Author Topic: Computer messed up! (Read 7681 times)

waterburn · « **Reply #60 on:** April 02, 2008, 02:53:58 PM »

Hi,

Your plan worked until it started restarting and then setup continued during boot. During boot it needed the Windows 2000 CD again. But there is a file on drive C:\ called $WIN_NT$.~BT with the boot files (I think)

Waterburn

waterburn · « **Reply #61 on:** April 02, 2008, 04:51:29 PM »

Hi,

I am also wondering if you can somehow change the source of where the windows 2000 files/windows 2000 CD is on the bootable floppies. Because you can for Windows NT by editing a certain file. Remember I do have the windows 2000 CD files but not the actual CD.

Thanks!

Waterburn

waterburn · « **Reply #62 on:** April 03, 2008, 08:28:55 PM »

Hi,

I managed to get the Windows 2000 Professional CD. I did a full repair and all the problems were fixed! The RPC, Windows Installer and Print Spooler services were started! I did a few updates and installed the sygate firewall as you suggested. Now I am reinstalling my printer. But there are MORE problems! Here they are:

1)The low memory message keeps poping up at the start even though I have plenty of availible RAM from task manager

2)The colors sometimes change after starting (boxes,windows)

3)The computer restarts after a certain amount of time by itself

Thanks so much!!

Waterburn

waterburn · « **Reply #63 on:** April 03, 2008, 09:26:41 PM »

Hi,

The printer is sucessfully installed. Now I am looking further into the restart problem. The monitors turns black and the next second you notice your starting up again. I wouldn't say it restarts at totally random times, you could almost say it restarts every 10 minutes or so. I checked the system event logs and here are some of the entries I found close to the restart time with a red 'X'

ç”±äºŽä¸‹åˆ—é”™è¯¯ï¼ŒRemote Procedure Call (RPC) æœåŠ¡å¯åŠ¨å¤±è´¥:
The system cannot find the file specified.

ä¸Ž Print Spooler æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž LexBce Server æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Automatic LiveUpdate Scheduler æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Background Intelligent Transfer Service æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž Logical Disk Manager æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

ä¸Ž COM+ Event System æœåŠ¡ç›¸ä¾çš„ Remote Procedure Call (RPC) æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œæ— æ³•å¯åŠ¨:
The system cannot find the file specified.

It seems to all be pointing at Remote Procedure Call (RPC) And I thought everything was fixed!

The RPC thing is pretty annoying!

Everything else is fine, but restarting every 5 minutes isn't very helpful!

Thanks!

Waterburn

guestolo · « **Reply #64 on:** April 03, 2008, 10:59:36 PM »

Can I see a fresh hijackthis log?

Also, are you sure the computer is not overheating, when was the last time you cleaned the inside of the computer out of dust, etc..?

waterburn · « **Reply #65 on:** April 04, 2008, 08:24:27 AM »

Hi,

Since the computer keeps on restarting, I went to safe mode with networking. It seems to never restart here. This could mean it is not a hardware but a software problem. If you want me to do anything in Normal mode, I can do it except it better be quick before it restarts. I rechecked the system event logs and I found that the entries I posted were from before things were fixed. Here are the logs for after things were fixed:

1) IP æ— æ³•æ‰“å¼€é€‚é…å™¨ TCPIP\Parameters\Adapters\NDISWANIP çš„æ³¨å†Œè¡¨é¡¹ã€‚ æœ¬é€‚é…å™¨ä¸Šçš„ç•Œé¢ä¸ä¼šåˆå§‹åŒ–ã€‚

2) Remote Access Connection Manager æœåŠ¡å› ä¸‹åˆ—é”™è¯¯è€Œåœæ¢:
Access is denied.

3)Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.

There is like about 100 more entries with red a 'X' but they are a repetition of the last two messages.

*REMEMBER* Everything else is fixed so I can copy and post... all that. This means I can go back to previous posts and do things i couldn't do. Eg. Online Kaspersky Scan... etc. By the way I am doing Online Kaspersky scan right now. Looks like it will take a long time.

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:57 AM, on 04/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [LexInstall] C:\WINNT\System32\spool\DRIVERS\W32X86\3\lexgo.exe LXBBPSWX.EXE /F=Lexmark X74-X75 /T=400
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java

?Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6041 bytes

Thanks!

Waterburn

waterburn · « **Reply #66 on:** April 04, 2008, 09:18:19 AM »

Hi,

Now I am starting to notice problems in Internet Explorer. While going on some sites, an error message shows up saying iexplore.exe has generated errors and will be closed by windows. You will need to restart the program. An error log is being created. The Internet window is then closed. Sometimes another message pops up also saying Internet Explorer needs to be restarted. Here's an image of the error message: http://support.microsoft.com/library/image...rtingDialog.gif And also a lot of the times you see a little yellow triangle with a '!' in it at the bottom left hand corner. Beside the symbol there is sometimes words that say 'Done, but with errors on page.' This is for almost every site. I recently, after the restore, updated Internet Explorer 5 -> Internet Explorer 6 SP1. I can't update to IE 7 since it is for XP. Another thing is I can't use Microsoft Update.

"Problems are fixed but more appear"

Thanks!

Waterburn

waterburn · « **Reply #67 on:** April 04, 2008, 05:15:31 PM »

Hi,

Here's the Kaspersky Online Scan Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 04, 2008 6:34:49 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/04/2008
Kaspersky Anti-Virus database records: 681582
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Scan Statistics:
   Total number of scanned objects: 41837
   Number of viruses found: 2
   Number of infected objects: 4
   Number of suspicious objects: 0
   Duration of the scan process: 03:27:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Temporary Internet Files\Content.IE5\TU2XI24O\index[1].htm   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\catchme.zip/kdgcl.exe   Infected: Trojan.Win32.DNSChanger.iu   skipped
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\catchme.zip   ZIP: infected - 1   skipped
C:\WINNT\system32\config\software.LOG   Object is locked   skipped
C:\WINNT\system32\config\default.LOG   Object is locked   skipped
C:\WINNT\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINNT\system32\config\SYSTEM.ALT   Object is locked   skipped
C:\WINNT\system32\config\SAM.LOG   Object is locked   skipped
C:\WINNT\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINNT\system32\config\SECURITY   Object is locked   skipped
C:\WINNT\system32\config\SOFTWARE   Object is locked   skipped
C:\WINNT\system32\config\SYSTEM   Object is locked   skipped
C:\WINNT\system32\config\DEFAULT   Object is locked   skipped
C:\WINNT\system32\config\SAM   Object is locked   skipped
C:\WINNT\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINNT\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINNT\CSC\00000001   Object is locked   skipped
C:\SDFix\backups\backups.zip/backups/AutoUpdateWin32.exe   Infected: not-a-virus:AdWare.Win32.Agent.ed   skipped
C:\SDFix\backups\backups.zip   ZIP: infected - 1   skipped
E:\Zoo Tycoon Complete Collection\rzr-ztcc2.bin   Object is locked   skipped

Scan process completed.

*Don't forget to check the above posts.*

Thanks!

Waterburn

guestolo · « **Reply #68 on:** April 04, 2008, 09:04:28 PM »

Can you do the following, I still see a service(s) running that does not look right

Download and save to desktop
getservices.zip
Extract the folder within to your desktop

Open the folder and double click on getservice.bat
Post the contents of the log that opens

waterburn · « **Reply #69 on:** April 04, 2008, 09:27:26 PM »

Hi,

Here is the log:

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
é€šçŸ¥æ‰€é€‰ç”¨æˆ·å’Œè®¡ç®—æœºæœ‰å…³ç³»ç»Ÿç®¡ç†çº§è¦æŠ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Alerter
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
æä¾›è½¯ä»¶å®‰è£…æœåŠ¡ï¼Œè¯¸å¦‚åˆ†æ´¾ï¼Œå‘è¡Œä»¥åŠåˆ é™¤ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Application Management
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Automatic LiveUpdate Scheduler
Manages the scheduling of Automatic LiveUpdate sessions
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Automatic LiveUpdate Scheduler
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AVG Anti-Spyware Guard
(null)
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : AVG Anti-Spyware Guard
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
ç”¨é—²ç½®ç½‘ç»œå¸¦å®½åœ¨åŽå°ä¼ è¾“æ–‡ä»¶ã€‚å¦‚æžœæ¤æœåŠ¡è¢«ç¦ç”¨ï¼Œé‚£ä¹ˆä»
»ä½•ä¾èµ–äºŽ BITS çš„åŠŸèƒ½ï¼Œä¾‹å¦‚ Windows Update æˆ– MSN Explorerï¼Œéƒ½å°†ä¸èƒ½è‡ªåŠ¨ä¸‹è½½ç¨‹åºå’Œå…¶å®ƒä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k BITSgroup
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Background Intelligent Transfer Service
   DEPENDENCIES    : Rpcss
          : SENS
          : Wmi
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
ç»´æŠ¤ç½‘ç»œä¸Šè®¡ç®—æœºçš„æœ€æ–°åˆ—è¡¨ä»¥åŠæä¾›è¿™ä¸ªåˆ—è¡¨ç»™è¯·æ±‚çš„ç¨‹åº
ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Computer Browser
   DEPENDENCIES    : LanmanWorkstation
          : LanmanServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
(null)
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\cisvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Indexing Service
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
æ”¯æŒâ€œå‰ªè´´ç°¿æŸ¥çœ‹å™¨â€ï¼Œä»¥ä¾¿å¯ä»¥ä»Žè¿œç¨‹å‰ªè´´ç°¿æŸ¥é˜…å‰ªè´´é¡µé
¢ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : ClipBook
   DEPENDENCIES    : NetDDE
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
é€šè¿‡æ³¨å†Œå’Œæ›´æ”¹ IP åœ°å€ä»¥åŠ DNS åç§°æ¥ç®¡ç†ç½‘ç»œé…ç½®ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DHCP Client
   DEPENDENCIES    : Tcpip
          : Afd
          : NetBT
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
ç£ç›˜ç®¡ç†è¯·æ±‚çš„ç³»ç»Ÿç®¡ç†æœåŠ¡
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager Administrative Service
   DEPENDENCIES    : RpcSs
          : PlugPlay
          : DmServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
é€»è¾‘ç£ç›˜ç®¡ç†å™¨ç›‘è§†ç‹—æœåŠ¡
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Logical Disk Manager
   DEPENDENCIES    : RpcSs
          : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
è§£æžå’Œç¼“å†²åŸŸåç³»ç»Ÿ (DNS) åç§°ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : DNS Client
   DEPENDENCIES    : Tcpip
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
è®°å½•ç¨‹åºå’Œ Windows å‘é€çš„äº‹ä»¶æ¶ˆæ¯ã€‚äº‹ä»¶æ—¥å¿—åŒ…å«å¯¹è¯Šæ–é—®é¢˜æœ‰æ‰€å¸®åŠ©çš„ä¿¡æ¯ã€
‚æ‚¨å¯ä»¥åœ¨â€œäº‹ä»¶æŸ¥çœ‹å™¨â€ä¸æŸ¥çœ‹æŠ¥å‘Šã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : Event log
   TAG       : 0
   DISPLAY_NAME    : Event Log
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
æä¾›äº‹ä»¶çš„è‡ªåŠ¨å‘å¸ƒåˆ°è®¢é˜… COM ç»„ä»¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : COM+ Event System
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
å¸®åŠ©æ‚¨å‘é€å’ŒæŽ¥æ”¶ä¼ çœŸ
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Fax Service
   DEPENDENCIES    : TapiSrv
          : RpcSs
          : PlugPlay
          : Spooler
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : InstallDriver Table Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
æä¾› RPC æ”¯æŒã€æ–‡ä»¶ã€æ‰“å°ä»¥åŠå‘½åç®¡é“å…±äº«ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Server
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
æä¾›ç½‘ç»œé“¾ç»“å’Œé€šè®¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\services.exe
   LOAD_ORDER_GROUP : NetworkProvider
   TAG       : 0
   DISPLAY_NAME    : Workstation
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LexBceS
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\LEXBCES.EXE
   LOAD_ORDER_GROUP : SpoolerGroup
   TAG       : 0
   DISPLAY_NAME    : LexBce Server
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : LiveUpdate
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
å…è®¸å¯¹â€œTCP/IP ä¸Š NetBIOS (NetBT)â€æœåŠ¡ä»¥åŠ NetBIOS åç§°è§£æžçš„æ”¯æŒã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : TCP/IP NetBIOS Helper Service
   DEPENDENCIES    : NetBT
          : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
å‘é€å’ŒæŽ¥æ”¶ç³»ç»Ÿç®¡ç†å‘˜æˆ–è€…â€œè¦æŠ¥å™¨â€æœåŠ¡ä¼ é€’çš„æ¶ˆæ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Messenger
   DEPENDENCIES    : LanmanWorkstation
          : NetBIOS
          : RpcSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
å…è®¸æœ‰æƒé™çš„ç”¨æˆ·ä½¿ç”¨ NetMeeting è¿œç¨‹è®¿é—® Windows æ¡Œé¢ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NetMeeting Remote Desktop Sharing
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
å¹¶åˆ—äº‹åŠ¡ï¼Œæ˜¯åˆ†å¸ƒäºŽä¸¤ä¸ªä»¥ä¸Šçš„æ•°æ®åº“ï¼Œæ¶ˆæ¯é˜Ÿåˆ—ï¼Œæ–‡ä»¶ç³»ç»
Ÿï¼Œæˆ–å…¶å®ƒäº‹åŠ¡ä¿æŠ¤èµ„æºç®¡ç†å™¨ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
   LOAD_ORDER_GROUP : MS Transactions
   TAG       : 0
   DISPLAY_NAME    : Distributed Transaction Coordinator
   DEPENDENCIES    : RPCSS
          : SamSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\MsiExec.exe /V
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Installer
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
æä¾›åŠ¨æ€æ•°æ®äº¤æ¢ (DDE) çš„ç½‘ç»œä¼ è¾“å’Œå®‰å…¨ç‰¹æ€§ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
   LOAD_ORDER_GROUP : NetDDEGroup
   TAG       : 0
   DISPLAY_NAME    : Network DDE
   DEPENDENCIES    : NetDDEDSDM
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
ç®¡ç†ç½‘ç»œ DDE çš„å…±äº«åŠ¨æ€æ•°æ®äº¤æ¢
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network DDE DSDM
   DEPENDENCIES    :
          : EGrLocalSystem
          : Network DDE DSDM
          : etwork DDE
          : ted Transaction Coordinator
          : river Table Manar
          :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
æ”¯æŒç½‘ç»œä¸Šè®¡ç®—æœº pass-through å¸æˆ·ç™»å½•èº«ä»½éªŒè¯äº‹ä»¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP : RemoteValidation
   TAG       : 0
   DISPLAY_NAME    : Net Logon
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
ç®¡ç†â€œç½‘ç»œå’Œæ‹¨å·è¿žæŽ¥â€æ–‡ä»¶å¤¹ä¸å¯¹è±¡ï¼Œåœ¨å…¶ä¸æ‚¨å¯ä»¥æŸ¥çœ‹å±
€åŸŸç½‘å’Œè¿œç¨‹è¿žæŽ¥ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Network Connections
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
ä¸ºä½¿ç”¨ä¼ è¾“åè®®è€Œä¸æ˜¯å‘½åç®¡é“çš„è¿œç¨‹è¿‡ç¨‹è°ƒç”¨(RPC)ç¨‹åºæä¾›
å®‰å…¨æœºåˆ¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : NT LM Security Support Provider
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
ç®¡ç†å¯ç§»åŠ¨åª’ä½“ã€é©±åŠ¨ç¨‹åºå’Œåº“ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Removable Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
ç®¡ç†è®¾å¤‡å®‰è£…ä»¥åŠé…ç½®ï¼Œå¹¶ä¸”é€šçŸ¥ç¨‹åºå…³äºŽè®¾å¤‡æ›´æ”¹çš„æƒ…å†µã€
‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP : PlugPlay
   TAG       : 0
   DISPLAY_NAME    : Plug and Play
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
ç®¡ç† IP å®‰å…¨ç–ç•¥ä»¥åŠå¯åŠ¨ ISAKMP/Oakley (IKE) å’Œ IP å®‰å…¨é©±åŠ¨ç¨‹åºã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : IPSEC Policy Agent
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Prime95 Service
GIMPS client to find large prime numbers
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Prime95\Prime95.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Prime95 Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
æä¾›å¯¹æ•æ„Ÿæ•°æ®(å¦‚ç§é’¥)çš„ä¿æŠ¤æ€§å˜å‚¨ï¼Œä»¥ä¾¿é˜²æ¢æœªæŽˆæƒçš„æœ
åŠ¡ï¼Œè¿‡ç¨‹æˆ–ç”¨æˆ·å¯¹å…¶çš„éžæ³•è®¿é—®ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Protected Storage
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
æ— è®ºä»€ä¹ˆæ—¶å€™å½“æŸä¸ªç¨‹åºå¼•ç”¨ä¸€ä¸ªè¿œç¨‹ DNS æˆ– NetBIOS åæˆ–è€…åœ°å€å°±åˆ›å»ºä¸€ä¸ªåˆ°è¿œç¨‹ç½‘ç»œçš„è¿žæŽ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\systom32\svchost.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Auto Connection Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
åˆ›å»ºç½‘ç»œè¿žæŽ¥ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Access Connection Manager
   DEPENDENCIES    : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
åœ¨å±€åŸŸç½‘ä»¥åŠå¹¿åŸŸç½‘çŽ¯å¢ƒä¸ä¸ºä¼ä¸šæä¾›è·¯ç”±æœåŠ¡ã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Routing and Remote Access
   DEPENDENCIES    : RpcSS
          : +NetBIOSGroup
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
å…è®¸è¿œç¨‹æ³¨å†Œè¡¨æ“ä½œã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Registry Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
ç®¡ç† RPC åç§°æœåŠ¡æ•°æ®åº“ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC) Locator
   DEPENDENCIES    : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (RPC)
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RPCT
Manages local network connections.
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\Program Files\NetMeeting\mstinit.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Remote Procedure Call (TPM)
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RSVP
ä¸ºä¾èµ–è´¨é‡æœåŠ¡(QoS)çš„ç¨‹åºå’ŒæŽ§åˆ¶åº”ç”¨ç¨‹åºæä¾›ç½‘ç»œä¿¡å·å’Œæœ¬
åœ°é€šä¿¡æŽ§åˆ¶å®‰è£…åŠŸèƒ½ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : QoS RSVP
   DEPENDENCIES    : TcpIp
          : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
å˜å‚¨æœ¬åœ°ç”¨æˆ·å¸æˆ·çš„å®‰å…¨ä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Security Accounts Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
æä¾›å¯¹è¿žæŽ¥åˆ°è®¡ç®—æœºä¸Šæ—§å¼æ™ºèƒ½å¡çš„æ”¯æŒã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Smart Card Helper
   DEPENDENCIES    : +Smart Card Reader
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
å¯¹æ’å…¥åœ¨è®¡ç®—æœºæ™ºèƒ½å¡é˜…è¯»å™¨ä¸çš„æ™ºèƒ½å¡è¿›è¡Œç®¡ç†å’Œè®¿é—®æŽ§åˆ
¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Smart Card
   DEPENDENCIES    : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Schedule
å…è®¸ç¨‹åºåœ¨æŒ‡å®šæ—¶é—´è¿è¡Œã€‚
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Task Scheduler
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
åœ¨ä¸åŒå‡æ®ä¸‹å¯ç”¨å¯åŠ¨è¿‡ç¨‹
   TYPE       : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : RunAs Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
è·Ÿè¸ªç³»ç»Ÿäº‹ä»¶ï¼Œå¦‚ç™»å½• Windowsï¼Œç½‘ç»œä»¥åŠç”µæºäº‹ä»¶ç‰ã€‚å°†è¿™äº›äº‹ä»¶é€šçŸ¥ç»™ COM+ äº‹ä»¶ç³»ç»Ÿ â€œè®¢é˜…è€…(subscriber)â€ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : Network
   TAG       : 0
   DISPLAY_NAME    : System Event Notification
   DEPENDENCIES    : EventSystem
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
ä¸ºé€šè¿‡æ‹¨å·ç½‘ç»œè¿žæŽ¥çš„å®¶åºç½‘ç»œä¸æ‰€æœ‰è®¡ç®—æœºæä¾›ç½‘ç»œåœ°å€è½
¬æ¢ã€å®šå€ä»¥åŠåç§°è§£æžæœåŠ¡ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Internet Connection Sharing
   DEPENDENCIES    : RasMan
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SmcService
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\Program Files\Sygate\SPF\smc.exe
   LOAD_ORDER_GROUP : NDIS
   TAG       : 0
   DISPLAY_NAME    : Sygate Personal Firewall
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
å°†æ–‡ä»¶åŠ è½½åˆ°å†…å˜ä¸ä»¥ä¾¿è¿ŸåŽæ‰“å°ã€‚
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
   LOAD_ORDER_GROUP : SpoolerGroup
   TAG       : 0
   DISPLAY_NAME    : Print Spooler
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: StiSvc
(null)
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Still Image Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
é…ç½®æ€§èƒ½æ—¥å¿—å’Œè¦æŠ¥ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Performance Logs and Alerts
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
æä¾› TAPI çš„æ”¯æŒï¼Œä»¥ä¾¿ç¨‹åºæŽ§åˆ¶æœ¬åœ°è®¡ç®—æœºï¼ŒæœåŠ¡å™¨ä»¥åŠ LAN ä¸Šçš„ç”µè¯è®¾å¤‡å’ŒåŸºäºŽ IP çš„è¯éŸ³è¿žæŽ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Telephony
   DEPENDENCIES    : PlugPlay
          : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TlntSvr
å…è®¸è¿œç¨‹ç”¨æˆ·ç™»å½•åˆ°ç³»ç»Ÿå¹¶ä¸”ä½¿ç”¨å‘½ä»¤è¡Œè¿è¡ŒæŽ§åˆ¶å°ç¨‹åºã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Telnet
   DEPENDENCIES    : RpcSs
          : TcpIp
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
å½“æ–‡ä»¶åœ¨ç½‘ç»œåŸŸçš„ NTFS å·ä¸ç§»åŠ¨æ—¶å‘é€é€šçŸ¥ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Distributed Link Tracking Client
   DEPENDENCIES    : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UPS
ç®¡ç†è¿žæŽ¥åˆ°è®¡ç®—æœºçš„ä¸é—´æ–ç”µæº(UPS)ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Uninterruptible Power Supply
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UtilMan
ä»Žä¸€ä¸ªçª—å£ä¸å¯åŠ¨å’Œé…ç½®è¾…åŠ©å·¥å…·
   TYPE       : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Utility Manager
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
è®¾ç½®è®¡ç®—æœºæ—¶é’Ÿã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Time
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WinMgmt
æä¾›ç³»ç»Ÿç®¡ç†ä¿¡æ¯ã€‚
   TYPE       : 10 WIN32_OWN_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 0 IGNORE
   BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Management Instrumentation
   DEPENDENCIES    : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS    : Restart   DELAY: 60000 seconds
          : Restart   DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 4 DISABLED
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Portable Media Serial Number Service
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
ä¸Žé©±åŠ¨ç¨‹åºé—´äº¤æ¢ç³»ç»Ÿç®¡ç†ä¿¡æ¯ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : Windows Management Instrumentation Driver Extensions
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
å¯ç”¨ä¸‹è½½å’Œå®‰è£… Windows æ›´æ–°ã€‚å¦‚æžœæ¤æœåŠ¡è¢«ç¦ç”¨ï¼Œè¿™å°è®¡ç®—æœºå°†æ— æ³•ä½¿ç”¨â€œè‡ªåŠ¨æ›´æ–
°â€åŠŸèƒ½å’Œ Windows Update ç½‘ç«™ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 2 AUTO_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
   LOAD_ORDER_GROUP :
   TAG       : 0
   DISPLAY_NAME    : è‡ªåŠ¨æ›´æ–°
   DEPENDENCIES    :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
ä½¿ç”¨ IEEE 802.1x ä¸ºæœ‰çº¿å’Œæ— çº¿ä»¥å¤ªç½‘ç»œæä¾›èº«ä»½éªŒè¯çš„ç½‘ç»œè®¿é—®æŽ§åˆ¶ã€‚
   TYPE       : 20 WIN32_SHARE_PROCESS
   START_TYPE    : 3 DEMAND_START
   ERROR_CONTROL    : 1 NORMAL
   BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP : TDI
   TAG       : 0
   DISPLAY_NAME    : Wireless Configuration
   DEPENDENCIES    : RpcSs
          : Ndisuio
          : ProtectedStorage
          : WMI
   SERVICE_START_NAME: LocalSystem

Thanks!

Waterburn

guestolo · « **Reply #70 on:** April 04, 2008, 10:42:13 PM »

Can you download the ZIP file I attached to desktop
Then Unzip the contents to desktop
Double click on find_stuff.bat

A folder called Files will be produced on desktop
Open it and copy>>paste back here the contents of look1.txt

waterburn · « **Reply #71 on:** April 05, 2008, 08:44:28 AM »

Hi,

Only one file was extracted from the zip. The file had no extension. So I tried changing its name to .bat but only a black box with (I believe) its location. I couldn't open the zip file for some reason.

Waterburn

guestolo · « **Reply #72 on:** April 05, 2008, 11:12:58 AM »

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy ALL the BLUE text below
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find_stuff.bat

Save this file on the desktop
Then follow my instructions earlier to run and post the log

[color=\"#0000FF\"]If not Exist files MkDir Files

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs >files\ok1.txt

regedit /a files\ok1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto >files\ok2.txt

regedit /a files\ok2.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM >files\ok3.txt

regedit /a files\ok3.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM"

echo doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT >files\ok4.txt

regedit /a files\ok4.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT"

cd files

copy *.txt = look.txt

del ok*.txt

Echo REGEDIT4 > compare.txt

Type look.txt | find /v /i "REGEDIT4" >> compare.txt
Type compare.txt | find /i "doesn't exist " >> compare2.txt
Type compare.txt | find /v /i "doesn't exist" >> compare1.txt

Echo ----------------------- >compare3.txt
Echo ----------------------- >> compare3.txt

del compare.txt

Copy compare2.txt + compare3.txt + compare1.txt = look1.txt

del look.txt
del compare2.txt
del compare1.txt
del compare3.txt[/color]

waterburn · « **Reply #73 on:** April 05, 2008, 12:30:03 PM »

Hi,

I had to do another system restore. A message popped up before log in that had three words in English, the rest in Chinese: Services.exe, IsWellKnownSid, ADVAPI32.dll. Then after pressing 'OK' for that message, another message popped up with three things in English: NT AUTHORITY\SYSTEM, 1 minute count down untill shut down and C:\WINNT\system32\services.exe. The message was similar to this one http://www.pchell.com/images/sasser2.gif except the process was different and I think the message was different. Then in 1 minute the system restarted.

Here's the log:

doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,72,70,63,73,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,70,63,73,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,03,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
01,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,03,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,03,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,03,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,6f,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,00
"DisplayName"="Remote Access Auto Connection Manager"
"ObjectName"="LocalSystem"
"Description"="

?? DNS ? NetBIOS

?"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\Enum]
"0"="Root\\LEGACY_RASAUTO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4e,65,74,\
4d,65,65,74,69,6e,67,5c,6d,73,74,69,6e,69,74,2e,65,78,65,00
"DisplayName"="Remote Procedure Call (TPM)"
"ObjectName"="LocalSystem"
"Description"="Manages local network connections."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,65,00,74,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,00,00,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\
00,05,20,00,00,00,23,02,00,00,00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCT\Enum]
"0"="Root\\LEGACY_RPCT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

*NOTE* The Internet crashes on certain sites. Also the buttons for posting in this forum is back. The attaching, font, color, smiley faces...etc. buttons are back. Before there was only a box for typing and post icons.

I have to type fast before it restarts again!

Thanks!

Waterburn

guestolo · « **Reply #74 on:** April 05, 2008, 12:57:00 PM »

When you restart the computer
What happens when you go to START>>RUN..
Type in cmd
Hit OK

Then type
SHUTDOWN /A

Notice the space after the N but before the /

Hit ENTER
Does this disable shutdown
You may not have the Resource kit installed, so it may not work
But if it does, we can go from there

NOTE: you must try and refrain from running in Safe mode with Networking if possible
An applied patch and no firewall running will keep you reinfected

guestolo · « **Reply #75 on:** April 05, 2008, 01:17:39 PM »

I have to leave for awhile
If possible, download the following

You need to patch this computer from Microsoft
Download the patch from here and save to desktop

Here's a direct link
Click HERE

Next:
Download Stinger from McAfee
Again save to desktop

If you don't have enough time to download those 2
Use another computer and transfer them to this one

Reboot to Safe mode ONLY
Run the applied patch from Microsoft
Then run Stinger

Reboot back to Normal Windows and post a fresh Hijackthis log

waterburn · « **Reply #76 on:** April 05, 2008, 04:40:58 PM »

Hi,

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:53 PM, on 05/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\mobsync.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ã€Œå¼€å§‹ã€èœå•\ç¨‹åº\å¯åŠ¨\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java

?Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6453 bytes

Waterburn

guestolo · « **Reply #77 on:** April 06, 2008, 12:39:52 AM »

Can you do the following for me
Do a "System scan only" with Hijackthis and put a check next to these entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in windows

Delete your version of Combofix on desktop
REDownload this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the new log from ComboFix and a new hijackthis log

waterburn · « **Reply #78 on:** April 06, 2008, 09:04:47 AM »

Hi,

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:09 AM, on 06/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Prime95\Prime95.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator.GU-3R3LEUQBGPNO\ã€Œå¼€å§‹ã€èœå•\ç¨‹åº\å¯åŠ¨\bittorrent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\conime.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\.DEFAULT\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java

?Ã¬Â¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINNT\systom32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (TPM) (RPCT) - Unknown owner - C:\Program Files\NetMeeting\mstinit.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5958 bytes

The combofix log is too big to post and also too big to attach it is over 800KB.

[color=\"#0000ff\"]Thanks! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
[/color]
Waterburn

*

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> *

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> *

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' /> *

guestolo · « **Reply #79 on:** April 06, 2008, 05:39:57 PM »

Can you upload the file to something like RapidShare and post the link here
http://rapidshare.com/

News:

Author Topic: Computer messed up! (Read 7681 times)