Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01 Ran by slaw (administrator) on LATTITUDE on 10-09-2013 22:53:40 Running from C:\Documents and Settings\slaw\Pulpit\diagnoza Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) OS Language: Polish Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\Atievxx.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE () C:\Program Files\blueconnect\BackgroundService\ModemListener.exe (Microsoft Corporation) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe () C:\Program Files\blueconnect\BackgroundService\ServiceManager.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2010-03-25] (McAfee, Inc.) HKLM\...\Run: [ERA_SEPANG ModemListener] - C:\Program Files\blueconnect\BackgroundService\ModemListener.exe [102400 2010-12-07] () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\slaw\Dane aplikacji\Mozilla\Firefox\Profiles\v11a7gvt.default ========================== Services (Whitelisted) ================= R2 Ati HotKey Poller; C:\Windows\system32\Atievxx.exe [37376 2001-10-26] (Microsoft Corporation) R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe [22816 2010-03-25] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [147472 2010-03-25] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2010-03-25] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [70728 2010-03-25] (McAfee, Inc.) R2 Modem Device Helper; C:\Program Files\blueconnect\BackgroundService\ServiceManager.exe [45056 2010-07-23] () ==================== Drivers (Whitelisted) ==================== R3 atimtai; C:\Windows\System32\DRIVERS\atimtai.sys [281600 2001-10-26] (ATI Technologies Inc.) S3 AVPsys; C:\WINDOWS\system32\drivers\cdaudio.sys [18688 2001-08-17] (Microsoft Corporation) S3 cem56; C:\Windows\System32\DRIVERS\CEM56n5.sys [49182 2001-10-26] (Xircom, Inc.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2010-07-23] (TCT International Mobile Ltd) R3 maestro; C:\Windows\System32\drivers\es198x.sys [174464 2001-08-17] (ESS Technology, Inc.) S3 mf; C:\Windows\System32\DRIVERS\mf.sys [63744 2004-08-04] (Microsoft Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2010-03-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91832 2010-03-25] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2010-03-25] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343920 2010-03-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [66600 2010-03-25] (McAfee, Inc.) R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [64208 2010-03-25] (McAfee, Inc.) R1 P3; C:\Windows\System32\DRIVERS\p3.sys [46592 2004-08-04] (Microsoft Corporation) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () S3 SIS163u; C:\Windows\System32\DRIVERS\sis163u.sys [215040 2006-07-23] (SiS Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2001-05-12] (Duplex Secure Ltd.) R3 USRWDXJS; C:\Windows\System32\DRIVERS\USRWDXJS.sys [687999 2001-08-17] (U.S. Robotics Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-10 22:20 - 2013-09-10 22:24 - 00000000 ____D C:\AdwCleaner ==================== One Month Modified Files and Folders ======= 2013-09-10 22:53 - 2001-04-12 00:01 - 00000000 ____D C:\Documents and Settings\slaw\Pulpit\diagnoza 2013-09-10 22:26 - 2001-07-22 03:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-09-10 22:25 - 2001-04-12 00:36 - 00000188 ___SH C:\Documents and Settings\slaw\ntuser.ini 2013-09-10 22:25 - 2001-04-12 00:21 - 00163816 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-10 22:24 - 2013-09-10 22:20 - 00000000 ____D C:\AdwCleaner 2013-09-10 22:24 - 2009-04-29 13:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-10 21:38 - 2001-04-12 02:00 - 00797658 _____ C:\WINDOWS\setupapi.log 2013-09-10 21:38 - 2001-04-12 02:00 - 00172656 _____ C:\WINDOWS\setupact.log Files to move or delete: ==================== C:\DOCUME~1\slaw\USTAWI~1\Temp\Bolt.exe C:\DOCUME~1\slaw\USTAWI~1\Temp\IE8-WindowsXP-x86-PLK.exe C:\DOCUME~1\slaw\USTAWI~1\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea C:\Windows\System32\winlogon.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0 C:\Windows\System32\svchost.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e C:\Windows\System32\services.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917 C:\Windows\System32\User32.dll [2004-08-04 01:44] - [2004-08-04 01:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0 C:\Windows\System32\userinit.exe [2004-08-04 01:44] - [2004-08-04 01:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 01:36] - [2004-08-04 01:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36 ==================== End Of Log ============================