Report of OSAM: Autorun Manager v5.0.11926.0

Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 05:13:44 on 17.12.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 17.0.1

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

	Risk	Name	Publisher	Full Path	Status
Common
%SystemRoot%\Tasks
	\|\|\|\|	"GoogleUpdateTaskUserS-1-5-21-1606980848-1078145449-1957994488-1003Core.job"	"Google Inc."	C:\Documents and Settings\luaay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe	File exists
	\|\|\|\|	"GoogleUpdateTaskUserS-1-5-21-1606980848-1078145449-1957994488-1003UA.job"	"Google Inc."	C:\Documents and Settings\luaay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe	File exists
	\|\|\|\|\|\|	"MP Scheduled Scan.job"	"Microsoft Corporation"	C:\Program Files\Windows Defender\MpCmdRun.exe	File exists
		"Adobe Flash Player Updater.job"	"Adobe Systems Incorporated"	C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe	File exists
Control Panel Objects
%SystemRoot%\system32
		"FlashPlayerCPLApp.cpl"	"Adobe Systems Incorporated"	C:\WINDOWS\system32\FlashPlayerCPLApp.cpl	File exists
		"javacpl.cpl"	"Sun Microsystems, Inc."	C:\WINDOWS\system32\javacpl.cpl	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
		"Changer" (Changer)		C:\WINDOWS\system32\drivers\Changer.sys	File not found
	\|\|\|\|\|\|	"CrystalSysInfo" (CrystalSysInfo)		C:\Program Files\MediaCoder\SysInfo.sys	File found, but it contains no detailed information
	\|\|\|\|\|\|	"EAMON" (eamon)	"ESET"	C:\WINDOWS\System32\DRIVERS\eamon.sys	File exists
	\|\|\|\|\|\|	"easdrv" (easdrv)	"ESET"	C:\WINDOWS\System32\DRIVERS\easdrv.sys	File exists
	\|\|\|\|\|\|	"epfwtdir" (epfwtdir)	"ESET"	C:\WINDOWS\System32\DRIVERS\epfwtdir.sys	File exists
		"i2omgmt" (i2omgmt)		C:\WINDOWS\system32\drivers\i2omgmt.sys	File not found
		"lbrtfdc" (lbrtfdc)		C:\WINDOWS\system32\drivers\lbrtfdc.sys	File not found
	\|\|\|\|\|\|	"MBAMSwissArmy" (MBAMSwissArmy)	"Malwarebytes Corporation"	C:\WINDOWS\system32\drivers\mbamswissarmy.sys	File exists
		"PCIDump" (PCIDump)		C:\WINDOWS\system32\drivers\PCIDump.sys	File not found
		"PDCOMP" (PDCOMP)		C:\WINDOWS\system32\drivers\PDCOMP.sys	File not found
		"PDFRAME" (PDFRAME)		C:\WINDOWS\system32\drivers\PDFRAME.sys	File not found
		"PDRELI" (PDRELI)		C:\WINDOWS\system32\drivers\PDRELI.sys	File not found
		"PDRFRAME" (PDRFRAME)		C:\WINDOWS\system32\drivers\PDRFRAME.sys	File not found
	\|\|\|\|\|\|	"PQNTDrv" (PQNTDrv)	"PowerQuest Corporation"	C:\WINDOWS\system32\drivers\PQNTDrv.sys	File exists
	\|\|\|\|\|\|	"PxHelp20" (PxHelp20)	"Sonic Solutions"	C:\WINDOWS\System32\Drivers\PxHelp20.sys	File exists
	\|\|\|\|\|\|	"pxkbf" (pxkbf)	"Prevx"	C:\WINDOWS\System32\drivers\pxkbf.sys	File exists
	\|\|\|\|\|\|	"pxrts" (pxrts)	"Prevx"	C:\WINDOWS\System32\drivers\pxrts.sys	File exists
	\|\|\|\|\|\|	"pxscan" (pxscan)	"Prevx"	C:\WINDOWS\System32\drivers\pxscan.sys	File exists
	\|\|\|\|\|\|	"SANDRA" (SANDRA)	"SiSoftware"	C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys	File exists
	\|\|\|\|\|\|	"sptd" (sptd)	"Duplex Secure Ltd."	C:\WINDOWS\System32\Drivers\sptd.sys	File exists
	\|\|\|\|\|\|	"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv)	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys	File exists
	\|\|\|\|\|\|	"VSO Software pcouffin" (pcouffin)	"VSO Software"	C:\WINDOWS\System32\Drivers\pcouffin.sys	File exists
		"WDICA" (WDICA)		C:\WINDOWS\system32\drivers\WDICA.sys	File not found
Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
	\|\|\|\|\|\|	{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL	File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
		{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}"			File not found \| COM-object registry key not found
		{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}"			File not found \| COM-object registry key not found
HKLM\Software\Classes\Protocols\Filter
	\|\|\|\|\|\|	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"	"Microsoft Corporation"	C:\WINDOWS\system32\mscoree.dll	File exists
	\|\|\|\|\|\|	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"	"Microsoft Corporation"	C:\WINDOWS\system32\mscoree.dll	File exists
	\|\|\|\|\|\|	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"	"Microsoft Corporation"	C:\WINDOWS\system32\mscoree.dll	File exists
HKLM\Software\Classes\Protocols\Handler
	\|\|\|\|\|\|	{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"	"Skype Technologies"	C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
	\|\|\|\|\|\|	{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "Microsoft AntiMalware ShellExecuteHook"	"Microsoft Corporation"	C:\PROGRA~1\WINDOW~4\MpShHook.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
		{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension"			File not found \| COM-object registry key not found
		{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu"			File not found \| COM-object registry key not found
	\|\|\|\|\|\|	{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"	"Microsoft Corporation"	C:\WINDOWS\system32\mscoree.dll	File exists
		{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"			File not found \| COM-object registry key not found
	\|\|\|\|\|\|	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
	\|\|\|\|\|\|	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
		{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression"			File not found \| COM-object registry key not found
		{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension"	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll	File exists
		{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension"	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll	File exists
		{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension"	"TuneUp Software"	C:\WINDOWS\System32\uxtuneup.dll	File exists
		{6EE51AA0-77A0-11D7-B4E1-000347126E46} "Window Washer Shredding Utility"			File not found \| COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
		ITBar7Height "ITBar7Height"			File not found \| COM-object registry key not found
		"ITBar7Layout"			File not found \| COM-object registry key not found
		"ITBarLayout"			File not found \| COM-object registry key not found
		"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"			File not found \| COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
	\|\|\|\|	{A90A5822-F108-45AD-8482-9BC8B12DD539} "Crucial cpcScan" http://www.crucial.com/controls/cpcScanner.cab	"Crucial Technology, Inc."	C:\WINDOWS\Downloaded Program Files\cpcScan.dll	File exists
	\|\|	{8DC067B8-911D-473A-90F1-1171B887CDE0} "CyImage Class" http://cyimg8.cyworld.com/ImageUpload/CyPictureU1.cab?20080604	"SK Communications Corp."	C:\WINDOWS\Downloaded Program Files\CyPictureU.dll	File exists
		{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_37" http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\npjpi160_37.dll	File exists
		{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} "Java Plug-in 1.6.0_37" http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\npjpi160_37.dll	File exists
		{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_37" http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\npjpi160_37.dll	File exists
		Microsoft XML Parser for Java "Microsoft XML Parser for Java" file://C:\WINDOWS\Java\classes\xmldso.cab			File not found \| COM-object registry key not found
	\|\|\|\|	{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" http://go.microsoft.com/fwlink/?linkid=39204	"Microsoft Corporation"	C:\WINDOWS\system32\legitcheckcontrol.dll	File exists
		{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab			File not found \| COM-object registry key not found
		{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab			File not found \| COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
		{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2ssv.dll	File exists
		{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\ssv.dll	File exists
		{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll	File exists
	\|\|\|\|\|\|	{69D72956-317C-44bd-B369-8E44D4EF9801} "SafeOnline BHO"	"Prevx"	C:\WINDOWS\system32\PxSecure.dll	File exists
Logon
%AllUsersProfile%\Start Menu\Programs\Startup
	\|\|\|\|\|\|	"desktop.ini"		C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini	File exists
%UserProfile%\Start Menu\Programs\Startup
	\|\|\|\|	"Adobe Gamma.lnk"	"Adobe Systems, Inc."	C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe	Shortcut exists \| File exists
	\|\|\|\|\|\|	"desktop.ini"		C:\Documents and Settings\luaay\Start Menu\Programs\Startup\desktop.ini	File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		"Skype"	"Skype Technologies S.A."	"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	\|\|	"CanonMyPrinter"	"CANON INC."	C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon	File exists
		"CanonSolutionMenuEx"	"CANON INC."	C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon	File exists
	\|\|\|\|\|\|	"egui"	"ESET"	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice	File exists
	\|\|\|\|	"MSPY2002"		C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC	File signed by Microsoft \| File found, but it contains no detailed information
		"PMBVolumeWatcher"	"Sony Corporation"	C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe	File exists
	\|\|\|\|	"RemoteControl"	"Cyberlink Corp."	"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"	File exists
	\|\|\|\|\|\|	"Windows Defender"	"Microsoft Corporation"	"C:\Program Files\Windows Defender\MSASCui.exe" -hide	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
		"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
	\|\|\|\|\|\|	"Canon BJ Language Monitor MX310 series"	"CANON INC."	C:\WINDOWS\system32\CNMLM8Z.DLL	File exists
	\|\|\|\|\|\|	"Canon MP FAX Language Monitor MX310"	"Canon Inc."	C:\WINDOWS\system32\CNCF2Ld.DLL	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
		"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc)	"Adobe Systems Incorporated"	C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe	File exists
	\|\|\|\|\|\|	"Adobe LM Service" (Adobe LM Service)	"Adobe Systems"	C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe	File exists
	\|\|\|\|\|\|	"ASP.NET State Service" (aspnet_state)	"Microsoft Corporation"	C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe	File exists
	\|\|\|\|\|\|	"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC)		C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE	File exists
	\|\|\|\|\|\|	"CSIScanner" (CSIScanner)	"Prevx"	C:\Program Files\Prevx\prevx.exe	File exists
		"DeviceFinderService" (DeviceFinderService)		C:\Program Files\Sony\PlayMemories Home\dfs.exe	File found, but it contains no detailed information
	\|\|\|\|\|\|	"Eset HTTP Server" (EhttpSrv)	"ESET"	C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe	File exists
	\|\|\|\|\|\|	"Eset Service" (ekrn)	"ESET"	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe	File exists
	\|\|\|\|	"Google Updater Service" (gusvc)	"Google"	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe	File exists
		"GoToAssist" (GoToAssist)	"Citrix Online, a division of Citrix Systems, Inc."	C:\Program Files\Citrix\GoToAssist\607\g2aservice.exe	File exists
		"Java Quick Starter" (JavaQuickStarterService)	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jqs.exe	File exists
		"Mozilla Maintenance Service" (MozillaMaintenance)	"Mozilla Foundation"	C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe	File exists
		"NMIndexingService" (NMIndexingService)		"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"	File not found
		"PMBDeviceInfoProvider" (PMBDeviceInfoProvider)	"Sony Corporation"	C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe	File exists
	\|\|\|\|\|\|	"SiSoftware Deployment Agent Service" (SandraAgentSrv)	"SiSoftware"	C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe	File exists
		"TuneUp Theme Extension" (UxTuneUp)	"TuneUp Software"	C:\WINDOWS\System32\uxtuneup.dll	File exists
		"TuneUp Utilities Service" (TuneUp.UtilitiesSvc)	"TuneUp Software"	C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe	File exists
	\|\|\|\|\|\|	"Windows Defender" (WinDefend)	"Microsoft Corporation"	C:\Program Files\Windows Defender\MsMpEng.exe	File exists
Winlogon
HKCU\Control Panel\Desktop
	\|\|\|\|	"SCRNSAVE.EXE"	"Google Inc."	C:\WINDOWS\system32\GPhotos.scr	File exists
HKCU\Control Panel\IOProcs
		"MVB"		mvfs32.dll	File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
		"GoToAssist"	"Citrix Online, a division of Citrix Systems, Inc."	C:\Program Files\Citrix\GoToAssist\607\G2AWinLogon.dll	File exists
	\|\|\|\|	"WgaLogon"	"Microsoft Corporation"	C:\WINDOWS\system32\WgaLogon.dll	File exists

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru