Deckard's System Scanner v20071014.68 Run by badman420 on 2008-05-08 23:44:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 73: 2008-05-09 05:44:59 UTC - RP73 - Deckard's System Scanner Restore Point 72: 2008-05-08 08:17:43 UTC - RP72 - Removed Full Tilt Poker 71: 2008-05-08 07:47:42 UTC - RP71 - Installed Full Tilt Poker 70: 2008-05-08 06:32:42 UTC - RP70 - Installed Microsoft Visual C++ 2005 Redistributable 69: 2008-05-07 07:36:04 UTC - RP69 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-21 04:18:20 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 248 MiB (512 MiB recommended).[/color] -- HijackThis (run as badman420.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:10 PM, on 5/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\badman420\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\badman420.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\hgGwtTnM.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O2 - BHO: (no name) - {992CFEB9-FE49-4E64-B377-F97BC3728806} - C:\WINDOWS\system32\ssqQijjg.dll (file missing) O2 - BHO: gooochi browser optimizer - {9d024223-33ed-6cea-c175-82dc5269d99f} - C:\WINDOWS\system32\{44973b67-9c2a-1db7-cc23-2d175a5d5474}.dll (file missing) O2 - BHO: (no name) - {A7E81B89-DF38-40C8-A767-6FBECB65B862} - C:\WINDOWS\system32\vtUlKdDS.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {82387743-4e04-430a-2234-2a0f661a8f0d} - {d0f8a166-f0a2-4322-a034-40e434778328} - C:\WINDOWS\system32\isrbcycv.dll O2 - BHO: (no name) - {E6F5A45F-2D7A-419D-BE5A-27FA6ED1611F} - C:\WINDOWS\system32\vtUoLDTL.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [BM9761686f] Rundll32.exe "C:\WINDOWS\system32\cscnmifp.dll",s O4 - HKLM\..\Run: [94525bf3] rundll32.exe "C:\WINDOWS\system32\lyaeewyv.dll",b O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204587399750 O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll O20 - Winlogon Notify: hgGwtTnM - hgGwtTnM.dll (file missing) O20 - Winlogon Notify: vtUlKdDS - C:\WINDOWS\SYSTEM32\vtUlKdDS.dll O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 5156 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 catchme - c:\docume~1\badman~1\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-08 23:33:10 262 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-05-08 23:04:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-04-08 and 2008-05-08 ----------------------------- 2008-05-08 23:15:10 4509052 ---hs---- C:\WINDOWS\system32\vyweeayl.ini2 2008-05-08 23:13:51 95232 --a------ C:\WINDOWS\system32\lyaeewyv.dll 2008-05-08 23:13:35 117248 --a------ C:\WINDOWS\system32\isrbcycv.dll 2008-05-08 23:03:00 2048 --a------ C:\WINDOWS\system32\hbunlncg.exe 2008-05-08 22:25:47 109056 --a------ C:\WINDOWS\system32\cscnmifp.dll 2008-05-08 20:08:27 0 d-------- C:\WINDOWS\ERUNT 2008-05-08 19:53:24 0 d-------- C:\Documents and Settings\David\Application Data\Adobe 2008-05-08 19:46:39 0 d-------- C:\Documents and Settings\David\Application Data\Identities 2008-05-08 19:45:36 0 dr------- C:\Documents and Settings\David\Favorites 2008-05-08 19:45:36 0 d-------- C:\Documents and Settings\David\Desktop 2008-05-08 19:45:36 0 d---s---- C:\Documents and Settings\David\Cookies 2008-05-08 19:45:36 0 dr-h----- C:\Documents and Settings\David\Application Data 2008-05-08 19:45:36 0 d---s---- C:\Documents and Settings\David\Application Data\Microsoft 2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\Templates 2008-05-08 19:45:35 0 dr------- C:\Documents and Settings\David\Start Menu 2008-05-08 19:45:35 0 dr-h----- C:\Documents and Settings\David\SendTo 2008-05-08 19:45:35 0 dr-h----- C:\Documents and Settings\David\Recent 2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\PrintHood 2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\NetHood 2008-05-08 19:45:35 0 dr------- C:\Documents and Settings\David\My Documents 2008-05-08 19:45:35 0 d--h----- C:\Documents and Settings\David\Local Settings 2008-05-08 19:45:34 524288 --ah----- C:\Documents and Settings\David\NTUSER.DAT 2008-05-08 19:16:52 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-05-08 19:16:52 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-05-08 19:16:52 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-05-08 19:16:52 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-05-08 19:16:52 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-05-08 19:16:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-05-08 19:16:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-05-08 19:16:50 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-05-08 19:16:50 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-05-08 19:16:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-05-08 16:05:10 0 d-------- C:\Program Files\Trend Micro 2008-05-08 16:02:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-05-08 16:02:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-05-08 16:00:43 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-05-08 14:49:47 117248 --a------ C:\WINDOWS\system32\phnoausb.dll 2008-05-08 14:46:47 2048 --a------ C:\WINDOWS\system32\sneuoyrv.exe 2008-05-08 14:43:52 95232 -----n--- C:\WINDOWS\system32\flxtlsxt.dll 2008-05-08 14:43:05 862 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-05-08 14:42:13 109056 --a------ C:\WINDOWS\system32\qkqwdcud.dll 2008-05-08 12:30:16 2048 --a------ C:\WINDOWS\system32\gvrvbrel.exe 2008-05-08 12:27:18 117248 --a------ C:\WINDOWS\system32\lgdmpypk.dll 2008-05-08 12:26:54 109056 --a------ C:\WINDOWS\system32\fwoncjpt.dll 2008-05-08 12:24:15 290572 --ahs---- C:\WINDOWS\system32\TCffOXyb.ini2 2008-05-08 12:23:58 373760 --a------ C:\WINDOWS\system32\byXOffCT.dll 2008-05-08 12:20:12 401977 --a------ C:\WINDOWS\system32\g93.exe 2008-05-08 09:06:47 28672 --a------ C:\WINDOWS\system32\qoMeEUMg.dll 2008-05-08 08:56:56 2048 --a------ C:\WINDOWS\system32\lxtuxsum.exe 2008-05-08 08:55:14 116224 --a------ C:\WINDOWS\system32\xgosuetw.dll 2008-05-08 08:55:02 109056 --a------ C:\WINDOWS\system32\tstfmjne.dll 2008-05-08 08:53:55 293306 --ahs---- C:\WINDOWS\system32\LTDLoUtv.ini2 2008-05-08 08:53:33 375808 --a------ C:\WINDOWS\system32\vtUoLDTL.dll 2008-05-08 08:51:40 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-05-08 08:50:39 298309 --a------ C:\WINDOWS\system32\gside.exe 2008-05-08 08:50:39 0 d--hs---- C:\WINDOWS\QW5uZSBSdXRsZWRnZQ 2008-05-08 08:49:49 0 d-------- C:\WINDOWS\system32\xIT2 2008-05-08 08:49:49 0 d-------- C:\WINDOWS\system32\ViBE 2008-05-08 08:49:49 0 d-------- C:\WINDOWS\system32\ad1 2008-05-08 08:49:49 0 d-------- C:\WINDOWS\system32\1019b 2008-05-08 08:48:18 28672 --a------ C:\WINDOWS\system32\vtUlKdDS.dll 2008-05-08 01:47:45 0 d-------- C:\Program Files\Full Tilt Poker 2008-05-08 00:31:18 0 d-------- C:\Program Files\HoldemInspector2 2008-05-05 16:51:17 0 d-------- C:\Program Files\PartyGaming 2008-05-05 15:56:16 0 d-------- C:\Program Files\PlayMP3z 2008-05-05 15:56:11 0 d-------- C:\Program Files\ContextTool 2008-05-05 12:34:22 0 d-------- C:\WINDOWS\pss 2008-05-05 00:52:41 0 d-------- C:\Documents and Settings\badman420\Shared 2008-05-05 00:52:39 0 d-------- C:\Documents and Settings\badman420\Incomplete 2008-05-05 00:51:52 0 d-------- C:\Documents and Settings\badman420\Application Data\FrostWire 2008-05-04 18:26:16 0 d-------- C:\Program Files\Java 2008-05-04 18:25:43 0 d-------- C:\Program Files\Common Files\Java 2008-05-04 18:24:06 0 d-------- C:\Documents and Settings\badman420\Application Data\Sun 2008-05-04 18:21:34 0 d-------- C:\Program Files\FrostWire 2008-05-04 18:21:22 0 d-------- C:\Program Files\AskSBar 2008-05-03 18:37:11 0 d-------- C:\WINDOWS\system32\URTTemp 2008-05-02 19:05:57 0 d-------- C:\Program Files\PartyGaming.Net 2008-04-21 06:17:47 0 d-------- C:\Program Files\PC-Cleaner 2008-04-21 05:43:46 0 d-------- C:\Documents and Settings\badman420\Application Data\TmpRecentIcons 2008-04-20 22:18:04 110207 --ahs---- C:\WINDOWS\system32\gjjiQqss.ini2 2008-04-20 21:56:51 0 d-------- C:\Documents and Settings\Anne Rutledge\Application Data\TmpRecentIcons 2008-04-19 02:30:52 0 d-------- C:\Documents and Settings\All Users\Application Data\cvuzcpah 2008-04-12 10:24:14 0 d-------- C:\Documents and Settings\Anne Rutledge\Contacts -- Find3M Report --------------------------------------------------------------- 2008-05-08 02:18:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-04 22:26:29 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-04 18:25:43 0 d-------- C:\Program Files\Common Files 2008-04-07 10:34:26 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-07 05:56:59 0 d-------- C:\Program Files\Windows Live Toolbar 2008-04-07 05:55:21 0 d-------- C:\Program Files\Windows Live Favorites 2008-04-04 01:58:55 0 d-------- C:\Program Files\Windows Live 2008-04-04 01:55:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-30 02:29:12 0 d-------- C:\Documents and Settings\badman420\Application Data\Macromedia 2008-03-30 02:22:20 0 d-------- C:\Documents and Settings\badman420\Application Data\Adobe 2008-03-30 00:50:13 0 d-------- C:\Documents and Settings\badman420\Application Data\Identities 2008-03-30 00:49:34 0 d-------- C:\Program Files\Google 2008-03-29 16:38:28 0 d-------- C:\Program Files\Defender Pro 2008-03-27 09:35:26 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll 2008-03-03 15:58:23 0 -rahs---- C:\MSDOS.SYS 2008-03-03 15:58:23 0 -rahs---- C:\IO.SYS 2008-03-03 15:58:23 0 --a------ C:\CONFIG.SYS 2008-03-03 15:58:23 0 --a------ C:\AUTOEXEC.BAT 2008-03-03 15:54:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-03-03 08:46:53 62 --ahs---- C:\Documents and Settings\badman420\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}] C:\WINDOWS\system32\hgGwtTnM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}] 03/27/2008 09:35 AM 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{992CFEB9-FE49-4E64-B377-F97BC3728806}] C:\WINDOWS\system32\ssqQijjg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d024223-33ed-6cea-c175-82dc5269d99f}] C:\WINDOWS\system32\{44973b67-9c2a-1db7-cc23-2d175a5d5474}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7E81B89-DF38-40C8-A767-6FBECB65B862}] 05/08/2008 08:48 AM 28672 --a------ C:\WINDOWS\system32\vtUlKdDS.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d0f8a166-f0a2-4322-a034-40e434778328}] 05/08/2008 11:13 PM 117248 --a------ C:\WINDOWS\system32\isrbcycv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6F5A45F-2D7A-419D-BE5A-27FA6ED1611F}] 05/08/2008 08:53 AM 375808 --a------ C:\WINDOWS\system32\vtUoLDTL.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [05/04/2008 06:21 PM 267592] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [10/16/2002 06:24 AM C:\WINDOWS\SOUNDMAN.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/15/2002 11:18 AM] "AVP"="C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" [08/07/2007 04:00 PM] "BM9761686f"="C:\WINDOWS\system32\cscnmifp.dll" [05/08/2008 10:25 PM] "94525bf3"="C:\WINDOWS\system32\lyaeewyv.dll" [05/08/2008 11:13 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3}"= C:\WINDOWS\system32\hgGwtTnM.dll [ ] "{A7E81B89-DF38-40C8-A767-6FBECB65B862}"= C:\WINDOWS\system32\vtUlKdDS.dll [05/08/2008 08:48 AM 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwtTnM] hgGwtTnM.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlKdDS] vtUlKdDS.dll 05/08/2008 08:48 AM 28672 C:\WINDOWS\system32\vtUlKdDS.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUoLDTL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsvvcyfq] C:\WINDOWS\system32\qhezsbsj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide -- End of Deckard's System Scanner: finished at 2008-05-08 23:51:46 ------------