Stranger than fiction ?

Given too much information we've managed to let you get ahead of yourself. In the beginning I gave you the getservice.bat page in an attempt to help you determine XCYTQOUKAO's legitimacy. From there Franklin gave you the route from a cmd shell. That she's gone, stop digging. Those Legacy keys should be fine unless you encounter one of two scenarios; your scanners throw a flag or your firewall picks up an unusual outbound.

Forget about PP for the time being too - trouble without an appropriate purpose.

As for tasklist, re-dwnld. When asked where to save it select your system32 folder and retry.

Should she again fail, make sure your path includes the system folders.

 

@Micro

No

As you've noticed there legit keys for Legacy_AVG etc.

As far as i know, registry entries such as those, are created by the operating system. The effects of removing them cannot be guaranteed. Having said that, i often check to see what LEGACY keys are left behind after uninstalling etc things. Just like you, i also use RegSeeker, have done for years. GREEN are safe to remove, others with caution, i don't. And don't forget to enable the backup button, just in case !

What i found out was, those unwanted LEGACY entries which appeared at first to be deleted with RS, are not. If i do another run they are still there. That's how i ended up searching for a way to totally delete them. The answer was PsExec etc etc, as i posted earlier, it allows RegEdit to be opened and used with higher Permissions than normal.

Not sure what the L and X are ?

As GF says

Even so, because of my previous experiences, i thought you might benefit from them, if not now, maybe in the future.

 

Thanks GF - I am still shaking my head re. my missing your original highlighted
links and even asking you for a link while looking at it.
Trying to accomplish six things at once is not a good idea - This whole mess
was in the way of my own daily work which I was\am trying to do at the same time.

"When asked where to save it select your system32 folder and retry."

Uptodate, I double clicked tasklist.exe while in Sys32, it opens install dialog box,
I click Run, and get the 'Black' half command prompt box, but it only flashes on screen for one second and then is gone.
Can you think of any move I might still be missing on XP ?

"Should she again fail, make sure your path includes the system folders."
The latter link is too heavy weather, will take me a year to understand.

 

Thanks CR, - Understood all, may need the items and links in the future.

The L was only my abbreviation for 'Legacy' whereas the 'X' was part of the original 'Sevices' Malware duo.
Yes, as GF mentioned I have done almost everything I can and the machine is not showing anything untoward at present.

 

No, no dbl-clk, simply open a shell from your (run: cmd) and: tasklist /svc
"On the path" means no more than saying an executable is "findable."