Structure of the Service script
In the first line of the script’s header, you can find information about the Engine version (ev), GUI version (gv) and the Log version (lv). You can use this data to track possible changes in the .xml file that generates the script and prevent any inconsistencies during execution. This part of the script should not be altered.
The remainder of the file is divided into sections in which items can be edited (denote those that will be processed by the script). You mark items for processing by replacing the “-” character in front of an item with a “+” character. Sections in the script are separated from each other by an empty line. Each section has a number and title.
01) Running processes
This section contains a list of all processes running in the system. Each process is identified by its UNC path and, subsequently, its CRC16 hash code in asterisks (*).
01) Running processes:
In this example a process, module32.exe, was selected (marked by a “+” character); the process will end upon execution of the script.
02) Loaded modules
This section lists currently used system modules.
02) Loaded modules:
In this example the module khbekhb.dll was marked by a “+”. When the script runs, it will recognize the processes using that specific module and end them.
03) TCP connections
This section contains information about existing TCP connections.
03) TCP connections:
When the script runs, it will locate the owner of the socket in the marked TCP connections and stop the socket, freeing system resources.
04) UDP endpoints
This section contains information about existing UDP endpoints.
04) UDP endpoints:
When the script runs, it will isolate the owner of the socket at the marked UDP endpoints and stop the socket.
05) DNS server entries
This section contains information about the current DNS server configuration.
05) DNS server entries:
Marked DNS server entries will be removed when you run the script.
06) Important registry entries
This section contains information about important registry entries.
06) Important registry entries:
The marked entries will be deleted, reduced to 0-byte values or reset to their default values upon script execution. The action to be applied to a particular entry depends on the entry category and key value in the specific registry.
This section lists services registered within the system.
The services marked and their dependent services will be stopped and uninstalled when the script is executed.
This section lists installed drivers.
When you execute the script, the drivers selected will be stopped. Note that some drivers won't allow themselves to be stopped.
09) Critical files
This section contains information about files that are critical to proper function of the operating system.
09) Critical files:
The selected items will either be deleted or reset to their original values.
10) Scheduled tasks
This section contains information about scheduled tasks.
10) Scheduled tasks
- c:\users\admin\appdata\local\google\update\googleupdate.exe /c
- c:\users\admin\appdata\local\google\update\googleupdate.exe /ua /installsource