get into the drive, and that I am able to do.
Where should I go from here. Can I enable the files or is it something totally different?
Do I need to do a repair or is there a way to fix the problem?

 

Check in the Windows\System32\Drivers folder to verify that those two files are in there. If they aren't, you will need to get replacements from the XP setup CD by expanding them from the I386 directory.

When you say you disabled them, do you mean that they were quarantined by your AV program? If not, how exactly did you disable them?

What error message do you get when attempting to boot or what happens?

 

Update:

You may be going down the wrong road. I deleted both of those files and their backup counterparts from my test system and it still booted normally. I looked in the directory where they belonged and they had not been replaced. They don't appear to be needed for booting. I have no idea what they actually do??

Perhaps now you should consider running a Repair install of XP.

 

The files were not quarantined through AV.
I was searching in the device manager, using the "show hidden devices" in the view menu, then in the "non plug and play" folder. I was directed to go that way with an AV directive when looking for possible virus files that may have been missed. It was an over-reaction to comments about how bad certain viruses are, and that some of them don't really get removed.
The system goes to the window that starts with the paragraph the says:
"we apologize for, etc ", and has the safe mode, with various add options (with or without
networking), and also the "Normal" mode start.
Which ever choice I make it just recycles and starts over only to come back to the same place. Strangely, as it goes beyond that "Apology" window to almost start, a bunch of text flashes over the top edge of the regular XP start window on the desktop. But only for an instant, not even long enough to read.
So what do you think?

 

Best I can tell, the files you mentioned are drivers for Networking. I find hits on Google where they are mentioned in failure to boot systems.

Prior to tossing in the towel and doing a Repair Install, try renaming both of those files. Just type an X on the end of each for example. That might allow you to boot the system and perhaps make repairs via SFC /scannow or whatever.

 

Using your method, I just disabled both those drivers on my test system and it rendered it unbootable to the normal mode. I got the BSOD. I have auto-reboot on failure disabled or else it would be rebooting like yours does.

I was able to boot to Safe Mode and enable both drivers and the system was back to normal booting again.

If you are unable to boot to Safe Mode, you may have additional problems and won't be able to fix the system without doing a Repair install or maybe even a clean install will be needed.

 

Another possibility exists in case you can't boot to Safe Mode. It depends on you having had System Restore enabled on the system before it crashed.

The process would require you to access the drive by connecting it to your other computer. Then you can rename the existing registry hives and copy replacement hives from the ones that System Restore places in the C:\System Volume Information\ directory. Since disabling those drivers merely changes some registry key settings, that will get you back to normal.

 

I'm not sure what you meant by BSOD! There are just so many acronyms! It does sound like it might be on the right track.
I really think it's about getting to those files and either replacing or be able to change their mode to boot instead of disable.
I really need to preserve the drive at all cost because it contains some very important configuration files for my recording studio software. Although it would be a real pain to do the drive completely over, I just don't think it's necessary, or at least that's what I'm hoping.

 

BSOD stands for "Blue Screen Of Death." That's the error screen that comes with a fatal system error and requires shutting down the computer manually by turning off the power switch. That's what my system did when I replicated your disabling actions so it confirms that what you did likely caused the failure to boot problem. I was still able to boot into Safe Mode and enable those drivers in Device Manager. I'm wondering why you're unable to get a Safe Mode boot??? Try again to be sure.

It's not as simple as gaining access to those files, that would be easy. The problem is in the registry settings for those drivers. When you disabled them, several registry keys were changed along with some hardware profile files.

I have already mentioned all of the options that I am aware of for correcting your condition.

 

Did you have System Restore enabled on the computer?

 

I have isolated the registry key that is probably preventing your system from booting.

We can edit that key and very likely get you back in business. There are a couple ways to do that.

1. Use a BartPE boot CD with RegEditPE plug-in installed.

2. Install the drive in a healthy XP computer as a slave drive and use the registry editor to load the hive of the unbootable system for editing.

Option 2 is probably your easiest given that you have already done that according to your earlier post.

You will have to be comfortable editing the registry. If you want to give it a go, post back and I'll outline it as best I can.

 

I'm with surferdude2. From what I've been able to glean, it's related to your NIC (Network Interface Card) and\or your LAN (Local Area Network) drivers.

Are you using any kind of bit-torrent software?

 

I do have the hard drive on another working XP Pro-SP3 system. I can get to the drive with windows explorer. I do have the restore option active. I have not had the BSOD happen at any time. So it's not that! I have taken care of all possible virus problem way before this happen. It was running perfectly, but I got a suggestion to look a little closer for some listing that looks like had nothing to do with a virus, and disabled what looked like it might be suspicious. The rest you know about.
I do not have a BartPT boot CD. I am okay with doing registry edits as long as they are going to fix the problem.
Also, what is "bit-torrent" software. Agian probably just a term I'm not used to, but still need to know to answer the question.

 

Bit Torrent is a peer to peer file sharing method. It has good and bad going for it, like most things.

Hearing that you had System Restore enabled on the ailing machine when it crashed is good news.

As an overview, you can replace the damaged registry of your ailing system with a copy that System restore makes. I am reasonably sure that that will return your system to bootability. In theory it will return the system to the condotion it was in when the backup was made by System restore.

To begin the procedure:

1. Install the unbootable drive as a slave a healthy XP computer.

2. Boot the computer and open "My Computer." Click Tools > Folder Options > View > Tag the box labeled "Show hidden files and folders "

Untag the boxes labeled "Hide file extensions for known file types" and "Hide protected operation system files "

OK out of there.

3. Browse to the unbootable drive and go to the System Volume Information folder and open it. If it won't allow you to open it, post back and I'll give you the answer to that.

4. If it opens, look at all the RP's listed. Select one that predates your problem by one day. That will contain the registry copy that we want to use.

Do those steps and update me on what you find. If there are no RP's in that folder, I need go no further with this method and we'll have to do the fix another way.