Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 11:21:23 on 26.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

  Risk Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" "O&O Software GmbH" C:\WINDOWS\system32\OODBS.exe File exists
Common
%SystemRoot%\Tasks
       "One-Click Tweak.job" "AdvancedPCTweaker.com, Inc." C:\Program Files\Advanced PC Tweaker\OneClick.exe File exists
||     "WinXP Manager Live Update.job" "Yamicsoft" C:\Program Files\Yamicsoft\WinXP Manager\LiveUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ac3filter.cpl" C:\WINDOWS\system32\ac3filter.cpl File exists
|||||| "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\WINDOWS\system32\FlashPlayerCPLApp.cpl File exists
       "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ali4eyw1" (ali4eyw1) "Microsoft Corporation" C:\WINDOWS\system32\drivers\ali4eyw1.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "Anchorfree HSS Adapter" (taphss) "AnchorFree Inc" C:\WINDOWS\System32\DRIVERS\taphss.sys File exists
|||||| "ASUS Video3D Service" (Video3D) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\Drivers\Video3D32.sys File exists
|||||| "ASUS Virtual Video Capture Device Driver" (asusgsb) "ASUSTeK Computer Inc." C:\WINDOWS\System32\drivers\asusgsb.sys File exists
|||||| "ASUSTeK Virtual Capture Device" (ASUSVRC) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\DRIVERS\AsusVRC.sys File exists
|||||| "ati2mtag" (ati2mtag) "ATI Technologies Inc." C:\WINDOWS\System32\DRIVERS\ati2mtag.sys File exists
|||||| "EIO_XP" (EIO_XP) "ASUSTeK Computer Inc." C:\WINDOWS\system32\drivers\EIO_XP.sys File exists
|||||| "Enhanced Display Driver Helper Service" (asuskbnt) "ASUSTeK COMPUTER INC." C:\WINDOWS\System32\drivers\atkkbnt.sys File exists
       "F-Secure Firewall Driver" (FSFW) "F-Secure Corporation" C:\WINDOWS\System32\drivers\fsdfw.sys File exists
       "F-Secure Gatekeeper" (F-Secure Gatekeeper) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys File exists
       "F-Secure HIPS Driver" (F-Secure HIPS) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys File exists
|||||| "FinalWire EVEREST Kernel Driver" (EverestDriver) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File found, but it contains no detailed information
|||||| "fsbts" (fsbts) "F-Secure Corporation" C:\WINDOWS\System32\Drivers\fsbts.sys File exists
|||||| "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\WINDOWS\system32\drivers\mbam.sys File exists
||     "ntk_PowerDVD" (ntk_PowerDVD) "Cyberlink Corp." C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys File exists
|||||| "PfModNT" (PfModNT) "Creative Technology Ltd." C:\WINDOWS\system32\PfModNT.sys File exists
|||||| "Power Control [2012/02/12 13:50:04]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl File exists
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\WINDOWS\System32\Drivers\sptd.sys File is exclusively opened, access blocked
|||||| "StarOpen" (StarOpen) C:\WINDOWS\system32\drivers\StarOpen.sys File found, but it contains no detailed information
|||||| "VIA USB Host Controller Lower Filter" (vulfnths) "VIA Technologies, Inc." C:\WINDOWS\System32\Drivers\vulfnth.sys File exists
|||||| "VIA USB Roothub Lower Filter" (vulfntrs) "VIA Technologies, Inc." C:\WINDOWS\System32\Drivers\vulfntr.sys File exists
       "vsdatant" (Vsdatant) "Check Point Software Technologies LTD" C:\WINDOWS\System32\vsdatant.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\VISSHE.DLL File exists
       {42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" deskpan.dll File not found
       {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" File not found | COM-object registry key not found
|||||| {bc5e1455-02ca-4b30-8eed-91d52a38da75} "FineReader10.FRContextMenu.1" "ABBYY." C:\Program Files\ABBYY FineReader 10\FRIntegration.dll File exists
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
|||||| {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\VISSHE.DLL File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll File exists
|||||| {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll File exists
|||||| {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "OODShellExtObj Class" "O&O Software GmbH" C:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL File exists
       {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" File not found | COM-object registry key not found
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
|||||| {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Workspaces" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
Internet Explorer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
||||   {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab		 "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
||||   {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab		 "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
||||   {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab		 "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| {FFFDC614-B694-4AE6-AB38-5D6374584B52} "OneNote Lin&ked Notes" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File exists
||||   {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL File exists
||||   {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
||||   {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists
       {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL File exists
Logon
%AllUsersProfile%\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini File exists
%UserProfile%\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||||| "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File exists
||||   "OODefragTray" "O&O Software GmbH" C:\WINDOWS\system32\oodtray.exe File exists
       "ZoneAlarm" "Check Point Software Technologies LTD" C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ABBYY FineReader 10 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.10.0) "ABBYY" C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe File exists
|||||| "Ati HotKey Poller" (Ati HotKey Poller) "ATI Technologies Inc." C:\WINDOWS\system32\Ati2evxx.exe File exists
|||||| "ATK Keyboard Service" (ATKKeyboardService) "ASUSTeK COMPUTER INC." C:\WINDOWS\ATKKBService.exe File exists
|||||| "CLHNServiceForPowerDVD" (CLHNServiceForPowerDVD) C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe File exists
|||||| "CyberLink PowerDVD 11.0 Monitor Service" (CyberLink PowerDVD 11.0 Monitor Service) "CyberLink" C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe File exists
|||||| "CyberLink PowerDVD 11.0 Service" (CyberLink PowerDVD 11.0 Service) "CyberLink" C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe File exists
       "F-Secure Anti-Virus Firewall Daemon" (FSDFWD) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe File exists
       "F-Secure Dll Hoster" (fshoster) "F-Secure Corporation" C:\Program Files\F-Secure\fshoster32.exe File exists
       "F-Secure Management Agent" (FSMA) "F-Secure Corporation" C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE File exists
||||   "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
       "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jqs.exe File exists
|||||| "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) "Microsoft Corporation" C:\Program Files\Microsoft Office\Office14\GROOVE.EXE File exists
|||||| "NMSAccess" (NMSAccess) C:\Program Files\CDBurnerXP\NMSAccessU.exe File found, but it contains no detailed information
|||||| "O&O Defrag" (O&O Defrag) "O&O Software GmbH" C:\WINDOWS\system32\oodag.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Office Software Protection Platform" (osppsvc) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists
       "TrueVector Internet Monitor" (vsmon) "Check Point Software Technologies LTD" C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe File exists
|||||| "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
       "MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "AtiExtEvent" "ATI Technologies Inc." C:\WINDOWS\system32\Ati2evxx.dll File exists

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru