virus attack!please help

Computing.Net > Forums > Security and Virus > virus attack!please help

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

virus attack!please help

Name: aviv6371
Date: November 22, 2007 at 17:05:09 Pacific
OS: winxp
CPU/Ram: duron900/256

Comment:

hi.,,, i got 2 dll files in the directory infected by trojan Generic9.XLD and obfustate.VKD virus......
i tryed avg free adition in safe mode ,, spybot, adaware ......nothing happens. AVG finds them but cant kill them. these threats triggers the winxp activation notify.
i have to consider formating the drive because i cant find the problem and nothing help....any suggestion would be appreciated
tatyana

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: November 22, 2007 at 17:22:16 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: aviv6371
Date: November 22, 2007 at 17:36:57 Pacific

Reply:

first thanx for the fast answer...i have tryed that program. the infected files are wmic.dll and kbddvq.dll (AVG) . cant delete them nither with AVG nor hijackthis.
the winxp activation still appears.
spybot and adaware wont recognize them as a dangerous threats.

****************************************************
Scan saved at 01:29:32, on 23/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Documents and Settings\אביב\שולחן העבודה\HijackThis.exe
O2 - BHO: (no name) - {0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C} - C:\WINDOWS\System32\kbddvq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C450A32D-CA9F-40C8-A831-EA67EE65A077} - c:\windows\system32\wmic.dll
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanis...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Night/launcher...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA60848-1F72-4526-B9E5-7F37036C5558}: NameServer = 192.116.202.222 213.8.172.83
O20 - Winlogon Notify: hzuldlav - C:\WINDOWS\SYSTEM32\wmic.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
/***********************************************

thanx in advance,
tatyana

Response Number 3

Name: jabuck
Date: November 22, 2007 at 17:44:32 Pacific

Reply:

Looks like Vundo.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 4

Name: aviv6371
Date: November 22, 2007 at 18:16:16 Pacific

Reply:

tryed the prog in safe mode..with no success. the prog detected the exact bag threads but didnt or couldnt clean.
the 2 bad files are empty REG entries and related to the internet explorer and to the winxp activation proccess. !!!!!!!!
the result of the test comofix test::::
C:\WINDOWS\Downloaded Program Files.\launcher.ocx
C:\WINDOWS\system32\{1A76A10A-9661-48B5-940F-250B063B5160}.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 19:27 2,633,728 ----a-w C:\Documents and Settings\אסתר\ntuser.dat
2007-11-21 19:27 2,633,728 ----a-w C:\Documents and Settings\אסתר\ntuser.dat
2007-11-21 19:07 4,718,592 ----a-w C:\Documents and Settings\אביב\ntuser.dat
2007-11-21 19:07 4,718,592 ----a-w C:\Documents and Settings\אביב\ntuser.dat
2007-11-20 21:39 --------- d-----w C:\Program Files\Uniblue
2007-11-20 21:39 --------- d-----w C:\Documents and Settings\אביב\Application Data\Uniblue
2007-11-20 21:32 --------- d-----w C:\Program Files\MalWhere
2007-11-08 23:03 --------- d-----w C:\Program Files\FLV Player
2007-11-05 00:08 --------- d-----w C:\Documents and Settings\אסתר\Application Data\Help
2007-10-11 12:42 8,925 ----a-w C:\clean.bat
2007-10-11 06:55 347 ----a-w C:\run2.reg
2007-09-29 16:16 --------- d-----w C:\Documents and Settings\אביב\Application Data\InstallShield
2007-09-23 21:18 162,955 ----a-w C:\WINDOWS\Audio Converter Uninstaller.exe
2007-09-23 21:18 --------- d-----w C:\Program Files\River Past
2007-09-23 21:18 --------- d-----w C:\Program Files\Common Files\River Past
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\אביב\Application Data\River Past G5
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-09-23 21:14 --------- d-----w C:\Program Files\QuickTime
2007-09-23 21:14 --------- d-----w C:\Program Files\Apple Software Update
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-18 16:34 92,064 ----a-w C:\Documents and Settings\אביב\mqdmmdm.sys
2007-09-18 16:34 92,064 ----a-w C:\Documents and Settings\אביב\mqdmmdm.sys
2007-09-18 16:34 9,232 ----a-w C:\Documents and Settings\אביב\mqdmmdfl.sys
2007-09-18 16:34 9,232 ----a-w C:\Documents and Settings\אביב\mqdmmdfl.sys
2007-09-18 16:34 79,328 ----a-w C:\Documents and Settings\אביב\mqdmserd.sys
2007-09-18 16:34 79,328 ----a-w C:\Documents and Settings\אביב\mqdmserd.sys
2007-09-18 16:34 66,656 ----a-w C:\Documents and Settings\אביב\mqdmbus.sys
2007-09-18 16:34 66,656 ----a-w C:\Documents and Settings\אביב\mqdmbus.sys
2007-09-18 16:34 6,208 ----a-w C:\Documents and Settings\אביב\mqdmcmnt.sys
2007-09-18 16:34 6,208 ----a-w C:\Documents and Settings\אביב\mqdmcmnt.sys
2007-09-18 16:34 5,936 ----a-w C:\Documents and Settings\אביב\mqdmwhnt.sys
2007-09-18 16:34 5,936 ----a-w C:\Documents and Settings\אביב\mqdmwhnt.sys
2007-09-18 16:34 4,048 ----a-w C:\Documents and Settings\אביב\mqdmcr.sys
2007-09-18 16:34 4,048 ----a-w C:\Documents and Settings\אביב\mqdmcr.sys
2007-09-18 16:34 25,600 ----a-w C:\Documents and Settings\אביב\usbsermptxp.sys
2007-09-18 16:34 25,600 ----a-w C:\Documents and Settings\אביב\usbsermptxp.sys
2007-09-18 16:34 22,768 ----a-w C:\Documents and Settings\אביב\usbsermpt.sys
2007-09-18 16:34 22,768 ----a-w C:\Documents and Settings\אביב\usbsermpt.sys
2004-01-12 06:45 11,854 ----a-w C:\Program Files\MPLAB_LicenseAgreement.rtf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]
04/09/2003 12:00 PM 83968 --a------ C:\WINDOWS\System32\kbddvq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]
04/09/2003 12:00 PM 83456 --a------ c:\windows\system32\wmic.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" [11/30/2003 11:13 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [10/27/2007 01:59 PM]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [10/27/2007 01:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
wmic.dll 04/09/2003 12:00 PM 83456 C:\WINDOWS\system32\wmic.dll
R0 eantexhs;eantexhs;C:\WINDOWS\System32\drivers\gojcfgfa.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys
R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\System32\DRIVERS\netrcacm.sys
S2 clqmvqep;NDIS System Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs
S2 tdim;tdim;\??\C:\WINDOWS\System32\drivers\tdim.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\System32\DRIVERS\motmodem.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\System32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\System32\DRIVERS\tj2kunic.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
clqmvqep
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 22:00:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 23:00:02 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-21 00:00:02 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 01:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 02:00:02 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-19 03:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-04 04:00:02 C:\WINDOWS\Tasks\At7.job"
"2007-11-04 05:00:02 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-04 06:00:02 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-04 07:00:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-04 08:00:02 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-04 09:00:02 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-05 10:00:02 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-13 11:00:02 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-14 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 13:00:02 C:\WINDOWS\Tasks\At16.job"
"2007-11-20 14:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-21 15:00:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-21 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-21 17:00:02 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-21 18:00:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 19:00:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 20:00:02 C:\WINDOWS\Tasks\At23.job"
"2007-11-20 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\cxc3gJt0.exe
"2007-11-20 23:27:44 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\System32\rundll32.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 21:30:14
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
thanx in advance,,
tatyana

Response Number 5

Name: aviv6371
Date: November 22, 2007 at 18:19:59 Pacific

Reply:

have tryed avenger to kill the entries either....without success.
avenger log file::

Script file located at: \??\C:\Program Files\sosqkklg.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\WINDOWS\SYSTEM32\kbddvq.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\kbddvq.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\kbddvq.dll
Status: 0xc0000022
Could not open file C:\WINDOWS\SYSTEM32\wmic.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\wmic.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\wmic.dll
Status: 0xc0000022
File C:\WINDOWS\SYSTEM32\wdigestp.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\wdigestp.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\wdigestp.dll
Status: 0xc0000034
tatyana

Kernel-power 1394 net adapter driver ms bus controller driver	mass storage controller stream.sys mass storage controller
See More

Response Number 6

Name: jabuck
Date: November 22, 2007 at 18:53:10 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\SYSTEM32\kbddvq.dll
C:\WINDOWS\SYSTEM32\wmic.dll
C:\WINDOWS\System32\cxc3gJt0.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
Driver::
clqmvqep
hzuldlav
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 7

Name: aviv6371
Date: November 22, 2007 at 20:19:28 Pacific

Reply:

hi,
the hijack is the same
Scan saved at 04:13:57, on 23/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\אביב\שולחן העבודה\HijackThis.exe
O2 - BHO: (no name) - {0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C} - C:\WINDOWS\System32\kbddvq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C450A32D-CA9F-40C8-A831-EA67EE65A077} - c:\windows\system32\wmic.dll
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanis...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Night/launcher...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA60848-1F72-4526-B9E5-7F37036C5558}: NameServer = 192.116.202.222 213.8.172.83
O20 - Winlogon Notify: hzuldlav - C:\WINDOWS\SYSTEM32\wmic.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
--
End of file - 4233 bytes
the combo fix log file is

ComboFix 07-11-19.3 - אביב 11/23/2007 4:05:19.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.1.1255.1.1037.18.74 [GMT 2:00]
Running from: C:\Documents and Settings\אביב\שולחן העבודה\ComboFix.exe
Command switches used :: C:\Documents and Settings\אביב\שולחן העבודה\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\System32\cxc3gJt0.exe
C:\WINDOWS\SYSTEM32\kbddvq.dll
C:\WINDOWS\SYSTEM32\wmic.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
Unable to gain System Privileges
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 23:03 --------- d-----w C:\Program Files\FLV Player
2007-10-11 12:42 8,925 ----a-w C:\clean.bat
2007-10-11 06:55 347 ----a-w C:\run2.reg
2007-10-03 21:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-23 21:18 162,955 ----a-w C:\WINDOWS\Audio Converter Uninstaller.exe
2007-09-23 21:18 --------- d-----w C:\Program Files\River Past
2007-09-23 21:18 --------- d-----w C:\Program Files\Common Files\River Past
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-09-23 21:14 --------- d-----w C:\Program Files\QuickTime
2007-09-23 21:14 --------- d-----w C:\Program Files\Apple Software Update
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-05 21:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2004-01-12 06:45 11,854 ----a-w C:\Program Files\MPLAB_LicenseAgreement.rtf
.
((((((((((((((((((((((((((((( snapshot@Fri 11-23-2007_ 3.12.59.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 08:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.exe
+ 2007-03-13 08:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.exe
+ 2007-11-23 02:11:00 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_730.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]
04/09/2003 12:00 PM 83968 --a------ C:\WINDOWS\System32\kbddvq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]
04/09/2003 12:00 PM 83456 --a------ c:\windows\system32\wmic.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [10/27/2007 01:59 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 11:25 AM]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [10/27/2007 01:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
wmic.dll 04/09/2003 12:00 PM 83456 C:\WINDOWS\system32\wmic.dll
R0 eantexhs;eantexhs;C:\WINDOWS\System32\drivers\gojcfgfa.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys
R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\System32\DRIVERS\netrcacm.sys
S2 tdim;tdim;\??\C:\WINDOWS\System32\drivers\tdim.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\System32\DRIVERS\motmodem.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\System32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\System32\DRIVERS\tj2kunic.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
clqmvqep
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 04:11:35
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/23/2007 4:12:19 - machine was rebooted
.
--- E O F ---

tanya

Response Number 8

Name: jabuck
Date: November 22, 2007 at 22:19:47 Pacific

Reply:

Please download SDFix by AndyManchesta and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.

Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
Go to this link, VirusTotal copy the following files one at the time into the "upload and scan box", click submit then post the results.
C:\WINDOWS\System32\drivers\gojcfgfa.sys

Response Number 9

Name: aviv6371
Date: November 23, 2007 at 07:07:28 Pacific

Reply:

nop......the virus wont leave so fast. seems like it hides in internet explorer program cause whenever i try to run ie i got this notice from AVG about virus and trojan horse infection.
the VIRUS TOTAL wont work couse the virus doesnt want to be uploaded to the server.
the sdfix log file is as followed:
Run by אביב on Fri 11/23/2007 at 02:50 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...

Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 14:55:03
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------

Files with Hidden Attributes:
Wed 16 Sep 1998 93,880 ..SH. --- "C:\COMMAND.COM"
Sun 3 Apr 2005 194 ..SH. --- "C:\BOOT.BAK"
Wed 9 Apr 2003 57,344 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 15 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Nov 2005 2,521 ...H. --- "C:\Documents and Settings\€‰\My Documents\~WRL0004.tmp"
Tue 22 Nov 2005 26,262 ...H. --- "C:\Documents and Settings\€‰\My Documents\~WRL0460.tmp"
Wed 23 Nov 2005 77,895 ...H. --- "C:\Documents and Settings\€‰\My Documents\~WRL3431.tmp"
Wed 6 Sep 2006 29,184 ...H. --- "C:\Program Files\Microsoft Office\Templates\~WRL3759.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sun 7 Aug 2005 20 A..H. --- "C:\Documents and Settings\€‰\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 15 Apr 2005 4,348 ...H. --- "C:\Documents and Settings\€‰\My Documents\My Music\License Backup\drmv1key.bak"
Sun 7 Aug 2005 488 A.SH. --- "C:\Documents and Settings\€‰\My Documents\My Music\License Backup\drmv2key.bak"
Finished!

any help would be appreciated :)
tanya

Response Number 10

Name: jabuck
Date: November 23, 2007 at 08:12:31 Pacific

Reply:

Lets look for a rootkit. This will be the first attempt.
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop from the following link.
Sophos-Anti-Rootkit
You will need to enter your name, e-mail address and location in order to access the download page.
Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui.
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this.
In the main window, you will see each of the entries found by the scan (if any)
If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review.
Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you.
If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button.
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so.

Response Number 11

Name: aviv6371
Date: November 23, 2007 at 09:05:39 Pacific

Reply:

ok......i run the prog in normal mode.the prog found 2 entries but without the option to erase them..........its really complicated one maybe the only way is to format the diskkkk...:( ,the option that i want to avoid for many reasons

1..
Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Removable: No
Notes: DWORD 0x2000 = 8192
2..
Area: Windows registry
Description: Hidden registry key
Location: \HKEY_USERS\S-1-5-21-1409082233-507921405-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.il/?w=/@attach&acode=byebyweamptur9gtboxferQQI376d!0D4D6FD37B&fid=-1000&id=38454753&aid=1&n=&save=1&filename=%72%65%70%6F%72%74%34%2E%31%2E%64%6F%63
Removable: No
Notes: (no more detail available)
tatyana

Response Number 12

Name: jabuck
Date: November 23, 2007 at 09:23:22 Pacific

Reply:

Post a new Combofix log and a new Hijack This log please.

Response Number 13

Name: aviv6371
Date: November 23, 2007 at 10:20:28 Pacific

Reply:

first thanx for the very very fast answer...i really appreciate your help.
to work......

i ran combofix as you told. here is the log file.....
i dont know why but i keep getting this message while running combofix. the message is something like this: "SED 1 expression11 unmached parentheses".
here is the log:

Microsoft Windows XP Home Edition 5.1.2600.1.1255.1.1037.18.78 [GMT 2:00]
Running from: C:\Documents and Settings\אביב\שולחן העבודה\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 15:56 4,980,736 ----a-w C:\Documents and Settings\אביב\ntuser.dat
2007-11-23 15:56 4,980,736 ----a-w C:\Documents and Settings\אביב\ntuser.dat
2007-11-23 15:56 2,633,728 ----a-w C:\Documents and Settings\אסתר\ntuser.dat
2007-11-23 15:56 2,633,728 ----a-w C:\Documents and Settings\אסתר\ntuser.dat
2007-11-23 14:51 --------- d-----w C:\Program Files\Sophos
2007-11-21 22:24 --------- d-----w C:\Documents and Settings\אביב\Application Data\Grisoft
2007-11-20 21:39 --------- d-----w C:\Documents and Settings\אביב\Application Data\Uniblue
2007-11-08 23:03 --------- d-----w C:\Program Files\FLV Player
2007-11-05 00:08 --------- d-----w C:\Documents and Settings\אסתר\Application Data\Help
2007-10-11 12:42 8,925 ----a-w C:\clean.bat
2007-10-11 06:55 347 ----a-w C:\run2.reg
2007-10-03 21:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-29 16:16 --------- d-----w C:\Documents and Settings\אביב\Application Data\InstallShield
2007-09-23 21:18 162,955 ----a-w C:\WINDOWS\Audio Converter Uninstaller.exe
2007-09-23 21:18 --------- d-----w C:\Program Files\River Past
2007-09-23 21:18 --------- d-----w C:\Program Files\Common Files\River Past
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\אביב\Application Data\River Past G5
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-09-23 21:14 --------- d-----w C:\Program Files\QuickTime
2007-09-23 21:14 --------- d-----w C:\Program Files\Apple Software Update
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-18 16:34 92,064 ----a-w C:\Documents and Settings\אביב\mqdmmdm.sys
2007-09-18 16:34 92,064 ----a-w C:\Documents and Settings\אביב\mqdmmdm.sys
2007-09-18 16:34 9,232 ----a-w C:\Documents and Settings\אביב\mqdmmdfl.sys
2007-09-18 16:34 9,232 ----a-w C:\Documents and Settings\אביב\mqdmmdfl.sys
2007-09-18 16:34 79,328 ----a-w C:\Documents and Settings\אביב\mqdmserd.sys
2007-09-18 16:34 79,328 ----a-w C:\Documents and Settings\אביב\mqdmserd.sys
2007-09-18 16:34 66,656 ----a-w C:\Documents and Settings\אביב\mqdmbus.sys
2007-09-18 16:34 66,656 ----a-w C:\Documents and Settings\אביב\mqdmbus.sys
2007-09-18 16:34 6,208 ----a-w C:\Documents and Settings\אביב\mqdmcmnt.sys
2007-09-18 16:34 6,208 ----a-w C:\Documents and Settings\אביב\mqdmcmnt.sys
2007-09-18 16:34 5,936 ----a-w C:\Documents and Settings\אביב\mqdmwhnt.sys
2007-09-18 16:34 5,936 ----a-w C:\Documents and Settings\אביב\mqdmwhnt.sys
2007-09-18 16:34 4,048 ----a-w C:\Documents and Settings\אביב\mqdmcr.sys
2007-09-18 16:34 4,048 ----a-w C:\Documents and Settings\אביב\mqdmcr.sys
2007-09-18 16:34 25,600 ----a-w C:\Documents and Settings\אביב\usbsermptxp.sys
2007-09-18 16:34 25,600 ----a-w C:\Documents and Settings\אביב\usbsermptxp.sys
2007-09-18 16:34 22,768 ----a-w C:\Documents and Settings\אביב\usbsermpt.sys
2007-09-18 16:34 22,768 ----a-w C:\Documents and Settings\אביב\usbsermpt.sys
2007-09-05 21:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2004-01-12 06:45 11,854 ----a-w C:\Program Files\MPLAB_LicenseAgreement.rtf
.
((((((((((((((((((((((((((((( snapshot@Fri 11-23-2007_ 3.12.59.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 08:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.exe
+ 2007-03-13 08:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.exe
- 2007-11-21 19:03:04 4,546,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-11-23 12:50:18 4,870,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
- 2007-11-21 19:03:04 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-11-23 12:50:18 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]
04/09/2003 12:00 PM 83968 --a------ C:\WINDOWS\System32\kbddvq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]
04/09/2003 12:00 PM 83456 --a------ c:\windows\system32\wmic.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" [11/30/2003 11:13 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [10/27/2007 01:59 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 11:25 AM]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [10/27/2007 01:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
wmic.dll 04/09/2003 12:00 PM 83456 C:\WINDOWS\system32\wmic.dll
R0 eantexhs;eantexhs;C:\WINDOWS\System32\drivers\gojcfgfa.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys
R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\System32\DRIVERS\netrcacm.sys
S2 tdim;tdim;\??\C:\WINDOWS\System32\drivers\tdim.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\4.tmp
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\System32\DRIVERS\motmodem.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\System32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\System32\DRIVERS\tj2kunic.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
clqmvqep
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 18:01:30
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/23/2007 18:02:18
C:\ComboFix3.txt ... 11/23/2007 06:24 AM
C:\ComboFix2.txt ... 11/23/2007 05:58 PM
.
--- E O F ---

hijack log:

Scan saved at 18:19:37, on 23/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\אביב\שולחן העבודה\HijackThis.exe
O2 - BHO: (no name) - {0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C} - C:\WINDOWS\System32\kbddvq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C450A32D-CA9F-40C8-A831-EA67EE65A077} - c:\windows\system32\wmic.dll
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanis...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Night/launcher...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA60848-1F72-4526-B9E5-7F37036C5558}: NameServer = 192.116.202.222 213.8.172.83
O20 - Winlogon Notify: hzuldlav - C:\WINDOWS\SYSTEM32\wmic.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
--
End of file - 4143 bytes
thanx in advance,
tatyana

Response Number 14

Name: jabuck
Date: November 23, 2007 at 10:42:54 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\System32\wmic.dll
C:\WINDOWS\System32\kbddvq.dll
C:\WINDOWS\System32\drivers\gojcfgfa.sys

Driver::
hzuldlav
clqmvqep
eantexhs
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 15

Name: aviv6371
Date: November 23, 2007 at 11:53:56 Pacific

Reply:

seems like they won again....i still get virus alerts. they won the battle but not the war....still hoping to save my disk from formatting.
i drugged the file on combofix and that what i got:
FAT32[/b][/color]x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.1.1255.1.1037.18.152 [GMT 2:00]
Running from: C:\Documents and Settings\אביב\שולחן העבודה\ComboFix.exe
Command switches used :: C:\Documents and Settings\אביב\שולחן העבודה\CFScript.txt
FILE
C:\WINDOWS\System32\drivers\gojcfgfa.sys
C:\WINDOWS\System32\kbddvq.dll
C:\WINDOWS\System32\wmic.dll
.
Unable to gain System Privileges
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 14:51 --------- d-----w C:\Program Files\Sophos
2007-11-08 23:03 --------- d-----w C:\Program Files\FLV Player
2007-10-11 12:42 8,925 ----a-w C:\clean.bat
2007-10-11 06:55 347 ----a-w C:\run2.reg
2007-10-03 21:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-23 21:18 162,955 ----a-w C:\WINDOWS\Audio Converter Uninstaller.exe
2007-09-23 21:18 --------- d-----w C:\Program Files\River Past
2007-09-23 21:18 --------- d-----w C:\Program Files\Common Files\River Past
2007-09-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-09-23 21:14 --------- d-----w C:\Program Files\QuickTime
2007-09-23 21:14 --------- d-----w C:\Program Files\Apple Software Update
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-23 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-05 21:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2004-01-12 06:45 11,854 ----a-w C:\Program Files\MPLAB_LicenseAgreement.rtf
.
((((((((((((((((((((((((((((( snapshot@Fri 11-23-2007_ 3.12.59.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 08:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.exe
- 2007-11-21 19:03:04 4,546,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-11-23 12:50:18 4,870,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
- 2007-11-21 19:03:04 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-11-23 12:50:18 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9A449A-8EFA-435E-8B2A-BCBCF75CCE2C}]
04/09/2003 12:00 PM 83968 --a------ C:\WINDOWS\System32\kbddvq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C450A32D-CA9F-40C8-A831-EA67EE65A077}]
04/09/2003 12:00 PM 83456 --a------ c:\windows\system32\wmic.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Documents and Settings\אביב\שולחן העבודה\FreeRAM XP Pro 1.40.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [10/27/2007 01:59 PM]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [10/27/2007 01:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hzuldlav]
wmic.dll 04/09/2003 12:00 PM 83456 C:\WINDOWS\system32\wmic.dll
R0 eantexhs;eantexhs;C:\WINDOWS\System32\drivers\gojcfgfa.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys
S2 tdim;tdim;\??\C:\WINDOWS\System32\drivers\tdim.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\4.tmp
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\System32\DRIVERS\motmodem.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\System32\DRIVERS\netrcacm.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\System32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\System32\DRIVERS\tj2kunic.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\System32\DRIVERS\usbsermptxp.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
clqmvqep
*Newly Created Service* - EANTEXHS
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:41:20
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/23/2007 19:42:01 - machine was rebooted
C:\ComboFix2.txt ... 11/23/2007 06:02 PM
C:\ComboFix3.txt ... 11/23/2007 05:58 PM
.
--- E O F ---

Response Number 16

Name: jabuck
Date: November 23, 2007 at 12:34:53 Pacific

Reply:

Please download http://www.bleepingcomputer.com/files/getservices.php then follow the instructions at the link and post the list of services in you next post.

Response Number 17

Name: aviv6371
Date: November 23, 2007 at 13:12:22 Pacific

Reply:

nothing unusual........heres the log

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com
SERVICE_NAME: Alerter
דיווח למשתמשים ומחשבים נבחרים על התראות ניהוליות. אם פעולת השירות מופסקת, תוכניות המשתמשות בהתראות ניהוליות לא יקבלו אותן. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: ALG
מתן תמיכה ליישומי Plug-in של פרוטוקולים של ספקים חיצוניים עבור שיתוף ההתקשרויות לאינטרנט ועבור Firewall של ההתקשרויות לאינטרנט
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: AppMgmt
שירותי התקנת תוכנה כגון הקצאה, פרסום והסרה.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: AudioSrv
‏‏מנהל התקני שמע עבור תכניות מבוססות Windows. אם שרות זה יופסק, התקני שמע ואפקטים לא יפעלו כראוי. אם שרות זה לא יהיה זמין, כל השרות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Avg7Alrt
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Alert Manager Server
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Avg7UpdSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Update Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: BITS
‏‏נעשה שימוש ברוחב פס ברשת שאינו פעיל לשם העברת נתונים.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : LanmanWorkstation
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Browser
ניהול רשימה עדכנית של מחשבים ברשת והעברת הרשימה למחשבים המוגדרים כדפדפנים. אם פעולת השירות מופסקת, רשימה זו לא תעודכן ולא תישמר. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ClipSrv
‏‏מאפשר לתצוגת ספר-לוח לאכסן מידע ולשתף אותו עם מחשבים מרחוקים. אם שרות זה יופסק, תצוגת ספר-לוח לא תוכל לשתף מידע עם מחשבים מרוחקים. אם שרות זה יהפוך ללא זמין, כל השירותים הסומכים עליו במפורש לא יצליחו להתחיל.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: COMSysApp
מנהל את המעקב וקביעת התצורה של הרכיבים מבוססי COM+‎‎. אם השירות לא פועל, רוב הרכיבים מבוססי COM+‎ לא יפעלו בצורה תקינה. אם השירות מושבת, השירותים התלויים בו במפורש לא יצליחו להתחיל לפעול.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds
SERVICE_NAME: CryptSvc
אספקת שלושה שירותי ניהול: Catalog Database Service, המאמת את החתימות של קבצי Windows‏; Protected Root Service, המוסיף ומסיר ממחשב זה אישורי רשות אישורים מהימנה המשמשת כבסיס; וכן Key Service, המסייע ברישום מחשב זה לקבלת אישורים. אם שירות זה מופסק, שירותי ניהול אלה לא יתפקדו כראוי. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Dhcp
ניהול תצורת הרשת על-ידי רישום ועדכון כתובות IP ושמות DNS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: dmadmin
קביעת התצורה של כוננים ואמצעי אחסון של הדיסק הקשיח. השירות פועל עבור תהליכי תצורה בלבד ולאחר מכן עוצר.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: dmserver
מאתר ומפקח על כוננים קשיחים חדשים ושולח מידע אודות אמצאי אחסון לשרות מנהל ההתקן של הדיסק הלוגי עבור הגדרת תצורה. אם שרות זה מופסק, מצב דיסק דינמי ומידע הגדרת תצורה לא יתעדכנו. אם שרות זה יבוטל, כל שרות שתלוי בו באופן מפורש, לא יפעל.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Dnscache
זיהוי ואחסון של שמות Domain Name System‏ (DNS) עבור מחשב זה. אם פעולת השירות מופסקת, למחשב זה לא תהיה אפשרות לזהות שמות DNS ולאתר בקרי קבוצות מחשבים ב- Active Directory. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Eventlog
מתן אפשרות להציג במציג האירועים הודעות של יומן האירועים המונפקות על-ידי תוכניות ורכיבים מבוססי Windows. לא ניתן להפסיק שירות זה.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: EventSystem
תומך בשירות התראות על אירועי מערכת (SENS), המספק התפלגות אירועים אוטומטית לרכיבים המנויים עליו ‎‎Object Model (COM)‎‎ Component . אם השירות הופסק, SENS ייסגר ולא יוכל לספק התראות כניסה ויציאה. אם השירות אינו פעיל, תיכשל ההפעלה של כל השירותים התלויים בו במפורש.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: FastUserSwitchingCompatibility
מתן אפשרויות ניהול ליישומים המחייבים סיוע בסביבה מרובת משתמשים.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: helpsvc
‏‏מתן אפשרות להפעלת מרכז העזרה והתמיכה במחשב זה. אם פעולתו של שירות זה נפסקת, מרכז העזרה והתמיכה לא יהיה זמין. אם שירות זה יבוטל, לא ניתן יהיה להפעיל את כל השירותים המסתמכים באופן מפורש על שירות זה.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds
SERVICE_NAME: HidServ
מתן אפשרות לגישת קלט כללית להתקני ממשק אנוש (HID), המפעילים ומתחזקים את השימוש בלחצנים 'חמים' מוגדרים מראש במקלדות, בשלטים רחוקים ובהתקני מולטימדיה נוספים. אם שירות זה מופסק, לחצנים 'חמים' הנשלטים על-ידו לא יתפקדו עוד. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ImapiService
ניהול צריבת תקליטורים באמצעות ממשק Image Mastering Applications Programming Interface (IMAPI). אם שירות זה הופסק, מחשב זה לא יוכל להעתיק תקליטורים. אם שירות זה לא זמין, כל השירותים שנתמכים בברור על ידי השירות לא יצליחו לפעול.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: lanmanserver
תמיכה בשיתוף של קבצים, הדפסה ורכיבי named pipe ברשת עבור מחשב זה. אם פעולת השירות מופסקת, פונקציות אלה לא יהיו זמינות. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: lanmanworkstation
יצירה ותחזוקה של חיבורי לקוח לשרתים מרוחקים ברשת. אם פעולת השירות מופסקת, חיבורים אלה לא יהיו זמינים. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: LmHosts
מאפשר תמיכה בשירות NetBIOS over TCP/IP ‏(NetBT) ופענוח שמות NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: Messenger
שידור הודעות net send והודעות של שירות ההתראות בין לקוחות ושרתים. שירות זה אינו קשור ל- Windows Messenger. אם פעולת השירות מופסקת, ההודעות של שירות ההתראות לא ישודרו. אם השירות הופך לבלתי פעיל, לא תהיה אפשרות להפעיל שירותים התלויים בו.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: mnmsrvc
‏‏מתן אפשרות למשתמשים מורשים לבצע גישה מרחוק אל שולחן העבודה של Windows באמצעות NetMeeting ברשת האינטרא-נט העיסקית. אם שירות זה יופסק, שיתוף שולחן העבודה המרוחק לא יהיה זמין. אם שרות זה יהפוך ללא זמין, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: MSDTC
‏‏תיאום טרנזאקציות המבוזרות על פני שניים או יותר מסדי נתונים, תורי הודעות, מערכות קבצים או מנהלי משאבים אחרים המוגנים בפני טרנזאקציות.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: MSIServer
(null)
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NetDDE
‏‏אספקת אבטחה ותעבורה ברשת עבור חילופי מידע דינאמיים (DDE) עבור תכניות הפועלות על אותו מחשב או על מחשבים שונים. אם שרות זה יופסק, אבטחה ותעבורה של DDE לא יהיו זמינים. אם שרות זה יבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NetDDEdsdm
‏‏מנהל חילופי מידע דינאמיים משותפים ברשת. אם שרות זה יופסק, שיתופי DDE ברשת לא יהיו זמינים. אם זרות זה יהפוך ללא זמין, כל השרותים הסומכים עליו במפורש לא יצליחו להתחיל.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: ion
: _02\lib\p
:
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Netlogon
תמיכה באימות תוך מעבר של אירועי כניסה לחשבון עבור מחשבים בקבוצת מחשבים.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Netman
ניהול אובייקטים בתיקיה התקשרויות רשת וחיוג, בה ניתן להציג הן התקשרויות של רשת תקשורת מקומית והן התקשרויות מרוחקות.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Nla
איסוף ואחסון של מידע אודות מיקום ותצורה של רשת ומתן הודעה ליישומים כאשר מידע זה משתנה.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NtLmSsp
מספק אבטחה לתוכניות קריאה להליך מרוחק (RPC) המשתמשות בתעבורות מלבד רכיבי named pipe.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: PlugPlay
מתן אפשרות למחשב לזהות ולהסתגל לשינויי חומרה עם קלט מועט מהמשתמש או ללא קלט משתמש. הפסקה או ביטול של שירות זה יגרמו לאי-יציבות של המערכת.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: PolicyAgent
ניהול מדיניות אבטחת IP והפעלת ISAKMP/Oakley ‏(IKE) ומנהל התקן אבטחת IP.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ProtectedStorage
אחסון מוגן עבור נתונים רגישים, כגון מפתחות פרטיים, כדי למנוע גישה של שירותים, תהליכים או משתמשים שאינם מורשים.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RasAuto
יצירת חיבור לרשת מרוחקת בכל פעם שתוכנית מבצעת הפניה אל שם או אל כתובת מסוג DNS או NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RasMan
יצירת חיבור רשת.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RDSessMgr
‏‏מנהל ושולט בעזרה מרחוק. אם שרות זה מופסק, אפשרות עזרה מרחוק לא תהיה זמינה. לפני הפסקת שרות זה, ראה את הכרטיסיה יחסי תלות בתיבת הדו-שיח מאפיינים .
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RemoteAccess
הצעת שירותי ניתוב לבתי-עסק בסביבות של רשת תקשורת מקומית ורשת תקשורת מרחבית.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RpcLocator
ניהול מסד הנתונים של שירות השמות של RPC.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: RpcSs
אספקת ממפה נקודות הקצה ושירותי RPC שונים נוספים.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds
SERVICE_NAME: RSVP
מספק תפקודיות התקנה של איתות ברשת ושליטה על תעבורה מקומית עבור תוכניות התומכות ב- QoS ויישומי בקרה.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SamSs
אחסון מידע אבטחה עבור חשבונות משתמשים מקומיים.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SCardDrv
מתן אפשרות תמיכה עבור קוראי כרטיסים חכמים מהדור הקודם שאינם שייכים לטכנולוגיית הכנס-הפעל ושבהם נעשה שימוש במחשב זה. אם שירות זה מופסק, מחשב זה לא יתמוך בקורא מדור קודם. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: SCardSvr
ניהול הגישה לכרטיסים חכמים הנקראים על-ידי מחשב זה. אם שירות זה מופסק, מחשב זה לא יוכל לקרוא כרטיסים חכמים. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: Schedule
מתן אפשרות למשתמש להגדיר ולתזמן משימות אוטומטיות במחשב זה. אם שירות זה מופסק, משימות אלה לא יופעלו במועדים שנקבעו. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יופעל.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Schedule
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: seclogon
‏‏מתן אפשרות למשתמשים לפעול לפי ערכת אישורים חלופית. אם שרות זה יופסק, כניסה למערכת בצורה זו לא תהיה זמינה. אם שרות זה יבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SENS
מעקב אחר אירועי מערכת כגון אירועים של כניסה ל- Windows, רשת וצריכת חשמל. הצגת הודעה למנויי מערכת אירועים של COM+‎ לגבי אירועים אלה.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SharedAccess
אספקת שירותי תרגום כתובות רשת, כתובות, זיהוי שמות ו/או מניעת פריצה עבור רשת ביתית או רשת של משרד קטן.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SNMP
כולל סוכנים המפקחים על הפעילות בהתקני הרשת ומדווחים לתחנת העבודה של מסוף הרשת.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\snmp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SNMPTRAP
קבלת הודעות מלכודת שהופקו על-ידי סוכני SNMP מקומיים או מרוחקים והעברת ההודעות אל שירותי ניהול SNMP הפועלים במחשב זה.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\snmptrap.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Trap Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: Spooler
טעינת קבצים לזיכרון לצורך הדפסה במועד מאוחר יותר.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: srservice
ביצוע תפקידים של שחזור המערכת. כדי להפסיק את השירות, בטל את שחזור המערכת מתוך הכרטיסיה שחזור המערכת ביישום המחשב שלי->מאפיינים
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SSDPSRV
מתן אפשרות לגילוי התקני UPnP ברשת הביתית שלך.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: stisvc
מתן שירותי רכישת תמונות לסורקים ולמצלמות.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SwPrv
‏‏מנהל תמונות רקע של
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{023ED454-7D16-405C-960D-1CA103705C05}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SysmonLog
איסוף נתוני ביצועים ממחשבים מקומיים או מרוחקים לפי פרמטרי תזמון שנקבעו מראש ולאחר מכן כתיבת נתונים אלה ביומן רישום או הפעלת התראה. אם שירות זה מופסק, מידע הביצועים לא ייאסף. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
SERVICE_NAME: TapiSrv
תמיכה ב- TAPI ‏(Telephony API) עבור תוכניות השולטות על התקני טלפוניה והתקשרויות קוליות מבוססות IP במחשב המקומי ובנוסף, באמצעות רשת התקשורת המקומית (LAN), גם בשרתים שהשירות פועל בהם.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: TermService
מאפשר למספר משתמשים להיות מחוברים בצורה אינטראקטיבית למחשב וגם להצגת שולחנות עבודה ויישומים למחשבים המרוחקים. קביעת שולחן העבודה המרוחק ברקע (כולל שולחנות עבודה מרוחקות עבור מנהלים), מעבר מהיר בין משתמשים, סיוע מרחוק , ושרת המסוף.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Themes
מתן אפשרויות ניהול לערכות הנושא המעניקות חוויה למשתמש.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: TrkWks
‏‏אחזקת קישורים בין קבצי NTFS בתוך מחשב או בין מחשבים בקבוצת מחשבים ברשת.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: UMWdf
מאפשר מנהלי התקנים של מצב משתמש של Windows.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: uploadmgr
ניהול העברות קבצים סינכרוניות ואסינכרוניות בין לקוחות ושרתים ברשת. אם פעולתו של שירות זה מופסקת, העברות קבצים סינכרוניות ואסינכרוניות בין לקוחות ושרתים ברשת לא יתבצעו. אם שירות זה מבוטל, לא תהיה אפשרות להפעיל שירותים התלויים בו באופן מפורש.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds
SERVICE_NAME: upnphost
מתן תמיכה באירוח התקני הכנס-הפעל אוניברסלי.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds
SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: VSS
‏‏ניהול ויישום של תמונות רקע של אמצעי אחסון המשמשות לגיבוי ולמטרות נוספות. אם שירות זה יופסק, תמונות לא יהיו זמינות עבור גיבוי והגיבוי עלול להיכשל. אם שירות זה מבוטל, כל שירות התלוי בו באופן מפורש לא יוכל לפעול.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WebClient
מתן אפשרות לתוכניות מבוססות Windows ליצור, לשנות ולקבל גישה לקבצים מבוססי אינטרנט. אם שירות זה מופסק, יכולות אלה לא יהיו זמינות. אם שירות זה מבוטל, הפעלתם של שירותים התלויים בו באופן מפורש לא תתאפשר.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: winmgmt
מתן ממשק משותף ומודל אובייקט כדי לאפשר גישה למידע ניהול אודות מערכת ההפעלה, התקנים, יישומים ושרותים. אם שרות זה מופסק, רוב התוכנות מבוססות Windows לא יפעלו כראוי. אם שרות זה מבוטל, כל שרות התלוי בו מאופן מפורש, לא יוכל לפעול.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WmiApSrv
מתן מידע אודות ספריית ביצועים מספקי WMI HiPerf.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: wuauserv
‏‏מאפשר הורדה והתקנה של עדכוני Windows קריטיים. אם השרות הופך ללא זמין, ניתן לעדכן את מערכת ההפעלה באופן ידני מאתר האינטרנט של Windows Update.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WZCSVC
קביעת תצורה אוטומטית עבור מתאמי 802.11
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

Response Number 18

Name: aviv6371
Date: November 23, 2007 at 13:24:47 Pacific

Reply:

lately i keep getting the alert about leaving the secured area and that everybody can see what i send..and asks me whether i agree or not by checking a box.....its windows xp ..real mess.
i m worried about reaviling mb passwords and codes....
BTW the HJT file log is the same as beginning.
tatyana

Response Number 19

Name: jabuck
Date: November 23, 2007 at 13:25:34 Pacific

Reply:

Yep, nothing unusual.
Download Gmer from this link GMER
Then doubleclick to open it.
Do this in safe mode if it will not run in normal mode.
You will probably get a message that a rootkit has been found. Gmer then asks if you want to perform a full scan. Click No. GMER should have identified in red a service named PE386. Right click on that service and choose "Delete Service" to remove it.
Then close GMER and reboot.

Removal Examples:
Select >>>>>
Click the CMD tab
In the top box paste the following.
gmer -del service pe386
Click Run
Let it finish.
Repeat the scan for each of these items in bold.
gmer -del service huy32
gmer -del service lzx32
gmer -del service msguard
When done, Copy and paste the results back here after executing this.
Restart the computer normally to reset the registry.
If nothing is found contine with the next scan, if something was found post the results along with a new Combofix log.
The log produced by the following scan will be extemely long so if needed make two post to get all the log posted.
Please download WinPFind3u.exe by oldtimer to your desktop and extract all files. It will create a folder named WinPFind3u on your desktop.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
In the Processes group click ALL
In the Win32 Services group click ALL
In the Driver Services group click ALL
In the Registry group click ALL
In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
In the File String Search group select ALL
in the Additional scans sections please press select ALL

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.

Response Number 20

Name: aviv6371
Date: November 23, 2007 at 15:55:41 Pacific

Reply:

WinPFind3 logfile created on: 23/11/2007 22:23:58
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\אביב\שולחן העבודה\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.47 Mb Total Physical Memory | 80.02 Mb Available Physical Memory | 31.32% Memory free
754.08 Mb Paging File | 270.04 Mb Available in Paging File | 35.81% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.71 Gb Free Space | 41.39% Space Free
Drive D: | 55.90 Gb Total Space | 23.63 Gb Free Space | 42.26% Space Free
Drive E: | 522.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded
Computer Name: WORKSTATION
Current User Name: אביב
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 45568 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4096 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 513024 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 260608 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.exe -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 38912 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.2.2600.1106 (xpsp1.020828-1920) | Size = 219648 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 49152 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 53248 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99840 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19456 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.46 | Size = 225280 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 87040 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 120832 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34304 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 153600 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.1106 | Size = 391680 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 82944 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 158720 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 157696 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 20992 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 36352 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 435200 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 158208 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 232960 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 81920 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [uploadmgr] -> File not found
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 165376 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 101376 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Modified Date = 28/01/2005 08:53:20 | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 264704 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.exe -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 44032 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.exe -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 15872 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12288 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 43008 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 163840 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 61952 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1172480 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 41984 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 27/10/2007 13:59:18 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 30/10/2006 18:11:54 | Attr = ]
snmp.exe -> %System32%\snmp.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 29696 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
wdfmgr.exe -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 28/01/2005 01:36:00 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 27/10/2007 13:59:18 | Attr = ]
freeram xp pro 1.40.exe -> %UserDesktop%\FreeRAM XP Pro 1.40.exe -> YourWare Solutions (TM) [Ver = 1.4.0.0 | Size = 1354240 bytes | Modified Date = 30/11/2003 23:13:22 | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 09:19:46 | Attr = ]
[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 41984 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 27/10/2007 13:59:18 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 30/10/2006 18:11:54 | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 5120 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ClipSrv) ClipBook [Win32_Own | On_Demand | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 30720 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 123904 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 4.4.3400 | Size = 32768 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.42 | Size = 6144 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 2.0.2600.1106 | Size = 64512 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NetDDE) Network DDE [Win32_Shared | On_Demand | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 105984 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | On_Demand | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 105984 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 68096 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SCardDrv) Smart Card Helper [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 93184 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 93184 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Schedule) Schedule [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SharedAccess) Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SNMP) SNMP Service [Win32_Own | Auto | Running] -> %System32%\snmp.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 29696 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(SNMPTRAP) SNMP Trap Service [Win32_Own | On_Demand | Stopped] -> %System32%\snmptrap.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8192 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 81408 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 28/01/2005 01:36:00 | Attr = ]
(uploadmgr) Upload Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 16384 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 275456 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 117248 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
[Driver Services - All]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 178816 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.1095 built by: xpsp1 | Size = 142208 bytes | Modified Date = 28/08/2002 23:16:38 | Attr = ]
(AFD) AFD Networking Support Environment [Kernel | Auto | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 131968 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 13568 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86912 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 57216 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 17/08/2001 13:59:44 | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 27/10/2007 13:59:10 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 30/10/2006 18:11:58 | Attr = ]
(Avg7RsXP) AVG7 Rezident Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/02/2007 18:03:28 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 30/10/2006 18:11:56 | Attr = ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Bridge) MAC Bridge [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 68864 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(BridgeMP) MAC Bridge Miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 68864 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\אביב\LOCALS~1\Temp\catchme.sys -> File not found
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 59648 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 47488 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 33792 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 781056 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146432 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 50048 bytes | Modified Date = 17/08/2001 13:59:58 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 2816 bytes | Modified Date = 29/08/2002 01:32:34 | Attr = ]
(eantexhs) eantexhs [Kernel | Unknown | Running] -> -> File not found
(Edspport) EDSP Port Driver [Kernel | On_Demand | Running] -> %System32%\drivers\es56tpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 347550 bytes | Modified Date = 18/09/2001 15:28:40 | Attr = ]
(Fastfat) Fastfat [File_System | Disabled | Running] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 145152 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26240 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19712 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 9856 bytes | Modified Date = 29/08/2002 01:32:44 | Attr = ]
(gmer) gmer [Kernel | System | Running] -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 21/11/2007 20:55:06 | Attr = ]
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 33792 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 49536 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Imapi) CD-Burning Filter Driver [Kernel | System | Stopped] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 39808 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 19584 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 79488 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 57984 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 10496 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 23296 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 159360 bytes | Modified Date = 29/08/2002 01:32:30 | Attr = ]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 79744 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> %System32%\4.tmp -> File not found
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28800 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\motmodem.sys -> Motorola [Ver = 1.6.0.0 built by: WinDDK | Size = 20992 bytes | Modified Date = 13/12/2006 17:52:50 | Attr = ]
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 21888 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(MountMgr) MountMgr [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 37504 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 172672 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 407552 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18048 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 7040 bytes | Modified Date = 29/08/2002 01:27:12 | Attr = ]
(msloop) Microsoft Loopback Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\loop.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4992 bytes | Modified Date = 17/08/2001 13:53:42 | Attr = ]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 5120 bytes | Modified Date = 17/08/2001 13:48:42 | Attr = ]
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 17/08/2001 13:48:46 | Attr = ]
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 104064 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 167552 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 12288 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 87552 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 33152 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 157056 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(netrcacm) RCA USB Digital Cable Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\netrcacm.sys -> Thomson Inc. [Ver = 30.2.24.0 | Size = 20648 bytes | Modified Date = 03/04/2003 01:54:16 | Attr = R ]
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 29568 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Ntfs) Ntfs [File_System | Disabled | Stopped] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 561920 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.13.10.2958 | Size = 891711 bytes | Modified Date = 28/08/2002 23:16:30 | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PartMgr) PartMgr [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 62208 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 115328 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PptpMiniport) WAN Miniport (PPTP)‎ [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 46336 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Processor) Processor Driver [Kernel | System | Running] -> %System32%\drivers\processr.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 32768 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 66048 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 17/11/2005 18:19:30 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Rasl2tp) WAN Miniport (L2TP)‎ [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 48384 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38912 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 163328 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 115976 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 56192 bytes | Modified Date = 29/08/2002 13:03:30 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 14976 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 61184 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 10496 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 13:56:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 5888 bytes | Modified Date = 29/08/2002 01:32:28 | Attr = ]
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 69120 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 330368 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3840 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 17/08/2001 14:00:52 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 56832 bytes | Modified Date = 29/08/2002 02:01:18 | Attr = ]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 332928 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(tdim) tdim [Kernel | Auto | Stopped] -> %System32%\drivers\tdim.sys -> File not found
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11144 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 20232 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 38024 bytes | Modified Date = 29/08/2002 13:17:50 | Attr = ]
(tj2knd5) Terayon Cable Modem (NDIS) [Kernel | On_Demand | Stopped] -> %System32%\drivers\tj2knd5.sys -> MCCI [Ver = V3.21 | Size = 17616 bytes | Modified Date = 14/10/2002 07:40:32 | Attr = R ]
(tj2kunic) Terayon Cable Modem (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\tj2kunic.sys -> MCCI [Ver = V3.21 | Size = 69680 bytes | Modified Date = 14/10/2002 07:40:24 | Attr = R ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 64000 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 137088 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 51968 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(usbsermptxp) Motorola USB Modem Driver for MPT XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbsermptxp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Modified Date = 18/09/2007 18:34:56 | Attr = ]
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 21760 bytes | Modified Date = 29/08/2002 01:32:52 | Attr = ]
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19328 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19712 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(ViaIde) ViaIde [Kernel | Boot | Running] -> %System32%\drivers\viaide.sys -> Microsoft Corporation [Ver = 1.00.01.00 | Size = 4864 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(VIAudio) VIA AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Modified Date = 28/08/2002 23:00:56 | Attr = ]
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 49152 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 33280 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> %System32%\drivers\wdf01000.sys -> Microsoft Corporation [Ver = 1.5.6000.0 (vista_rtm.061101-2205) | Size = 492000 bytes | Modified Date = 02/11/2006 07:22:54 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 77440 bytes | Modified Date = 29/08/2002 02:00:48 | Attr = ]
(WS2IFSL) סביבת תמיכה של ספק שירות Windows Socket 2.0 Non-IFS [Kernel | Disabled | Stopped] -> %System32%\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 27/10/2007 13:59:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
FreeRAM XP -> %UserDesktop%\FreeRAM XP Pro 1.40.exe -> YourWare Solutions (TM) [Ver = 1.4.0.0 | Size = 1354240 bytes | Modified Date = 30/11/2003 23:13:22 | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8303616 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8303616 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 117760 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corpo

Response Number 21

Name: aviv6371
Date: November 23, 2007 at 16:02:00 Pacific

Reply:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> ‏‏מאפשר הורדה והתקנה של עדכוני Windows קריטיים. אם השרות הופך ללא זמין, ניתן לעדכן את מערכת ההפעלה באופן ידני מאתר האינטרנט של Windows Update. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 30/10/2006 18:11:54 | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 07/10/2005 15:05:32 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ ->
"C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Bookmark] -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
"C:\Program Files\Winamp\Winamp.exe" /ADD "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Enqueue] -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
"C:\Program Files\Winamp\Winamp.exe" "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Play] -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 07/10/2005 15:05:32 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 30/10/2006 18:11:54 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 07/10/2005 15:05:32 | Attr = ]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8195 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8194 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Reg Data - Key not found ->
NextId -> 8196 ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> LanmanWorkstation;RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> ‏‏נעשה שימוש ברוחב פס ברשת שאינו פעיל לשם העברת נתונים. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;NLA;RasMan;ALG; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> אספקת שירותי תרגום כתובות רשת, כתובות, זיהוי שמות ו/או מניעת פריצה עבור רשת ביתית או רשת של משרד קטן. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> ‏‏מאפשר הורדה והתקנה של עדכוני Windows קריטיים. אם השרות הופך ללא זמין, ניתן לעדכן את מערכת ההפעלה באופן ידני מאתר האינטרנט של Windows Update. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\System32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 375808 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%systemroot%\system32 -> ->
%systemroot% -> ->
%systemroot%\system32\wbem -> ->
%HTC_PIC%\BIN -> ->
C:\Program Files\QuickTime\QTSystem -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> File not found
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> File not found
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3644.0 | Size = 10752 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> File not found
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> File not found
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8303616 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 265216 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 24064 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
htmlfile [edit] -> Reg Data - Key not found ->
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" %1 -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 31744 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> File not found
inffile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> File not found
inifile [open] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> File not found
inifile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> File not found
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1340928 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 2833920 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.exe %1 -> File not found
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 132608 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.exe /p %1 -> File not found
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 128512 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.exe %1 -> File not found
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.exe /p %1 -> File not found
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> File not found
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 8303616 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1172480 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\Winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\Winamp.exe" /ADD "%1" -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\Winamp.exe" "%1" -> Nullsoft [Ver = 5.094 | Size = 1136640 bytes | Modified Date = 18/07/2005 20:14:00 | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1172480 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1172480 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1172480 bytes | Modified Date = 09/04/2003 12:00:00 | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" %1 -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Modified Date = 09/04/2003 14:00:00 | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->
< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes ->
195.225.177.0,255.255.255.0,10.254.254.254,1 -> ->
195.95.218.0,255.255.255.0,10.254.254.254,1 -> ->
205.177.122.0,255.255.255.0,10.254.254.254,1 -> ->
209.66.114.0,255.255.255.0,10.254.254.254,1 -> ->
69.50.160.0,255.255.255.0,10.254.254.254,1 -> ->
69.50.171.0,255.255.255.0,10.254.254.254,1 -> ->
69.50.175.0,255.255.255.0,10.254.254.254,1 -> ->
69.50.180.0,255.255.255.0,10.254.254.254,1 -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate ->
{3248F0A8-6813-11D6-A77B-00B0D0150030} -> J2SE Runtime Environment 5.0 Update 3 ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 ->
{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2 ->
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3 ->
{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{74EC78BC-B379-4E29-9006-8F161DCAABA6} -> Apple Software Update ->
{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} -> Avanquest update ->
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX ->
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player ->
{8F4507EF-C5F3-46CE-9718-9D3698821333} -> Motorola Driver Installation ->
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime ->
{ABEB838C-A1A7-4C5D-B7E1-8B4314600777} -> MSN Messenger 7.0 ->
{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B} -> Motorola Phone Tools ->
{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1} -> Motorola Phone Tools ->
Ad-Aware SE Personal -> Ad-Aware SE Personal ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
Audio Converter -> River Past Audio Converter ->
AVG7Uninstall -> AVG Free Edition ->
FLV Player2.0 -> FLV Player ->
HijackThis -> HijackThis 2.0.2 ->
IrfanView -> IrfanView (remove only) ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KLiteCodecPack_is1 -> K-Lite Codec Pack 2.27 Full ->
Macromedia Shockwave Player -> Macromedia Shockwave Player ->
MPLAB® IDE -> MPLAB® IDE ->
Office8.0 -> Microsoft Office 97, Professional Edition ->
Panda ActiveScan -> Panda ActiveScan ->
PICC-Lite 9.50PL2 -> HI-TECH PICC-Lite V9.50PL2 ->
Play65 -> Play65 ->
PSpice Student -> PSpice Student 9.1 ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Sophos-AntiRootkit -> Sophos Anti-Rootkit 1.3.1 ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
Virtools3DLifePlayer -> Virtools 3D Life Player ->
Wdf01005 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 ->
Winamp -> Winamp (remove only) ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
WinRAR archiver -> WinRAR archiver ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
System - Error - 18/11/2007 23:34:55 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 18/11/2007 23:45:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 19216810010 for the Network Card with network address 0011E34F93FC has beendenied by the DHCP server 213573518 (The DHCP Server sent a DHCPNACK message)
System - Error - 19/11/2007 00:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 00:59:14 -> Computer Name = WORKSTATION - User Name = (blank) - Source = atapi -> Description = DeviceIdeIdePort1
System - Warning - 19/11/2007 00:59:14 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Cdrom -> Description = DeviceCdRom0 (paging)
System - Error - 19/11/2007 01:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 01:23:39 -> Computer Name = WORKSTATION - User Name = (blank) - Source = atapi -> Description = DeviceIdeIdePort1
System - Warning - 19/11/2007 01:23:39 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Cdrom -> Description = DeviceCdRom0 (paging)
System - Error - 19/11/2007 02:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 03:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At4job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 04:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At5job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 05:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At6job command failed to start due to the following error 2147942402
System - Warning - 19/11/2007 05:45:07 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = USER32 -> Description = -WORKSTATION
System - Error - 19/11/2007 15:27:33 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 19/11/2007 16:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 17:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 18:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 19:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 20:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 21:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 22:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 19/11/2007 23:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 01:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 01:47:21 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 01:50:34 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 20/11/2007 01:51:04 -> Computer Name = WORKSTATION - User Name = WORKSTATION\Administrator - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 20/11/2007 01:51:12 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 20/11/2007 01:51:25 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 20/11/2007 01:51:42 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 20/11/2007 01:51:42 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 20/11/2007 01:51:42 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 20/11/2007 01:51:42 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Avg7CoreAvg7RsWAvg7RsXPFipsIPSecMRxSmbNetBIOSNetBTProcessorRasAcdRdbssTcpip
System - Error - 20/11/2007 01:51:44 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 20/11/2007 01:51:57 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 20/11/2007 02:04:24 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1058 attempting to start the service wuauserv with arguments (null)in order to run the serverE9376CC6-121A-447E-81CF-D8BCC200007C
System - Error - 20/11/2007 02:10:27 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 20/11/2007 02:10:46 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 20/11/2007 02:13:19 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 03:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At4job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 04:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At5job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 14:24:08 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 14:58:58 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 15:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At16job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 15:04:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 15:32:16 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 15:45:11 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 20/11/2007 16:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At17job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 17:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 18:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 19:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 20:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 21:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At22job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 22:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 23:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 20/11/2007 23:48:24 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 01:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Warning - 21/11/2007 01:25:58 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Cdrom -> Description = DeviceCdRom0 (paging)
System - Error - 21/11/2007 01:26:08 -> Computer Name = WORKSTATION - User Name = (blank) - Source = atapi -> Description = DeviceIdeIdePort1
System - Warning - 21/11/2007 01:26:08 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Cdrom -> Description = DeviceCdRom0 (paging)
System - Error - 21/11/2007 01:32:05 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 01:42:34 -> Computer Name = WORKSTATION - User Name = (blank) - Source = netrcacm -> Description = RCA USB Cable Modem Has determined that the adapter is not functioning properly
System - Error - 21/11/2007 01:43:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 01:51:19 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 02:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 15:05:10 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 15:05:10 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 15:08:11 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 15:08:11 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 15:11:13 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 21/11/2007 15:11:43 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 21/11/2007 15:11:49 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 21/11/2007 15:12:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 21/11/2007 15:12:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 21/11/2007 15:12:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 21/11/2007 15:12:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Avg7CoreAvg7RsWAvg7RsXPFipsIPSecMRxSmbNetBIOSNetBTProcessorRasAcdRdbssTcpip
System - Error - 21/11/2007 15:17:40 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service Avg7Alrt with arguments -Servicein order to run the server3486DF65-1D90-406A-A072-30629910F113
System - Error - 21/11/2007 15:18:15 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service Avg7Alrt with arguments -Servicein order to run the server3486DF65-1D90-406A-A072-30629910F113
System - Error - 21/11/2007 15:18:16 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service Avg7Alrt with arguments -Servicein order to run the server3486DF65-1D90-406A-A072-30629910F113
System - Error - 21/11/2007 15:24:14 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1058 attempting to start the service wuauserv with arguments (null)in order to run the serverE9376CC6-121A-447E-81CF-D8BCC200007C
System - Error - 21/11/2007 15:31:37 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 21/11/2007 15:32:13 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service Avg7Alrt with arguments -Servicein order to run the server3486DF65-1D90-406A-A072-30629910F113
System - Error - 21/11/2007 15:32:15 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service Avg7Alrt with arguments -Servicein order to run the server3486DF65-1D90-406A-A072-30629910F113
System - Error - 21/11/2007 16:07:32 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 16:08:51 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 16:08:51 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 16:08:51 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 17:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At18job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 18:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At19job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 18:16:51 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 18:17:36 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 18:17:37 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 18:17:37 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 19:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At20job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 19:37:17 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 19:37:45 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 19:37:45 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 19:37:45 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 20:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At21job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 20:07:07 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 20:07:35 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 20:07:35 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 20:07:35 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 21:00:54 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 21:00:55 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 21/11/2007 21:01:20 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 21/11/2007 21:01:28 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 21/11/2007 21:01:59 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 21/11/2007 21:01:59 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 21/11/2007 21:01:59 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 21/11/2007 21:01:59 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Avg7CoreAvg7RsWAvg7RsXPFipsIPSecMRxSmbNetBIOSNetBTProcessorRasAcdRdbssTcpip
System - Error - 21/11/2007 21:01:59 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 21:02:11 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 21/11/2007 21:07:13 -> Computer Name = WORKSTATION - User Name = (blank) - Source = SRService -> Description =
System - Error - 21/11/2007 21:08:30 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 21/11/2007 21:08:30 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 21/11/2007 21:08:30 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The System Restore Service service terminated with the following error 2
System - Error - 21/11/2007 22:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At23job command failed to start due to the following error 2147942402
System - Error - 21/11/2007 23:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At24job command failed to start due to the following error 2147942402
System - Error - 22/11/2007 00:00:02 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At1job command failed to start due to the following error 2147942402
System - Error - 22/11/2007 00:14:20 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 22/11/2007 00:14:20 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 22/11/2007 01:00:02 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At2job command failed to start due to the following error 2147942402
System - Warning - 22/11/2007 01:30:28 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Server -> Description = The server could not bind to the transport DeviceNetBTTcpip4CA60848-1F72-4526-B9E5-7F37036C5558
System - Error - 22/11/2007 02:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At3job command failed to start due to the following error 2147942402
System - Error - 22/11/2007 02:12:37 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The tdim service failed to start due to the following error 2
System - Error - 22/11/2007 02:12:37 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The NDIS System Controller service terminated with the following error 5
System - Error - 22/11/2007 03:00:00 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At4job command failed to start due to the following error 2147942402
System - Error - 22/11/2007 04:00:01 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Schedule -> Description = The At5job command failed to start due to the following error 2147942402
System - Error - 22/11/2007 14:05:33 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 22/11/2007 14:06:04 -> Computer Name = WORKSTATION - User Name = WORKSTATION\אביב - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service netman with arguments (null)in order to run the serverBA126AE5-2166-11D1-B1D0-00805FC1270E
System - Error - 22/11/2007 14:06:04 -> Computer Name = WORKSTATION - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = DCOM got error 1084 attempting to start the service EventSystem with arguments (null)in order to run the server1BE1F766-5536-11D1-B726-00C04FB926AF
System - Error - 22/11/2007 14:06:49 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 22/11/2007 14:06:49 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 22/11/2007 14:06:49 -> Computer Name = WORKSTATION - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 22/11/2007 14:06:49 -> Computer Name = WORKSTATION - User Name = (bla

Response Number 22

Name: aviv6371
Date: November 23, 2007 at 17:05:53 Pacific

Reply:

hi jabuck!!
i really dont know how u going to find what important in this mess, but i wish u good luck!!!
i m sure that the infection was carrried out at 21.11 .
as i said before the infected files are kbddvq.dll and wmic.dll and the file gojcfgfa.sys is suspecius.
tatyana

Response Number 23

Name: jabuck
Date: November 23, 2007 at 23:27:29 Pacific

Reply:

Start WinPFind3U. Copy/Paste the information between the x's below into the pane where it says "Paste fix here" and then click the Run Fix button.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (catchme) catchme [Kernel | On_Demand | Running] -> %SystemDrive%\DOCUME~1\THERUL~1\LOCALS~1\Temp\catchme.sys
YY -> (eantexhs) eantexhs [Kernel | Unknown | Running]
[Files/Folders - Created Within 60 days]
ny -> kbddvq.dll -> %System32%\kbddvq.dll
ny -> wmic.dll -> %System32%\wmic.dll
[Empty Temp Folders]
[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Post a new Hijack This log please.

Sponsored Link

Ads by Google

whataboutadog.com & T...

Help! Virus problem

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: virus attack!please help

Virus Attack. Please help!

Summary

www.computing.net/answers/security/virus-attack-please-help/6631.html

virus problems, please help!!

Summary

www.computing.net/answers/security/virus-problems-please-help/13830.html

Virus Again? Please Help!

Summary

www.computing.net/answers/security/virus-again-please-help/10452.html

From the Geek Dictionary
Gaming Console - a computer whose design is geared toward performance for games

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
Get a certain line in file

Booting Macbook from Ubuntu Cd

factory restore

Windows XP Virtual Disk

Q. about hooking up 360 to PC monitor.

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE