Tech Support Forum banner
Status
Not open for further replies.

Help needed to finish off removal of VISTA ANTIVIRUS 2008!!

907 views 8 replies 3 participants last post by  nelboy 
#1 ·
Hello all,

I am a newbie to these tec support forums, so bear with me (I can usually remove malware on my own with a bit of help from google!)... :normal:

After trying to set up a plug-in for Nero (at least i presume that's what it was, as that's when the trouble started) My system was infected with Vista Antivirus2008, a clone of the Antivirus2008 malware so I believe. My system has Spybot running in the background (and Bitdefender) and so those stopped the vast majority of dodgy registry entries being made pointing to the malware and the numerous trojans associated with it.

The VAV program has done the following to my system:-

- Disabled viewing of all Local hard drives from Explorer (although still accessable from typing the disc root into the address bar)... I have fixed this by installing Windows SteadyState onto the system.
- Disabled access to the registry, stating "Access to the registry has been disabled by the administrator", even though I am the administrator!... This was again fixed by SteadyState.
- Disabled the Task manager: Error message "The task manager has been disabled by the administrator" was shown, so i couldn't kill off the trojan's processes... I think this has been fixed by SteadyState
- XP Start Menu altered: No 'log off' button, no 'programs' buttom, no list of recently used programs, no access to Internet Explorer or Control Panel or the vast majority of links which used to be on the start menu. The programs menu is a lot smaller than it used to be. I NEED HELP FIXING THIS!!
- Disabled access to Internet: I can only access the internet using Safe Mode With Networking from the F8 boot menu, otherwise access on all ports has been blocked. I have just remembered whilst typing that I did stop all Internet traffic with bitdefender as soon as I realised the trojans were trying to install malware on the PC, so I will check that isn't the cause of this issue - but otherwise I will need help on this too.
- Vista Antivirus software installed on system and associated DLL's installed but now protected. shlwapi.dll and wininet.dll are associated with the trojan/virus/malware and cannot be deleted even though I cannot find the associated registry keys which may be protecting these, and these processes are not running in the background. I need help removing these traces of the malware.


I think more than anything else, I'm hacked off that I scanned the original suspect file with my antivirus before I opened it, and I still got the virus on the system!

I think I have managed to block the bulk of damage being done to the system, but I've spent the last 8 hours trying to remove and undo as much as I can (With the help of a registered version of SpyHunter). I need help getting the start menu back to how it was, deleting the DLL's, and possibly restoring Internet access. Any help will be appreciated.

I have logfiles of "main.txt" and "extra.txt" ready to paste in should they be needed.

I'm off to bed - so thanks in advance for any support.
 
See less See more
#4 ·
At present I can't get to the linked page. I just get the standard DNS "Cannot display the webpage" error. Same in Firefox and IE.

I think I have got off the worst of VAV2008, but Occaisionally an IE page pops up directed to a fake XP/Vista page saying all my security is out of action (Just whilst typign this out the page has popped up, it lods up: http://www.system-defender.com/freeware/2/?wmid=6010&mid=MjI6Mzc6MTgxNjM=&lndid=37&p=01 )... And next to the clock I have "VIRUS ALERT!" which I don't know what to do about it - It also shows up on any time stamps on the PC (I hovered over an episode of "two and a half men" on the PC, and the duration read "0:21: VIRUS ALERT!" - for example) and it is getting annoying. Even if it can't be got rid of, I'd at least like to know how to change it to some custom text!
 
#6 ·
Yeah, I have had Spybot on the system for ages... it stopped registry entries being made by the virus.
I have setup windows SteadyState so as to prevent writing to the C drive, which should stop future virus attacks.

The popups seem to running through a executable script "cscript.exe".

Most importantly though, I'd like the help getting my Start Menu back the way it was, with a "log off" button, and an "All Programs" button!
--

Here's a HJT log... note that the program "Bonjour" has since been removed from the system. Also note the clock time, followed by the 'virus alert' addition.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:52: VIRUS ALERT!, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programs\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programs\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programs\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Programs\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] "D:\Programs\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "D:\Programs\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\Programs\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "D:\Programs\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Programs\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: broadband medic.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programs\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programs\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programs\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programs\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=JS033D5S&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=JS033D5S&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=0.4&pass=JS033D5S&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=0.4&pass=JS033D5S&id=menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=0.4&pass=JS033D5S&id=menu_ie_report
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programs\MICROS~1\Office12\GR99D3~1.DLL
O21 - SSODL: evgratsm - {4761DDB3-4803-46DD-8BD0-026BFBD9A6D8} - C:\WINDOWS\evgratsm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9624 bytes
 
#8 ·
I have used a program called "SDFix.exe" from here:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

and performed the following steps:
- Double click SDFix.exe to extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
- Computer restarted in Safe Mode and using my user account
- Opened the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then followed the prompt to "Press any Key to restart the computer" to restart the PC.
- When the PC restarts (IN NORMAL MODE) the Fixtool will run again and complete the removal process then display Finished, "press any key" to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Contents of this shown at bottom of this message)


Clock "VIRUS ALERT!" was fixed in the registry key:
HKEY_USERS\.DEFAULT\Control Panel\International - sTimeFormat - needs to be set to HH:mm:ss


A little bugbear that I'd now like to know if I can resolve is how all Icons refresh (dissappear and then reappear a few seconds later) when I open "my documents" and then open another folder... As this slows the system temporarily.


----------------
Report.txt:

SDFix: Version 1.205
Run by user on 15/07/2008 at 22:51

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\user\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\user\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\user\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\EEPO.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 23:12:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"D:\\Programs\\BitComet\\BitComet.exe"="D:\\Programs\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"D:\\Programs\\AdMunch.exe"="D:\\Programs\\AdMunch.exe:*:Enabled:AdMunch"
"D:\\Programs\\FrostWire\\FrostWire.exe"="D:\\Programs\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire 4.13.1.7 BETA"
"D:\\Programs\\Mozilla Firefox\\firefox.exe"="D:\\Programs\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Programs\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Programs\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Programs\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Programs\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Programs\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Programs\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Programs\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Programs\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\Programs\\iTunes\\iTunes.exe"="D:\\Programs\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 10 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 24 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT432.tmp"

Finished!
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top