I noticed the backdoors and the hijacker as well. Here are the logs that you requested:
---------------------------------KASPERSKY ONLINE SCANNER REPORT------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
07-01-28 21:44
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/01/2007
Kaspersky Anti-Virus database records: 262757
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 61926
Number of viruses found: 2
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:18:29
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\1162968398\funkybamn\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\1162968398\toddl69\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DF21C2.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Todd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Todd\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Todd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Todd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Todd.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP132\A0015312.exe Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP132\A0015333.exe Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP133\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF Object is locked skipped
Scan process completed.
-------------------------------------------------GMER Report 1----------------------------------
GMER 1.0.12.12011 -
http://www.gmer.netRootkit scan 2007-01-28 22:40:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN B80B7C74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP B80B4400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible B80B7BCE
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CA431E5
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA7797CA
ADS C:\Documents and Settings\Todd\Favorites\IP Address Locator - Enter an IP address to find its location - Lookup Country Region City etc.url:favicon
---- EOF - GMER 1.0.12 ----
--------------------------------------------GMER Report 2 AutoStarts----------------------------------------------
GMER 1.0.12.12011 -
http://www.gmer.netAutostart scan 2007-01-28 22:58:01
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems@Windows =
%SystemRoot%\system32\csrss.exe
ObjectDirectory=\Windows
SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,
3
ServerDll=winsrv:ConServerDllInitialization,2
ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon@Userinit =
C:\WINDOWS\system32\userinit.exe,
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware
Guard*/@ = C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ =
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ =
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ =
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Bonjour Service
/*##Id_String1.6844F930_1628_4223_B5CC_5BB94B
879762##*/@ = "C:\Program
Files\Bonjour\mDNSResponder.exe"
Creative Service for CDROM Access /*Creative
Service for CDROM Access*/@ =
C:\WINDOWS\system32\CTsvcCDA.exe
MDM /*Machine Debug Manager*/@ = "C:\Program
Files\Common Files\Microsoft
Shared\VS7DEBUG\mdm.exe"
NVSvc /*NVIDIA Display Driver Service*/@ =
%SystemRoot%\system32\nvsvc32.exe
Spooler /*Print Spooler*/@ =
%SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@
= C:\WINDOWS\system32\wdfmgr.exe
Viewpoint Manager Service /*Viewpoint Manager
Service*/@ = "C:\Program
Files\Viewpoint\Common\ViewpointService.exe"
WMDM PMSP Service /*WMDM PMSP Service*/@ =
C:\WINDOWS\system32\MsPMSPSv.exe
HKLM\Software\Microsoft\Windows\CurrentVersio
n\Run >>>
@NvCplDaemonRUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup =
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIni
t = RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIni
t
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE =
C:\WINDOWS\UpdReg.EXE
@Jet Detection"C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe" =
"C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd =
RunDll32 cmicnfg.cpl,CMICtrlWnd
@SunJavaUpdateSched"C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe" =
"C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex
e /STARTUP =
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
@IntelliPoint"C:\Program Files\Microsoft
IntelliPoint\point32.exe" = "C:\Program
Files\Microsoft IntelliPoint\point32.exe"
@ISUSPM"C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-scheduler /*file not found*/ = "C:\Program
Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe"
-scheduler /*file not found*/
@RemoteControl"C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe" =
"C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
@GrooveMonitor"C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe" =
"C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
@NeroFilterCheckC:\Program Files\Common
Files\Ahead\Lib\NeroCheck.exe = C:\Program
Files\Common Files\Ahead\Lib\NeroCheck.exe
@TkBellExe"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
= "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
@!AVG Anti-Spyware"C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized = "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
HKCU\Software\Microsoft\Windows\CurrentVersio
n\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe =
C:\WINDOWS\system32\ctfmon.exe
@ctpmonctpmon.exe /*file not found*/ =
ctpmon.exe /*file not found*/
@Aim6"C:\Program Files\Common
Files\AOL\Launch\AOLLaunch.exe" /d
locale=en-US ee://aol/imApp = "C:\Program
Files\Common Files\AOL\Launch\AOLLaunch.exe"
/d locale=en-US ee://aol/imApp
@Yahoo! Pager"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe"
-quiet = "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe"
-quiet
HKLM\Software\Microsoft\Windows\CurrentVersio
n\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PRO
GRA~1\MICROS~3\Office12\GRA8E1~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Pro
gram Files\Grisoft\AVG Anti-Spyware
7.5\shellexecutehook.dll = C:\Program
Files\Grisoft\AVG Anti-Spyware
7.5\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersio
n\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3}
/*Display Panning CPL Extension*/deskpan.dll
/*file not found*/ = deskpan.dll /*file not
found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153}
/*Previous Versions Property
Page*/%SystemRoot%\system32\twext.dll =
%SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783}
/*Previous
Versions*/%SystemRoot%\system32\twext.dll =
%SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE
Search Band*/C:\WINDOWS\system32\ieframe.dll
= C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}
/*Shell DocObject
Viewer*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8}
/*InternetShortcut*/C:\WINDOWS\system32\iefra
me.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE}
/*Microsoft Url History
Service*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000}
/*History*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933}
/*Temporary Internet
Files*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933}
/*Temporary Internet
Files*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
/*Microsoft Url Search
Hook*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The
Internet*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D}
/*Internet Name
Space*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
/*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87}
/*Extensions Manager
Folder*/C:\WINDOWS\system32\extmgr.dll =
C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439}
/*NvCpl DesktopContext
Class*/C:\WINDOWS\system32\nvcpl.dll =
C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516}
/*Play on my TV
helper*/C:\WINDOWS\system32\nvcpl.dll =
C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D}
/*Desktop
Explorer*/C:\WINDOWS\system32\nvshell.dll =
C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47}
/*Desktop Explorer
Menu*/C:\WINDOWS\system32\nvshell.dll =
C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48}
/*nView Desktop Context
Menu*/C:\WINDOWS\system32\nvshell.dll =
C:\WINDOWS\system32\nvshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}
/*Messenger Sharing Folders*/C:\Program
Files\MSN Messenger\fsshext.8.0.0812.00.dll =
C:\Program Files\MSN
Messenger\fsshext.8.0.0812.00.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
/*AVG7 Shell Extension*/C:\Program
Files\Grisoft\AVG Free\avgse.dll = C:\Program
Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
/*AVG7 Find Extension*/C:\Program
Files\Grisoft\AVG Free\avgse.dll = C:\Program
Files\Grisoft\AVG Free\avgse.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F}
/*IntelliPoint Wireless Control Panel
Property Page*/"C:\Program Files\Microsoft
IntelliPoint\ipcplwir.dll" = "C:\Program
Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}
/*IntelliPoint Wheel Control Panel Property
Page*/"C:\Program Files\Microsoft
IntelliPoint\ipcplwhl.dll" = "C:\Program
Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE}
/*IntelliPoint Activities Control Panel
Property Page*/"C:\Program Files\Microsoft
IntelliPoint\ipcplact.dll" = "C:\Program
Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2}
/*IntelliPoint Buttons Control Panel Property
Page*/"C:\Program Files\Microsoft
IntelliPoint\ipcplbtn.dll" = "C:\Program
Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA}
/*WinRAR shell extension*/C:\Program
Files\WinRAR\rarext.dll = C:\Program
Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
/*Shell Extensions for RealOne
Player*/C:\Program
Files\Real\RealPlayer\rpshell.dll =
C:\Program Files\Real\RealPlayer\rpshell.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
/*PowerISO*/C:\Program
Files\PowerISO\PWRISOSH.DLL = C:\Program
Files\PowerISO\PWRISOSH.DLL
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE
Microsoft
BrowserBand*/C:\WINDOWS\system32\ieframe.dll
= C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE
Fade Task*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE
Menu Desk
Bar*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE
AutoComplete*/C:\WINDOWS\system32\ieframe.dll
= C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE
Navigation
Bar*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE
Menu Site*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE
Menu Band*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE
Microsoft History AutoComplete
List*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE
Tracking Shell
Menu*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE
IShellFolderBand*/C:\WINDOWS\system32\ieframe
.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE
BandProxy*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE
MRU AutoComplete
List*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE
RSS Feeder
Folder*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE
Microsoft Shell Folder AutoComplete
List*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE
Microsoft Multiple AutoComplete List
Container*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}
/*Microsoft Browser
Architecture*/C:\WINDOWS\system32\ieframe.dll
= C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE
Shell Rebar
BandSite*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE
Shell Band Site
Menu*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049}
/*&Links*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE
Registry Tree Options
Utility*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE
User Assist*/C:\WINDOWS\system32\ieframe.dll
= C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE
Custom MRU AutoCompleted
List*/C:\WINDOWS\system32\ieframe.dll =
C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web
Folders*/C:\Program Files\Common
Files\Microsoft Shared\Web
Folders\MSONSEXT.DLL = C:\Program
Files\Common Files\Microsoft Shared\Web
Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
/*Groove GFS Browser
Helper*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~
1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}
/*Groove GFS Explorer
Bar*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.D
LL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056}
/*Groove GFS Stub Icon
Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1
~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
/*Groove GFS Stub Execution
Hook*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.
DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D}
/*Groove GFS Context Menu
Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1
~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0}
/*Groove XML Icon
Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1
~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619}
/*Groove Explorer Icon Overlay 3 (GFS
Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1
~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
/*Groove Explorer Icon Overlay 2 (GFS
Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1
.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
/*Groove Explorer Icon Overlay 4 (GFS Unread
Mark)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1
.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7}
/*Groove Explorer Icon Overlay 1 (GFS Unread
Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1
.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399}
/*Groove Explorer Icon Overlay 2.5 (GFS
Unread
Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1
~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046}
/*Microsoft Office Outlook Custom Icon
Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFST
UB.DLL =
C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046}
/*Microsoft Office Outlook Desktop Icon
Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEX
T.DLL =
C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}
/*Microsoft Office OneNote Namespace
Extension for Windows Desktop
Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTE
R.DLL =
C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597}
/*Microsoft Office HTML Icon
Handler*/C:\Program Files\Microsoft
Office\Office12\msohevi.dll = C:\Program
Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}
/*Microsoft Office Metadata
Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE
12\msoshext.dll =
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshe
xt.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}
/*Microsoft Office Thumbnail
Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE
12\msoshext.dll =
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshe
xt.dll
@{B327765E-D724-4347-8B16-78AE18552FC3}
/*NeroDigitalIconHandler*/C:\Program
Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll =
C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8}
/*NeroDigitalPropSheetHandler*/C:\Program
Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll =
C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll
HKLM\Software\Classes\*\shellex\ContextMenuHa
ndlers\ >>>
AVG
Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921C
D3920} = C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\context.dll
AVG7 Shell
Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEB
C3} = C:\Program Files\Grisoft\AVG
Free\avgse.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DC
E} = C:\Program Files\PowerISO\PWRISOSH.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA}
= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler
XXX@{6C467336-8281-4E60-8204-430CED96822D} =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
HKLM\Software\Classes\Directory\shellex\Conte
xtMenuHandlers\ >>>
AVG
Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921C
D3920} = C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\context.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DC
E} = C:\Program Files\PowerISO\PWRISOSH.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA}
= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler
XXX@{6C467336-8281-4E60-8204-430CED96822D} =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
HKLM\Software\Classes\Folder\shellex\ContextM
enuHandlers\ >>>
AVG7 Shell
Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEB
C3} = C:\Program Files\Grisoft\AVG
Free\avgse.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DC
E} = C:\Program Files\PowerISO\PWRISOSH.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA}
= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler
XXX@{6C467336-8281-4E60-8204-430CED96822D} =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersio
n\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Pro
gram Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx =
C:\Program Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
@{53707962-6F74-2D53-2644-206D7942484F}C:\Pro
gram Files\Spybot - Search &
Destroy\SDHelper.dll = C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Pro
gram Files\Yahoo!\Common\yiesrvc.dll =
C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PRO
GRA~1\MICROS~3\Office12\GRA8E1~1.DLL =
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Pro
gram Files\Java\jre1.5.0_09\bin\ssv.dll =
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Pro
gram Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll =
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
HKLM\Software\Microsoft\Internet
Explorer\Plugins\Extension\.spop@Location =
C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
HKLM\Software\Microsoft\Internet
Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isa
pi/redir.dll?prd=ie&pver=6&ar=msnhome =
http://www.microsoft.../redir.dll?prd=ie&pver=6&ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?
prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVE
R}&ar=home =
http://www.microsoft.../redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&a
r=home
@Local PageC:\windows\system32\blank.htm =
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet
Explorer\Main >>>
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=msnhome =
http://www.microsoft.../redir.dll?prd=ie&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm =
C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/x
ml@CLSID =
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXML
MF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID =
C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID =
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID =
%SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common
Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID =
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSoc
k2\Parameters\NameSpace_Catalog5\Catalog_Entr
ies\000000000004@LibraryPath = C:\Program
Files\Bonjour\mdnsNSP.dll
---- EOF - GMER 1.0.12 ----