reacently my pc has been really laggy , can someone tell me what to delete.. Logfile of HijackThis v1.99.1 Scan saved at 2:28:34 AM, on 8/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Documents and Settings\Gaurang\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - C:\WINDOWS\system32\ljJaxuVn.dll (file missing) O2 - BHO: {dcaf5772-6db9-d889-1fa4-a1772e51b775} - {577b15e2-771a-4af1-988d-9bd62775facd} - C:\WINDOWS\system32\zomwfn.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {EF90B9EE-C33D-42D5-8ADB-B44D85CB1694} - C:\WINDOWS\system32\wvUkKdEu.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [9c1a3172] rundll32.exe "C:\WINDOWS\system32\rdekldbq.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1203460921805 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203840644187 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: ljJaxuVn - ljJaxuVn.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Hi deadbeat8, You have some infections. Please download Malwarebytes' Anti-Malware to your desktop. • Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Be sure that everything is checked, and click Remove Selected. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post contents of that file in your next reply. Then post a fresh HijackThis Log.. 2OG
Thx for the reply =D , Malwarebytes' Anti-Malware 1.24 Database version: 1012 Windows 5.1.2600 Service Pack 2 8:18:39 PM 8/12/2008 mbam-log-8-12-2008 (20-18-39).txt Scan type: Full Scan (C:\|) Objects scanned: 86154 Time elapsed: 17 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 57 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\rdekldbq.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\zomwfn.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{577b15e2-771a-4af1-988d-9bd62775facd} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{577b15e2-771a-4af1-988d-9bd62775facd} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c1a3172 (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\zomwfn.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\rdekldbq.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qbdlkedr.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwleofuw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqPfeBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqQgDwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvTlmji.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVLeEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVPFYo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMcAstS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMCSLdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMfddEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMgfcyV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBqrOeE.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkHWMgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkIYQiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkJayyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkKdcAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkkhIBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRhgHyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRKAPgD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRLCTKA.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnNfGaW.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnoPhfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnlLEWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnMdebY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnopMFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqQjIXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcARhFU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcYSkjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGvvwVL.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGXOFwT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifccCTj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifddeeC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iiffCSIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifgDvUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayaYqRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayvUNGy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayWnmlJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yaywXQih.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqNDtsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqNFwWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqRhfCU.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssqRKArr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJaaxXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljJBrrRi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUliiFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmkLeD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmLfcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUOGYoM.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM9f2902ee.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM9f2902ee.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccaApQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccbCrRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fcccyWpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccDvUmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. and hijackthis log.. Logfile of HijackThis v1.99.1 Scan saved at 9:10:49 PM, on 8/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Gaurang\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {4DEABE3F-4A61-47C2-A64D-90453DC01542} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {EF90B9EE-C33D-42D5-8ADB-B44D85CB1694} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1203460921805 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1203840644187 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: ljJaxuVn - ljJaxuVn.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
