Hi John
Please download MBRCheck by ad_13 and save it to your desktop.
Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.
It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
MBR log
peku, here it is, thanks! Please advise.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7C0C000 \WINDOWS\system32\KDCOM.DLL
0xF7B1C000 \WINDOWS\system32\BOOTVID.dll
0xF770C000 ipukke.sys
0xF76BD000 ACPI.sys
0xF7C0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF76AC000 pci.sys
0xF771C000 isapnp.sys
0xF772C000 ohci1394.sys
0xF773C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B20000 compbatt.sys
0xF7B24000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CD4000 pciide.sys
0xF798C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF768E000 pcmcia.sys
0xF774C000 MountMgr.sys
0xF766F000 ftdisk.sys
0xF7C10000 dmload.sys
0xF7649000 dmio.sys
0xF7B28000 ACPIEC.sys
0xF7CD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7994000 PartMgr.sys
0xF775C000 VolSnap.sys
0xF7631000 atapi.sys
0xF776C000 disk.sys
0xF777C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7611000 fltmgr.sys
0xF75FF000 sr.sys
0xF75E9000 DRVMCDB.SYS
0xF778C000 PxHelp20.sys
0xF75D2000 KSecDD.sys
0xF7545000 Ntfs.sys
0xF7518000 NDIS.sys
0xF74FE000 Mup.sys
0xF779C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7343000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF732F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7307000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF72C9000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF6C7B000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF7A1C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C57000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A24000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C2F000 \SystemRoot\system32\drivers\tifm21.sys
0xF6C1B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7BF0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A2C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C02000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7C30000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF790C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF791C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6BDF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7CE3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7C38000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7AAC000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF74D6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF780C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF781C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BB7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF782C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7ACC000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6B87000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF783C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C3A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B01000 \SystemRoot\system32\DRIVERS\update.sys
0xF74BA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF784C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA3B3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA38F000 \SystemRoot\system32\drivers\portcls.sys
0xF786C000 \SystemRoot\system32\drivers\drmk.sys
0xF787C000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF7AEC000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF788C000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA27C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7C44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF797C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7C6A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E34000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C6C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79C4000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF79CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79D4000 \SystemRoot\System32\drivers\vga.sys
0xF7C6E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C70000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAA223000 \SystemRoot\System32\Drivers\meiudf.sys
0xAA212000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF79DC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79E4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C04000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA1FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF77AC000 \SystemRoot\system32\drivers\mfetdik.sys
0xAA158000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA130000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA06E000 \SystemRoot\System32\drivers\afd.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6B73000 \SystemRoot\System32\Drivers\TPwSav.sys
0xAA043000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9FD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77EC000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79EC000 \SystemRoot\System32\Drivers\tcusb.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7BC8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D66000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA0A0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7DC4000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA9E55000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA9ED3000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7CA4000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7CA6000 \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
0xF7A54000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA9E3D000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9E27000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF7A6C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9E7F000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA9F83000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9EDF000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xA9BA2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7C14000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA9A32000 \SystemRoot\system32\DRIVERS\srv.sys
0xA960D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA99BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A0C000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA922A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA93CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8AFE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 62):
0 System Idle Process
4 System
872 C:\WINDOWS\system32\smss.exe
936 csrss.exe
960 C:\WINDOWS\system32\winlogon.exe
1004 C:\WINDOWS\system32\services.exe
1016 C:\WINDOWS\system32\lsass.exe
1208 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1316 C:\WINDOWS\system32\svchost.exe
1372 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1408 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1444 svchost.exe
1628 svchost.exe
1880 C:\WINDOWS\system32\spoolsv.exe
300 svchost.exe
344 C:\WINDOWS\system32\drivers\CDANTSRV.EXE
132 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
472 C:\WINDOWS\system32\DVDRAMSV.exe
524 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
572 C:\WINDOWS\system32\inetsrv\inetinfo.exe
640 C:\Program Files\Java\jre6\bin\jqs.exe
664 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
692 C:\WINDOWS\system32\svchost.exe
732 C:\WINDOWS\system32\svchost.exe
772 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1064 C:\WINDOWS\system32\svchost.exe
1240 C:\Toshiba\IVP\swupdate\swupdtmr.exe
1588 alg.exe
564 C:\WINDOWS\explorer.exe
1984 C:\WINDOWS\system32\igfxtray.exe
2008 C:\WINDOWS\system32\hkcmd.exe
2016 C:\WINDOWS\system32\igfxpers.exe
2116 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2124 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2140 C:\Program Files\Apoint2K\Apoint.exe
2148 C:\WINDOWS\agrsmmsg.exe
2176 C:\Program Files\Toshiba\Tvs\TvsTray.exe
2200 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
2208 C:\WINDOWS\system32\TPSMain.exe
2224 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
2244 C:\WINDOWS\system32\ZoomingHook.exe
2420 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
2436 C:\Program Files\Toshiba\TouchPad\TPTray.exe
2444 C:\WINDOWS\system32\TCtrlIOHook.exe
2580 C:\WINDOWS\system32\TDispVol.exe
2692 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2832 C:\WINDOWS\system32\TPSBattM.exe
2836 C:\Program Files\SHARP\Sharpdesk\IndexTray.exe
2852 C:\Program Files\Apoint2K\ApntEx.exe
2864 C:\Program Files\SHARP\Sharpdesk\Indexer.exe
3000 C:\Program Files\SHARP\Sharpdesk\SharpTray.exe
3252 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3744 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3752 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3760 C:\WINDOWS\system32\ctfmon.exe
3900 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
3912 C:\WINDOWS\system32\RAMASST.exe
2308 C:\Program Files\Internet Explorer\iexplore.exe
2356 C:\Program Files\Internet Explorer\iexplore.exe
3032 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
884 C:\Documents and Settings\john\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HTS541040G9SA00, Rev: MB2OC60R
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528
Done!
Hi John
- Download The Avenger by Swandog46 from here.
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
Code:Files to delete: C:\WINDOWS\system32\mxpcivny.dll Drivers to delete: jxrdfklf mwyujbz riphdxo- In the avenger window, click the Paste Script from Clipboard,
button.
- Click the Execute button.
- You will be asked Are you sure you want to execute the current script?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log your next reply.
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
avenger log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\mxpcivny.dll" not found!
Deletion of file "C:\WINDOWS\system32\mxpcivny.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "jxrdfklf" deleted successfully.
Driver "mwyujbz" deleted successfully.
Driver "riphdxo" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Hi John
:Uninstall ComboFix:
- turn off all active protection software
- push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
- please copy and past the following into the box ComboFix /Uninstall and click OK.
- Note the space between the X and the /Uninstall, it needs to be there.
next...
download a fresh copy of Combofix and save it to your desktop and try to run it.
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
combofix
peku,
sorry for taking so long to reply, I was out of the office. I got a little farther with combofix. Got the blue screen, got the 3 lines of text where it tells you it could take 10 minutes or longer to scan depending on how infected your computer is. Cursor goes back to the left and starts blinking but it gets stuck there. I waited a very long time and my only course is to power down the computer again. Can't open task manager or any program. Can't shut down combofix either. I did the removal first like you told me too. I tried it in safe mode with the same result.
combofix took care of my problem last time you guys helped me. Would be nice if we can figure out a way to get it to run.
let me know your thoughts, thanks again!!!!!!!!!!!!!
John
Hi John
OK..but I'm not quite sure why combofix is not working, I need more "information"
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found at on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services :regfind jxrdfklf mwyujbz riphdxo- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
I'd like you to check a file for Viruses.
- Go to VirusTotal or Jotti's
C:\WINDOWS\system32\drivers\ctnius.sys
- Copy/Paste file into the white Upload a file box.
- Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
- After a while, a window will open, with details of what the scans found.
- Copy and Paste results in your next reply.
Please reply with
SystemLook.txt along with the jotti's results
Thanks peku006
I don't help with logs thru PM. If you have problems create a thread in the forum, please.
systemlook log
I am working on the virus check. Here is systemlook log:
SystemLook 04.09.10 by jpshortstuff
Log created at 11:45 on 18/11/2010 by John
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
(No values found)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AgereSoftModem]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aha154x]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78u2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AliIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApfiltrService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Arp1394]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3350p]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASCTRM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atdisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atmarpc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\audstub]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-Dilla]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-DillaSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdfs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CFSvcs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Changer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac960nt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dalgz]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLABOIOM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLACDBHM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLADResN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAIFS_M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAOPIOM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAPoolM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLARTL_N]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDFAM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDF_M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmboot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmload]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMusic]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dpti2o]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVMCDB]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVNDDM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DVD-RAM_Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e1express]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EngineServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EPSON_PM_RPCV4_01]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fastfat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fdc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FdRedir]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileDisk2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fips]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FLEXnet Licensing Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ftdisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gpc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Imapi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ini910u]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inport]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ip6Fw]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lbd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\meiudf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mraid35x]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\myAgtSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdevio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETw5x32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIC1394]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\njznx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFSDRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFwd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Outlook]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P3]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ParVdm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIDump]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRELI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2hib]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ptilink]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1080]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql12160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1240]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1280]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Raspti]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpdr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redbook]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimUsb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimVSerPort]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTMODEM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RoxLiveShare9]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Simbad]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smihlp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SolidWorks Licensing Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SONYPVU1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sparrow]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splitter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Srv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StillCam]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swmidi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Swupdtmr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc810]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc8xx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_hi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_u3]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysaudio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBiosDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcUsb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tifm21]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPwSav]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tvs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Udfs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ultra]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhareut]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaIde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VolSnap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vxd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDICA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wdmaud]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykxkeb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{67F17C15-BFAA-4FFE-A787-A71449028CC8}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}]
========== regfind ==========
Searching for "jxrdfklf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem
FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger
Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS
Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov
BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz
ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"
Searching for "mwyujbz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem
FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger
Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS
Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov
BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz
ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"
Searching for "riphdxo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem
FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger
Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS
Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov
BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz
ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"
-= EOF =-
virus scan
either conficker won't let me navigate to either site or both sites are down. Get the screen that IE cannot display the webpage for both sites.
virusscan and jotti
tried both with Firefox and it says it can't locate the servers.
Posting Permissions
