Deckard's System Scanner v20071014.68
Run by Mike n Jen on 2008-04-26 11:24:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2008-04-26 18:25:01 UTC - RP46 - Deckard's System Scanner Restore Point
24: 2008-04-12 11:44:09 UTC - RP45 - Last known good configuration
23: 2008-04-12 11:44:06 UTC - RP44 - System Checkpoint
22: 2008-04-12 11:44:06 UTC - RP43 - System Checkpoint
21: 2008-04-12 11:44:06 UTC - RP42 - Installed Creative Software AutoUpdate
-- First Restore Point --
1: 2008-04-12 11:44:05 UTC - RP22 - Unsigned driver install
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mike n Jen.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:20 AM, on 4/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\lqtejqta\jebktqly.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Mike n Jen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike n Jen.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Content Manager Subsystem] cmss.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MS DLL Library Manager] C:\WINDOWS\System32\dllsys64.exe
O4 - HKLM\..\Run: [wlsass] C:\WINDOWS\System32\wlsass.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [MS Task Manager 32] C:\WINDOWS\System32\mstskmgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\RunServices: [Content Manager Subsystem] cmss.exe
O4 - HKCU\..\Run: [Content Manager Subsystem] cmss.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\MIKENJ~1\LOCALS~1\Temp\ie.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\RunServices: [Content Manager Subsystem] cmss.exe
O4 - HKLM\..\Policies\Explorer\Run: [qgpdQwojTQ] C:\Documents and Settings\All Users\Application Data\lqtejqta\jebktqly.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Content Manager Subsystem] cmss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Content Manager Subsystem] cmss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Content Manager Subsystem] cmss.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Content Manager Subsystem] cmss.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1133915814190O20 - Winlogon Notify: fccyyVND - fccyyVND.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
O23 - Service: ClipBook ClipSrvRpcSs (ClipSrvRpcSs) - Unknown owner - C:\WINDOWS\System32\advapi32k.exe (file missing)
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Mike n Jen\ie_updates3r.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: microsoft update (msnupdate) - Unknown owner - C:\WINDOWS\windupdate.exe (file missing)
O23 - Service: MSSysInterv (MSSysInterv1) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
O23 - Service: Upload Manager uploadmgr Smart (uploadmgr Smart) - Unknown owner - C:\WINDOWS\system32\htjt522.exe (file missing)
--
End of file - 5611 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080426-100818-156 O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\WINDOWS\System32\fccyyVND.dll (file missing)
backup-20080426-100818-189 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080426-100818-323 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080426-100818-366 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080426-100818-377 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080426-100818-456 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080426-100818-472 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080426-100818-531 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080426-100818-540 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20080426-100818-552 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080426-100818-595 O23 - Service: BusinessC (BusinessContinuity) - Unknown owner - C:\WINDOWS\msstl.exe (file missing)
backup-20080426-100818-613 O2 - BHO: (no name) - {AF2B603C-3365-41E8-B797-2AB32112B7F4} - C:\WINDOWS\System32\nnnlkjJd.dll (file missing)
backup-20080426-100818-654 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080426-100818-758 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wmsdkns.exe,
backup-20080426-100818-786 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080426-100818-866 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080426-100818-888 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080426-100818-902 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080426-100818-949 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
S3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
S3 ctdvda2k (Creative DVD-Audio Device Driver) - c:\windows\system32\drivers\ctdvda2k.sys (file missing)
S3 ctgame (Game Port) - c:\windows\system32\drivers\ctgame.sys (file missing)
S3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
S3 ha10kx2k (Creative Hardware Abstract Layer Driver) - c:\windows\system32\drivers\ha10kx2k.sys (file missing)
S3 hap16v2k (Creative P16V HAL Driver) - c:\windows\system32\drivers\hap16v2k.sys (file missing)
S3 new_drv (!!!!) - c:\windows\new_drv.sys (file missing)
S3 rdriv - c:\windows\system32\rdriv.sys (file missing)
S3 remon - c:\windows\system32\remon.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S2 BusinessContinuity (BusinessC) - "c:\windows\msstl.exe" (file missing)
S2 ClipSrvRpcSs (ClipBook ClipSrvRpcSs) - c:\windows\system32\advapi32k.exe srv (file missing)
S2 Google Online Services - c:\documents and settings\mike n jen\ie_updates3r.exe -a (file missing)
S2 lsass (Local Security Authority Subsystem Service) - "c:\windows\lsass.exe" (file missing)
S2 MsLS32 - "c:\windows\msls32.exe" (file missing)
S2 msnupdate (microsoft update) - "c:\windows\windupdate.exe" (file missing)
S2 MSSysInterv1 (MSSysInterv) - c:\windows\winself.exe service (file missing)
S2 sysmgr64 - "c:\windows\sysmgr64.exe" (file missing)
S2 uploadmgr Smart (Upload Manager uploadmgr Smart) - c:\windows\system32\htjt522.exe srv (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_82\3&61AAA01&0&83
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_82\3&61AAA01&0&83
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_18411019&REV_50\3&61AAA01&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_18411019&REV_50\3&61AAA01&0&8D
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA PCI 10/100Mb Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA PCI 10/100Mb Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Service: FETNDIS
-- Files created between 2008-03-26 and 2008-04-26 -----------------------------
2008-04-26 10:01:53 0 d-------- C:\Program Files\Trend Micro
2008-04-26 09:57:55 2954 --a------ C:\WINDOWS\System32\tmp.reg
2008-04-26 09:57:09 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-04-26 09:57:09 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-26 09:57:09 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-26 09:57:09 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-26 09:57:09 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-26 09:57:09 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-26 09:57:09 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-04-26 09:57:09 82944 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-12 07:53:01 102810 --a------ C:\WINDOWS\System32\msvcrt2.dll
2008-04-12 04:43:55 195562 --ahs---- C:\WINDOWS\System32\dJjklnnn.ini2
2008-04-12 04:33:43 161 --a-s---- C:\WINDOWS\System32\3661538103.dat
2008-04-12 04:32:45 0 d-------- C:\Documents and Settings\All Users\Application Data\lqtejqta
2008-04-12 04:32:04 2 --a------ C:\-2132154866
2008-04-12 04:31:26 11008 --a------ C:\WINDOWS\stcloader.exe
2008-04-12 04:31:25 19200 --a------ C:\WINDOWS\voiceip.dll
2008-04-12 04:31:25 11008 --a------ C:\WINDOWS\mssvr.exe
2008-04-12 04:31:25 28672 --a------ C:\WINDOWS\mspphe.dll
2008-04-12 04:31:25 18688 --a------ C:\WINDOWS\cdsm32.dll
2008-04-12 04:31:25 26112 --a------ C:\WINDOWS\bokja.exe
2008-04-12 04:31:24 10752 --a------ C:\WINDOWS\bjam.dll
2008-04-12 04:31:24 31488 --a------ C:\WINDOWS\2020search2.dll
2008-04-12 04:31:24 30976 --a------ C:\WINDOWS\2020search.dll
2008-04-12 04:31:20 24576 --a------ C:\WINDOWS\saiemod.dll
2008-04-12 04:31:19 29696 --a------ C:\WINDOWS\msapasrc.dll
2008-04-12 04:31:19 15360 --a------ C:\WINDOWS\msa64chk.dll
2008-04-12 04:31:18 16384 --a------ C:\WINDOWS\shdocpl.dll
2008-04-12 04:31:18 22016 --a------ C:\WINDOWS\ntnut.exe
2008-04-12 04:31:17 29440 --a------ C:\WINDOWS\winsb.dll
2008-04-12 04:31:17 23040 --a------ C:\WINDOWS\shdocpe.dll
2008-04-12 04:31:17 23296 --a------ C:\WINDOWS\browserad.dll
2008-04-12 04:31:17 32000 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-12 04:31:16 19712 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-12 04:31:16 26624 --a------ C:\WINDOWS\avifile32.dll
2008-04-12 04:31:16 11776 --a------ C:\WINDOWS\autodisc32.dll
2008-04-12 04:31:16 16640 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-12 04:31:16 21504 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-12 04:31:16 31488 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-12 04:31:15 15616 --a------ C:\WINDOWS\athprxy32.dll
2008-04-12 04:31:15 28672 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-12 04:31:15 26880 --a------ C:\WINDOWS\asferror32.dll
2008-04-12 04:31:15 15104 --a------ C:\WINDOWS\apphelp32.dll
2008-04-12 04:31:14 20480 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-12 04:29:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-11 19:25:12 0 d-------- C:\WINDOWS\Sun
2008-04-11 19:25:11 0 d-------- C:\Documents and Settings\Mike n Jen\Application Data\Sun
2008-04-04 22:29:14 270694 --a------ C:\WINDOWS\System32\000090.exe
-- Find3M Report ---------------------------------------------------------------
2008-04-13 14:54:00 0 d-------- C:\Documents and Settings\Mike n Jen\Application Data\AVG7
2008-03-10 16:42:19 0 d-------- C:\Documents and Settings\Mike n Jen\Application Data\LimeWire
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"Content Manager Subsystem"="cmss.exe" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" []
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" []
"MS DLL Library Manager"="C:\WINDOWS\System32\dllsys64.exe" []
"wlsass"="C:\WINDOWS\System32\wlsass.exe" []
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" []
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" []
"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO}" []
"MS Task Manager 32"="C:\WINDOWS\System32\mstskmgr.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/26/2008 09:45 AM]
"P17Helper"="P17.dll" [05/03/2005 04:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Microsoft® System Manager"="C:\WINDOWS\system32\sysmgr.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Content Manager Subsystem"="cmss.exe" []
"Microsoft Windows Installer"="C:\DOCUME~1\MIKENJ~1\LOCALS~1\Temp\ie.exe" []
"ttool"="C:\WINDOWS\9129837.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Content Manager Subsystem"=cmss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Content Manager Subsystem"=cmss.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Content Manager Subsystem"=cmss.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Content Manager Subsystem"=cmss.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ttool"=C:\WINDOWS\9129837.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"qgpdQwojTQ"=C:\Documents and Settings\All Users\Application Data\lqtejqta\jebktqly.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyyVND]
fccyyVND.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\nnnlkjJd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-04-26 11:25:52 ------------