xp is all messed up help

M

Mack

HI i have a virus i think it's funlove but my antivirus
norton systemworks can't detect nothing i looked in the
regestery and it's a mess !!!!all the data has been
changed and some added i'll give you an exemple below ,in
control pannel system tab avancée in french where you
have performence user profile etc.. at then end of that
page you have variable d'environnement and rapport
d'erreur on varriable d'environementi have bogus info i
have a pentium4 processor 478 pin ppga fc-pga2 here the
info on xp:
variable système
comspec c:\windows\system32\cmd.exe
number of processors 1
os NT
path c:\windows\system32 ; c:\windows\system32\wbem
pathext com;exe;bat;cmd;vbs;vbe;js;jse;wsf;wsh
processor architecture x86
processor identifier x86 famaly 15 model 2 stepping
9 ,genuine intel
processorlevel 15
processor revision 00209

this is wrong it says my cpu socket is populated my
memory socket is RAS1 socet 2 RAS2 etc...
i lost administrator rights ,servers are created on my
machine ......

here's the wbem on the registery ty for your time and help

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM]
"Installation Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\

00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,6
5,00,6d,00,33,00,\
32,00,5c,00,57,00,42,00,45,00,4d,00,00,00
"MOF Self-Install Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,\

52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,0
0,65,00,6d,00,33,\

00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,4d,00,4f,00,4
6,00,00,00
"Build"="2600.0000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"ADAPDelay"=dword:000000f0
"Default Repository Driver"="{7998dc37-d3fe-487c-a60a-
7701fcc70cc6}"
"EnableEvents"="1"
"Logging"="1"
"Logging Directory"="C:\\WINDOWS\\system32\\WBEM\\Logs\\"
"Repository Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\

6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,0
0,6d,00,33,00,32,\

00,5c,00,57,00,42,00,45,00,4d,00,5c,00,52,00,65,00,70,00,6
f,00,73,00,69,00,\
74,00,6f,00,72,00,79,00,00,00
"TimeOutMs"="20000"
"WMISetup"="0"
"Working Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\

00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6
d,00,33,00,32,00,\
5c,00,57,00,42,00,45,00,4d,00,00,00
"Log File Max Size"="65536"
"SetupDate"="lundi 19 janvier 2004 GMT"
"SetupTime"="04:31:32 GMT"
"Unchecked Task Count"=dword:00000032
"Autorecover MOFs"=hex
(7):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\

00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3
2,00,5c,00,57,00,\

42,00,45,00,4d,00,5c,00,63,00,69,00,6d,00,77,00,69,00,6e,0
0,33,00,32,00,2e,\

00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4
e,00,44,00,4f,00,\

57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,0
0,32,00,5c,00,57,\

00,42,00,45,00,4d,00,5c,00,63,00,69,00,6d,00,77,00,69,00,6
e,00,33,00,32,00,\

2e,00,6d,00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,0
0,4e,00,44,00,4f,\

00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,3
3,00,32,00,5c,00,\

57,00,42,00,45,00,4d,00,5c,00,73,00,79,00,73,00,74,00,65,0
0,6d,00,2e,00,6d,\

00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4
4,00,4f,00,57,00,\

53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,0
0,5c,00,57,00,42,\
00,45,00,4d,00,5c,00,77,
"ProcessID"=dword:0000032c
"ThrottleDrege"=dword:00000001
"LodCtrDelay"=dword:0000003c
"TimeToFullDredge"=dword:ffffffff
"TimeToTerminateAdap"=dword:000927c0
"ArbTaskMaxSleep"=dword:000493e0
"ArbSystemHighThreshold1"=dword:0000005a
"ArbSystemHighThreshold1Mult"=dword:00000002
"ArbSystemHighThreshold2"=dword:0000005f
"ArbSystemHighThreshold2Mult"=dword:00000003
"ArbSystemHighThreshold3"=dword:00000062
"ArbSystemHighThreshold3Mult"=dword:00000004
"Low Threshold On Client Objects (B)"="10000000"
"High Threshold On Client Objects (B)"="20000000"
"Max Wait On Client Objects (ms)"="60000"
"Build"="Aug 28 2002 21:52:30"
"Max Class Cache Size"=dword:004c4b40
"Max Class Cache Item Age (ms)"=dword:00002710
"NextAutoRecoverFile"=dword:ffffffff
"Backup Interval Threshold"="30"
"Max Async Result Queue Size"="1"
"Max Tasks"=dword:00001388
"Autorecover MOFs timestamp"="127189604516872500"
"Low Threshold On Events (B)"="10000000"
"High Threshold On Events (B)"="20000000"
"Max Wait On Events (ms)"="2000"
"Merger Throttling Threshold"=dword:0000000a
"Merger Release Threshold"=dword:00000005
"Merger Batching Threshold"=dword:00020000
"List of event-active
namespaces"=hex:2f,00,2f,00,2e,00,2f,00,72,00,6f,00,6f,\
"ADAPPerflibTimeout"=dword:0000003c
"LastFullDredgeTimestamp"=hex:4e,b3,3c,c4,46,de,c3,01
"KnownSvcs"=hex
(7):4d,00,53,00,44,00,54,00,43,00,00,00,50,00,65,00,72,00,
66,00,\

44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,4e,0
0,65,00,74,00,00,\

00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,7
2,00,66,00,50,00,\

72,00,6f,00,63,00,00,00,50,00,53,00,63,00,68,00,65,00,64,0
0,00,00,52,00,65,\

00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,7
3,00,00,00,52,00,\

53,00,56,00,50,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,0
0,72,00,00,00,54,\

00,61,00,70,00,69,00,53,00,72,00,76,00,00,00,54,00,63,00,7
0,00,69,00,70,00,\

00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,0
0,63,00,65,00,00,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/C
IMV2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/C
IMV2\SCM Event Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/s
ubscription]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FWD]
"AllowUnauthenticatedEvents"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Perf
ormance]
"Performance Refresh"=dword:00000000
"Performance Refreshed"=dword:00000001
"Performance
Data"=hex:90,01,00,00,01,00,00,00,00,00,00,00,10,00,00,00,
80,01,\

00,00,01,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,40,0
0,00,00,1a,00,00,\

00,5c,00,5c,00,2e,00,5c,00,72,00,6f,00,6f,00,74,00,5c,00,7
7,00,6d,00,69,00,\

00,00,00,00,00,00,00,00,00,00,00,00,40,01,00,00,03,00,00,0
0,06,00,00,00,01,\

00,00,00,00,00,00,00,01,00,00,00,64,00,00,00,58,00,00,00,2
a,00,00,00,50,00,\

72,00,6f,00,63,00,65,00,73,00,73,00,6f,00,72,00,50,00,65,0
0,72,00,66,00,6f,\

00,72,00,6d,00,61,00,6e,00,63,00,65,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

30,00,00,00,1a,00,00,00,49,00,6e,00,73,00,74,00,61,00,6e,0
0,63,00,65,00,4e,\

00,61,00,6d,00,65,00,00,00,32,00,28,3f,32,00,02,02,00,01,0
0,01,01,00,40,00,\

00,00,00,00,00,00,02,00,00,00,13,00,00,00,00,00,00,00,64,0
0,00,00,00,00,00,\

00,40,00,00,00,14,00,00,00,66,00,72,00,65,00,71,00,75,00,6
5,00,6e,00,63,00,\

79,00,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,00,00,0
0,04,00,00,00,13,\

00,00,00,00,00,00,00,64,00,00,00,00,00,00,00,40,00,00,00,1
6,00,00,00,70,00,\

65,00,72,00,63,00,65,00,6e,00,74,00,61,00,67,00,65,00,00,0
0,00,00,00,00,00,\

00,38,00,00,00,00,00,00,00,06,00,00,00,13,00,00,00,00,00,0
0,00,64,00,00,00,\

00,00,00,00,38,00,00,00,0c,00,00,00,70,00,6f,00,77,00,65,0
0,72,00,00,00,00,\
00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting]
"Default Namespace"="root\\cimv2"
"Default Impersonation Level"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\1]
"TextSourceDLL"="C:\\WINDOWS\\System32
\\wbem\\xml\\wmi2xml.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\2]
"TextSourceDLL"="C:\\WINDOWS\\System32
\\wbem\\xml\\wmi2xml.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ress Resolution Modules]
"Stack Order"=hex
(7):7b,00,41,00,31,00,30,00,34,00,34,00,38,00,30,00,31,00,
2d,\

00,38,00,46,00,37,00,45,00,2d,00,31,00,31,00,44,00,31,00,2
d,00,39,00,45,00,\

37,00,43,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0
0,33,00,32,00,34,\
00,41,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ress Resolution Modules\{A1044801-8F7E-11D1-9E7C-
00C04FC324A8}]
"Name"="WBEM Local Address Resolution Module"
"Supported Address Types"=hex
(7):7b,00,41,00,31,00,30,00,34,00,34,00,38,00,30,\

00,33,00,2d,00,38,00,46,00,37,00,45,00,2d,00,31,00,31,00,4
4,00,31,00,2d,00
"Display Name"="{A1044802-8F7E-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ressTypes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ressTypes\{A1044803-8F7E-11D1-9E7C-00C04FC324A8}]
"Description"="Local Machine"
"Display Name"="{A1044804-8F7E-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Loc
alizations]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Loc
alizations\409]
"{A2F7D6C1-8DCD-11D1-9E7C-00C04FC324A8}"="WBEM DCOM
Transport V1"
"{A1044802-8F7E-11D1-9E7C-00C04FC324A8}"="WBEM Local
Address Resolution Module"
"{A1044804-8F7E-11D1-9E7C-00C04FC324A8}"="Local Machine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Net
work Transport Modules]
"Stack Order"=hex
(7):7b,00,46,00,37,00,43,00,45,00,32,00,45,00,31,00,33,00,
2d,\

00,38,00,43,00,39,00,30,00,2d,00,31,00,31,00,44,00,31,00,2
d,00,39,00,45,00,\

37,00,42,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0
0,33,00,32,00,34,\
00,41,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Net
work Transport Modules\{F7CE2E13-8C90-11D1-9E7B-
00C04FC324A8}]
"Name"="WBEM DCOM Transport V1"
"Independent"=dword:00000001
"Display Name"="{A2F7D6C1-8DCD-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Dec
oupled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Dec
oupled\Server]
"CreationTime"="20040119044522.984000+000"
"MarshaledProxy"=hex:4d,45,4f,57,01,00,00,00,00,00,00,00,0
0,00,00,00,c0,00,00,\

00,00,00,00,46,00,00,00,00,00,00,00,00,16,00,00,00,e5,ba,3
c,2d,20,00,00,00,\

e5,ba,3c,2d,04,00,00,00,2c,03,00,00,00,00,00,00,0c,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00
"ProcessIdentifier"=dword:0000032c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
"C:\\WINDOWS\\System32\\advapi32.dll
[MofResourceName]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ACPI.sys
[ACPIMOFResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\processr.sys
[PROCESSORWMI]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ipnat.sys
[IPNATMofResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
"C:\\WINDOWS\\System32\\advapi32.dll
[MofResourceName]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ACPI.sys
[ACPIMOFResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\processr.sys
[PROCESSORWMI]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ipnat.sys
[IPNATMofResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml\Decoders]
"1.0"="41388E26-F847-4A9D-96C0-9A847DBA4CFE}"
"2.0"="41388E26-F847-4A9D-96C0-9A847DBA4CFE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml\Encoders]
"1.0"="610037EC-CE06-11D3-93FC-00805F853771"
"2.0"="610037EC-CE06-11D3-93FC-00805F853771"
 
K

Kelly

Why do you think you have a virus, Mack? As per your registry settings, I
do realize from your mentions, that you know a bit about your system, but
unless you are familiar and have the knowledge to understand hex,
etc....then you wouldn't be posting here. :blush:)




HI i have a virus i think it's funlove but my antivirus
norton systemworks can't detect nothing i looked in the
regestery and it's a mess !!!!all the data has been
changed and some added i'll give you an exemple below ,in
control pannel system tab avancée in french where you
have performence user profile etc.. at then end of that
page you have variable d'environnement and rapport
d'erreur on varriable d'environementi have bogus info i
have a pentium4 processor 478 pin ppga fc-pga2 here the
info on xp:
variable système
comspec c:\windows\system32\cmd.exe
number of processors 1
os NT
path c:\windows\system32 ; c:\windows\system32\wbem
pathext com;exe;bat;cmd;vbs;vbe;js;jse;wsf;wsh
processor architecture x86
processor identifier x86 famaly 15 model 2 stepping
9 ,genuine intel
processorlevel 15
processor revision 00209

this is wrong it says my cpu socket is populated my
memory socket is RAS1 socet 2 RAS2 etc...
i lost administrator rights ,servers are created on my
machine ......

here's the wbem on the registery ty for your time and help

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM]
"Installation Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\

00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,6
5,00,6d,00,33,00,\
32,00,5c,00,57,00,42,00,45,00,4d,00,00,00
"MOF Self-Install Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,\

52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,0
0,65,00,6d,00,33,\

00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,4d,00,4f,00,4
6,00,00,00
"Build"="2600.0000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"ADAPDelay"=dword:000000f0
"Default Repository Driver"="{7998dc37-d3fe-487c-a60a-
7701fcc70cc6}"
"EnableEvents"="1"
"Logging"="1"
"Logging Directory"="C:\\WINDOWS\\system32\\WBEM\\Logs\\"
"Repository Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\

6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,0
0,6d,00,33,00,32,\

00,5c,00,57,00,42,00,45,00,4d,00,5c,00,52,00,65,00,70,00,6
f,00,73,00,69,00,\
74,00,6f,00,72,00,79,00,00,00
"TimeOutMs"="20000"
"WMISetup"="0"
"Working Directory"=hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\

00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6
d,00,33,00,32,00,\
5c,00,57,00,42,00,45,00,4d,00,00,00
"Log File Max Size"="65536"
"SetupDate"="lundi 19 janvier 2004 GMT"
"SetupTime"="04:31:32 GMT"
"Unchecked Task Count"=dword:00000032
"Autorecover MOFs"=hex
(7):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\

00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3
2,00,5c,00,57,00,\

42,00,45,00,4d,00,5c,00,63,00,69,00,6d,00,77,00,69,00,6e,0
0,33,00,32,00,2e,\

00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4
e,00,44,00,4f,00,\

57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,0
0,32,00,5c,00,57,\

00,42,00,45,00,4d,00,5c,00,63,00,69,00,6d,00,77,00,69,00,6
e,00,33,00,32,00,\

2e,00,6d,00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,0
0,4e,00,44,00,4f,\

00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,3
3,00,32,00,5c,00,\

57,00,42,00,45,00,4d,00,5c,00,73,00,79,00,73,00,74,00,65,0
0,6d,00,2e,00,6d,\

00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4
4,00,4f,00,57,00,\

53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,0
0,5c,00,57,00,42,\
00,45,00,4d,00,5c,00,77,
"ProcessID"=dword:0000032c
"ThrottleDrege"=dword:00000001
"LodCtrDelay"=dword:0000003c
"TimeToFullDredge"=dword:ffffffff
"TimeToTerminateAdap"=dword:000927c0
"ArbTaskMaxSleep"=dword:000493e0
"ArbSystemHighThreshold1"=dword:0000005a
"ArbSystemHighThreshold1Mult"=dword:00000002
"ArbSystemHighThreshold2"=dword:0000005f
"ArbSystemHighThreshold2Mult"=dword:00000003
"ArbSystemHighThreshold3"=dword:00000062
"ArbSystemHighThreshold3Mult"=dword:00000004
"Low Threshold On Client Objects (B)"="10000000"
"High Threshold On Client Objects (B)"="20000000"
"Max Wait On Client Objects (ms)"="60000"
"Build"="Aug 28 2002 21:52:30"
"Max Class Cache Size"=dword:004c4b40
"Max Class Cache Item Age (ms)"=dword:00002710
"NextAutoRecoverFile"=dword:ffffffff
"Backup Interval Threshold"="30"
"Max Async Result Queue Size"="1"
"Max Tasks"=dword:00001388
"Autorecover MOFs timestamp"="127189604516872500"
"Low Threshold On Events (B)"="10000000"
"High Threshold On Events (B)"="20000000"
"Max Wait On Events (ms)"="2000"
"Merger Throttling Threshold"=dword:0000000a
"Merger Release Threshold"=dword:00000005
"Merger Batching Threshold"=dword:00020000
"List of event-active
namespaces"=hex:2f,00,2f,00,2e,00,2f,00,72,00,6f,00,6f,\
"ADAPPerflibTimeout"=dword:0000003c
"LastFullDredgeTimestamp"=hex:4e,b3,3c,c4,46,de,c3,01
"KnownSvcs"=hex
(7):4d,00,53,00,44,00,54,00,43,00,00,00,50,00,65,00,72,00,
66,00,\

44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,4e,0
0,65,00,74,00,00,\

00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,7
2,00,66,00,50,00,\

72,00,6f,00,63,00,00,00,50,00,53,00,63,00,68,00,65,00,64,0
0,00,00,52,00,65,\

00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,7
3,00,00,00,52,00,\

53,00,56,00,50,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,0
0,72,00,00,00,54,\

00,61,00,70,00,69,00,53,00,72,00,76,00,00,00,54,00,63,00,7
0,00,69,00,70,00,\

00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,0
0,63,00,65,00,00,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/C
IMV2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/C
IMV2\SCM Event Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/s
ubscription]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FWD]
"AllowUnauthenticatedEvents"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Perf
ormance]
"Performance Refresh"=dword:00000000
"Performance Refreshed"=dword:00000001
"Performance
Data"=hex:90,01,00,00,01,00,00,00,00,00,00,00,10,00,00,00,
80,01,\

00,00,01,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,40,0
0,00,00,1a,00,00,\

00,5c,00,5c,00,2e,00,5c,00,72,00,6f,00,6f,00,74,00,5c,00,7
7,00,6d,00,69,00,\

00,00,00,00,00,00,00,00,00,00,00,00,40,01,00,00,03,00,00,0
0,06,00,00,00,01,\

00,00,00,00,00,00,00,01,00,00,00,64,00,00,00,58,00,00,00,2
a,00,00,00,50,00,\

72,00,6f,00,63,00,65,00,73,00,73,00,6f,00,72,00,50,00,65,0
0,72,00,66,00,6f,\

00,72,00,6d,00,61,00,6e,00,63,00,65,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

30,00,00,00,1a,00,00,00,49,00,6e,00,73,00,74,00,61,00,6e,0
0,63,00,65,00,4e,\

00,61,00,6d,00,65,00,00,00,32,00,28,3f,32,00,02,02,00,01,0
0,01,01,00,40,00,\

00,00,00,00,00,00,02,00,00,00,13,00,00,00,00,00,00,00,64,0
0,00,00,00,00,00,\

00,40,00,00,00,14,00,00,00,66,00,72,00,65,00,71,00,75,00,6
5,00,6e,00,63,00,\

79,00,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,00,00,0
0,04,00,00,00,13,\

00,00,00,00,00,00,00,64,00,00,00,00,00,00,00,40,00,00,00,1
6,00,00,00,70,00,\

65,00,72,00,63,00,65,00,6e,00,74,00,61,00,67,00,65,00,00,0
0,00,00,00,00,00,\

00,38,00,00,00,00,00,00,00,06,00,00,00,13,00,00,00,00,00,0
0,00,64,00,00,00,\

00,00,00,00,38,00,00,00,0c,00,00,00,70,00,6f,00,77,00,65,0
0,72,00,00,00,00,\
00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting]
"Default Namespace"="root\\cimv2"
"Default Impersonation Level"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\1]
"TextSourceDLL"="C:\\WINDOWS\\System32
\\wbem\\xml\\wmi2xml.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TextSource\2]
"TextSourceDLL"="C:\\WINDOWS\\System32
\\wbem\\xml\\wmi2xml.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ress Resolution Modules]
"Stack Order"=hex
(7):7b,00,41,00,31,00,30,00,34,00,34,00,38,00,30,00,31,00,
2d,\

00,38,00,46,00,37,00,45,00,2d,00,31,00,31,00,44,00,31,00,2
d,00,39,00,45,00,\

37,00,43,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0
0,33,00,32,00,34,\
00,41,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ress Resolution Modules\{A1044801-8F7E-11D1-9E7C-
00C04FC324A8}]
"Name"="WBEM Local Address Resolution Module"
"Supported Address Types"=hex
(7):7b,00,41,00,31,00,30,00,34,00,34,00,38,00,30,\

00,33,00,2d,00,38,00,46,00,37,00,45,00,2d,00,31,00,31,00,4
4,00,31,00,2d,00
"Display Name"="{A1044802-8F7E-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ressTypes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Add
ressTypes\{A1044803-8F7E-11D1-9E7C-00C04FC324A8}]
"Description"="Local Machine"
"Display Name"="{A1044804-8F7E-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Loc
alizations]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Loc
alizations\409]
"{A2F7D6C1-8DCD-11D1-9E7C-00C04FC324A8}"="WBEM DCOM
Transport V1"
"{A1044802-8F7E-11D1-9E7C-00C04FC324A8}"="WBEM Local
Address Resolution Module"
"{A1044804-8F7E-11D1-9E7C-00C04FC324A8}"="Local Machine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Net
work Transport Modules]
"Stack Order"=hex
(7):7b,00,46,00,37,00,43,00,45,00,32,00,45,00,31,00,33,00,
2d,\

00,38,00,43,00,39,00,30,00,2d,00,31,00,31,00,44,00,31,00,2
d,00,39,00,45,00,\

37,00,42,00,2d,00,30,00,30,00,43,00,30,00,34,00,46,00,43,0
0,33,00,32,00,34,\
00,41,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Net
work Transport Modules\{F7CE2E13-8C90-11D1-9E7B-
00C04FC324A8}]
"Name"="WBEM DCOM Transport V1"
"Independent"=dword:00000001
"Display Name"="{A2F7D6C1-8DCD-11D1-9E7C-00C04FC324A8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Dec
oupled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Dec
oupled\Server]
"CreationTime"="20040119044522.984000+000"
"MarshaledProxy"=hex:4d,45,4f,57,01,00,00,00,00,00,00,00,0
0,00,00,00,c0,00,00,\

00,00,00,00,46,00,00,00,00,00,00,00,00,16,00,00,00,e5,ba,3
c,2d,20,00,00,00,\

e5,ba,3c,2d,04,00,00,00,2c,03,00,00,00,00,00,00,0c,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0
0,00,00,00
"ProcessIdentifier"=dword:0000032c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
"C:\\WINDOWS\\System32\\advapi32.dll
[MofResourceName]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ACPI.sys
[ACPIMOFResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\processr.sys
[PROCESSORWMI]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ipnat.sys
[IPNATMofResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
"C:\\WINDOWS\\System32\\advapi32.dll
[MofResourceName]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ACPI.sys
[ACPIMOFResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\processr.sys
[PROCESSORWMI]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"
"C:\\WINDOWS\\System32\\DRIVERS\\ipnat.sys
[IPNATMofResource]"="LowDateTime:-
1721092096,HighDateTime:29513175***Binary mof compiled
successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml\Decoders]
"1.0"="41388E26-F847-4A9D-96C0-9A847DBA4CFE}"
"2.0"="41388E26-F847-4A9D-96C0-9A847DBA4CFE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\xml\Encoders]
"1.0"="610037EC-CE06-11D3-93FC-00805F853771"
"2.0"="610037EC-CE06-11D3-93FC-00805F853771"
 
M

Mack

-----Original Message-----
Why do you think you have a virus, Mack? As per your registry settings, I
do realize from your mentions, that you know a bit about your system, but
unless you are familiar and have the knowledge to understand hex,
etc....then you wouldn't be posting here. :blush:)
Click to expand...
i sent a message i ,ade an error to develop this one i
sent a scan from the stinger and i do know my puter how
it works i have a cache proble in memory of the mother
board and my cpu is populated i dunno where to post all i
know for xp is i can't format completely i lost my
administation rights i have 8 ethernet card plugged on
mine 8 monitors HID devices does mimic on antivirus
programs m0odifys them even the ones on the
net .............
 
M

Malke

Mack said:
i sent a message i ,ade an error to develop this one i
sent a scan from the stinger and i do know my puter how
it works i have a cache proble in memory of the mother
board and my cpu is populated i dunno where to post all i
know for xp is i can't format completely i lost my
administation rights i have 8 ethernet card plugged on
mine 8 monitors HID devices does mimic on antivirus
programs m0odifys them even the ones on the
net .............
Click to expand...

Hi, Mack. First, it is very hard to understand you from your posts. If
English is not your first language, then perhaps you'd rather post in a
MS newsgroup for your language. Here is a site listing all the MS
newsgroups:

http://aumha.org/nntp.htm

Second, if I understand you correctly, you have a very complex setup. It
will be extremely difficult - if not impossible - to troubleshoot a
setup like that in Usenet postings. The best solution for you would be
to call in a local computer repair person to check things out. There's
no shame in doing this, even if you are very computer-savvy. Another
person's viewpoint is very helpful when dealing with difficult
problems.

Cheers and good luck,

Malke
 
K

Kelly

Most welcome and greatly deserved. Your support here, has "never" gone
unnoticed. Keep up the good work! :blush:)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Win XP Pro back to XP home..newbie 3
REG_SZ vs REG_EXPAND_SZ data types for %SystemRoot% in registry 8
Newbie needs help installing Window XP Home Edition 3
Windows Mail vs. Vista 5
Forcing jpg as wallpaper on all users... 11
local group policy : snap-in failed 1
Right-click New menu Windows Explorer lost txt file type 0
Different configurations for w32time in XP Pro? I need help 5

Top