GMER 1.0.15.15641 - http://www.gmer.net
Autostart scan 2013-01-24 03:17:21
Windows 6.1.7601 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System = 

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AdobeARMservice@ = "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
AgereModemAudio@ = C:\Windows\system32\agrsmsvc.exe
AudioEndpointBuilder@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Audiosrv@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
BFE@ = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BITS@ = %SystemRoot%\System32\svchost.exe -k netsvcs
clr_optimization_v4.0.30319_32@ = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DcomLaunch@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
eventlog@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem@ = %SystemRoot%\system32\svchost.exe -k LocalService
gpsvc@ = %systemroot%\system32\svchost.exe -k netsvcs
gupdate@ = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
iphlpsvc@ = %SystemRoot%\System32\svchost.exe -k NetSvcs
LanmanServer@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LanmanWorkstation@ = %SystemRoot%\System32\svchost.exe -k NetworkService
lmhosts@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
MMCSS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MpsSvc@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
NlaSvc@ = %SystemRoot%\System32\svchost.exe -k NetworkService
nsi@ = %systemroot%\system32\svchost.exe -k LocalService
nvsvc@ = %SystemRoot%\system32\nvvsvc.exe
PlugPlay@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Power@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
ProfSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
RpcEptMapper@ = %SystemRoot%\system32\svchost.exe -k RPCSS
RpcSs@ = %SystemRoot%\system32\svchost.exe -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon@ = %windir%\system32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\System32\spoolsv.exe
SysMain@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
UxSms@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
WinDefend@ = %SystemRoot%\System32\svchost.exe -k secsvcs
Winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
Wlansvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
wscsvc@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@Adobe ARM"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ccleaner = "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck = 

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\Windows\System32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00C6D95F-329C-409a-81D7-C46C66EA7F33} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{80009818-f38f-4af1-87b5-eadab9433e58} /*MF ADTS Property Handler*/%SystemRoot%\System32\mf.dll = %SystemRoot%\System32\mf.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast5\ashShell.dll = C:\Program Files\Alwil Software\Avast5\ashShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) = 
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast5\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = %SystemRoot%\system32\syncui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = %SystemRoot%\system32\ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{90AA3A4E-1CBA-4233-B8BB-535773D48449}%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Offline Files@{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = %SystemRoot%\system32\ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{596AB062-B4D2-4215-9F74-E9109B0A8153} = %SystemRoot%\system32\twext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast5\ashShell.dll
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = %SystemRoot%\system32\syncui.dll
Library Location@{3dad6c5d-2167-4cae-9914-f99e41c12cfa} = %SystemRoot%\system32\shell32.dll
Offline Files@{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} = %SystemRoot%\System32\cscui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programy\Java\bin\ssv.dll = D:\Programy\Java\bin\ssv.dll
@{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll = C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}D:\Programy\Java\bin\jp2ssv.dll = D:\Programy\Java\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\Windows\System32\mshtml.dll
cdl@CLSID = C:\Windows\system32\urlmon.dll
dvd@CLSID = C:\Windows\System32\msvidctl.dll
file@CLSID = C:\Windows\system32\urlmon.dll
ftp@CLSID = C:\Windows\system32\urlmon.dll
http@CLSID = C:\Windows\system32\urlmon.dll
https@CLSID = C:\Windows\system32\urlmon.dll
its@CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6} /*file not found*/
javascript@CLSID = C:\Windows\System32\mshtml.dll
local@CLSID = C:\Windows\system32\urlmon.dll
mailto@CLSID = C:\Windows\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\Windows\system32\urlmon.dll
ms-its@CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6} /*file not found*/
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\Windows\System32\mshtml.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
vbscript@CLSID = C:\Windows\System32\mshtml.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = 

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000003@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000004@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000005@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000006@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.15 ----