Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2013 Ran by slaw (administrator) on LATTITUDE on 06-09-2013 21:15:13 Running from C:\Documents and Settings\slaw\Pulpit\diagnoza Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\Atievxx.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE () C:\Program Files\blueconnect\BackgroundService\ModemListener.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe () C:\Program Files\blueconnect\BackgroundService\ServiceManager.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-03-25] (McAfee, Inc.) HKLM\...\Run: [ERA_SEPANG ModemListener] - C:\Program Files\blueconnect\BackgroundService\ModemListener.exe [102400 2010-12-07] () HKLM\...\Policies\Explorer: [RestrictRun] 0 HKCU\...\Run: [cdoosoft] - C:\WINDOWS\system32\olhrwef.exe [x] HKCU\...\Policies\Explorer: [RestrictRun] 0 MountPoints2: {0be16730-ec51-11df-9bfa-b94c4ced02ee} - F:\q9.cmd MountPoints2: {0be16732-ec51-11df-9bfa-b94c4ced02ee} - F:\q9.cmd MountPoints2: {4fc30b40-73d0-11e0-9f74-98e5e8413bee} - F:\autorun.exe MountPoints2: {57ef5460-5b7b-11e0-9f5b-c72692d23cee} - 8MLXQM1\8MLXQM1\8MLXQM1v51.exe MountPoints2: {74f76561-224e-11e1-a044-90af1e62cced} - G:\Bolt.exe MountPoints2: {a8b2de21-0324-11e0-9c2c-abbede1a1dee} - E:\start.exe /max setup.htm MountPoints2: {bd405d71-d309-11e0-9fd1-9b3f4dbac8ed} - H:\USBNB.exe MountPoints2: {d64d35e0-8d0e-11e0-9f92-e488de9ad4ed} - F:\RunClubSanDisk.exe Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU -DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\slaw\Dane aplikacji\Mozilla\Firefox\Profiles\v11a7gvt.default FF SelectedSearchEngine: DAEMON Search FF SearchPlugin: C:\Documents and Settings\slaw\Dane aplikacji\Mozilla\Firefox\Profiles\v11a7gvt.default\searchplugins\daemon-search.xml ========================== Services (Whitelisted) ================= R2 Ati HotKey Poller; C:\Windows\system32\Atievxx.exe [37376 2001-10-26] (Microsoft Corporation) R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe [22816 2010-03-25] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [147472 2010-03-25] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2010-03-25] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [70728 2010-03-25] (McAfee, Inc.) R2 Modem Device Helper; C:\Program Files\blueconnect\BackgroundService\ServiceManager.exe [45056 2010-07-23] () ==================== Drivers (Whitelisted) ==================== R3 atimtai; C:\Windows\System32\DRIVERS\atimtai.sys [281600 2001-10-26] (ATI Technologies Inc.) S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation) S3 cem56; C:\Windows\System32\DRIVERS\CEM56n5.sys [49182 2001-10-26] (Xircom, Inc.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2010-07-23] (TCT International Mobile Ltd) R3 maestro; C:\Windows\System32\drivers\es198x.sys [174464 2001-08-17] (ESS Technology, Inc.) S3 mf; C:\Windows\System32\DRIVERS\mf.sys [63744 2004-08-04] (Microsoft Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2010-03-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91832 2010-03-25] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2010-03-25] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343920 2010-03-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [66600 2010-03-25] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [64208 2010-03-25] (McAfee, Inc.) R1 P3; C:\Windows\System32\DRIVERS\p3.sys [46592 2004-08-04] (Microsoft Corporation) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () S3 SIS163u; C:\Windows\System32\DRIVERS\sis163u.sys [215040 2006-07-23] (SiS Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2001-05-12] (Duplex Secure Ltd.) S3 USRWDXJS; C:\Windows\System32\DRIVERS\USRWDXJS.sys [687999 2001-08-17] (U.S. Robotics Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== ==================== One Month Modified Files and Folders ======= 2013-09-06 21:15 - 2001-04-12 00:01 - 00000000 ____D C:\Documents and Settings\slaw\Pulpit\diagnoza Files to move or delete: ==================== C:\DOCUME~1\slaw\USTAWI~1\Temp\Bolt.exe C:\DOCUME~1\slaw\USTAWI~1\Temp\IE8-WindowsXP-x86-PLK.exe C:\DOCUME~1\slaw\USTAWI~1\Temp\nro.tmp\AdvrCntr2.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea C:\Windows\System32\winlogon.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\Windows\System32\svchost.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\Windows\System32\services.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917 C:\Windows\System32\User32.dll [2004-08-04 01:44] - [2004-08-04 01:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 C:\Windows\System32\userinit.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 01:36] - [2004-08-04 01:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================