Logfile of HijackThis v1.99.1
Scan saved at 15:30:20, on 2006-06-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Marcin\Pulpit\download\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_85.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {4C3BEF17-EC8C-4747-B335-5659827188BB} - C:\WINDOWS\lbbho.dll
O2 - BHO: Knight Online Toolbar Helper - {686E5EC7-76D5-408e-AC31-DDDA63D98ACD} - C:\Program Files\Knight Online Toolbar\v2.0.0.5\Knight_Online_Toolbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Knight Online Toolbar - {D6C0B521-6926-4bf1-80D2-61C7DAB2511C} - C:\Program Files\Knight Online Toolbar\v2.0.0.5\Knight_Online_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02D9DA91-8D04-4D51-846F-018F5DB12D5B}: NameServer = 192.168.1.1,193.110.120.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{8709B20F-38B2-4A32-B720-D99A401C1B27}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{02D9DA91-8D04-4D51-846F-018F5DB12D5B}: NameServer = 192.168.1.1,193.110.120.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{02D9DA91-8D04-4D51-846F-018F5DB12D5B}: NameServer = 192.168.1.1,193.110.120.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{02D9DA91-8D04-4D51-846F-018F5DB12D5B}: NameServer = 192.168.1.1,193.110.120.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Z hijacka już jest, jeszcze zanim zaczał sie bawić z ie nowym. Teraz hijacka nie moge odpalić. Zaraz wrzuce loga z silenta. Próbowałem odpalić ad aware i tez nie moge. Moge podać linka do zdjecia które możliwe ze zaczeło to wszystko, jesli to coś pomoże. Złączono Posta _: 09.06.2006 (Pią) 18:19_ok lag z silenta
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [file not found]
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"New.net Startup" = "rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup" [MS]
"WinampAgent" = ""C:\Program Files\Winamp\Winampa.exe"" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{014DA6C1-189F-421a-88CD-07CFE51CFF10}\(Default) = (no title provided)
-> {HKLM...CLSID} = "My Search BHO"
\InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" ["My Search"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "URLLink Class"
\InProcServer32\(Default) = "C:\Program Files\NewDotNet\newdotnet4_85.dll" ["New.net, Inc."]
{4C3BEF17-EC8C-4747-B335-5659827188BB}\(Default) = "C:\WINDOWS\lbbho.dll"
-> {HKLM...CLSID} = " "
\InProcServer32\(Default) = "C:\WINDOWS\lbbho.dll" [null data]
{686E5EC7-76D5-408e-AC31-DDDA63D98ACD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Knight Online Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Knight Online Toolbar\v2.0.0.5\Knight_Online_Toolbar.dll" [null data]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Wirtualna Polska\wpkontakt\shellext_wpmsg.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"
-> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
\InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
-> {HKLM...CLSID} = "Siemens Device"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
-> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
-> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "C:\WINDOWS\system32\system32.exe" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ABBYYPDFContextMenuExtension\(Default) = "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}"
-> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
\InProcServer32\(Default) = "C:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Wirtualna Polska\wpkontakt\shellext_wpmsg.dll" [empty string]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Marcin\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\NewDotNet\newdotnet4_85.dll" ["New.net, Inc."]
000000000005\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\NewDotNet\newdotnet4_85.dll ["New.net, Inc."], 01 - 02, 08 - 09
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 10 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{014DA6C9-189F-421A-88CD-07CFE51CFF10}"
-> {HKLM...CLSID} = "My Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" ["My Search"]
"{D6C0B521-6926-4BF1-80D2-61C7DAB2511C}"
-> {HKLM...CLSID} = "Knight Online Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Knight Online Toolbar\v2.0.0.5\Knight_Online_Toolbar.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{014DA6C9-189F-421A-88CD-07CFE51CFF10}" = (no title provided)
-> {HKLM...CLSID} = "My Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" ["My Search"]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{D6C0B521-6926-4BF1-80D2-61C7DAB2511C}" = "Knight Online Toolbar"
-> {HKLM...CLSID} = "Knight Online Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Knight Online Toolbar\v2.0.0.5\Knight_Online_Toolbar.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda anti-virus service, PAVSRV, "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"]
Panda Firewall Service, PAVFIRES, "C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe" ["Panda Software"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]
LIDIL Language Monitor\Driver = "hpzll3xu.dll" ["Hewlett-Packard Company"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 285 seconds, including 18 seconds for message boxes)
Skanuje ewido ale to troche potrwa.