Hello there.

I've been recently surfing the net looking around different auction sites and my net was slow so I turned off the pop-up blocker and my Norton which slows down my PC a lot.

At one of the sites I had few weird pop-ups I couldn't close, the "x" button didn't work, neither the "close" by right-clicking, so I had to reboot. After my reboot my connection got even slower.

After 5 minutes of being online I started getting "Symantec mail proxy" pop-ups, which were trying to send different adult-content mails to ".ru" mails. The problem stops when I unplug my network connection or uncheck the "Enable Internet E-mail Auto-Protect" (terminating the task ccApp.exe also solves the problem until next boot).

Anyway, at a point I had more than 150 of these e-mails trying to be sent out and I turned on IE and it just redirected me to a site and downloaded some kind of a spyware checking tool, which self-extracted and self-ran. My Norton Full System Scan was running alongside with the new spyware checking tool + the mails kept popping up. I managed to write down few spywares on my computer a moment before it crashed and gave me a blue screen.

Anyway, I've went to Safe Mode and deleted few of the previously listed "viruses/trojans/malware/spyware".

I also deleted the following via Safe Mode : jwrocbui.dll. I can't seem to find anything about it on the net. byXogfde.dll and jkktlBssT.dll can't be deleted even via Safe Mode. Now at log-on my PC gives me an error "iwrocbui.dll is missing".

I downloaded Avast + Avg but I won't install them unless you'll tell me I should.

Finally, here is a HijackThis log (I renamed Hijackthis to Iseeu.exe as it was told in a different topic I've read):



Ah yes, forgot to add. Firefox is the only browser (I have also opera + IE) which redirects me to this site automatically: ttp://85.17.166.175/go//?cmp=nm_firefox_rn&uid=FD625B98437011DDA6EE152174CFFFFF&rid=mm5&guid=CB25084D9EEA4E1D8902654B75DFC064&affid=152174&lid=http&url=http:%2F%2Fw30.one.lt%2Fdk%3Fdm.id=anonym-main (I removed the H so the link would be broken. It's a blank site, or so it seems.

Hope I've listed everything you need.

EDIT: How stupid of me, forgot to add the most interesting parts. After the first failed email sending attempts occured, my Norton Automatic Updates turned off by itself. 30 minutes after my Firewall turned off by itself. I could turn on the Firewall back on, but the Automatic updates don't seem to turn back on, even through Control Panel -> System -> Automatic updates. I tried activing the Automatic Updates service by Run -> services.msc, but just as I clicked *Enable* a window showed up saying it's either Disabled (which it was not) or I don't have a machine for it to work on.

I also had few Microsoft updates in my panel on the left of the clock (XP), but they disappeared too. I tried going to Microsoft site via the Windows Update but it didn't allow me to download anything because Most likely some of your features are down. Please check... on me. It made me go to the services.msc and turn on the Automatic Updates, which failed, so I didn't follow the further steps.

EDIT #2: Now my IE won't let me rightclick on buttons/links, freezes, shows random colors. I'm 100% it's not hardware, I ran HDD, RAM, etc. tests from Hiren's Boot CD.

*sigh*

EDIT #3: Seems like the problem with the freezes and screw ups is only in IE. FF works great, just slow. Really slow. (it's not my provider, I phoned them, my connection is OK)

EDIT #4: Also, it's not *that* important but anyone can help me with my PC shut down? It takes 5+ minutes to just log off and shut down and then my PC simply reboots. Automatic reboot is turned off.

This post has been edited by Dk333: Jun 27 2008, 06:17 AM

Don't put the logs in quotes



Please download RUNSCANNER to your desktop and run it.

• When the first page comes up select Beginner Mode
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
• On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
• Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.

Sorry about the quote.

While in the process of fixing my PC, how does your work look like? You just read all the lines and find what's wrong via net-search or do you have some sort of a program to do that for you? I might as well learn while I'm at it, isn't that right?

And I've uploaded the thing. Hope this is the right one. The other one is the log, should I post it?

Yes pretty much we start with googling. Although I've done so many I don't need to anymore, it's all in my head

If you google the file C:\WINDOWS\SYSTEM32\byXOgfde.dll

You can tell it is suspicious since it is randomly named and gives you no hits on google


There is a University here to teach people how to use HijackThis and other tools if you are interested


You seem to have not uploaded the file properly, just upload the .run file

Here is where exactly?

Anyway, here is another attempt at uploading the right file. (hopefully)

EDIT: I uploaded both files just in case, because I can't seem to find a .<extension>

This post has been edited by Dk333: Jun 27 2008, 07:27 AM

The extension seems to be messed up

When you do the scan, click Save as .run file, at the bottom where it says "Save as type", make sure it is Runscanner file (.run)

If that fails just do this


Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

There we go, it made it good this time.

Go and run DSS there

The main.txt:

Deckard's System Scanner v20071014.68
Run by Tomasz on 2008-06-27 16:53:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-27 13:53:35 UTC - RP293 - Deckard's System Scanner Restore Point
4: 2008-06-26 21:28:21 UTC - RP292 - Restore Operation
3: 2008-06-26 11:14:45 UTC - RP291 - Last known good configuration
2: 2008-06-26 11:14:22 UTC - RP290 - System Checkpoint
1: 2008-06-26 11:14:21 UTC - RP289 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.04 GiB (less than 15%) free.


-- HijackThis (run as Tomasz.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-27 16:55:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F2B83EECD4CF4910A0260B914BA281BA\WiMood.exe
C:\Programs\uTorrent\utorrent.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
Z:\Babylon Pro 7.0.2.3 MultiLang w Oxford Dictionary\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WRL Advisor - {4b1dd1f9-bc8d-403a-a5e3-3f6b9e7aadfe} - C:\WINDOWS\gfetqaxstgm.dll
O2 - BHO: (no name) - {4BD2AAE2-0B19-47E7-8D22-C577E08F5D25} - C:\WINDOWS\system32\jkkHBssT.dll
O2 - BHO: (no name) - {514B017B-B3E4-437C-BE6F-595323D14060} - C:\WINDOWS\system32\byXOgfde.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - Z:\@@@Macmillan English Dictionary 2nd Edition\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [advap32] c:\ijcldmac.exe/r
O4 - HKLM\..\Run: [244f3844] rundll32.exe "C:\WINDOWS\system32\jwrocbui.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?a3971f39d7354dfba3aca545d95f453b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?a3971f39d7354dfba3aca545d95f453b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O15 - Trusted Zone: http://www.delfi.lt (HKCU)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1185449242187
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: byxogfde - C:\WINDOWS\system32\byXOgfde.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll (file missing)
O21 - SSODL: pntqkflv - {D2DF0C99-2752-4FC4-BDA3-C8B89248FFF4} - C:\WINDOWS\pntqkflv.dll (file missing)
O21 - SSODL: qegbdmwf - {257E970D-637F-4185-A53D-FDBC08AAE3BF} - C:\WINDOWS\qegbdmwf.dll (file missing)
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe


--
End of file - 13882 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 SMBios (Intel ® System Managment BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Managment BIOS Driver>
R3 tcpsr - c:\windows\system32\drivers\tcpsr.sys (file missing)

S2 spydetector - c:\program files\spyware process detector\spydetector.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 Apache2.2 - "c:\xampp\apache\bin\apache.exe" -k runservice (file missing)
S2 XAMPP (XAMPP Service) - c:\xampp\service.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-27 16:05:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-20 22:37:00 266 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-06-20 22:29:00 272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-02-11 23:37:49 340 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-02-02 08:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-31 22:08:01 394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-26 16:54:56 0 d-------- C:\WINDOWS\CSC
2008-06-26 16:35:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-26 16:35:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-26 16:35:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-26 16:35:10 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-26 16:35:10 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-26 16:35:10 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-26 16:35:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-26 16:35:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-26 16:35:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-26 16:35:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-26 16:35:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-26 16:35:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-26 16:35:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-26 16:35:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-26 16:35:09 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-26 14:27:18 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-26 14:14:10 121552 --ahs---- C:\WINDOWS\system32\TssBHkkj.ini2
2008-06-26 14:14:06 321920 --a------ C:\WINDOWS\system32\jkkHBssT.dll
2008-06-26 14:08:44 28800 --a------ C:\WINDOWS\system32\byXOgfde.dll
2008-06-26 14:08:02 184320 --a------ C:\WINDOWS\gfetqaxstgm.dll <Not Verified; ; gfetqaxstgm>
2008-06-26 14:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-26 14:07:19 212992 --a------ C:\WINDOWS\ALCHUNIN.EXE
2008-06-26 14:06:48 63920 --a------ C:\WINDOWS\system32\drivers\1436904d.sys
2008-06-26 14:06:41 13312 --a----c- C:\ijcldmac.exe
2008-06-26 14:06:39 30208 --a------ C:\WINDOWS\system32\drivers\Kof82.sys
2008-06-26 14:06:17 407094 --a----c- C:\setupupdate.exe
2008-06-26 11:13:53 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-26 11:13:51 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-23 12:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-14 11:44:40 0 d-------- C:\Documents and Settings\Tomasz\Application Data\med2
2008-06-14 11:44:36 128 --a------ C:\WINDOWS\MEDUK22.DAT
2008-05-29 21:48:06 0 d-------- C:\Program Files\AutoIt3
2008-05-27 16:49:47 0 d-------- C:\Documents and Settings\Tomasz\Application Data\Internet Chess Club
2008-05-27 16:49:40 0 d-------- C:\Program Files\Internet Chess Club


-- Find3M Report ---------------------------------------------------------------

2008-06-27 16:28:11 0 d-------- C:\Documents and Settings\Tomasz\Application Data\Skype
2008-06-27 09:07:28 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-26 15:04:00 0 d-------- C:\Documents and Settings\Tomasz\Application Data\uTorrent
2008-06-21 14:44:30 0 d-------- C:\Program Files\Opera
2008-06-11 09:09:38 0 d-------- C:\Documents and Settings\Tomasz\Application Data\Mozilla
2008-05-31 07:45:36 0 d-------- C:\Program Files\Crystal Player
2008-05-21 08:18:42 0 d-------- C:\Documents and Settings\Tomasz\Application Data\skypePM
2008-05-03 15:18:46 0 d-------- C:\Documents and Settings\Tomasz\Application Data\Adobe
2008-05-03 15:18:04 1421 --a------ C:\WINDOWS\mozver.dat
2008-03-30 20:51:36 10 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b1dd1f9-bc8d-403a-a5e3-3f6b9e7aadfe}]
2008.06.26 07:58 184320 --a------ C:\WINDOWS\gfetqaxstgm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BD2AAE2-0B19-47E7-8D22-C577E08F5D25}]
2008.06.26 14:14 321920 --a------ C:\WINDOWS\system32\jkkHBssT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514B017B-B3E4-437C-BE6F-595323D14060}]
2008.06.26 14:35 28800 --a------ C:\WINDOWS\system32\byXOgfde.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003.05.29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003.05.30 09:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005.10.04 12:42]
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2005.11.15 13:28]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006.11.12 13:48]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007.08.07 03:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008.02.22 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008.01.11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007.06.29 06:24]
"advap32"="c:\ijcldmac.exe/r" []
"244f3844"="C:\WINDOWS\system32\jwrocbui.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004.08.04 02:56]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007.05.16 09:27]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007.07.30 04:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\DocumentsAndSettings\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007.12.12 18:54:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoSharedDocuments"=00000000
"NoSecurityTab"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{514B017B-B3E4-437C-BE6F-595323D14060}"= C:\WINDOWS\system32\byXOgfde.dll [2008.06.26 14:35 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {D2DF0C99-2752-4FC4-BDA3-C8B89248FFF4} - C:\WINDOWS\pntqkflv.dll [ ]
"qegbdmwf"= {257E970D-637F-4185-A53D-FDBC08AAE3BF} - C:\WINDOWS\qegbdmwf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxogfde]
byXOgfde.dll 2008.06.26 14:35 28800 C:\WINDOWS\system32\byXOgfde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHBssT


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ef77446-ad97-11dc-a9c9-0011110d0f67}]
AutoRun\command- K:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df083a0-4025-11dc-a926-0011110d0f67}]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d9c8290-129f-11dc-b1a0-0011110d0f67}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.knygunamai.lt
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.potyczki.lt
127.0.0.1 ad.tribalwars.net


-- End of Deckard's System Scanner: finished at 2008-06-27 16:57:28 ------------

The extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 765.73 MiB / 265.89 MiB
Pagefile Memory (total/avail): 1490.32 MiB / 547.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 3.04 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 39.06 GiB total, 0.12 GiB free.
G: is Fixed (NTFS) - 34.18 GiB total, 0.32 GiB free.
H: is Fixed (NTFS) - 9.25 GiB total, 0.11 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
Z: is Fixed (NTFS) - 465.76 GiB total, 9.22 GiB free.

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.79 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Installable File System - 39.06 GiB - F:
\PARTITION2 - Installable File System - 34.18 GiB - G:
\PARTITION3 - Installable File System - 9.25 GiB - H:

\\.\PHYSICALDRIVE1 - WDC WD5000AAJS-55YFA0 - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - Z:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programs\\uTorrent\\utorrent.exe"="C:\\Programs\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Programs\\GuildFTPd\\GuildFTPd.exe"="C:\\Programs\\GuildFTPd\\GuildFTPd.exe:*:Enabled:GuildFTPd FTP Server Deamon"
"C:\\Programs\\iTunes\\iTunes.exe"="C:\\Programs\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programs\\MSN Messenger\\msnmsgr.exe"="C:\\Programs\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\TEMP\\winE0B.tmp.exe"="C:\\WINDOWS\\TEMP\\winE0B.tmp.exe:*:Enabled:winE0B.tmp"
"C:\\Programs\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Programs\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"G:\\Maple story\\Patcher.exe"="G:\\Maple story\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"G:\\Maple story\\NewPatcher.exe"="G:\\Maple story\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"H:\\mIRC\\mirc.exe"="H:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"G:\\Neverwinter.Nights.2\\nwn2main.exe"="G:\\Neverwinter.Nights.2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"G:\\Neverwinter.Nights.2\\nwn2main_amdxp.exe"="G:\\Neverwinter.Nights.2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"G:\\Neverwinter.Nights.2\\nwupdate.exe"="G:\\Neverwinter.Nights.2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"G:\\Neverwinter.Nights.2\\nwn2server.exe"="G:\\Neverwinter.Nights.2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"G:\\Quake 3 Arena\\quake3.exe"="G:\\Quake 3 Arena\\quake3.exe:*:Enabled:quake3"
"C:\\WINDOWS\\TEMP\\win19A2.tmp.exe"="C:\\WINDOWS\\TEMP\\win19A2.tmp.exe:*:Enabled:win19A2.tmp"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"F:\\Stronghold_2_Deluxe\\Stronghold2.exe"="F:\\Stronghold_2_Deluxe\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\runescape.exe"="C:\\runescape.exe:*:Enabled:runescape.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\xampp\\mysql\\bin\\mysqld.exe"="C:\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\xampp\\xampp-control.exe"="C:\\xampp\\xampp-control.exe:*:Enabled:XAMPP Control Panel"
"C:\\xampp\\xampp_start.exe"="C:\\xampp\\xampp_start.exe:*:Enabled:xampp_start.exe"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Disabled:Flashget"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"Z:\\Counter-Strike 1.6 [RIP]\\CS\\cstrike.exe"="Z:\\Counter-Strike 1.6 [RIP]\\CS\\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"Z:\\Sniper Elite [RIP] [Caged] TRL\\Sniper Elite\\SniperElite.exe"="Z:\\Sniper Elite [RIP] [Caged] TRL\\Sniper Elite\\SniperElite.exe:*:Enabled:SniperElite"
"K:\\@@@PROGRAMS@@@\\Valve\\hl.exe"="K:\\@@@PROGRAMS@@@\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"Z:\\@@@Games\\TmNationsForever\\TmForever.exe"="Z:\\@@@Games\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tomasz\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CEZARY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tomasz
LOGONSERVER=\\CEZARY
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Tomasz\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OPENSSL_CONF=C:\Documents and Settings\Tomasz\Desktop\rapget140\bin\openssl.cnf
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;;C:\FPC\2.0.4\bin\i386-Win32;C:\FPC\2.0.4\bin\i386-Win32;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tomasz\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tomasz\LOCALS~1\Temp
USERDOMAIN=CEZARY
USERNAME=Tomasz
USERPROFILE=C:\Documents and Settings\Tomasz
VS90COMNTOOLS=Z:\Install\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tomasz (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItU