Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heur Exploit Script virus looping to blue screen on start up

Started by Jan1959 , Dec 30 2010 03:49 PM

  • This topic is locked This topic is locked

#76
JSntgRvr
Posted 06 January 2011 - 11:17 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Extract and run the enclosed file in that computer in Normal Mode, and post its report. It will test for connectivity and let me know which services are running.

[attachment=47011:Test.zip]
  • 0

Advertisements

#77
Jan1959
Posted 06 January 2011 - 12:35 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
As I said in the last post - the PC will not recognise my flash drive when in normal Windows mode.

I downloaded the Test file onto a disk and ran it. I then had to put the OTLPE disk back in to the PC in order to be able to copy the file.


Wireless Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []



No names in cache


Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []



No names in cache



Windows IP Configuration



Host Name . . . . . . . . . . . . : YOUR-FD1326E9DC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-18-DE-10-A2-43



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 00-E0-B8-AE-42-10

Ping request could not find host Yahoo.com. Please check the name and try again.

Ping request could not find host Google.com. Please check the name and try again.

These Windows services are started:

Automatic Updates
Background Intelligent Transfer Service
CryptSvc
DCOM Server Process Launcher
Error Reporting Service
Event Log
Help and Support
Print Spooler
Remote Procedure Call (RPC)
Secondary Logon
Security Center
System Restore Service
Windows Defender
Windows Management Instrumentation

The command completed successfully.
  • 0

#78
JSntgRvr
Posted 06 January 2011 - 12:48 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Was this done in Normal Mode? Many services are not running.

Let me get a report on my XP Box. Standby.
  • 0

#79
Jan1959
Posted 06 January 2011 - 12:49 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Yes it was done in normal mode.
  • 0

#80
JSntgRvr
Posted 06 January 2011 - 01:12 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Comparing with my box, these services are not running.

Application Layer Gateway Service
COM+ Event System
Computer Browser
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
HTTP SSL
Human Interface Device Access
IPSEC Services
IPv6 Helper Service
Java Quick Starter
Network Connections
Network Location Awareness (NLA)
Plug and Play
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC) Locator
Security Accounts Manager
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Universal Plug and Play Device Host
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Time
Workstation

Lets check for their presence.

Boot the computer to the OTLPE CD as you did before.

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change all settings to none. That will speed-up the scan.
    • Under the Custom Scan box paste this in


      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#81
Jan1959
Posted 06 January 2011 - 01:24 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Here is the file


OTL logfile created on: 1/6/2011 7:18:47 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.06 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 7.31 Gb Total Space | 7.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 14:58:16 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/01/03 15:27:39 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/01/03 01:50:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/03 01:50:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/03 01:50:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/03 01:50:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/03 01:49:50 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/03 01:49:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 17:20:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/12/29 17:19:03 | 000,553,984 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/12/29 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 11:13:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/05/08 04:42:33 | 001,200,128 | ---- | C] ( ) -- C:\windows\System32\lxdfserv.dll
[2010/05/08 04:42:33 | 000,950,272 | ---- | C] ( ) -- C:\windows\System32\lxdfusb1.dll
[2010/05/08 04:42:33 | 000,663,552 | ---- | C] ( ) -- C:\windows\System32\lxdfhbn3.dll
[2010/05/08 04:42:33 | 000,647,168 | ---- | C] ( ) -- C:\windows\System32\lxdfpmui.dll
[2010/05/08 04:42:33 | 000,565,248 | ---- | C] ( ) -- C:\windows\System32\lxdflmpm.dll
[2010/05/08 04:42:33 | 000,434,176 | ---- | C] ( ) -- C:\windows\System32\lxdfhcp.dll
[2010/05/08 04:42:33 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\lxdfinpa.dll
[2010/05/08 04:42:33 | 000,339,968 | ---- | C] ( ) -- C:\windows\System32\lxdfiesc.dll
[2010/05/08 04:42:33 | 000,053,248 | ---- | C] ( ) -- C:\windows\System32\lxdfprox.dll
[2010/05/08 04:42:32 | 000,860,160 | ---- | C] ( ) -- C:\windows\System32\lxdfcomc.dll
[2010/05/08 04:42:32 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxdfcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/06 13:16:32 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/06 13:03:16 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/01/06 13:00:08 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 14:10:03 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/01/03 15:33:44 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/01/03 01:54:19 | 000,442,334 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 01:54:19 | 000,071,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/31 00:54:35 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/01/03 01:50:02 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/03 01:50:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/03 01:50:02 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/03 01:50:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/03 01:50:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/10/13 12:21:10 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/07/23 13:24:13 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/05/08 04:46:40 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxdfvs.dll
[2010/05/08 04:46:38 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfcoin.dll
[2010/05/08 04:46:11 | 000,692,224 | ---- | C] () -- C:\windows\System32\lxdfdrs.dll
[2010/05/08 04:46:11 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfcnv4.dll
[2010/05/08 04:46:11 | 000,065,536 | ---- | C] () -- C:\windows\System32\lxdfcaps.dll
[2010/05/08 04:45:55 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfoem.dll
[2010/05/08 04:45:55 | 000,045,056 | ---- | C] () -- C:\windows\System32\LXDFPMON.DLL
[2010/05/08 04:45:55 | 000,032,768 | ---- | C] () -- C:\windows\System32\LXDFFXPU.DLL
[2010/05/08 04:42:33 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfinst.dll
[2010/05/08 04:42:32 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxdfgrd.dll
[2008/11/11 13:42:43 | 000,027,136 | ---- | C] () -- C:\windows\System32\QTUninst.dll
[2008/11/11 13:38:10 | 000,009,136 | ---- | C] () -- C:\windows\System32\INETWH16.DLL
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56spn.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56itl.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56eng.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56brz.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56ger.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56fra.dll
[2008/06/23 05:09:39 | 000,053,248 | R--- | C] () -- C:\windows\sm56jpn.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56cht.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56chs.dll
[2008/06/23 04:32:03 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4764.dll
[2008/06/19 10:49:09 | 000,249,856 | ---- | C] () -- C:\windows\System32\igfxTMM.dll
[2008/06/19 10:49:09 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2006/01/17 13:28:20 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/01/14 15:00:09 | 000,000,441 | ---- | C] () -- C:\windows\System32\emver.ini
[2006/01/14 08:10:36 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\windows\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/23 10:06:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ilubol
[2010/10/07 09:57:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Maus
[2010/10/09 04:24:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Uhzena
[2010/10/13 12:24:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ulmy
[2011/01/06 13:03:16 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
[2010/10/24 00:21:21 | 000,000,426 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{2E16A703-F1B3-4340-B56D-A79C454F9DE3}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services >

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\abp480n5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\agp440]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\agpCPQ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Aha154x]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aic78u2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Alerter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AliIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\alim1541]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\amdagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\amsint]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Arp1394]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\asc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\asc3350p]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\asc3550]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aspnet_state]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Atdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Atmarpc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\audstub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Avg]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\catchme]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cbidf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Changer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CiSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ClipSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CmdIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dac960nt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Disk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmboot]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmload]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\DMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dpti2o]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehRecvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ERSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FastUserSwitchingCompatibility]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Fips]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ftdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Gpc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gupdate]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gusvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\helpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidServ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hpn]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HTTPFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IAANTMON]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ialm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\iaStor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\igfx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Imapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ImapiService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ini910u]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Inport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IntelIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ip6Fw]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IpNat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IPSec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\JavaQuickStarterService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kmixer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LicenseService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lxdfCATSCustConnectService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lxdf_device]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MBAMSwissArmy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\McrdSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MHN]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MHNDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmdd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MRxSmb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NIC1394]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Nla]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NtmsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PartMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ParVdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PCI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PCIDump]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PCIIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PDRELI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\perc2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\perc2hib]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PrismXL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ptilink]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PxHelp20]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ql1080]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ql12160]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ql1240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ql1280]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Raspti]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDSessMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\redbook]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RSVP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SASDIFSV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SASKUTIL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ScsiPort]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\serenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Simbad]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sisagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\smserial]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Sparrow]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\splitter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\srservice]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Srv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\STHDA]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\swmidi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SwPrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\swwd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\symc810]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SynTP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sysaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SysmonLog]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\tifm21]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TosIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ultra]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UMWdf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UPS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbscan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbstor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\viaagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ViaIde]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VolSnap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\w39n51]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WDICA]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wdmaud]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinTrust]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmdmPmSN]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Wmi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yukonwxp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{8E277FF1-9384-4701-A59D-9AC5DBA21EAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{9B228BC9-29E4-497E-93D4-8EF7B9F8CD68}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\{EF466B64-3DC6-48AB-A954-EBBD1206849C}]
< End of report >
  • 0

#82
JSntgRvr
Posted 06 January 2011 - 04:23 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Sorry for the delay. It takes time to identify those services that are not running.

Boot the computer to the OTLPE CD as you did before.

  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change all settings to none. That will speed-up the scan.
    • Under the Custom Scan box paste this in


      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET CLR Data /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET CLR Networking /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET Data Provider for Oracle /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NET Data Provider for SqlServer /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\.NETFramework /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Alerter /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ALG /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AppMgmt /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET_1.1.4322 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ASP.NET_2.0.50727 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aspnet_state /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AudioSrv /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BattC /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Browser /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CiSvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ClipSrv /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\clr_optimization_v2.0.50727_32 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\COMSysApp /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ContentFilter /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ContentIndex /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dhcp /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmadmin /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmserver /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dnscache /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dot3svc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EapHost /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehRecvr /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehSched /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FastUserSwitchingCompatibility /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FontCache3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gupdate /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gusvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidServ /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hkmsvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HTTPFilter /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\idsvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ImapiService /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\inetaccs /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Inport /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ISAPISearch /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\JavaQuickStarterService /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ldap /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LicenseService /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LmHosts /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\McrdSvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSDTC /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSDTC Bridge 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIServer /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetDDE /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetDDEdsdm /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netlogon /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netman /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NetTcpPortSharing /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Nla /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NtLmSsp /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NtmsSvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfDisk /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfNet /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfOS /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PerfProc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PlugPlay /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PolicyAgent /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectedStorage /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAuto /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasMan /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPDD /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDPNP /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RDSessMgr /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteRegistry /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RpcLocator /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RpcSs /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RSVP /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SamSs /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SCardSvr /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Schedule /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ScsiPort /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SENS /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelEndpoint 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelOperation 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ServiceModelService 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ShellHWDetection /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SMSvcHost 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SSDPSRV /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\stisvc /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SwPrv /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\swwd /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SysmonLog /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TapiSrv /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermService /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Themes /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TlntSvr /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TrkWks /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TSDDD /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UMWdf /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\upnphost /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UPS /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VSS /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\W32Time /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\W3SVC /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WebClient /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Windows Workflow Foundation 3.0.0.0 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinSock2 /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WinTrust /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmdmPmSN /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApRpl /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApSrv /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WS2IFSL /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WZCSVC /s
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\xmlprov /s

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

If the log is too large, upload it as follows:

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "For JSntgRvr"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • OTL.log
  • Click Open.
  • Click Post.

If you need to upload the file, let me know to check. I will need some time to review all this data. Sooner or later we gonna get this going.
  • 1

#83
Jan1959
Posted 06 January 2011 - 04:37 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The scan is freezing on HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent\localconfig\\\\\\\\\\\\\\\

It then goes back to the Realtogo desktop screen.
I have tried scanning it twice and it has happened both times.
Sorry

Edited by Jan1959, 06 January 2011 - 04:47 PM.

  • 0

#84
JSntgRvr
Posted 06 January 2011 - 04:54 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
I am going to run it in My computer. Standby.
  • 0

#85
JSntgRvr
Posted 06 January 2011 - 04:58 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Scanned properly in my PC. Restart the computer to the OTLPE CD. Make sure the Remote Registry is loaded
  • 0

Advertisements

#86
Jan1959
Posted 06 January 2011 - 05:03 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Trying it again now
  • 0

#87
Jan1959
Posted 06 January 2011 - 05:17 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I have rebooted the Pc and the same thing has happened again. I have never had a prompt up for using the remote registry while using this disk. I do have a prompt saying do you wish to load remote user profiles which then defaults to administrator. I presumed that this was the same thing?
  • 0

#88
JSntgRvr
Posted 06 January 2011 - 05:32 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Boot the computer in Normal Mode.

Go to Start -> Run, type Services.msc and click OK. Scroll down to Plug and Play. Double click on it. Make sure the Starup type is set to automatic and click on the Start button. Let me know if you receive an error message.

While in the Services Console, scroll down to the Remote Procedure Call and do the same. There should be two entries for the RPC. One is the locator. Make sure both are set to automatic and are running.

Go to Start -> Run, type CMD and click OK. At the prompt type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer.

Let me know of any error messages when performing these actions.
  • 0

#89
Jan1959
Posted 06 January 2011 - 05:41 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
When I double click the plug and play I get an error message saying that Configuration manager: The Plug and Play Service or another required service is not available. This box has now defaulted to a Plug and Play Properties. When I change it to Automatic and click apply it will not accept the change.
I will now look at the Remote Procedure Call
It is not available due to the Plug and Play Service being disabled. Again I have tried to apply with no success.
When I click back on these boxes the Automatic is still in the boxes so I will try the CMD commands.

No other error messages other than the usual no boot.ini using windows on start up.

Edited by Jan1959, 06 January 2011 - 06:08 PM.

  • 0

#90
Jan1959
Posted 06 January 2011 - 06:13 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Please see that I have edited my reply
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP