Sie sind auf Seite 1von 30

Tech Support Forum

Tech Support :rticles

Videos

Spyware Kst Steps

Rules

Tech Support Forum > Security C enter > Virus/Trojan/Spyware Help > Resolved HJT Threads

User

ame User

ame

Remem!er "e# %o& in Search

"Happy Hacked System" - Nepalloid problem with usrlogon.cmd


Site Map Posting Help Register Rules

$assword Today's Posts

Page 1 of 2 1

Thread Tools

Search this Thread

12-11-2009, 09:26 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi "y 'ad has as/ed me to loo/ at his $C and since you &uys were so help0ul last time 1 thou&ht 12d run it !y you3 456 as muc h in0ormation as 1 can &ive you6 since 12m !asin& this on my 'ad2s description77 8hen 0irin& up his laptop 98indows -$ S$. runnin& :V; Free and <one:larm 0ree= a '4S style window opens runnin& Usrlo&on3cmd you &et 24peration Completed Suc cess0ully2 repeated several times3 Then at the !ottom o0 the sc reen you &et the 0ollowin&( The process >e?plorer3e?e> with $1')@* has !een terminated3 AAAAAAAAAAABou "ust restart your computer>>>>>>>>>>>>>>> AAAAAAAACecause your computer has !een hac /ed>>>>>>>>>>> AAAAAAAAAHappy Hac/ed System3>>>>>>>>>>>>>>>>>>>>> $ress :ny 5ey to restart the system3 emDail(nepalloidharDhotmail3com The system then restarts6 !ut won2t &et passed this point3 Bou can CTR%EC to !rea/ out o0 the Usrlo&on3c md command and !oot normally3 4ther symptoms apparently are that when you load internet e?plorer you can navi&ate to a!out . pa&es !e0ore everythin& han&s completely3 1 have run ;"FR G ''S H lo&s !elow( Than/s &uys Cen 9Sinista= ''S( IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII ''S 9VerJ*+HK)H*K3*K= H TFS?@L Run !y :dministrator at K+()K()M3*K on K*/K)/)**+ 1nternet F?plorer( ,3*3M,.*3K.

1nternet F?plorer( ,3*3M,.*3K. "ic roso0t 8indows -$ $ro0essional M3K3)L**3.3K)M)3NN3K*..3K@3,MK3))) O;"T *(**P :V( :V; :ntiHVirus Free Q4nHaccess scannin& ena!ledQ 9Updated= RK,'''*+,H.LFFHN.MFH+FKCHM)',N)NM'LCFS F8( <one:larm Firewall Qena!ledQ R@)+C':.)H+NC.HNNFNH@NNLHF@FCFF@*+F@CS IIIIIIIIIIIIII Runnin& $rocesses IIIIIIIIIIIIIII C(T81 '48STsystem.)Tsvchost H/ 'com%aunc h svchost3e?e C(T81 '48STSystem.)Tsvc host3e?e H/ netsvc s C(T81 '48STsystem.)Tsvchost3e?e H/ 8ud0Service;roup C(T$ro&ram FilesT:V;T:V;+Tav&c hsv?3e?e C(T$ro&ram FilesT:V;T:V;+Tav&rs?3e?e C(T$ro&ram FilesT:V;T:V;+Tav&c srv?3e?e svchost3e?e svchost3e?e C(T81 '48STsystem.)T<one%a!sTvsmon3e?e C(T81 '48STSystem.)Twltrysvc3e?e C(T81 '48STSystem.)T!cmwltry3e?e C(T81 '48STsystem.)T%F-CCFS3F-F C(T81 '48STsystem.)T%F-$$S3F-F C(T81 '48STsystem.)Tspoolsv3e?e c(Tpro&ram 0ilesTc ommon 0ilesTlo&itechTlvmv0mT%V$rcSrv3e?e svchost3e?e C(T$ro&ram FilesT:V;T:V;+Tav&wdsvc3e?e C(T$ro&ram FilesTT4SH1C:TCon0i&FreeTCFSvc s3e?e C(T$R4;R:UKTC4""4 UKTFranc e TelecomTShared "odulesTFTRTSVCT*TFTRTSVC3e?e C(T$ro&ram FilesTC'Curner-$T "S:c cessU3e?e C(T$ro&ram FilesT:V;T:V;+Tav&ns?3e?e C(T$ro&ram FilesTCy!er%in/TShared FilesTRichVideo3e?e C(T$ro&ram FilesT:nalo& 'evicesTSound":-TS":&ent3e?e C(T81 '48STSystem.)Tsvc host3e?e H/ im&svc C(T81 '48STsystem.)Twuauc lt3e?e C(T81 '48STF?plorer3F-F C(T81 '48STSystem.)Ti&0?tray3e?e C(T81 '48STSystem.)T**THot/ey3e?e C(T81 '48ST%TS""S;3e?e C(T$ro&ram FilesT:point)5T:point3e?e C(T$ro&ram FilesTT4SH1C:TTouchF'TTouchF'3F?e C(T$ro&ram FilesTT4SH1C:T$adTouchT$adF?e3e?e C(T81 '48STsystem.)TTF FM3e?e C(T81 '48STsystem.)TT$S"ain3e?e C(T$ro&ram FilesTT4SH1C:TT4SH1C: ControlsTTFnc5y3e?e C(T$ro&ram FilesTCommon FilesT%o&itechT%Com"&rTCommunicationsJHelper3e?e C(T$ro&ram FilesT%o&itechTVuic/CamK*TVuic /CamK*3e?e C(T$ro&ram FilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e C(T81 '48STsystem.)Twltray3e?e C(T$ro&ram FilesT<one %a!sT<one:larmTWlclient3e?e C(T$ro&ram FilesT:point)5T:pnte?3e?e C(T81 '48STsystem.)TT$SCatt"3e?e C(T$R4;R:UKT:V;T:V;+Tav&tray3e?e C(T$ro&ram FilesTT4SH1C:TT4SC'S$'Ttosc dspd3e?e C(T81 '48STsystem.)Tc t0mon3e?e C(T$ro&ram FilesTS/ypeT$honeTS/ype3e?e C(T$ro&ram FilesT%o&itechTVuic/CamK*TC4C1"ana&er3e?e C(T$ro&ram FilesTS/ypeT$lu&in "ana&erTs/ype$"3e?e F(T!unjTdds3scr IIIIIIIIIIIIII $seudo HJT Report IIIIIIIIIIIIIII uStart $a&e I h??p(//www3tesc o3net/ uSearc h $a&e I h??p(//www3&oo&le3com uSearc h Car I h??p(//www3&oo&le3com/ie u'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie m'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie mSearch $a&e I h??p(//www3&oo&le3c om mStart $a&e I h??p(//www3&oo&le3c om uSearc h:ssistant I h??p(//www3&oo&le3com uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs mSearch:ssistant I h??p(//www3&oo&le3c om uUR%Searc hHoo/s( Searc h Class( R*@c *LdLKH0K0.HN,++H@L0@H!eKa@+.L)c@MS H c(Tpro&ram 0ilesToran&eTsearc hurlhoo/TSearch$a&eUR%3dll CH4( :do!e $'F %in/ Helper( RK@d0*@KcHe@adHN)@.HaM+LH0aM,@c)e!dc.S H c(Tpro&ram 0ilesTcommon 0ilesTado!eTac ro!atTactive?T:cro1FHelperShim3dll CH4( :V; Sa0e Search( R.ca)0.K)HL0LeHN!M.HaLLeHNeLMeN+,c @c*S H c(Tpro&ram 0ilesTav&Tav&+Tav&ssie3dll FC( R.)L@.K@.HN@a*HNNK!Ha.N)H,c)aNN*a+N,@S H o File uRun( OT4SC'S$'P >c(Tpro&ram 0ilesTtoshi!aTtoscdspdTtoscdspd3e?e> uRun( Oc t0mon3e?eP c (TwindowsTsystem.)Tct0mon3e?e uRun( OS/ypeP >c(Tpro&ram 0ilesTs/ypeTphoneTS/ype3e?e> /nosplash /minimiWed uRun( OC&"onitorJR,+LL)F*NH,CLCHNd+0H@NC,H@@'@:MLCK*::SP >c(Tpro&ram 0ilesTcommon 0ilesTaheadTli!T "C&"onitor3e?e> uRun( ORunmeinitP c(TwindowsTsystem.)Tnepalloid3!at mRun( O1&0?TrayP c(TwindowsTsystem.)Ti&0?tray3e?e mRun( OHot5eysCmdsP c (TwindowsTsystem.)Th/cmd3e?e mRun( O**THot/eyP c (TwindowsTsystem.)T**THot/ey3e?e mRun( O***StTH5P ***StTH53e?e mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( mRun( O%TS""S;P %TS""S;3e?e O:pointP >c (Tpro&ram 0ilesTapoint)/T:point3e?e> OTouchF'P >c(Tpro&ram 0ilesTtoshi!aTtouchedTTouchF'3F?e> O$adTouchP >c (Tpro&ram 0ilesTtoshi!aTpadtouc hT$adF?e3e?e OTF FMP TF FM3e?e OT$S"ainP T$S"ain3e?e OTFnc5yP TFnc5y3e?e O%o&itec hCommunications"ana&erP >c(Tpro&ram 0ilesTcommon 0ilesTlo&itec hTlc omm&rTCommunicationsJHelper3e?e> O%o&itec hVuic/CamRi!!onP >c(Tpro&ram 0ilesTlo&itechTXuic/c amK*TVuic/CamK*3e?e> /hide O%VC4"S-P >c(Tpro&ram 0ilesTc ommon 0ilesTlo&itechTlcomm&rT%VComS-3e?e> Owltray3e?eP c(TwindowsTsystem.)Twltray3e?e O$rinTrayP c(TwindowsTsystem.)TspoolTdriversTw.)?@LT)Tprintray3e?e O<one:larm ClientP >c(Tpro&ram 0ilesTWone la!sTWonealarmTWlc lient3e?e>

mRun( O<one:larm ClientP >c(Tpro&ram 0ilesTWone la!sTWonealarmTWlc lient3e?e> mRun( OA 4 :"F>P mRun( O!ravia?P c (TwindowsTsystem.)T!ravia?3e?e mRun( O:V;+JTR:BP c(Tpro&raUKTav&Tav&+Tav&tray3e?e u$oliciesHsystem( 'isa!leRe&istryTools I K 9*?K= u$oliciesHsystem( 'isa!leTas/"&r I K 9*?K= 1F( :dd to ;oo&le $hotos Sc reensaGver H c(TwindowsTsystem.)T;$hotos3scr/)** 1F( FG?port to "icroso0t F?cel H c(Tpro&raUKTmicrosU)To00ic eKKTF-CF%3F-F/.*** 1F( Re)e)dd.@Hd*@@HNK.NH@)!,H0)!a.@N+LM@.S H YwindirYT etwor/ 'ia&nosticT?pnetdia&3e?e 1F( RFCMFK+K*HFKK*HKKd)HCC+FH**C*NF,+ML@.S H c(Tpro&ram 0ilesTmessen&erTmsms&s3e?e 1F( R*@C*FMC*HNFCCHKKCFH:::MH**N*KCL*@M*KS H R*@C*FMC*HNFCCHKKCFH:::MH**N*KCL*@M*KS 1F( R,,CFM.**HKN,NHNFC,H++@*H'.)CK+*F+C*,S H R,,CFM.**HKN,NHNFC,H++@*H'.)CK+*F+C*,S H c (Tpro&ram 0ilesTs/ypeTtool!arsTinternet e?plorerTS/ype1F$lu&in3dll 1F( R+),@*C)MHK@CCHNKC@HC+CFH.C+CM,K:@)L.S H RFF*M+F.KHCCM:HNF)FHCF.CH+LF+)+'LMM*.S H c(Tpro&raUKTmicrosU)To00ic eKKTRFF1FC:R3'%% Trusted <one( tesc o3netTmem!erservices Trusted <one( tesc o3netTre&ister '$F( RK).+CCM)HM+FFHN'F:H@CLKH+*FF:@NL'F,FS H h??p(//www3music notes3com/download/mnviewer3ca! '$F( RKLLCKCC:H.F+CHKKCFH@*,MHNNNMM.MN****S H h??p(//download3macromedia3com/pu!/shoc/wave/c a!s/direc tor/sw3ca! '$F( R.KN.MLM,H++@*H**K*H@***H**::**.@+C,KS H h??p(//download3microso0t3c om/download/e/)/0/e)0c ecN!HLc @!HN@!,Hada!H a!+cN*.a+,@0/wvcKdmo3ca! '$F( RN,NF**FMH.@M.HN+)CH:C.:HN,LMK)CCC..LS H h??p(//picasawe!3&oo&le3com/s/v/N,3K*/uploader)3ca! '$F( RLNKNMK)CHC+,@HNMK'H:*'@HFCF'F..F@..CS H h??p(//www3update3mic roso0t3com/windowsupdate/vL/VMControls/en/?@L/c lient/wuwe!Jsite3c a!#K)*),NML))L.. '$F( R@:'+C@N*H*NNFHKK'KHC.F+H**@*MFN++'+.S H h??p(//java3sun3com/products/plu&in/autodl/jinstallHKN)HwindowsHiM@L3c a! '$F( R:@F)C+C'H:L:*HN@L:H+,NNHK@+)*'@+@N)+S H h??p(//www3si!elius3com/download/so0tware/win/:ctive-$lu&in3ca! '$F( RC:FFFF:CH**KNH***)H****H:CC'FFFF'CC:S H h??p(//java3sun3com/produc ts/plu&in/autodl/jinstallHKN)HwindowsHiM@L3c a! '$F( R'),C'CLFH:FL'HKKCFH+LC@HNNNMM.MN****S H h??p(//0pdownload)3macromedia3c om/&et/shoc /wave/ca!s/0lash/sw0lash3ca! Handler( cetihpW H RCFK@N:'.HC'CCHNKL@H:.F,H@FNN,'K)+.**S H c(Tpro&ram 0ilesThpThpcoretechTcompThpuiprot3dll Handler( lin/scanner H RF),NLKNCHL.F@HN,'MH:N'KHFC''FN+NF@'KS H c(Tpro&ram 0ilesTav&Tav&+Tav&pp3dll Handler( s/ypeNcom H RFFC@C+L)H+CN*HN'FFH+NM@HK@.*C,'',FM'S H c(Tpro&raUKTc ommonUKTs/ypeTS5B$FNUK3'%% oti0y( av&rsstarter H av&rsst?3dll oti0y( i&0?c ui H i&0?srvc 3dll SS4'%( 8$'ShService4!j H R:::)@@C:H+:NCHNMC*H+M',H+N'M)N@L+'CMS H c(TwindowsTsystem.)T8$'ShService4!j3dll IIIIIIIIIIIIIIIII F1RFF4- IIIIIIIIIIIIIIIIIII FF FF FF FF FF FF FF FF FF FF FF FF H H H H H H H H H H H H $ro0ile$ath H c(TdocumeUKTadminiUKTapplicUKTmoWillaT0ire0o?Tpro0ilesT0mn@w)Lm3de0aultT pre0s3js( !rowser3startup3homepa&e H h??p(//www3tesco3net/ plu&in( c(Tpro&ram 0ilesT&oo&leT&oo&le earthTplu&inTnp&eplu&in3dll plu&in( c(Tpro&ram 0ilesT&oo&leTpicasa.Tnp$icasa.3dll plu&in( c(Tpro&ram 0ilesT&oo&leTupdateTK3)3K@.3K.Tnp;oo&le4neClic/@3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $JavaKK3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $JavaK)3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $JavaK.3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $JavaKN3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $Java.)3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $J$1KN)3dll plu&in( c(Tpro&ram 0ilesTjavaTj)reK3N3)T!inT $4J1LK*3dll

FF H HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H c(TwindowsTmicroso0t3netT0ramewor/Tv.3MTwindows presentation 0oundationTdotnetassistante?tensionT HHHH F1RFF4- $4%1C1FS HHHH c(Tpro&ram 0ilesTmoWilla 0ire0o?T&repre0sTsecurityHpre0s3js H pre09>security3ssl.3rsaJseedJsha>6 true=Z IIIIIIIIIIIII SFRV1CFS / 'R1VFRS IIIIIIIIIIIIIII RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZc (TwindowsTsystem.)TdriversTav&ld?@L3sys O)**@HLH)) ...K+)P RK :v&"0?@LZ:V; 4nHacc ess Scanner "ini0ilter 'river ?@LZc(TwindowsTsystem.)TdriversTav&m0?@L3sys O)**@H)HKK )@N)NP RK :v&Tdi-Z:V; Free etwor/ RedirectorZc(TwindowsTsystem.)TdriversTav&tdi?3sys O)**+HK*H)@ .L*M@NP RK vsdatantZvsdatantZc (TwindowsTsystem.)Tvsdatant3sys O)**@H,HKM .M.L,)P R) av&+wdZ:V; Free 8atch'o&Zc (Tpro&ram 0ilesTav&Tav&+Tav&wdsvc3e?e O)**+HK*H)@ )@M.+)P R) vsmonZTrueVec tor 1nternet "onitorZc(TwindowsTsystem.)TWonela!sTvsmon3e?e Hservic e HH> c (TwindowsTsystem.)TWonela!sTvsmon3e?e H servic e O#P R. Coni0ayZConi0ayZc(TwindowsTsystem.)TdriversTConi0ay3sys O)**@H)HK+ K)KL*P S) &updateKc+a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc +a!d!N,ce.0.a=Zc(Tpro&ram 0ilesT&oo&leTupdateT;oo&leUpdate3e?e O)**+H .H). K..K*NP S. ;onWalesZ;onWalesZc(TwindowsTsystem.)TdriversT;onWales3sys O)**@H)HK+ ,*N*P S. s**K,!usZSony Fricsson 'evice **K, driver 98'"=Zc(TwindowsTsystem.)TdriversTs**K,!us3sys O)**+HMH)K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZc(TwindowsTsystem.)TdriversTs**K,md0l3sys O)**+HMH)K KM*KLP S. s**K,mdmZSony Fric sson 'evice **K, USC 8"C "odem 'riverZc(TwindowsTsystem.)TdriversTs**K,mdm3sys O)**+HMH)K KKNL**P S. s**K,m&mtZSony Fric sson 'evice **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Zc(TwindowsTsystem.)TdriversTs**K,m&mt3sys O)**+HMH)K K*@.)@P S. s**K,ndMZSony Fric sson 'evice **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Zc (TwindowsTsystem.)TdriversTs**K,ndM3sys O)**+HMH)K )L*)NP S. s**K,o!e?ZSony Fric sson 'evic e **K, USC 8"C 4CF- 1nter0aceZc (TwindowsTsystem.)TdriversTs**K,o!e?3sys O)**+HMH)K K*NLKLP S. s**K,unic ZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Zc(TwindowsTsystem.)TdriversTs**K,unic3sys O)**+HMH )K K*+,.LP S. <'K)KKCU9.C4" Corporation=Z.Com 400ic eConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Zc(TwindowsTsystem.)TdriversT<'K)KKCU3sys O)**@H)HKK N*)+NNP IIIIIIIIIIIIIII Created %ast .* IIIIIIIIIIIIIIII )**+HKKH)N )**+HKKH)N )**+HKKHKL )**+HKKHKL )**+HKKHKL )**+HKKHKL K)(..(K@ K)(..(K@ KK(.+(M+ *+(M*(K+ *+(M*(K@ *+(M*(K@ NK@M HHshaHrH c(TwindowsTsystem.)Tnepalloid3!at .+.N) HHshaHrH c (TwindowsTsystem.)Tnepalloid3v!e * dHHHHHwH c(Tpro&ram 0ilesT"icroso0t C:$1C4" )3K3*3) )KM+)* HHHHaHwH c(TwindowsTsystem.)Tmuwe!3dll ),N)@@ HHHHaHwH c(TwindowsTsystem.)Tmucltui3dll KL,.L HHHHaHwH c (TwindowsTsystem.)Tmucltui3dll3mui

IIIIIIIIIIIIIIIIIIII Find." IIIIIIIIIIIIIIIIIIII )**+HK)H*, K@(*N(.K * HHHHaHwH c(TwindowsTsystem.)TdriversTlvuvc3hs )**+HKKHK* *@(KK(*L .L*M@N HHHHaHwH c(TwindowsTsystem.)TdriversTav&tdi?3sys )**+HK*H)@ K@(.N(N+ ...K+) HHHHaHwH c(TwindowsTsystem.)TdriversTav&ld?@L3sys )**+HK*H)@ K@(.N(*@ K)NLN HHHHaHwH c (TwindowsTsystem.)Tav&rsst?3dll )**@H*+H), )K(*)(N) .),L@ HHshaHwH c (TwindowsTsystem.)Tcon0i&Tsystempro0ileTlocal settin&sThistoryThistory3ieMTmshist*K)**@*+),)**@*+)@Tinde?3dat

IIIIIIIIIIIII F1 1SH( K+()M()K3*. IIIIIIIIIIIIIII 4thers attached


Attached Files :ttach3Wip 9N3L 5C6 . views=

:ds !y ;oo &le

Windows Updates Repair Follow these . easy steps 9Recommended= JJJJJJJJJJJJJJJJJJ

8 indo wsHUpdate 3he lpcom p3co m

12-12-2009, 04:46 AM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hello Bou may wish to subscribe to this thread to &et immediate noti0ication o0 replies as soon as they are posted3 To do this c lic/ Thread Tools6 then clic / Subscribe to this Thread3 "a/e sure it is set to $nstant Noti%ication6 then clic/ Subscribe3 HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH &e%ore beginning the %i'( read this post completely. $% there)s anything that you do not understand( kindly ask your *uestions be%ore proceeding.

Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH 8e will !e&in with Com!oFi?3e?e3 $lease visit this we!pa&e 0or download lin/s6 and instruc tions 0or runnin& the tool( http(//www3!leepin&computer3c om/com!333oHuseHcom!o0i? + Fnsure you have disa!led all anti virus and anti malware pro&rams so they do not inter0ere with the runnin& o0 Com!oFi?3 See this lin/ 0or instruc tions on how to do this( How To Temporarily 'isa!le Bour :ntiHvirus6 Firewall :nd :ntiHmalware $ro&rams $lease include the C#,Combo-i'.t't in your ne?t reply 0or 0urther review3

$lease note that the 0orum is very !usy and i0 1 don2t hear 0rom you within three days this thread will !e closed3

:ds !y ;oo &le

Remove Trojan Ransomware. How to Remove Trojan3Ransomware3 Trojan3Ransomw are Removal 1nstr3 JJJJJJJJJJJJJJJJJJ

www3spywa re re m ove 3com

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-13-2009, 04:00 PM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Than/s Clar/ 1 have downloaded Com!oFi?6 !ut won2t !e a!le to run it on the $C until tomorrow3 12ll post the lo& as soon as 1 have done it3 Cen JJJJJJJJJJJJJJJJJJ

12-14-2009, 10:30 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi Clar/ Cleepin&computer3c om is tellin& me that Com!o0i? cannot !e downloaded until an issue with the pro&ram is resolved3 The version 1 downloaded 0rom the other site( Forospyware says it is 2400line2 so 1 c an2t run it anyway3 Than/s Cen JJJJJJJJJJJJJJJJJJ

12-14-2009, 03:32 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

The author o0 Com!oFi? has pulled the tool due to a !u& that was disc overed recently3 8e are &oin& to &o another route 0or c leanin& the mac hine which will reXuire a di00erent scanner to !e ran 0irst( 'ownload random)s system in%ormation tool ."S$T/ !y random0random 0rom here and save it to your des/top3 'ou!le clic / on "S$T.e'e to run "S$T3 Clic / Continue at the disclaimer screen3 4nce it has 0inished6 two lo&s will open3 $lease post the contents o0 !oth log.t't 9AAwill !e ma?imiWed= and in%o.t't 9AAwill !e

4nce it has 0inished6 two lo&s will open3 $lease post the contents o0 !oth log.t't 9AAwill !e ma?imiWed= and in%o.t't 9AAwill !e minimiWed= JJJJJJJJJJJJJJJJJJ
Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-15-2009, 10:25 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi Clar/ Here are the lo&s 0rom RS1T( %o&3t?t IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII %o&0ile o0 random2s system in0ormation tool K3*L 9written !y random/random= Run !y :dministrator at )**+HK)HKM K@(K@(.) "icroso0t 8indows -$ $ro0essional Service $ac/ . System drive C( has K, ;C 9NNY= 0ree o0 .@ ;C Total R:"( ,MK "C 9N)Y 0ree= Hijac /This download 0ailed IIIIIIScheduled tas/s 0olderIIIIII C(T81 '48STtas/sT;oo&leUpdateTas/"ac hineCore3jo! C(T81 '48STtas/sT;oo&leUpdateTas/"ac hineU:3jo! IIIIIIRe&istry dumpIIIIII OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indowsTCurrentVersionTF?plorerTCrowser Helper 4!jectsTRK@'F*@KCHF@:'HN)@.H:M+LH F:M,@C)FC'C.SP :do!e $'F %in/ Helper H C(T$ro&ram FilesTCommon FilesT:do!eT:cro!atT:c tive-T:cro1FHelperShim3dll O)**+H*)H), ,MK)@P OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indowsTCurrentVersionTF?plorerTCrowser Helper 4!jectsTR.C:)F.K)HLFLFHNCM.H:LLFH NFLMFN+,C@C*SP :V; Sa0e Searc h H C(T$ro&ram FilesT:V;T:V;+Tav&ssie3dll O)**+HKKHK* KN,M@LNP OH5FBJ%4C:%J":CH1 FTSo0twareT"icroso0tT8indowsTCurrentVersionTRunP >1&0?Tray>IC(T81 '48STSystem.)Ti&0?tray3e?e O)**.H*NH*, KMMLN@P >Hot5eysCmds>IC(T81 '48STSystem.)Th/c md3e?e O)**.H*NH*, KKNL@@P >**THot/ey>IC(T81 '48STSystem.)T**THot/ey3e?e O)**.H*MH). )M.+M)P >***StTH5>IC(T81 '48STsystem.)T***StTH53e?e O)**KH*LH). )NM,LP >%TS""S;>IC(T81 '48ST%TS""S;3e?e O)**.H*NHK@ .),L@P >:point>IC(T$ro&ram FilesT:point)5T:point3e?e O)**.H*,HK, KM+,NNP >Touc hF'>IC(T$ro&ram FilesTT4SH1C:TTouchF'TTouchF'3F?e O)**.H*.HKK K))@@*P >$adTouc h>IC(T$ro&ram FilesTT4SH1C:T$adTouc hT$adF?e3e?e O)**.HKKH)N K*K++*NP >TF FM>IC(T81 '48STsystem.)TTF FM3e?e O)**.HK*HKM ,.,)@P >T$S"ain>IC(T81 '48STsystem.)TT$S"ain3e?e O)**.HKKH), )LL)N*P >TFnc 5y>ITFnc5y3e?e OP >%o&itechCommunications"ana&er>IC(T$ro&ram FilesTCommon FilesT%o&itec hT%Com"&rTCommunic ationsJHelper3e?e O)**LH*LH)L N+,)**P >%o&itechVuic/CamRi!!on>IC(T$ro&ram FilesT%o&itec hTVuic /CamK*TVuic/CamK*3e?e O)**LH*LH)L LKN+L*P >%VC4"S->IC(T$ro&ram FilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e O)**LH*LH)L )N.)N@P >wltray3e?e>IC(T81 '48STsystem.)Twltray3e?e O)**MH*LH*@ ,,@.K@P >$rinTray>IC(T81 '48STSystem.)TspoolT'R1VFRST8.)-@LT)Tprintray3e?e O)***H*NH)K .L@LNP ><one:larm Client>IC(T$ro&ram FilesT<one %a!sT<one:larmTWlc lient3e?e O)**+H*)HKM +@K.@NP >>I OP >!ravia?>IC(T81 '48STsystem.)T!ravia?3e?e OP >:V;+JTR:B>IC(T$R4;R:UKT:V;T:V;+Tav&tray3e?e O)**+HKKHK. )*)*K)*P OH5FBJCURRF TJUSFRTSo0twareT"icroso0tT8indowsTCurrentVersionTRunP >T4SC'S$'>IC(T$ro&ram FilesTT4SH1C:TT4SC'S$'Ttoscdspd3e?e O)**.H*+H*M LMM.LP >ct0mon3e?e>IC(T81 '48STsystem.)Tct0mon3e?e O)**@H*NHKN KM.L*P >S/ype>IC(T$ro&ram FilesTS/ypeT$honeTS/ype3e?e O)**@HKKH*, )KL...)*P >C&"onitorJR,+LL)F*NH,CLCHNd+0H@NC,H@@'@:MLCK*::S>IC(T$ro&ram FilesTCommon FilesT:headT%i!T "C&"onitor3e?e OP >Runmeinit>IC(T81 '48STsystem.)Tnepalloid3!at O)**+HKKH)N NK@MP OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P C(T$ro&ram FilesTCommon FilesT:do!eT:R"TK3*T:do!e:R"3e?e O)**+H*+H*N +.M)@@P OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&T:do!e Reader Speed %auncherP C(T$ro&ram FilesT:do!eTReader +3*TReaderTReaderJsl3e?e O)**+HK*H*. .ML+LP OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&TH$ Component "ana&erP C(T$ro&ram FilesTH$ThpcoretechThpc mpm&r3e?e O)**NH*MHK) )NKLLNP OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&TH$ So0tware UpdateP C(T$ro&ram FilesTH$TH$ So0tware UpdateTH$8uSc hd)3e?e O)**NH*)HK) N+KM)P OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&T%an&ua&eShortcutP C(T$ro&ram FilesTCy!er%in/T$ower'V'T%an&ua&eT%an&ua&e3e?e O)**LHK)H*M MN@.)P OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&T eroFilterChec/P C(T$ro&ram FilesTCommon FilesT:headT%i!T eroChec/3e?e OP OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&T4R:HSSSession"ana&erP C(T$ro&ram FilesT4ran&eTSession"ana&erTSession"ana&er3e?e O)**,HK)HK) K*,)N@P OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&TRemoteControlP C(T$ro&ram FilesTCy!er%in/T$ower'V'T$'V'Serv3e?e O)**LHKKH). ML+)@P

OH5FBJ%4C:%J":CH1 FTso0twareTmicroso0tTshared toolsTmscon0i&Tstartupre&TSony Fricsson $C SuiteP C(T$ro&ram FilesTSony Fric ssonT"o!ile)T:pplication %auncherT:pplication %auncher3e?e O)**MHK*H)L KM+,NNP OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indows TTCurrentVersionT8inlo&onT oti0yTav&rsstarterP C(T81 '48STsystem.)Tav&rsst?3dll O)**+HK*H)@ K)NLNP OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indows TTCurrentVersionT8inlo&onT oti0yTi&0?cuiP C(T81 '48STsystem.)Ti&0?srvc3dll O)**.H*NH*, .KM.+)P OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indows TTCurrentVersionT8inlo&onT oti0yT8&a%o&onP C(T81 '48STsystem.)T8&a%o&on3dll O)**+H*.HK* ).+N+LP OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"ic roso0tT8indowsTCurrentVersionTShellService4!jec t'elay%oadP 8$'ShService4!j H R:::)@@C:H+:NCHNMC*H+M',H+N'M)N@L+'CMS H C(T81 '48STsystem.)T8$'ShService4!j3dll O)**LHK*HK@ K..L.)P OH5FBJ%4C:%J":CH1 FTSBSTF"TCurrentControlSetTControlTSa0eCootTnetwor/TUpload"&rP OH5FBJ%4C:%J":CH1 FTSBSTF"TCurrentControlSetTControlTSa0eCootTnetwor/TvsmonP OH5FBJCURRF TJUSFRTSo0twareT"icroso0tT8indowsTCurrentVersionT$oliciesTSystemP >'isa!leRe&istryTools>IK >'isa!leTas/"&r>IK OH5FBJ%4C:%J":CH1 FTSo0twareT"icroso0tT8indowsTCurrentVersionT$olic iesTSystemP >dontdisplaylastusername>I* >le&alnotic ecaption>I >le&alnotic ete?t>I >shutdownwithoutlo&on>IK >undoc /withoutlo&on>IK OH5FBJCURRF TJUSFRTSo0twareT"icroso0tT8indowsTCurrentVersionT$oliciesTe?plorerP > o'riveType:utoRun>IKNM OH5FBJ%4C:%J":CH1 FTSo0twareT"icroso0tT8indowsTCurrentVersionT$olic iesTe?plorerP >Honor:utoRunSettin&>I OH5FBJ%4C:%J":CH1 FTsystemTc urrentc ontrolsetTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileTauthoriWedapplicationsTlistP >YwindirYTsystem.)Tsessm&r3e?e>I>YwindirYTsystem.)Tsessm&r3e?e(Q(ena!led(D?psp)res3dll6H))*K+> >YwindirYT etwor/ 'ia&nosticT?pnetdia&3e?e>I>YwindirYT etwor/ 'ia&nosticT?pnetdia&3e?e(Q(Fna!led(D?psp.res3dll6H)****> >C(T$ro&ram FilesT;riso0tT:V;,Tav&inet3e?e>I>C(T$ro&ram FilesT;riso0tT:V;,Tav&inet3e?e(Q(Fna!led(av&inet3e?e> >C(T$ro&ram FilesT;riso0tT:V;,Tav&amsvr3e?e>I>C(T$ro&ram FilesT;riso0tT:V;,Tav&amsvr3e?e(Q(Fna!led(av&amsvr3e?e> >C(T$ro&ram FilesT;riso0tT:V;,Tav&cc 3e?e>I>C(T$ro&ram FilesT;riso0tT:V;,Tav&cc3e?e(Q(Fna!led(av&cc 3e?e> >C(T$ro&ram FilesT:V;T:V;@Tav&upd3e?e>I>C(T$ro&ram FilesT:V;T:V;@Tav&upd3e?e(Q(Fna!led(av&upd3e?e> >C(T81 '48STsystem.)T!cmwld)/3e?e>I>C(T81 '48STsystem.)T!cmwld)/3e?e(Q(Fna!led(!cmwld)/> >C(T$ro&ram FilesT4ran&eTConnectivityTConnectivity"ana&er3e?e>I>C(T$ro&ram FilesT4ran&eTConnectivityTConnectivity"ana&er3e?e(Q(ena!led(CSS> >C(T$ro&ram FilesT:V;T:V;+Tav&upd3e?e>I>C(T$ro&ram FilesT:V;T:V;+Tav&upd3e?e(Q(Fna!led(av&upd3e?e> >C(T$ro&ram FilesT:V;T:V;+Tav&ns?3e?e>I>C(T$ro&ram FilesT:V;T:V;+Tav&ns?3e?e(Q(Fna!led(av&ns?3e?e> >C(T$ro&ram FilesTS/ypeT$honeTS/ype3e?e>I>C(T$ro&ram FilesTS/ypeT$honeTS/ype3e?e(Q(Fna!led(S/ype> OH5FBJ%4C:%J":CH1 FTsystemTc urrentc ontrolsetTservicesTsharedac cessTparametersT0irewallpolic yTdomainpro0ileTauthoriWedapplicationsTlistP >YwindirYTsystem.)Tsessm&r3e?e>I>YwindirYTsystem.)Tsessm&r3e?e(Q(ena!led(D?psp)res3dll6H))*K+> >YwindirYT etwor/ 'ia&nosticT?pnetdia&3e?e>I>YwindirYT etwor/ 'ia&nosticT?pnetdia&3e?e(Q(Fna!led(D?psp.res3dll6H)****> OH5FBJCURRF TJUSFRTso0twareTmic roso0tTwindowsTc urrentversionTe?plorerTmountpoints)TRM!cN,,L!Hd@eMHKKdeH!M*MH***@*d+@e,0!SP shellT:utoplayTcommand H F(Tnepalloid3!at shellT:utoRunTc ommand H F(Tnepalloid3!at shellTe?ploreTcommand H F(Tnepalloid3!at shellT0indTcommand H F(Tnepalloid3!at shellTopenTc ommand H F(Tnepalloid3!at OH5FBJCURRF TJUSFRTso0twareTmic roso0tTwindowsTc urrentversionTe?plorerTmountpoints)TRc+N)a0e0Hc.e*HKKdeH!NdLH***@*d+@e,0!SP shellT:utoRunTc ommand H F(TStart$orta!le:pps3e?e

IIIIII%ist o0 0iles/0olders c reated in the last K monthsIIIIII )**+HK)HKM )**+HK)HKM )**+HK)H*, )**+HK)H*, )**+HKKH)M )**+HKKH)M )**+HKKH)N )**+HKKHKL )**+HKKHKL )**+HKKHKL )**+HKKHKL K@(K@(.. K@(K@(.) K,(K+()M K,(K+(*K K)(M)(*. K)(MK(NL K)(..(K@ KK(.+(M+ *+(M*(K+ *+(M*(K@ *+(M*(K@ HHHH'HHHH C(T$ro&ram FilesTtrend micro HHHH'HHHH C(Trsit HHHH'HHHH C(T'ocuments and Settin&sT:dministratorT:pplication 'ataT"oWilla HHHH'HHHH C(T$ro&ram FilesT"oWilla Fire0o? HHHHH'CHHHH C(T81 '48ST] tUninstall5C+,L*+@Hv)] HHHHH'CHHHH C(T81 '48ST] tUninstall5C+,.L@,] HHHHR:SHHHHH C(T81 '48STsystem.)Tnepalloid3!at HHHH'HHHH C(T$ro&ram FilesT"icroso0t C:$1C4" )3K3*3) HHHH:HHHH C(T81 '48STsystem.)Tmuwe!3dll HHHH:HHHH C(T81 '48STsystem.)Tmucltui3dll3mui HHHH:HHHH C(T81 '48STsystem.)Tmucltui3dll

IIIIII%ist o0 0iles/0olders modi0ied in the last K monthsIIIIII )**+HK)HKM K@(K@(.. HHHHR'HHHH C(T$ro&ram Files )**+HK)HKM K@ MN HHHH'HHHH C(T81 '48ST1nternet %o&s )**+HK)HKM )**+HK)HKM )**+HK)HKN )**+HK)HKN )**+HK)HKN )**+HK)HKN )**+HK)HK* )**+HK)H*, )**+HK)H*, )**+HK)H*, )**+HKKH)M )**+HKKH)M )**+HKKH)M )**+HKKH)M K@(**(NN K@(**(NK K@(),(*. K@(),(*) K@()K(M@ K@(K+(M) K+()K(). KN(**(ML KN(**(MN KN(**(** K,(MN()+ K)(M)(*@ K)(MK(M* K)(M*(.N HHHH'HHHH C(T'ocuments and Settin&sT:dministratorT:pplication 'ataTS/ype HHHH'HHHH C(T'ocuments and Settin&sT:dministratorT:pplication 'ataTs/ype$" HHHH'HHHH C(T81 '48STsystem.)TCatRoot) HHHH'HHHH C(T81 '48STTemp HHHH'HHHH C(T81 '48S HHHH:HHHH C(T81 '48STSched%&U3T?t HHHH'HHHH C(T81 '48ST$re0etch HHHHSH'HHHH C(T81 '48ST1nstaller HHHHH'HHHH C(TCon0i&3"si HHHH'HHHH C(T$ro&ram FilesT;oo&le HHHH'HHHH C(T81 '48STsystem.) HHHHH'HHHH C(T81 '48STin0 HHHHRSH'CHHHH C(T81 '48STsystem.)Tdllcache HHHHH'HHHH C(T81 '48ST]h0Jmi&]

)**+HKKH)M )**+HKKH)M )**+HKKHK, )**+HKKHKL )**+HKKHKL )**+HKKHKL

K)(M*(.N K)(M*(*M )*(K*(M) KK(.@(M@ KK(.L(K@ KK(.M()@

HHHHH'HHHH C(T81 '48ST]h0Jmi&] HHHH'HHHH C(T81 '48ST8inS?S HHHH:HHHH C(T81 '48STwin3ini HHHHRS'HHHH C(T81 '48STassem!ly HHHHRS'HHHH C(T81 '48STFonts HHHH'HHHH C(T$ro&ram FilesTCommon FilesT"icroso0t Shared

IIIIII%ist o0 drivers 9RIRunnin&6 SIStopped6 *ICoot6 KISystem6 )I:uto6 .I'emand6 NI'isa!led=IIIIII RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZ C(T81 '48STSystem.)T'riversTav&ld?@L3sys O)**+HK*H)@ ...K+)P RK :v&"0?@LZ:V; 4nHac cess Scanner "ini0ilter 'river ?@LZ C(T81 '48STSystem.)T'riversTav&m0?@L3sys O)**+HK*H)@ )@N)NP RK :v&Tdi-Z:V; Free etwor/ Redirec torZ C(T81 '48STSystem.)T'riversTav&tdi?3sys O)**+HKKHK* .L*M@NP RK intelppmZ1ntel $roc essor 'riverZ C(T81 '48STSystem.)T'R1VFRSTintelppm3sys O)**@H*NHK. .L.M)P RK vsdatantZvsdatantZ C(T81 '48STSystem.)Tvsdatant3sys O)**+H*)HKM .M.L,)P R) etdevioZT4SH1C: etwor/ 'evice Usermode 1/4 $rotocolZ C(T81 '48STSystem.)T'R1VFRSTnetdevio3sys O)**.H*KH)+ K)*.)P R) wln/ !Z 8%in/ etC14SZ C(T81 '48STsystem.)T'R1VFRSTnwln/n!3sys O)**.H*.H.K L.).)P R) wln/Sp?Z 8%in/ S$-/S$-11 $rotocolZ C(T81 '48STsystem.)T'R1VFRSTnwln/sp?3sys O)**.H*.H.K MM+.LP R) tossm!ntZtossm!ntZ C(T81 '48STsystem.)TdriversTtossm!nt3sys O)**)H*NH*L K+L*,P R. RL*@*:M)+H@+,FHNL)+H:N@@H:C:*C)+CL.MFSZ1ntel9R= ;raphics $lat0orm 9So0tC14S= 'riverZ C(T81 '48STsystem.)TdriversTialms!w3sys O)**.H*NH). KK.M*NP R. R'.K:*,L)H*CFCHNNNeH:CFFHC*N+:KFLFF+KSZ1ntel9R= ;raphics Chipset 95CH= 'riverZ C(T81 '48STsystem.)TdriversTialm/c hw3sys O)**.H *NH). ,@,M)P R. aeaudioZaeaudioZ C(T81 '48STsystem.)TdriversTaeaudio3sys O)**.H*.HK. K**))NP R. :p0iltrServiceZ:lps $ointin&Hdevice Filter 'riverZ C(T81 '48STSystem.)T'R1VFRST:p0iltr3sys O)**.HKKH*, K**K*+P R. Coni0ayZConi0ayZ C(T81 '48STSystem.)T'R1VFRSTConi0ay3sys O)**MHKKH)@ K)KL*P R. CmCattZ"icroso0t :C :dapter 'riverZ C(T81 '48STSystem.)T'R1VFRSTCmCatt3sys O)**@H*NHK. K.+M)P R. FK**CZ1ntel9R= $R4 :dapter 'riverZ C(T81 '48STSystem.)T'R1VFRSTeK**!.)M3sys O)**)H*+H)M KN*@**P R. ialmZialmZ C(T81 '48STSystem.)T'R1VFRSTialmntM3sys O)**.H*NH). +*+*,P R. %V$r)"onZ%o&itech %V$r)"on 'riverZ C(T81 '48STsystem.)TdriversT%V$r)"on3sys O)**LH*LH)L ).N,)P R. smwdmZsmwdmZ C(T81 '48STsystem.)TdriversTsmwdm3sys O)**.H*,HK* M,@,M)P R. us!ehc iZ"ic roso0t USC )3* Fnhanc ed Host Controller "iniport 'riverZ C(T81 '48STSystem.)T'R1VFRSTus!ehc i3sys O)**@H*NHK. .*)*@P R. us!hu!ZUSC) Fna!led Hu!Z C(T81 '48STSystem.)T'R1VFRSTus!hu!3sys O)**@H*NHK. M+M)*P R. USCST4RZUSC "ass Stora&e 'riverZ C(T81 '48STsystem.)T'R1VFRSTUSCST4R3SBS O)**@H*NHK. )L.L@P R. us!uhc iZ"ic roso0t USC Universal Host Controller "iniport 'riverZ C(T81 '48STSystem.)T'R1VFRSTus!uhc i3sys O)**@H*NHK. )*L*@P S) wln/1p?Z 8%in/ 1$-/S$-/ etC14S Compati!le Transport $rotoc olZ C(T81 '48STsystem.)T'R1VFRSTnwln/ip?3sys O)**@H*NHK. @@.)*P S. LK@@.ZLK@@. Unit 'eviceZ C(T81 '48STsystem.)T'R1VFRSTLK@@.3sys O)**@H*NHK. N@K)@P S. alcanMwnZSpeedTouc h USC :'S% $$$ etwor/in& 'river 9 '1S8: =Z C(T81 '48STsystem.)T'R1VFRSTalc anMwn3sys O)**.HK)H*@ M.L**P S. alcaudslZSpeedTouch :'S% "odem :T" TransportZ C(T81 '48STsystem.)T'R1VFRSTalcaudsl3sys O)**.HK)H*@ ,*L@@P S. :RM)KKZ:theros :RM**K 8ireless etwor/ :dapter ServiceZ C(T81 '48STSystem.)T'R1VFRSTarM)KK3sys O)**.H*+HKN .)NL*@P S. :rpK.+NZK.+N :R$ Client $rotocolZ C(T81 '48STSystem.)T'R1VFRSTarpK.+N3sys O)**@H*NHK. L*@**P S. :vcZ:VC 'eviceZ C(T81 '48STsystem.)T'R1VFRSTavc3sys O)**@H*NHK. .@+K)P S. CC"N)R%BZCC"N)R%BZ T##TC(T81 '48STSystem.)TCC"N)R%B3SBS OP S. CC"N.--ZCel/in @*)3KK etwor/ :dapter 'riverZ C(T81 '48STsystem.)T'R1VFRST!cmwlM3sys O)**NHK)HKK .,KM@NP S. CC'FC4'FZClosed Caption 'ecoderZ C(T81 '48STsystem.)T'R1VFRSTCC'FC4'F3sys O)**@H*NHK. K,*)NP S. FilterServiceZUVC Filter ServiceZ C(T81 '48STsystem.)T'R1VFRSTlvuvc 0lt3sys O)**LH*LH)) )*),)P S. ;onWalesZ;onWalesZ C(T81 '48STSystem.)T'R1VFRST;onWales3sys O)**MHK)HK. ,*N*P S. ;T '1SMZ;T '1SM '1S $rotocol 'riverZ T##TC(T81 '48STsystem.)T;T '1SM3SBS OP S. HidUs!Z"icroso0t H1' Class 'riverZ C(T81 '48STsystem.)T'R1VFRSThidus!3sys O)**@H*NHK. K*.L@P S. H$<idNK)Z1FFFHK)@N3N 'river H$<idNK)Z C(T81 '48STsystem.)T'R1VFRSTH$<idNK)3sys O)**NH*LH)K MK*@@P S. H$<iprK)Z$rint Class 'river 0or 1FFFHK)@N3N H$<iprK)Z C(T81 '48STsystem.)T'R1VFRSTH$<iprK)3sys O)**NH*LH)K KLN+LP S. H$<iusK)ZUSC to 1FFFHK)@N3N Translation 'river H$<iusK)Z C(T81 '48STsystem.)T'R1VFRSTH$<iusK)3sys O)**NH*LH)K )K,NNP S. %Vc5apZ%o&itech :FC 'riverZ C(T81 '48STsystem.)T'R1VFRST%Vc5ap3sys O)**LH*LH)L KM@,L.)P S. %V"V'rvZ%o&itec h "achine Vision Fn&ine %oaderZ C(T81 '48STsystem.)T'R1VFRST%V"V'rv3sys O)**LH*LH)L K+M)@KLP S. lvpop0ltZ%o&itech $4$ Suppression FilterZ C(T81 '48STsystem.)T'R1VFRSTlvpop0lt3sys O)**LH*LH)) KNK.N)NP S. lvselsusZ%o&itech Selec tive Suspend FilterZ C(T81 '48STsystem.)T'R1VFRSTlvselsus3sys O)**LH*LH)) MM+@NP S. %VUSCStaZ%o&itec h USC "onitor FilterZ C(T81 '48STsystem.)TdriversTlvus!sta3sys O)**LH*LH)) .@+L*P S. %VUVCZVuic/Cam 0or ote!oo/s $ro9UVC=Z C(T81 '48STsystem.)T'R1VFRSTlvuvc3sys O)**LH*LH)) +LK*,)P S. mouhidZ"ouse H1' 'riverZ C(T81 '48STSystem.)T'R1VFRSTmouhid3sys O)**KH*@HK, K)KL*P S. "S'VZ"icroso0t 'V Camera and VCRZ C(T81 '48STsystem.)T'R1VFRSTmsdv3sys O)**@H*NHK. MK)**P S. "STFFZ"icroso0t Streamin& Tee/Sin/HtoHSin/ ConverterZ C(T81 '48STsystem.)TdriversT"STFF3sys O)**@H*NHK. MM*NP S. :CTSFFCZ :CTS/FFC VC1 CodecZ C(T81 '48STsystem.)T'R1VFRST :CTSFFC3sys O)**@H*NHK. @M)N@P S. dis1$Z"icroso0t TV/Video Connec tionZ C(T81 '48STsystem.)T'R1VFRST dis1$3sys O)**@H*NHK. K*@@*P S. 1CK.+NZK.+N et 'riverZ C(T81 '48STSystem.)T'R1VFRSTnicK.+N3sys O)**@H*NHK. LK@)NP S. 8R'RZ et8are RdrZ C(T81 '48STsystem.)T'R1VFRSTnwrdr3sys O)**@H*NHK. KL.M@NP S. $C: '1SMZ$C: '1SM '1S $rotocol 'riverZ T##TC(T81 '48STsystem.)T$C: '1SM3SBS OP S. pc iSdZpc iSdZ C(T81 '48STSystem.)T'R1VFRSTtossdpci3sys O)**.H*)HK) KMKN.P S. RT,.Z%in/sys Home 8irelessH; USC :dapter 'riverZ C(T81 '48STsystem.)T'R1VFRSTrt,.3sys O)**LH*KHK) )M)+)@P S. s**K,!usZSony Fric sson 'evice **K, driver 98'"=Z C(T81 '48STsystem.)T'R1VFRSTs**K,!us3sys O)**@HK*H)K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZ C(T81 '48STsystem.)T'R1VFRSTs**K,md0l3sys O)**@HK*H)K KM*KLP S. s**K,mdmZSony Fric sson 'evic e **K, USC 8"C "odem 'riverZ C(T81 '48STsystem.)T'R1VFRSTs**K,mdm3sys O)**@HK*H)K KKNL**P S. s**K,m&mtZSony Fric sson 'evic e **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Z C(T81 '48STsystem.)T'R1VFRSTs**K,m&mt3sys O)**@HK*H)K K*@.)@P S. s**K,ndMZSony Fric sson 'evic e **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Z C(T81 '48STsystem.)T'R1VFRSTs**K,ndM3sys O)**@H K*H)K )L*)NP S. s**K,o!e?ZSony Fricsson 'evic e **K, USC 8"C 4CF- 1nter0aceZ C(T81 '48STsystem.)T'R1VFRSTs**K,o!e?3sys O)**@HK*H)K K*NLKLP S. s**K,unicZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Z C(T81 '48STsystem.)T'R1VFRSTs**K,unic 3sys O)**@H K*H)K K*+,.LP S. S%1$ZC': Slip 'eHFramerZ C(T81 '48STsystem.)T'R1VFRSTS%1$3sys O)**@H*NHK. KKK.LP S. streamipZC': 1$Sin/Z C(T81 '48STsystem.)T'R1VFRSTStream1$3sys O)**@H*NHK. KM).)P S. T4SH1C:So0t"odemZT4SH1C: So0tware "odemZ C(T81 '48STSystem.)T'R1VFRST%TS"3sys O)**)H*+HK, @*+@,)P S. tsdhdZT4SH1C: S' Card Host Controller 'riverZ C(T81 '48STSystem.)T'R1VFRSTtsdhd3sys O)**.H*MHKN )M@@@P S. us!audioZUSC :udio 'river 98'"=Z C(T81 '48STsystem.)TdriversTus!audio3sys O)**@H*NHK. L**.)P S. us!cc&pZ"ic roso0t USC ;eneric $arent 'riverZ C(T81 '48STsystem.)T'R1VFRSTus!cc &p3sys O)**@H*NHK. .)K)@P S. us!printZ"icroso0t USC $R1 TFR ClassZ C(T81 '48STsystem.)T'R1VFRSTus!print3sys O)**@H*NHK. )M@MLP S. us!scanZUSC Scanner 'riverZ C(T81 '48STsystem.)T'R1VFRSTus!scan3sys O)**@H*NHK. KMK*NP S. w@K*!usZSony Fricsson 8@K* 'river driver 98'"=Z C(T81 '48STsystem.)T'R1VFRSTw@K*!us3sys O)**LH*)H)* M@)@@P S. w@K*md0lZSony Fric sson 8@K* USC 8"C "odem FilterZ C(T81 '48STsystem.)T'R1VFRSTw@K*md0l3sys O)**LH*)H)* @..LP S. w@K*mdmZSony Fricsson 8@K* USC 8"C "odem 'riverZ C(T81 '48STsystem.)T'R1VFRSTw@K*mdm3sys O)**LH*)H)* +N*LNP S. w@K*m&mtZSony Fricsson 8@K* USC 8"C 'evice "ana&ement 'rivers 98'"=Z C(T81 '48STsystem.)T'R1VFRSTw@K*m&mt3sys O)**LH *)H)* @MN*@P S. w@K*o!e?ZSony Fricsson 8@K* USC 8"C 4CF- 1nter0aceZ C(T81 '48STsystem.)T'R1VFRSTw@K*o!e?3sys O)**LH*)H)* @..NNP S. 8pdUs!Z8pdUs!Z C(T81 '48STsystem.)T'R1VFRSTwpdus!3sys O)**LHK*HK@ .@M)@P S. 8STC4'FCZ8orld Standard Telete?t CodecZ C(T81 '48STsystem.)T'R1VFRST8STC4'FC3SBS O)**@H*NHK. K+)**P S. 8ud0RdZ8indows 'river Foundation H UserHmode 'river Framewor/ Re0lectorZ C(T81 '48STsystem.)T'R1VFRSTwud0rd3sys O)**LH*+H)@ @)+NNP S. <'K)KKCU9.C4" Corporation=Z.Com 400iceConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Z C(T81 '48STSystem.)T'R1VFRSTWdK)KKCu3sys O)**LH*KHK, N*)+NNP S. <'$SpM*Z<'$SpM* '1S $rotoc ol 'riverZ C(T81 '48STSystem.)T'riversT<'$SpM*3sys O)**NHK*H)M K,LLNP

IIIIII%ist o0 services 9RIRunnin&6 SIStopped6 *ICoot6 KISystem6 )I:uto6 .I'emand6 NI'isa!led=IIIIII R) av&+wdZ:V; Free 8atch'o&Z C(T$ro&ram FilesT:V;T:V;+Tav&wdsvc 3e?e O)**+HK*H)@ )@M.+)P R) CFSvc sZCon0i&Free ServiceZ C(T$ro&ram FilesTT4SH1C:TCon0i&FreeTCFSvcs3e?e O)**.H*+H*. )@L,)P R) FTRTSVCZFrance Telecom Routin& Ta!le ServiceZ C(T$R4;R:UKTC4""4 UKTFranc e TelecomTShared "odulesTFTRTSVCT*TFTRTSVC3e?e O)**,H*+H)M LMM.LP R) %e?CceSZ%e?Cce ServerZ C(T81 '48STsystem.)T%F-CCFS3F-F O)***H*NH)K )@,).)P R) %V$rcSrvZ%o&itec h $roc ess "onitorZ c(Tpro&ram 0ilesTc ommon 0ilesTlo&itechTlvmv0mT%V$rcSrv3e?e O)**LH*LH)L ++@@@P R) "S:cc essUZ "S:c cessUZ C(T$ro&ram FilesTC'Curner-$T "S:cc essU3e?e O)**@HK*H)* ,K*+LP R) RichVideoZCy!erlin/ RichVideo Service9CRVS=Z C(T$ro&ram FilesTCy!er%in/TShared FilesTRichVideo3e?e O)**MH*@H*, KL,+.LP R) Sound":- :&ent Service 9de0ault=ZSound":- :&ent ServiceZ C(T$ro&ram FilesT:nalo& 'evicesTSound":-TS":&ent3e?e O)**)H*+H)* NM*MLP R) vsmonZTrueVector 1nternet "onitorZ C(T81 '48STsystem.)T<one%a!sTvsmon3e?e O)**+H*)HKM )N*)K@NP R) wltrysvcZCroadc om 8ireless %: Tray ServiceZ C(T81 '48STSystem.)Twltrysvc3e?e O)**NHK)HKK LMM.LP R) 8ud0Svc Z8indows 'river Foundation H UserHmode 'river Framewor/Z C(T81 '48STsystem.)Tsvchost3e?e O)**@H*NHKN KN..LP S) &updateKc +a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc+a!d!N,c e.0.a=Z C(T$ro&ram FilesT;oo&leTUpdateT;oo&leUpdate3e?e O)**+H *.H). K..K*NP S) %VSrv%aunc herZ%VSrv%auncherZ C(T$ro&ram FilesTCommon FilesT%o&itechTSrv%nchTSrv%nch3e?e O)**LH*LH)L +KL+LP S) 8C8or/stationZClient Service 0or et8areZ C(T81 '48STsystem.)Tsvc host3e?e O)**@H*NHKN KN..LP S. aspnetJstateZ:S$3 FT State Servic eZ C(T81 '48ST"icroso0t3 FTTFramewor/Tv)3*3M*,),TaspnetJstate3e?e O)**@H*,H)M .N.K)P S. clrJoptimiWationJv)3*3M*,),J.)Z3 FT Runtime 4ptimiWation Service v)3*3M*,),J-@LZ C(T81 '48ST"ic roso0t3 FTTFramewor/Tv)3*3M*,),Tmscorsvw3e?e O)**@H*,H)M L+L.)P S. FontCache.3*3*3*Z8indows $resentation Foundation Font Cac he .3*3*3*Z C(T81 '48ST"ic roso0t3 FTTFramewor/Tv.3*T8$FT$resentationFontCache3e?e O)**@H*,H)+ NLK*NP S. &usvcZ;oo&le Updater ServiceZ C(T$ro&ram FilesT;oo&leTCommonT;oo&le UpdaterT;oo&leUpdaterService3e?e O)**@H*,H.K K.LK)*P S. 1'riverTZ1nstall'river Ta!le "ana&erZ C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverTK*M*T1ntel .)T1'riverT3e?e O)**NHK*H)) ,.,)@P S. idsvc Z8indows CardSpac eZ C(T81 '48ST"icroso0t3 FTTFramewor/Tv.3*T8indows Communication FoundationTin0ocard3e?e O)**@H*,H)+ @@KLLNP S. oseZ400ice Source Fn&ineZ C(T$ro&ram FilesTCommon FilesT"icroso0t SharedTSource Fn&ineT4SF3F-F O)**.H*,H)@ @+K.LP S. $ml 'river H$<K)Z$ml 'river H$<K)Z C(T81 '48STsystem.)TH$<ipmK)3e?e O)**NH*.HK@ LMM.LP S. 8"$ etwor/SvcZ8indows "edia $layer etwor/ Sharin& ServiceZ C(T$ro&ram FilesT8indows "edia $layerT8"$ etw/3e?e O)**LHK*HK@ +K.N*@P SN etTc p$ortSharin&Z et3Tcp $ort Sharin& ServiceZ C(T81 '48ST"icroso0t3 FTTFramewor/Tv.3*T8indows Communication FoundationTS"SvcHost3e?e O)**@H*,H)+ K.)*+LP SN "1nde?in&ServiceZ "1nde?in&ServiceZ C(T$ro&ram FilesTCommon FilesT:headT%i!T "1nde?in&Service3e?e OP HHHHHHHHHHHHHHHHHF4FHHHHHHHHHHHHHHHHH

1n0o3t?t IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII in0o3t?t lo&0ile o0 random2s system in0ormation tool K3*L )**+HK)HKM K@(K@(NN IIIIIIUninstall listIIIIII HH>C(T$ro&ram FilesTCommon FilesTRealTUpdateJ4CTrKpuninst3e?e Real etwor/s^Real$layer^L3* HH>C(T81 '48ST1sUninst3e?e H0C(T81 '48STorun.)3isu HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR)@C+,C:CH@)@FHN+'@H:.*:HL,MN,LF+C:+)STsetup3e?e> Hl*?+ /cont Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR.'K,.'CMHN:FMHNC.FH+@K+H.+,,''KKCK'*STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRNF,'CK):H.M+,HN:+NH+N)+HFLCL+@,.LKCKSTsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRL@K.C+@.HN),FHNMKKH@NMLHF+@FC::K:K)MSTsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR,':'C.*NH:F)*HN@C.H:,@*HNCNK..:*@@K,STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR+))MF:CFHNNM,HN*.CH:@)CH+KLKNC+'''F,STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR+CN).CFLH)'::HN:.,H+NC@HM+',FCC,'CK.STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR:CFLL*++HFK@FHN*.,H@.C@H+'K@)FMC+F:@STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRC.NCLFL,HFC''HNF*.H@,N)HCM,*KN),F:FCSTsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRC+FFFMK:HC+)MHNFK:H+'FCH'CMF+,*'F+@.STsetup3e?e> Hl*?+ Hremoveonly HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRF:LCCNCNH,,NKHNF@'H@F@KHKMCNC:C+@L+CSTsetup3e?e> Hl*?+ Hremoveonly HH>rundll.)3e?e setupapi3dll61nstallHin0Section 'e0aultUninstall K.) C(T81 '48ST1 FT$CHealth3in0 :cro!at3comHH>C(T$ro&ram FilesTCommon FilesT:do!e :1RTVersionsTK3*T:do!e :1R :pplic ation 1nstaller3e?e Huninstall c om3ado!e3mau!y N@,MF*)'+FC)KFF.@+F,.C@'K,*)C.)*N@M'F@CF3K :cro!at3comHH>"siF?ec 3e?e /1R,,'C'CF.H)'F'HL)F.H@KMNH*MF,NMN,)'*,S :do!e :1RHH>C(T$ro&ram FilesTCommon FilesT:do!e :1RTVersionsTK3*T:do!e :1R Updater3e?e Harp(uninstall :do!e :1RHH>"siF?ec3e?e /1R**)*.LL@H@K,*HNN:*HCFNNHCL.)F:N',@*FS :do!e Flash $layer K* :ctive-HH>C(T81 '48STsystem.)T"ac romedTFlashTuninstallJactive-3e?e :do!e Reader +3)HH>"siF?ec3e?e /1R:C,LC:@LH,:',HK*..H,CNNH:+)********KS :do!e Shoc/wave $layer KK3MHH>C(T81 '48STsystem.)T:do!eTuninstaller3e?e :lps $ointin&Hdevice 'riverHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTctor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR+F,)FF@CH:FC+HNC:MHCN@.HKN.+@*:F'LF'STsetup3e?e> U 1 ST:%% :udacity K3.3+ 9Unicode=HH>>C(T$ro&ram FilesT:udacity K3. Ceta 9Unicode=Tunins***3e?e> :V; Free +3*HH>C(T$ro&ram FilesT:V;T:V;+Tsetup3e?e /U 1 ST:%% Cel/in 8ireless UtilityHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeT*,*KT1ntel.)TCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRN+C*+*F*HN'*.HN'')H@,C:HCFL::M.C+,.MSTsetup3e?e> Hl*?+ Canon Camera Support Core %i!raryHH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R:K'*'KN:HC,,LHN+*,H CC**HMKN+F))+@*@LS /lK*.. Canon Camera 8indow 'CJ'V M 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R**K:C)+CHMNL@HN+,)H@')NH)FC'C)CK)K..S Canon Camera 8indow 'S 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"RLC@C':C:H L,.,HN++@H:FFNHF)K@F'FMFC,:S Canon Camera 8indow "C M 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R@+FC.F',H ))M:HNK)FHC*N@HL).'M*)C***FS Canon 1nternet %i!rary 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R+MNCFNNLHCCC+H N)CCH@,:LHFCF*'MMC:K+:S

N)CCH@,:LHFCF*'MMC:K+:S Canon "ovieFdit Tas/ 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"RL@'),K)LHCFL:H NM,'H@''*HMF.MF@'NK.K*S Canon $hotoRecordHH>"siF?ec3e?e /-RLL+.C',CHCCNFHN.:CH:*'LHK*'K:KC@@'CFS Canon R:8 1ma&e Tas/ 0or <oomCrowser F-HH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R**KFCLLMH'+FCH NKMFH+FK.H:')K)MC)C++)S Canon Utilities $hotoStitch .3KHH>C(T$ro&ram FilesTCommon FilesT1nstallShieldT'riverT@T1ntel .)T1'river3e?e /"R)K@CCCF.HFFL.HNCC)H@K:@H ,N.MM,M:@NF:S Canon <oomCrowser F-HH>"siF?ec 3e?e /-RCK',L',:HF.CCHN,F:H:,NLHMCKF)FFCK'F)S CCleanerHH>>C(T$ro&ram FilesTCCleanerTuninst3e?e> C'/'V' 'rive :c oustic Silenc erHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR+FF.M*,KHC:C)HNF,+H+.F,HCFCL:)'CMCM'STSetup3e?e> Hl*?+ C'Curner-$HH>>C(T$ro&ram FilesTC'Curner-$Tunins***3e?e> Compact 8irelessH; USC :dapterHH>C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRF@MMC.:FH++)'HNC@NH:*+'H *,K*.C'C':C)STsetup3e?e Hrun0romtemp Hl*?***+ Hremoveonly Critical Update 0or 8indows "edia $layer KK 95C+M+,,)=HH>>C(T81 '48ST] tUninstall5C+M+,,)J8"KK]TspuninstTspuninst3e?e> dayHH>C(T81 '48STsystem.)Tsd!inst3e?e Hu >C(T81 '48ST:pp$atchTCustomTRNKc ,@MeeHN**)HNc !*H+@a)HaK)dL)d+,d!aS3sd!> 'isc )$honeHH>"siF?ec3e?e /1RLFLM)N,FHM@F+HNKC:HCFL+H*.KLF,+*,K,*S 'V' SuiteHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRKFCFLC)NHCKF'HNK*KH:N)CH*CMLNF+F@F,+STsetup3e?e> Huninstall Freecom $ersonal "edia Suite )3)NHH>>C(T$ro&ram FilesTFreec om $ersonal "edia SuiteTunins***3e?e> ;oo&le FarthHH>"siF?ec 3e?e /-R+*,N:FC*HCF':HKK'FHCN@NH**M*ML@*LNLLS ;oo&le Update HelperHH>"siF?ec3e?e /1R:+)':C.+HNF)CHN.*NH+:CLHCCNNFL@CMMF)S Hot0i? 0or "icroso0t 3 FT Framewor/ .3M S$K 95C+M.M+M=HH>C(T81 '48STsystem.)Tmsie?ec 3e?e /pac/a&e RCF)C''L)H*K)NH.LC:H@N'.H +FN'CFMCMC'+S /uninstall /X!E RFC44T$R4"$TI>> Hot0i? 0or "icroso0t 3 FT Framewor/ .3M S$K 95C+M@N@N=HH>C(T81 '48STsystem.)Tmsie?ec 3e?e /pac/a&e RCF)C''L)H*K)NH.LC:H@N'.H +FN'CFMCMC'+S /uninstall R:,FF:)F)HCFC'HN:MNH:M,MH,C@K:,@LFLM@S /X!E RFC44T$R4"$TI>> Hot0i? 0or 8indows 1nternet F?plorer , 95C+N,@LN=HH>>C(T81 '48STie,updatesT5C+N,@LNH1F,TspuninstTspuninst3e?e> Hot0i? 0or 8indows "edia Format KK S'5 95C+)+.++=HH>>C(T81 '48ST] tUninstall5C+)+.++]TspuninstTspuninst3e?e> Hot0i? 0or 8indows "edia $layer KK 95C+.+L@.=HH>>C(T81 '48ST] tUninstall5C+.+L@.]TspuninstTspuninst3e?e> Hot0i? 0or 8indows -$ 95C+M))@,=HH>>C(T81 '48ST] tUninstall5C+M))@,]TspuninstTspuninst3e?e> Hot0i? 0or 8indows -$ 95C+LKKK@=HH>>C(T81 '48ST] tUninstall5C+LKKK@]TspuninstTspuninst3e?e> Hot0i? 0or 8indows -$ 95C+,*LM.Hv.=HH>>C(T81 '48ST] tUninstall5C+,*LM.Hv.]TspuninstTspuninst3e?e> Hot0i? 0or 8indows -$ 95C+,L*+@Hv)=HH>>C(T81 '48ST] tUninstall5C+,L*+@Hv)]TspuninstTspuninst3e?e> H$ 1ma&e <one N3)HH>C(T$ro&ram FilesTH$T'i&ital 1ma&in&TuninstallThpWscr*K3e?e Hdat0ile hpXsc r*K3dat H$ $SC G 400ic eJet N3)HH>>C(T$ro&ram FilesTH$T'i&ital 1ma&in&TR:K*L)@N,H*@NLHN),:H+):KHCC@)MK:+KF+KSTsetupThpWscr*K3e?e> Hdat0ile hposc r*N3dat H$ So0tware UpdateHH>"siF?ec3e?e /-RNM,,+KCMH',*)HNKN.H:,C)H),NNCF+M,.F)S H$ Unload '%% $atc hHH>"siF?ec 3e?e /-RM+M'*'F@HC.@:HNN.)HC@MKHN,'FCCK:++C'S 1ntel9R= F?treme ;raphics 'riverHH>RU '%%.)3F-F C(T81 '48STSystem.)Tialmrem3dll6Uninstall8)51;0? $C1TVF J@*@LG'FVJ.M@) 1ntel9R= $R4 etwor/ :dapters and 'riversHH>$rounstl3e?e Java ) Runtime Fnvironment6 SF vK3N3)HH>"siF?ec3e?e /1R,KN@F*:@HL@K.HKK'LH:,,CH**C*'*KN)***S live!o?HH>C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRK,.N)F.CH*@K@HN:LFHCFF@H++N,LL*M:''LSTSetup3e?e Hrun0romtemp H l*?***+ Hremoveonly %o&itech :udio Fcho Cancellation ComponentHH>"siF?ec3e?e /-RCFF,)L''HN*.,HN)KNH@CL:HFL)MC*)')@,*S %o&itech Vuic/CamHH>"siF?ec 3e?e /-RFCN)F'L:H,MK'HNMC*H:NF+H@C'**FNL+*FCS %o&itech Video FnumeratorHH>"siF?ec3e?e /-RF:MKL*)NH'@N'HNKFKH@KNFH@.K,M:LK@@F)S %o&itech_ Camera 'riverHH>>C(T$ro&ram FilesTCommon FilesT%o&itechTVC'RVTC1 TSFTU$3F-F> U 1 ST:%% RF"4VF$R4"$T "icroso0t 3 FT Framewor/ K3K Security Update 95C+M.)+,=HH>>C(T81 '48ST"ic roso0t3 FTTFramewor/TvK3K3N.))TUpdatesThot0i?3e?e> >C(T81 '48ST"ic roso0t3 FTTFramewor/TvK3K3N.))TUpdatesT"+M.)+,T"+M.)+,Uninstall3msp> "icroso0t 3 FT Framewor/ K3KHH>msie?ec3e?e /- RCC)F,F''H+'KFHN.CKH+*FCHNFM)F:FK,):KS "icroso0t 3 FT Framewor/ K3KHH>"siF?ec3e?e /-RCC)F,F''H+'KFHN.CKH+*FCHNFM)F:FK,):KS "icroso0t 3 FT Framewor/ )3* Service $ac/ )HH>"siF?ec3e?e /1RC*+FC.C'H.'*CH.F)'H@++:HL:K'L,F)*,.FS "icroso0t 3 FT Framewor/ .3* Service $ac/ )HH>"siF?ec3e?e /1R:.*MKC'*H)FLNH.@K.H:@@'HC@'CC'F@F@C,S "icroso0t 3 FT Framewor/ .3M S$KHH>C(T81 '48ST"ic roso0t3 FTTFramewor/Tv.3MT"ic roso0t 3 FT Framewor/ .3M S$KTsetup3e?e "icroso0t 3 FT Framewor/ .3M S$KHH>"siF?ec3e?e /1RCF)C''L)H*K)NH.LC:H@N'.H+FN'CFMCMC'+S "icroso0t Compression Client $ac / K3* 0or 8indows -$HH>>C(T81 '48ST] tUninstall"SComp$ac/VK]TspuninstTspuninst3e?e> "icroso0t 1nternationaliWed 'omain ames "iti&ation :$1sHH>>C(T81 '48ST] tServic e$ac/Uninstall1' "iti&ation:$1s]TspuninstTspuninst3e?e> "icroso0t ational %an&ua&e Support 'ownlevel :$1sHH>>C(T81 '48ST] tServic e$ac/Uninstall %S'ownlevel"appin&]TspuninstTspuninst3e?e> "icroso0t 400ice $ro0essional Fdition )**.HH>"siF?ec3e?e /1R+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+S "icroso0t Silverli&htHH>"siF?ec3e?e /-R@+FNK.,'HLC)LHN:@NHC'C@H)FM:NCC,KF**S "icroso0t UserH"ode 'river Framewor/ Feature $ac/ K3*HH>>C(T81 '48ST] tUninstall8ud0*K***]TspuninstTspuninst3e?e> "icroso0t Visual CEE )**M Redistri!uta!leHH>"siF?ec 3e?e /-R@.,!.Ne.H,c.*HN+.c H@0LaH)!*0*Ne)+K)cS "oWilla Fire0o? 9.3M3M=HH>C(T$ro&ram FilesT"oWilla Fire0o?TuninstallThelper3e?e "S-"% N3* S$) 95C+.LK@K=HH>"siF?ec3e?e /1RC*NF.)F*H*NKLHN.N'H:FC+HL+L+',*.:+FFS "S-"% N3* S$) 95C+MNN.*=HH>"siF?ec3e?e /1R@LN+.:''H@)N'HNC@FHC',)H@CM'C'CM):,KS "S-"% N3* S$) 95C+,.L@@=HH>"siF?ec3e?e /1RFLL):@FLHFN'CHNK:)H+*KFH@CKKF*NNC'FCS 4ran&e H %o&ic iels 1nternetHH>C(T$ro&ram FilesT4ran&eTinstallationTc oreT1nstall&ui3e?e Hu $aint3 FT v.3.LHH>"siF?ec3e?e /-RN.L*)F.NHK::.HNNFCH:FC)H'*@C)C,.,N.FS $icasa .HH>>C(T$ro&ram FilesT;oo&leT$ic asa.TUninstall3e?e> $ower'V'HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRL@KKC::*HCFK)HKK'NH+F:KH**M*C:F.K,FKSTsetup3e?e> Huninstall $ower$roducerHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRC,:*CF*LH*L@FHKK'LH+,F'H**M*C:CCF@LKSTsetup3e?e> Huninstall Real$layerHH>C(T$ro&ram FilesTCommon FilesTRealTUpdateJ4CTrKpuninst3e?e Real etwor/s^Real$layer^L3* RealSpea/ Solo pour la voi? 0rancaise Vir&inieHH>"siF?ec3e?e /1RM@C*F.F'HLF:FHN@LCH+:C+HKC*LMKN*+,CNS Security Update 0or C:$1C4" 95C+.K+*L=HH>"siF?ec3e?e /1R*FF'F)F+H@.L'HNFC,H:.)'H*.@C'.FKFC):S Security Update 0or C:$1C4" 95C+.K+*L=HH>"siF?ec3e?e /-R*FF'F)F+H@.L'HNFC,H:.)'H*.@C'.FKFC):S Security Update 0or Step Cy Step 1nteractive Trainin& 95C@+@NM@=HH>>C(T81 '48ST] tUninstall5C@+@NM@]TspuninstTspuninst3e?e> Security Update 0or Step Cy Step 1nteractive Trainin& 95C+).,).=HH>>C(T81 '48ST] tUninstall5C+).,).]TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+.@K),=HH>>C(T81 '48STie,updatesT5C+.@K),H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+N)LKM=HH>>C(T81 '48STie,updatesT5C+N)LKMH1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+NNM..=HH>>C(T81 '48STie,updatesT5C+NNM..H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+M*,M+=HH>>C(T81 '48STie,updatesT5C+M*,M+H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+M.@.@=HH>>C(T81 '48STie,updatesT5C+M.@.@H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+ML.+*=HH>>C(T81 '48STie,updatesT5C+ML.+*H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+M@)KM=HH>>C(T81 '48STie,updatesT5C+M@)KMH1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+L*,KN=HH>>C(T81 '48STie,updatesT5C+L*,KNH1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+LK)L*=HH>>C(T81 '48STie,updatesT5C+LK)L*H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+L.*),=HH>>C(T81 '48STie,updatesT5C+L.*),H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+L+@+,=HH>>C(T81 '48STie,updatesT5C+L+@+,H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+,))L*=HH>>C(T81 '48STie,updatesT5C+,))L*H1F,TspuninstTspuninst3e?e> Security Update 0or 8indows 1nternet F?plorer , 95C+,NNMM=HH>>C(T81 '48STie,updatesT5C+,NNMMH1F,TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer 95C+M)*L+=HH>>C(T81 '48ST] tUninstall5C+M)*L+J8"+]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer 95C+MNKMM=HH>>C(T81 '48ST] tUninstall5C+MNKMMJ8"+]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer 95C+L@@KL=HH>>C(T81 '48ST] tUninstall5C+L@@KLJ8"+]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer 95C+,.MN*=HH>>C(T81 '48ST] tUninstall5C+,.MN*J8"+]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer KK 95C+.L,@)=HH>>C(T81 '48ST] tUninstall5C+.L,@)J8"$KK]TspuninstTspuninst3e?e>

Security Update 0or 8indows "edia $layer KK 95C+.L,@)=HH>>C(T81 '48ST] tUninstall5C+.L,@)J8"$KK]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer KK 95C+MNKMN=HH>>C(T81 '48ST] tUninstall5C+MNKMNJ8"KK]TspuninstTspuninst3e?e> Security Update 0or 8indows "edia $layer + 95C+K,,.N=HH>>C(T81 '48ST] tUninstall5C+K,,.NJ8"$+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+*N,*L=HH>>C(T81 '48ST] tUninstall5C+*N,*L]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+).MLK=HH>>C(T81 '48ST] tUninstall5C+).MLK]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+).,@+=HH>C(T81 '48STsystem.)T"acro"edTFlashT&enuinst3e?e C(T81 '48STsystem.)T"acro"edTFlashT5C+).,@+3in0 Security Update 0or 8indows -$ 95C+.@NLN=HH>>C(T81 '48ST] tUninstall5C+.@NLN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+.@NLNHv)=HH>>C(T81 '48ST] tUninstall5C+.@NLNHv)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+NKML+=HH>>C(T81 '48ST] tUninstall5C+NKML+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+NLLN@=HH>>C(T81 '48ST] tUninstall5C+NLLN@]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M*,L*=HH>>C(T81 '48ST] tUninstall5C+M*,L*]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M*,L)=HH>>C(T81 '48ST] tUninstall5C+M*,L)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M*+,N=HH>>C(T81 '48ST] tUninstall5C+M*+,N]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MK*LL=HH>>C(T81 '48ST] tUninstall5C+MK*LL]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MK.,L=HH>>C(T81 '48ST] tUninstall5C+MK.,L]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MK.,LHv)=HH>>C(T81 '48ST] tUninstall5C+MK.,LHv)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MKL+@=HH>>C(T81 '48ST] tUninstall5C+MKL+@]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MK,N@=HH>>C(T81 '48ST] tUninstall5C+MK,N@]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M)**N=HH>>C(T81 '48ST] tUninstall5C+M)**N]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M)+MN=HH>>C(T81 '48ST] tUninstall5C+M)+MN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M.@.+=HH>>C(T81 '48ST] tUninstall5C+M.@.+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MN)KK=HH>>C(T81 '48ST] tUninstall5C+MN)KK]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MNNM+=HH>>C(T81 '48ST] tUninstall5C+MNNM+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MNL**=HH>>C(T81 '48ST] tUninstall5C+MNL**]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MM*L+=HH>>C(T81 '48ST] tUninstall5C+MM*L+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML.+K=HH>>C(T81 '48ST] tUninstall5C+ML.+K]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+MLM,)=HH>>C(T81 '48ST] tUninstall5C+MLM,)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML,NN=HH>>C(T81 '48ST] tUninstall5C+ML,NN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML@*)=HH>>C(T81 '48ST] tUninstall5C+ML@*)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML@*.=HH>>C(T81 '48ST] tUninstall5C+ML@*.]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML@NK=HH>>C(T81 '48ST] tUninstall5C+ML@NK]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+ML@NN=HH>>C(T81 '48ST] tUninstall5C+ML@NN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M,*+M=HH>>C(T81 '48ST] tUninstall5C+M,*+M]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M,*+,=HH>>C(T81 '48ST] tUninstall5C+M,*+,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M@LNN=HH>>C(T81 '48ST] tUninstall5C+M@LNN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M@L@,=HH>>C(T81 '48ST] tUninstall5C+M@L@,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M@L+*=HH>>C(T81 '48ST] tUninstall5C+M@L+*]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M@@L+=HH>>C(T81 '48ST] tUninstall5C+M@@L+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+M+N)L=HH>>C(T81 '48ST] tUninstall5C+M+N)L]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L*))M=HH>>C(T81 '48ST] tUninstall5C+L*))M]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L*,KM=HH>>C(T81 '48ST] tUninstall5C+L*,KM]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L*@*.=HH>>C(T81 '48ST] tUninstall5C+L*@*.]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L*@M+=HH>>C(T81 '48ST] tUninstall5C+L*@M+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+LK.,K=HH>>C(T81 '48ST] tUninstall5C+LK.,K]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+LK.,.=HH>>C(T81 '48ST] tUninstall5C+LK.,.]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+LKM*K=HH>>C(T81 '48ST] tUninstall5C+LKM*K]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L@M.,=HH>>C(T81 '48ST] tUninstall5C+L@M.,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L+*M+=HH>>C(T81 '48ST] tUninstall5C+L+*M+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L+@+@=HH>>C(T81 '48ST] tUninstall5C+L+@+@]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+L++N,=HH>>C(T81 '48ST] tUninstall5C+L++N,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,*).@=HH>>C(T81 '48ST] tUninstall5C+,*).@]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,KN@L=HH>>C(T81 '48ST] tUninstall5C+,KN@L]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,KMM,=HH>>C(T81 '48ST] tUninstall5C+,KMM,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,KL..=HH>>C(T81 '48ST] tUninstall5C+,KL..]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,KLM,=HH>>C(T81 '48ST] tUninstall5C+,KLM,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,K+LK=HH>>C(T81 '48ST] tUninstall5C+,K+LK]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,..NL=HH>>C(T81 '48ST] tUninstall5C+,..NL]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,..MN=HH>>C(T81 '48ST] tUninstall5C+,..MN]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,.M*,=HH>>C(T81 '48ST] tUninstall5C+,.M*,]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,.M)M=HH>>C(T81 '48ST] tUninstall5C+,.M)M]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,.@L+=HH>>C(T81 '48ST] tUninstall5C+,.@L+]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,NKK)=HH>>C(T81 '48ST] tUninstall5C+,NKK)]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,NM,K=HH>>C(T81 '48ST] tUninstall5C+,NM,K]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,M*)M=HH>>C(T81 '48ST] tUninstall5C+,M*)M]TspuninstTspuninst3e?e> Security Update 0or 8indows -$ 95C+,MNL,=HH>>C(T81 '48ST] tUninstall5C+,MNL,]TspuninstTspuninst3e?e> Si!elius Scorc h 9:c tive- 4nly=HH>"siF?ec3e?e /1RKMCCCCM'HLL:,HNK.KH@'.LHF*MF),C*FL@FS S/ype` .3@HH>"siF?ec3e?e /-RMC@)':FMHLFC*HN.,NH+)MNHCF..K+C:NF@)S Sony Fric sson $C Suite K3)*3K,.HH>"siF?ec 3e?e /1RCM:':LM:H,@)@HN'@MHC*,KHFCCM)CMKF,+NS Sony $ic ture UtilityHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR'M*L@M@.H'ML+HNL@CH+,MMHMFCFM@N@FNLFSTsetup3e?e> Hl*?+ /removeonly uninstall Hremoveonly Sony USC 'riverHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeTK*T*KT1ntel.)TCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRMC)+CC@CH:CKFHNKKNH@'L@H+C'*@*KN*'N:STsetup3e?e> Hl*?+ U 1 ST:%% Hremoveonly Sound":-HH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRF*:.,.NKH'L+)HKK'NH:+@NH**+*),FC*:+CSTSetup3e?e> Spellin& 'ic tionaries Support For :do!e Reader +HH>"siF?ec 3e?e /1R:C,LC:@LH,:',HMNLNH.N)@H+**********NS Thomas Saves the 'ayHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR''FMN.,CH,'C)HNCCNHCFC:HCMF,L..)M+'*STsetup3e?e> Hl*?+ Huninst T4SH1C: Con0i&FreeHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKT$R4FFSUKTRunTimeT*,*KT1ntel.)TCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRC''@.'C+HCFF+HNLMNH:M':HCCNLC)M**@@'STsetup3e?e> Hl*?+ U 1 ST:%% T4SH1C: ConsoleHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR.CF*@M@'HK:CMHN.*@H+'F,H:'KM)@@:@C'CSTSetup3e?e> Hl*?+ T4SH1C: ControlsHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunchSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR:LL+*C*FHC+LFHNF*FH:@FCH'MC..)NMN:CLSTSetup3e?e> Hl*?+ U 1 ST:%% T4SH1C: Hot/ey Utility 0or 'isplay 'evicesHH>Run'll.) advpac/3dll6%aunch1 FSection C(T81 '48ST1 FTTF FM8?p3in06'e0aultUninstall6M T4SH1C: "anualsHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRK@@C:KCCHF.:KHN+C*H:.N'H@C@LKCLNFK:FSTSetup3e?e> Hl*?+ T4SH1C: $C 'ia&nostic ToolHH>C(T81 '48ST1sUninst3e?e H0>C(T$ro&ram FilesTT4SH1C:T$C'ia&TUninst3isu> T4SH1C: $ower SaverHH>C(T81 '48ST1sUninst3e?e H0>C(T$ro&ram FilesTT4SH1C:T$ower SaverTUninst3isu> H c >C(T81 '48STSystem.)TT$S'el3dll> T4SH1C: S' "emory Card FormatHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTRN@CF+:LLHMF*.HN*)MH:C'*HC.:.F:*+M:M+STSetup3e?e> Hl*?+ T4SH1C: So0tware "odemHH>Tosmre& HU T4SH1C: Touch$ad 4n/400 Utility V)3*M3**HH>C(T81 '48ST1sUninst3e?e H0>C(T$ro&ram FilesTT4SH1C:TTouchF'TUninst3isu> Hc>C(T$ro&ram FilesTT4SH1C:TTouchF'Ttpedinst3dll> T4SH1C: UtilitiesHH>tutildel3e?e Touc h and %aunchHH>Run'll.) C(T$R4;R:UKTC4""4 UKT1 ST:%UKTen&ineTLT1 TF%.UKTCtor3dll6%aunc hSetup >C(T$ro&ram FilesT1nstallShield 1nstallation 1n0ormationTR.N,*FCFLHC,N.HN)*FHCMCFH*'),F:,N+CKLSTSetup3e?e> Hl*?+ U"V$%StandaloneHH>"siF?ec3e?e /-R@:C*N+F,HK.@.HNMC.H+F,'HF+.C:LL,F+FKS

U"V$%StandaloneHH>"siF?ec3e?e /-R@:C*N+F,HK.@.HNMC.H+F,'HF+.C:LL,F+FKS Update 0or "icroso0t 3 FT Framewor/ .3M S$K 95C+L.,*,=HH>C(T81 '48STsystem.)Tmsie?ec3e?e /pac /a&e RCF)C''L)H*K)NH.LC:H@N'.H +FN'CFMCMC'+S /uninstall RC):F+C@)H'C,CH.LNKHCFC@H@,),MCNF.L*,S /X!E RFC44T$R4"$TI>> Update 0or 8indows 1nternet F?plorer , 95C+,L,N+=HH>>C(T81 '48STie,updatesT5C+,L,N+H1F,TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+MK*,)Hv)=HH>>C(T81 '48ST] tUninstall5C+MK*,)Hv)]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+MK+,@=HH>>C(T81 '48ST] tUninstall5C+MK+,@]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+MM@.+=HH>>C(T81 '48ST] tUninstall5C+MM@.+]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+L,,KM=HH>>C(T81 '48ST] tUninstall5C+L,,KM]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+L@.@+=HH>>C(T81 '48ST] tUninstall5C+L@.@+]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+,.L@,=HH>>C(T81 '48ST] tUninstall5C+,.L@,]TspuninstTspuninst3e?e> Update 0or 8indows -$ 95C+,.@KM=HH>>C(T81 '48ST] tUninstall5C+,.@KM]TspuninstTspuninst3e?e> VC +3* RuntimeHH>"siF?ec 3e?e /1R*)F@+FFCH,C*,HN'M:H::*.H+FC*+*)+KNFFS VC +3* RuntimeHH>"siF?ec 3e?e /1R:*N*:C,,HCK::HNCC+H@+.KH+FLN@:FK,@FLS 8indows "edia Format KK runtimeHH>>C(T$ro&ram FilesT8indows "edia $layerTwmsetsd/3e?e> /Uninstall:ll 8indows "edia Format KK runtimeHH>>C(T81 '48ST] tUninstall8"F'istKK]TspuninstTspuninst3e?e> 8indows "edia $layer KKHH>>C(T$ro&ram FilesT8indows "edia $layerTSetupJwm3e?e> /Uninstall 8indows "edia $layer KKHH>>C(T81 '48ST] tUninstallwmpKK]TspuninstTspuninst3e?e> 8indows -$ Service $ac/ .HH>>C(T81 '48ST] tService$ac/Uninstall]TspuninstTspuninst3e?e> <one:larmHH>C(T$ro&ram FilesT<one %a!sT<one:larmTWauninst3e?e IIIIIISecurity c enter in0ormationIIIIII :V( :V; :ntiHVirus Free F8( <one:larm Firewall IIIIIISystem event lo&IIIIII Computer ame( C4CH-RBRC)VVL M Fvent Code( MK "essa&e( :n error was detec ted on devic e T'evic eTHarddis/KT' durin& a pa&in& operation3 Record um!er( .,M)L Sourc e ame( 'is/ Time 8ritten( )**+KK*.K+K*M@3******E*** Fvent Type( warnin& User( Computer ame( C4CH-RBRC)VVL M Fvent Code( MK "essa&e( :n error was detec ted on devic e T'evic eTHarddis/KT' durin& a pa&in& operation3 Record um!er( .,M)M Sourc e ame( 'is/ Time 8ritten( )**+KK*.K+K*.@3******E*** Fvent Type( warnin& User( Computer ame( C4CH-RBRC)VVL M Fvent Code( MK "essa&e( :n error was detec ted on devic e T'evic eTHarddis/KT' durin& a pa&in& operation3 Record um!er( .,M)) Sourc e ame( 'is/ Time 8ritten( )**+KK*.K,M.ML3******E*** Fvent Type( warnin& User( Computer ame( C4CH-RBRC)VVL M Fvent Code( MK "essa&e( :n error was detec ted on devic e T'evic eTHarddis/KT' durin& a pa&in& operation3 Record um!er( .,M)K Sourc e ame( 'is/ Time 8ritten( )**+KK*.K,M..L3******E*** Fvent Type( warnin& User( Computer ame( C4CH-RBRC)VVL M Fvent Code( MK "essa&e( :n error was detec ted on devic e T'evic eTHarddis/KT' durin& a pa&in& operation3 Record um!er( .,M)* Sourc e ame( 'is/ Time 8ritten( )**+KK*.K,M.KL3******E*** Fvent Type( warnin& User( IIIII:pplication event lo&IIIII Computer ame( C4CH-RBRC)VVL M Fvent Code( NL*+ "essa&e( The C4"E Fvent System detected a !ad return c ode durin& its internal processin&3 HRFSU%T was @**,*NKF 0rom line NN o0 d(Tcom?pJsp.TcomTc omK?Tsrc TeventsTtierKTeventsystemo!j3c pp3 $lease contac t "icroso0t $roduct Support Services to report this error3 Record um!er( K*KK Sourc e ame( FventSystem Time 8ritten( )**+*N*.K@M+MK3******E*L* Fvent Type( error User( Computer ame( C4CH-RBRC)VVL M Fvent Code( )* "essa&e( Record um!er( K**, Sourc e ame( ;oo&le Update Time 8ritten( )**+*..KKNN,)*3******E*L* Fvent Type( error User( T :UTH4R1TBTSBSTF" Computer ame( C4CH-RBRC)VVL M

Computer ame( C4CH-RBRC)VVL M Fvent Code( K*K. "essa&e( $roduct( :do!e Reader +3K HH : proc ess is runnin& that cannot !e shut down !y Setup3 $lease either close all applications and run Setup a&ain6 or restart your computer and run Setup a&ain3 Record um!er( ++, Sourc e ame( "si1nstaller Time 8ritten( )**+*..*KK*)M*3******E*L* Fvent Type( error User( C4CH-RBRC)VVL MT:dministrator Computer ame( C4CH-RBRC)VVL M Fvent Code( K*** "essa&e( Faultin& application launc her3e?e6 version K3*3K.K3,.+6 0aultin& module m0c,K3dll6 version ,3K*3.*,,3*6 0ault address *?***)+Ke!3 Record um!er( ++) Sourc e ame( :pplication Frror Time 8ritten( )**+*.)+))*M)L3******E*L* Fvent Type( error User( Computer ame( C4CH-RBRC)VVL M Fvent Code( K*L@ "essa&e( 8indows ended ;$4 proc essin& !ecause the computer shut down or the user lo&&ed o003 Record um!er( +ML Sourc e ame( Userenv Time 8ritten( )**+*.)M*@.K*.3******E*** Fvent Type( error User( T :UTH4R1TBTSBSTF" IIIIIIFnvironment varia!lesIIIIII >ComSpec>IYSystemRootYTsystem.)Tcmd3e?e >$ath>IYSystemRootYTsystem.)ZYSystemRootYZYSystemRootYTSystem.)T8!emZC(T$ro&ram FilesTCommon FilesTTelec a Shared >windir>IYSystemRootY >4S>I8indowsJ T >$R4CFSS4RJ:RCH1TFCTURF>I?@L >$R4CFSS4RJ%FVF%>IKM >$R4CFSS4RJ1'F T1F1FR>I?@L Family KM "odel ) Steppin& +6 ;enuine1ntel >$R4CFSS4RJRFV1S14 >I*)*+ > U"CFRJ4FJ$R4CFSS4RS>IK >$:THF-T>I3C4"Z3F-FZ3C:TZ3C"'Z3VCSZ3VCFZ3JSZ3JSFZ38SFZ38SH >TF"$>IYSystemRootYTTF"$ >T"$>IYSystemRootYTTF"$ >F$J 4JH4STJCHFC5>I 4 >tvdump0la&s>I@ >'FF:U%TJC:J R>IC:L HHHHHHHHHHHHHHHHHF4FHHHHHHHHHHHHHHHHH Hope this helps Cen JJJJJJJJJJJJJJJJJJ

12-15-2009, 07:34 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hello a&ain6 'ownload the 0ollowin& tool 0rom the lin/ !elow6 and save it to your des/top3 1ink

QQ ote( 1t is important that it is saved direc tly to your des/topQQ


Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH HHHHHHHHHHHHHHHHH K3 'isc onnect 0rom the internet3 )3 Close/disa!le all anti virus and anti malware pro&rams so they do not inter0ere with the runnin& o0 5ittyFi?3e?e3 HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH HHHHHHHHHHHHHHHHH 'ou!le c lic/ on 2itty-i'.e'e G 0ollow the prompts3 8hen 0inished6 it will produc e a report 0or you3 $lease post the C#,Combo-i'.t't so we c an continue c leanin& the system3

ote( 'o not mousec lic/ 5ittyFi?2s window while it2s runnin&3 That may cause it to stall JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-17-2009, 10:42 AM

12-17-2009, 10:42 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi 1 enc ountered a couple o0 pro!lems( K3 :V; Free + H there doesn2t appear to !e a 2disa!le2 option3 1 tried to end tas/ throu&h the tas/ mana&er !ut 2Tas/ "ana&er has !een disa!led !y your administrator2 9even thou&h 1 am lo&&ed in as :dministrator=3 1 disa!led every !it 1 could thou&h6 so 1 thin/ 5ittyFi? ran 45 )3 1 &ot a warnin& a!out 8indows Recovery Console not !ein& installed6 !ut couldn2t download and install it cos the mac hine isn2t on the internet7 C(TCom!o0i?3t?t is attac hed Hope this is 45 Cheers Cen Com!oFi? *+HK)HKL3*M H :dministrator K,/K)/)**+ K@()*(KK3K3K H ?@L "ic roso0t 8indows -$ $ro0essional M3K3)L**3.3K)M)3NN3K*..3K@3,MK3.)) O;"T *(**P Runnin& 0rom( c(Tdocuments and settin&sT:dministratorT'es/topT5ittyFi?3e?e :V( :V; :ntiHVirus Free Q4nHaccess scannin& disa!ledQ 94utdated= RK,'''*+,H.LFFHN.MFH+FKCHM)',N)NM'LCFS F8( <one:larm Firewall Qdisa!ledQ R@)+C':.)H+NC.HNNFNH@NNLHF@FCFF@*+F@CS 8:R 1 ; HTH1S ":CH1 F '4FS 3 4T H:VF THF RFC4VFRB C4 S4%F 1 ST:%%F' 77

999999999999999999999999999999999999999 4ther 'eletions ================================================= 3 c(Tdocuments and settin&sT:dministratorT"y 'oc umentsT<!Thum!nail3in0o c(Trecyc lerTSHKHMH)KHK*@M*.K)KNH,+*M)MN,@H,)M.NMMN.HM** 3 9999999999999999999999999 Files Created 0rom )**+HKKHK, to )**+HK)HK, =============================== 3 )**+HK)HKM )**+HK)HKM )**+HK)H*, )**+HK)H*, )**+HKKH)N )**+HKKH)N K@(K@ K@(K@ K,(K+ K,(K+ K)(.. K)(.. 3 3 3 3 3 3 )**+HK)HKM )**+HK)HKM )**+HK)H*, )**+HK)H*, )**+HKKH)N )**+HKKH)N K@(K@ K@(K@ K,(K+ K,(K+ K)(.. K)(.. HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTtrend mic ro HHHHHHHH dHHHHHwH C(Trsit * HHHHaHwH c(TwindowsTnsre&3dat HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT%ocal Settin&sT:pplication 'ataT"oWilla NK@M HHshaHrH c(TwindowsTsystem.)Tnepalloid3!at .+.N) HHshaHrH c (TwindowsTsystem.)Tnepalloid3v!e

3 9999999999999999999999999999999999999999 Find." Report ==================================================== 3 )**+HK)HK, K,(M+ 3 )**@H*)H)* K@()+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTS/ype )**+HK)HK, K,(M+ 3 )**@H*)H)* K@(.N HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTs/ype$" )**+HK)H*, K@(*N 3 )**@H*)HKN K@(K, * HHHHaHwH c(TwindowsTsystem.)TdriversTlvuvc3hs )**+HK)H*, KN(** 3 )**@H*)HKN KM(MM HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT;oo&le )**+HK)H*, *@(NM 3 )**@H*)HKK )*(K+ ,K,L@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT%ocal Settin&sT:pplic ation 'ataT;'1$F4 TC:CHFVK3':T )**+HKKHKL KK(.+ 3 )**+HKKHKL KK(.+ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t C:$1C4" )3K3*3) )**+HKKHKM *@(MK 3 )**+HKKHKM *@(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t Silverli&ht )**+HKKHK* *@(KK 3 )**+HK*H)@ K@(.N .L*M@N HHHHaHwH c(TwindowsTsystem.)TdriversTav&tdi?3sys )**+HKKH*+ )K(NM 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:head )**+HK*H.K K,(.+ 3 )**+HK*H.K K,(M* K@.LMNN HHHHaHwH c(TwindowsT1nternet %o&sT?'CK:3tmp )**+HK*H.* )*(.K 3 )**+H*+H)) K.(MK HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:udacity )**+HK*H)@ K+(NK 3 )**+HK*H)+ *L(MK K@.@*@* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK+3tmp )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(.@ ...K+) HHHHaHwH c(TwindowsTsystem.)TdriversTav&ld?@L3sys )**+HK*H)@ K@(.N 3 )**@H*)HKK )K()N )@N)N HHHHaHwH c (TwindowsTsystem.)TdriversTav&m0?@L3sys )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(NK K)NLN HHHHaHwH c (TwindowsTsystem.)Tav&rsst?3dll )**+HK*H)@ K@(.. 3 )**+HK*H)@ K@(.. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+ )**+HK*H)@ K@(.. 3 )**@H*LH)) K)(.@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT:V; )**+HK*H), *@(N* 3 )**+HK*H), *@(NK K@)),)* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK@3tmp )**+HK*H)M K+(K) 3 )**.HK)HK+ *,(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:do!e )**+HK*H)M *+(*) 3 )**@H*@H). K@(ML @+K+N,M HHHHaHwH c(TwindowsT1nternet %o&sTtv'e!u&3Wip )**+HK*H)N K*()+ 3 )**@H*)HKM K@(KL HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCy!er%in/ )**+HK*H). KL(M) 3 )**+HK*H). KL(N, K,)K,**@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTrpTReal$layerS$;old3e?e )**+HK*H). KL(N, 3 )**+HK*H). KL(N, @N*LLN@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTRealTUpdateTsetupT&t!JusT;44;%FJT44%C:RT;oo&leTool!ar1nstaller3e?e )**+HK*H). KL(NN 3 )**+HK*H). KL(NN K*.*+NN@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTchrTChrome1nstaller3e?e )**+HK*H). KL(N* 3 )**+HK*H). KL(N* LN*** HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&c apiJdll3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M))@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&tapi3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M*L@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T00t!api3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* KKNL@@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&Tcompat3dll )**+HK*H). KL(.+ 3 )**@H*+H)M )*(K, N@@+L@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTsetup3e?e )**+HK*H)K K+(KN 3 )**+HK*H)K K+(KN HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT%oc alServiceT:pplication 'ataTCy!er%in/ )**+HK*HK+ )*()@ 3 )**.HK)HK+ *,(*K HHHHHHHH dHHhHHwH c(Tpro&ram 0ilesT1nstallShield 1nstallation 1n0ormation )**+HK*HK+ K+(N+ 3 )**+HK*HK+ K@(.* HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:head )**+HK*HK+ K@(), 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataT ero )**+HK*HK+ K@(), 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT ero )**+HK*HK+ *+()K 3 )**@H*.HKN *+(M. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTCy!er%in/ )**+HK*HK+ *+()K 3 )**@H*.HKN *+(M. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTCy!er%in/ 3 9999999999999999999999999999999999999 Re& %oadin& $oints ================================================== 3 3

3 Q oteQ empty entries G le&it de0ault entries are not shown RF;F'1TN OH5FBJCURRF TJUSFRTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >T4SC'S$'>I>c(Tpro&ram 0ilesTT4SH1C:TT4SC'S$'Ttoscdspd3e?e> O)**.H*+H*M LMM.LP >S/ype>I>c(Tpro&ram 0ilesTS/ypeT$honeTS/ype3e?e> O)**@HKKH*, )KL...)*P >Runmeinit>I>c(TwindowsTsystem.)Tnepalloid3!at> O)**+HKKH)N NK@MP OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >1&0?Tray>I>c (TwindowsTSystem.)Ti&0?tray3e?e> O)**.H*NH*, KMMLN@P >Hot5eysCmds>I>c(TwindowsTSystem.)Th/cmd3e?e> O)**.H*NH*, KKNL@@P >**THot/ey>I>c(TwindowsTSystem.)T**THot/ey3e?e> O)**.H*MH). )M.+M)P >***StTH5>I>***StTH53e?e> O)**KH*LH). )NM,LP >%TS""S;>I>%TS""S;3e?e> O)**.H*NHK@ .),L@P >:point>I>c(Tpro&ram 0ilesT:point)5T:point3e?e> O)**.H*,HK, KM+,NNP >TouchF'>I>c(Tpro&ram 0ilesTT4SH1C:TTouchF'TTouchF'3F?e> O)**.H*.HKK K))@@*P >$adTouch>I>c(Tpro&ram 0ilesTT4SH1C:T$adTouc hT$adF?e3e?e> O)**.HKKH)N K*K++*NP >TF FM>I>TF FM3e?e> O)**.HK*HKM ,.,)@P >T$S"ain>I>T$S"ain3e?e> O)**.HKKH), )LL)N*P >TFnc5y>I>TFnc 5y3e?e> OCUP >%o&itechCommunications"ana&er>I>c (Tpro&ram 0ilesTCommon FilesT%o&itec hT%Com"&rTCommunic ationsJHelper3e?e> O)**LH*LH)L N+,)**P >%o&itechVuic/CamRi!!on>I>c (Tpro&ram 0ilesT%o&itec hTVuic /CamK*TVuic/CamK*3e?e> O)**LH*LH)L LKN+L*P >%VC4"S->I>c(Tpro&ram 0ilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e> O)**LH*LH)L )N.)N@P >wltray3e?e>I>c(TwindowsTsystem.)Twltray3e?e> O)**MH*LH*@ ,,@.K@P >$rinTray>I>c(TwindowsTSystem.)TspoolT'R1VFRST8.)-@LT)Tprintray3e?e> O)***H*NH)K .L@LNP ><one:larm Client>I>c(Tpro&ram 0ilesT<one %a!sT<one:larmTWlc lient3e?e> O)**+H*)HKM +@K.@NP >:V;+JTR:B>I>c(Tpro&raUKT:V;T:V;+Tav&tray3e?e> O)**+HKKHK. )*)*K)*P OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTwindows ntTcurrentversionTwinlo&onTnoti0yTav&rsstarterP )**+HK*H)@ K@(.N K)NLN HHHHaHwH c(TwindowsTsystem.)Tav&rsst?3dll OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P )**+H*+H*N K)(*@ +.M)@@ HHHHaHrH c(Tpro&ram 0ilesTCommon FilesT:do!eT:R"TK3*T:do!e:R"3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e Reader Speed %auncherP )**+HK*H*. *N(*@ .ML+L HHHHaHwH c(Tpro&ram 0ilesT:do!eTReader +3*TReaderTreaderJsl3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ Component "ana&erP )**NH*MHK) KN(K@ )NKLLN HHHHaHwH c(Tpro&ram 0ilesTH$ThpcoretechThpc mpm&r3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ So0tware UpdateP )**NH*)HK) K.(.@ N+KM) HHHHaHwH c(Tpro&ram 0ilesTH$TH$ So0tware UpdateThpwuSc hd)3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T%an&ua&eShortc utP )**LHK)H*M )K(MM MN@.) HHHHaHwH c(Tpro&ram 0ilesTCy!er%in/T$ower'V'T%an&ua&eT%an&ua&e3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T4R:HSSSession"ana&erP )**,HK)HK) *+(M* K*,)N@ HHHHaHwH c(Tpro&ram 0ilesT4ran&eTSession"ana&erTSession"ana&er3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TRemoteControlP )**LHKKH). KN(K* ML+)@ HHHHHHwH c (Tpro&ram 0ilesTCy!er%in/T$ower'V'T$'V'Serv3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TSony Fricsson $C SuiteP )**MHK*H)L KM(K, KM+,NN HHHHaHrH c(Tpro&ram 0ilesTSony Fric ssonT"o!ile)T:pplication %auncherT:pplication %auncher3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTsecurity centerT"onitorin&T<one%a!sFirewallP >'isa!le"onitorin&>Idword(*******K OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileP >Fna!leFirewall>I * 9*?*= OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileT:uthoriWed:pplic ationsT%istP >YwindirYTTsystem.)TTsessm&r3e?e>I >YwindirYTT etwor/ 'ia&nostic TT?pnetdia&3e?e>I >c(TT81 '48STTsystem.)TT!c mwld)/3e?e>I >c(TT$ro&ram FilesTT4ran&eTTConnec tivityTTConnec tivity"ana&er3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&upd3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&ns?3e?e>I >c(TT$ro&ram FilesTTS/ypeTT$honeTTS/ype3e?e>I RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZc (TwindowsTsystem.)TdriversTav&ld?@L3sys O))/*L/)**@ K)(.@ ...K+)P RK :v&Tdi-Z:V; Free etwor/ RedirectorZc(TwindowsTsystem.)TdriversTav&tdi?3sys O)@/K*/)**+ K@(.N .L*M@NP R) av&+wdZ:V; Free 8atch'o&Zc (Tpro&ram 0ilesT:V;T:V;+Tav&wdsvc3e?e O)@/K*/)**+ K@(.. )@M.+)P R. Coni0ayZConi0ayZc(TwindowsTsystem.)TdriversTConi0ay3sys OK+/*)/)**@ K@(KN K)KL*P S) &updateKc+a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc +a!d!N,ce.0.a=Zc(Tpro&ram 0ilesT;oo&leTUpdateT;oo&leUpdate3e?e O)./*./)**+ K,(K, K..K*NP S. ;onWalesZ;onWalesZc(TwindowsTsystem.)TdriversT;onWales3sys OK+/*)/)**@ K@(KN ,*N*P S. s**K,!usZSony Fricsson 'evice **K, driver 98'"=Zc(TwindowsTsystem.)TdriversTs**K,!us3sys O)K/*M/)**+ )K()K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZc(TwindowsTsystem.)TdriversTs**K,md0l3sys O)K/*M/)**+ )K()K KM*KLP S. s**K,mdmZSony Fric sson 'evice **K, USC 8"C "odem 'riverZc(TwindowsTsystem.)TdriversTs**K,mdm3sys O)K/*M/)**+ )K()K KKNL**P S. s**K,m&mtZSony Fric sson 'evice **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Zc(TwindowsTsystem.)TdriversTs**K,m&mt3sys O)K/*M/)**+ )K()K K*@.)@P S. s**K,ndMZSony Fric sson 'evice **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Zc (TwindowsTsystem.)TdriversTs**K,ndM3sys O)K/*M/)**+ )K()K )L*)NP S. s**K,o!e?ZSony Fric sson 'evic e **K, USC 8"C 4CF- 1nter0aceZc (TwindowsTsystem.)TdriversTs**K,o!e?3sys O)K/*M/)**+ )K()K K*NLKLP S. s**K,unic ZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Zc(TwindowsTsystem.)TdriversTs**K,unic3sys O)K/*M/)**+ )K()K K*+,.LP S. <'K)KKCU9.C4" Corporation=Z.Com 400ic eConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Zc(TwindowsTsystem.)TdriversT<'K)KKCU3sys OKK/*)/)**@ K@(*L N*)+NNP 3 HHHHHHH Supplementary Scan HHHHHHH 3 uStart $a&e I h??p(//www3tesc o3net/ u'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie mStart $a&e I h??p(//www3&oo&le3c om uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs

uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs 1F( :dd to ;oo&le $hotos Sc reensaGver H c(TwindowsTsystem.)T;$hotos3scr/)** 1F( FG?port to "icroso0t F?cel H c(Tpro&raUKT"1CR4SU)T4FF1CFKKTF-CF%3F-F/.*** Trusted <one( tesc o3netTmem!erservices Trusted <one( tesc o3netTre&ister FF H $ro0ile$ath H c(Tdocuments and settin&sT:dministratorT:pplication 'ataT"oWillaTFire0o?T$ro0ilesT0mn@w)Lm3de0aultT FF H pre0s3js( !rowser3startup3homepa&e H h??p(//www3tesco3net/ FF H plu&in( c(Tpro&ram 0ilesT;oo&leT;oo&le FarthTplu&inTnp&eplu&in3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leT$ic asa.Tnp$ic asa.3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leTUpdateTK3)3K@.3K.Tnp;oo&le4neClic/@3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKK3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK.3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKN3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $Java.)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $J$1KN)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $4J1LK*3dll FF H HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H c(TwindowsT"icroso0t3 FTTFramewor/Tv.3MT8indows $resentation FoundationT'ot et:ssistantF?tensionT 3 H H H H 4R$H: S RF"4VF' H H H H H5CUHRunHC&"onitorJR,+LL)F*NH,CLCHNd+0H@NC,H@@'@:MLCK*::S H c(Tpro&ram 0ilesTCommon FilesT:headT%i!T "C&"onitor3e?e "SCon0i&StartUpH eroFilterChec/ H c(Tpro&ram 0ilesTCommon FilesT:headT%i!T eroChec/3e?e

QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ catchme *3.3K.+@ 8)5/-$/Vista H root/it/stealth malware detec tor !y ;mer6 http(//www3&mer3net Root/it scan )**+HK)HK, K@()@ 8indows M3K3)L** Service $ac/ . TFS sc annin& hidden processes 333 sc annin& hidden autostart entries 333 sc annin& hidden 0iles 333 sc an completed success0ully hidden 0iles( * QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 3 Completion time( )**+HK)HK, K@(.)(N+ Com!oFi?HXuarantinedH0iles3t?t )**+HK)HK, K@(.) $reHRun( K,6,)M6K@K6+M) !ytes 0ree $ostHRun( K,6L++6LM+6,,L !ytes 0ree H H Fnd 40 File H H FCF*@C'M+'KLKMF,@:K,)CC.+:.F@*C@
Attached Files C om!oFi?3t?t 9K.3M 5C6 ) views=

JJJJJJJJJJJJJJJJJJ

12-17-2009, 05:00 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hello Cen 1s this computer connected to the internet or was Com!oFi? simply tellin& you it could not connect# $lease let me /now so 1 decide the ne?t plan o0 attac /3 :lso please let me /now i0 you are now a!le to use the tas/ mana&er3 JJJJJJJJJJJJJJJJJJ

Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-18-2009, 01:55 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi The laptop !attery died last ni&ht and 1 re!ooted3 Ce0ore this happened 1 could &et on tas/ mana&er7 pro!lems as 1 started with3 (9 ow 12ve re!ooted 1 have all the same

So6 1 re!ooted6 connec ted the machine to my !road!and and ran 5ittyFi? a&ain3 1t downloaded G installed Recovery Console3 So 12ve &ot a new set o0 lo&s 0or you 9see !elow=3 ow that it2s run throu&h 1 c an use Tas/ "ana&er a&ain3 Cheers Cen

Cen IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII Com!oFi? *+HK)HKL3*M H :dministrator K@/K)/)**+ +(*@3)3K H ?@L "ic roso0t 8indows -$ $ro0essional M3K3)L**3.3K)M)3NN3K*..3K@3,MK3.ML O;"T *(**P Runnin& 0rom( c(Tdocuments and settin&sT:dministratorT'es/topT5ittyFi?3e?e :V( :V; :ntiHVirus Free Q4nHaccess scannin& disa!ledQ 94utdated= RK,'''*+,H.LFFHN.MFH+FKCHM)',N)NM'LCFS F8( <one:larm Firewall Qena!ledQ R@)+C':.)H+NC.HNNFNH@NNLHF@FCFF@*+F@CS 3 9999999999999999999999999 Files Created 0rom )**+HKKHK@ to )**+HK)HK@ =============================== 3 )**+HK)HK@ *+(*+ 3 )**+HKKH)) KN(MM .+L.KL* HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&core?3dll )**+HK)HK@ *+(*) 3 )**+HKKH)) K*(KM @NN*ML HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplication 'ataTav&+TupdateT!ac/upTav&upd3e?e )**+HK)HK@ *+(*) 3 )**+HKKH)) K*(KM KLM@K.L HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&upd3dll )**+HK)HK@ *+(*) 3 )**+HK)HK@ *+(*) HHHHHHHH dHHHHHwH c(TwindowsT%ast;ood )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTtrend mic ro )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH C(Trsit )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ * HHHHaHwH c(TwindowsTnsre&3dat )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT%ocal Settin&sT:pplication 'ataT"oWilla )**+HKKH)N K)(.. 3 )**+HKKH)N K)(.. NK@M HHshaHrH c(TwindowsTsystem.)Tnepalloid3!at )**+HKKH)N K)(.. 3 )**+HKKH)N K)(.. .+.N) HHshaHrH c (TwindowsTsystem.)Tnepalloid3v!e 3 9999999999999999999999999999999999999999 Find." Report ==================================================== 3 )**+HK)HK@ *+()* 3 )**@H*)H)* K@()+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTS/ype )**+HK)HK@ *@(K. 3 )**@H*)H)* K@(.N HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTs/ype$" )**+HK)H*, K@(*N 3 )**@H*)HKN K@(K, * HHHHaHwH c(TwindowsTsystem.)TdriversTlvuvc3hs )**+HK)H*, KN(** 3 )**@H*)HKN KM(MM HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT;oo&le )**+HK)H*, *@(NM 3 )**@H*)HKK )*(K+ ,K,L@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT%ocal Settin&sT:pplic ation 'ataT;'1$F4 TC:CHFVK3':T )**+HKKHKL KK(.+ 3 )**+HKKHKL KK(.+ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t C:$1C4" )3K3*3) )**+HKKHKM *@(MK 3 )**+HKKHKM *@(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t Silverli&ht )**+HKKHK* *@(KK 3 )**+HK*H)@ K@(.N .L*M@N HHHHaHwH c(TwindowsTsystem.)TdriversTav&tdi?3sys )**+HKKH*+ )K(NM 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:head )**+HK*H.K K,(.+ 3 )**+HK*H.K K,(M* K@.LMNN HHHHaHwH c(TwindowsT1nternet %o&sT?'CK:3tmp )**+HK*H.* )*(.K 3 )**+H*+H)) K.(MK HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:udacity )**+HK*H)@ K+(NK 3 )**+HK*H)+ *L(MK K@.@*@* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK+3tmp )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(.@ ...K+) HHHHaHwH c(TwindowsTsystem.)TdriversTav&ld?@L3sys )**+HK*H)@ K@(.N 3 )**@H*)HKK )K()N )@N)N HHHHaHwH c (TwindowsTsystem.)TdriversTav&m0?@L3sys )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(NK K)NLN HHHHaHwH c (TwindowsTsystem.)Tav&rsst?3dll )**+HK*H)@ K@(.. 3 )**+HK*H)@ K@(.. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+ )**+HK*H)@ K@(.. 3 )**@H*LH)) K)(.@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT:V; )**+HK*H), *@(N* 3 )**+HK*H), *@(NK K@)),)* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK@3tmp )**+HK*H)M K+(K) 3 )**.HK)HK+ *,(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:do!e )**+HK*H)M *+(*) 3 )**@H*@H). K@(ML @+K+N,M HHHHaHwH c(TwindowsT1nternet %o&sTtv'e!u&3Wip )**+HK*H)N K*()+ 3 )**@H*)HKM K@(KL HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCy!er%in/ )**+HK*H). KL(M) 3 )**+HK*H). KL(N, K,)K,**@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTrpTReal$layerS$;old3e?e )**+HK*H). KL(N, 3 )**+HK*H). KL(N, @N*LLN@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTRealTUpdateTsetupT&t!JusT;44;%FJT44%C:RT;oo&leTool!ar1nstaller3e?e )**+HK*H). KL(NN 3 )**+HK*H). KL(NN K*.*+NN@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTchrTChrome1nstaller3e?e )**+HK*H). KL(N* 3 )**+HK*H). KL(N* LN*** HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&c apiJdll3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M))@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&tapi3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M*L@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T00t!api3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* KKNL@@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&Tcompat3dll )**+HK*H). KL(.+ 3 )**@H*+H)M )*(K, N@@+L@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTsetup3e?e )**+HK*H)K K+(KN 3 )**+HK*H)K K+(KN HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT%oc alServiceT:pplication 'ataTCy!er%in/ )**+HK*HK+ )*()@ 3 )**.HK)HK+ *,(*K HHHHHHHH dHHhHHwH c(Tpro&ram 0ilesT1nstallShield 1nstallation 1n0ormation )**+HK*HK+ K+(N+ 3 )**+HK*HK+ K@(.* HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:head )**+HK*HK+ K@(), 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataT ero )**+HK*HK+ K@(), 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT ero )**+HK*HK+ *+()K 3 )**@H*.HKN *+(M. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTCy!er%in/ )**+HK*HK+ *+()K 3 )**@H*.HKN *+(M. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTCy!er%in/ 3 99999999999999999999999999999 SnapShotD)**+HK)HK,JK@3)@3M) ========================================= 3 3 9999999999999999999999999999999999999 Re& %oadin& $oints ================================================== 3 3 Q oteQ empty entries G le&it de0ault entries are not shown RF;F'1TN OH5FBJCURRF TJUSFRTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >T4SC'S$'>I>c(Tpro&ram 0ilesTT4SH1C:TT4SC'S$'Ttoscdspd3e?e> O)**.H*+H*M LMM.LP >S/ype>I>c(Tpro&ram 0ilesTS/ypeT$honeTS/ype3e?e> O)**@HKKH*, )KL...)*P >Runmeinit>I>c(TwindowsTsystem.)Tnepalloid3!at> O)**+HKKH)N NK@MP OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >1&0?Tray>I>c (TwindowsTSystem.)Ti&0?tray3e?e> O)**.H*NH*, KMMLN@P >Hot5eysCmds>I>c(TwindowsTSystem.)Th/cmd3e?e> O)**.H*NH*, KKNL@@P >**THot/ey>I>c(TwindowsTSystem.)T**THot/ey3e?e> O)**.H*MH). )M.+M)P >***StTH5>I>***StTH53e?e> O)**KH*LH). )NM,LP >%TS""S;>I>%TS""S;3e?e> O)**.H*NHK@ .),L@P >:point>I>c(Tpro&ram 0ilesT:point)5T:point3e?e> O)**.H*,HK, KM+,NNP >TouchF'>I>c(Tpro&ram 0ilesTT4SH1C:TTouchF'TTouchF'3F?e> O)**.H*.HKK K))@@*P >$adTouch>I>c(Tpro&ram 0ilesTT4SH1C:T$adTouc hT$adF?e3e?e> O)**.HKKH)N K*K++*NP

>$adTouch>I>c(Tpro&ram 0ilesTT4SH1C:T$adTouc hT$adF?e3e?e> O)**.HKKH)N K*K++*NP >TF FM>I>TF FM3e?e> O)**.HK*HKM ,.,)@P >T$S"ain>I>T$S"ain3e?e> O)**.HKKH), )LL)N*P >TFnc5y>I>TFnc 5y3e?e> OCUP >%o&itechCommunications"ana&er>I>c (Tpro&ram 0ilesTCommon FilesT%o&itec hT%Com"&rTCommunic ationsJHelper3e?e> O)**LH*LH)L N+,)**P >%o&itechVuic/CamRi!!on>I>c (Tpro&ram 0ilesT%o&itec hTVuic /CamK*TVuic/CamK*3e?e> O)**LH*LH)L LKN+L*P >%VC4"S->I>c(Tpro&ram 0ilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e> O)**LH*LH)L )N.)N@P >wltray3e?e>I>c(TwindowsTsystem.)Twltray3e?e> O)**MH*LH*@ ,,@.K@P >$rinTray>I>c(TwindowsTSystem.)TspoolT'R1VFRST8.)-@LT)Tprintray3e?e> O)***H*NH)K .L@LNP ><one:larm Client>I>c(Tpro&ram 0ilesT<one %a!sT<one:larmTWlc lient3e?e> O)**+H*)HKM +@K.@NP >:V;+JTR:B>I>c(Tpro&raUKT:V;T:V;+Tav&tray3e?e> O)**+HK)HK@ )*..N.)P OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTwindows ntTcurrentversionTwinlo&onTnoti0yTav&rsstarterP )**+HK*H)@ K@(.N K)NLN HHHHaHwH c(TwindowsTsystem.)Tav&rsst?3dll OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P )**+H*+H*N K)(*@ +.M)@@ HHHHaHrH c(Tpro&ram 0ilesTCommon FilesT:do!eT:R"TK3*T:do!e:R"3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e Reader Speed %auncherP )**+HK*H*. *N(*@ .ML+L HHHHaHwH c(Tpro&ram 0ilesT:do!eTReader +3*TReaderTreaderJsl3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ Component "ana&erP )**NH*MHK) KN(K@ )NKLLN HHHHaHwH c(Tpro&ram 0ilesTH$ThpcoretechThpc mpm&r3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ So0tware UpdateP )**NH*)HK) K.(.@ N+KM) HHHHaHwH c(Tpro&ram 0ilesTH$TH$ So0tware UpdateThpwuSc hd)3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T%an&ua&eShortc utP )**LHK)H*M )K(MM MN@.) HHHHaHwH c(Tpro&ram 0ilesTCy!er%in/T$ower'V'T%an&ua&eT%an&ua&e3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T4R:HSSSession"ana&erP )**,HK)HK) *+(M* K*,)N@ HHHHaHwH c(Tpro&ram 0ilesT4ran&eTSession"ana&erTSession"ana&er3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TRemoteControlP )**LHKKH). KN(K* ML+)@ HHHHHHwH c (Tpro&ram 0ilesTCy!er%in/T$ower'V'T$'V'Serv3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TSony Fricsson $C SuiteP )**MHK*H)L KM(K, KM+,NN HHHHaHrH c(Tpro&ram 0ilesTSony Fric ssonT"o!ile)T:pplication %auncherT:pplication %auncher3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTsecurity centerT"onitorin&T<one%a!sFirewallP >'isa!le"onitorin&>Idword(*******K OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileP >Fna!leFirewall>I * 9*?*= OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileT:uthoriWed:pplic ationsT%istP >YwindirYTTsystem.)TTsessm&r3e?e>I >YwindirYTT etwor/ 'ia&nostic TT?pnetdia&3e?e>I >c(TT81 '48STTsystem.)TT!c mwld)/3e?e>I >c(TT$ro&ram FilesTT4ran&eTTConnec tivityTTConnec tivity"ana&er3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&upd3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&ns?3e?e>I >c(TT$ro&ram FilesTTS/ypeTT$honeTTS/ype3e?e>I RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZc (TwindowsTsystem.)TdriversTav&ld?@L3sys O))/*L/)**@ K)(.@ ...K+)P RK :v&Tdi-Z:V; Free etwor/ RedirectorZc(TwindowsTsystem.)TdriversTav&tdi?3sys O)@/K*/)**+ K@(.N .L*M@NP R) av&+wdZ:V; Free 8atch'o&Zc (Tpro&ram 0ilesT:V;T:V;+Tav&wdsvc3e?e O)@/K*/)**+ K@(.. )@M.+)P R. Coni0ayZConi0ayZc(TwindowsTsystem.)TdriversTConi0ay3sys OK+/*)/)**@ K@(KN K)KL*P S) &updateKc+a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc +a!d!N,ce.0.a=Zc(Tpro&ram 0ilesT;oo&leTUpdateT;oo&leUpdate3e?e O)./*./)**+ K,(K, K..K*NP S. ;onWalesZ;onWalesZc(TwindowsTsystem.)TdriversT;onWales3sys OK+/*)/)**@ K@(KN ,*N*P S. s**K,!usZSony Fricsson 'evice **K, driver 98'"=Zc(TwindowsTsystem.)TdriversTs**K,!us3sys O)K/*M/)**+ )K()K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZc(TwindowsTsystem.)TdriversTs**K,md0l3sys O)K/*M/)**+ )K()K KM*KLP S. s**K,mdmZSony Fric sson 'evice **K, USC 8"C "odem 'riverZc(TwindowsTsystem.)TdriversTs**K,mdm3sys O)K/*M/)**+ )K()K KKNL**P S. s**K,m&mtZSony Fric sson 'evice **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Zc(TwindowsTsystem.)TdriversTs**K,m&mt3sys O)K/*M/)**+ )K()K K*@.)@P S. s**K,ndMZSony Fric sson 'evice **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Zc (TwindowsTsystem.)TdriversTs**K,ndM3sys O)K/*M/)**+ )K()K )L*)NP S. s**K,o!e?ZSony Fric sson 'evic e **K, USC 8"C 4CF- 1nter0aceZc (TwindowsTsystem.)TdriversTs**K,o!e?3sys O)K/*M/)**+ )K()K K*NLKLP S. s**K,unic ZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Zc(TwindowsTsystem.)TdriversTs**K,unic3sys O)K/*M/)**+ )K()K K*+,.LP S. <'K)KKCU9.C4" Corporation=Z.Com 400ic eConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Zc(TwindowsTsystem.)TdriversT<'K)KKCU3sys OKK/*)/)**@ K@(*L N*)+NNP 3 HHHHHHH Supplementary Scan HHHHHHH 3 uStart $a&e I h??p(//www3tesc o3net/ u'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie mStart $a&e I h??p(//www3&oo&le3c om uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs 1F( :dd to ;oo&le $hotos Sc reensaGver H c(TwindowsTsystem.)T;$hotos3scr/)** 1F( FG?port to "icroso0t F?cel H c(Tpro&raUKT"1CR4SU)T4FF1CFKKTF-CF%3F-F/.*** Trusted <one( tesc o3netTmem!erservices Trusted <one( tesc o3netTre&ister FF FF FF FF FF FF FF FF FF FF FF FF FF H H H H H H H H H H H H H $ro0ile$ath H c(Tdocuments and settin&sT:dministratorT:pplication 'ataT"oWillaTFire0o?T$ro0ilesT0mn@w)Lm3de0aultT pre0s3js( !rowser3startup3homepa&e H h??p(//www3tesco3net/ plu&in( c(Tpro&ram 0ilesT;oo&leT;oo&le FarthTplu&inTnp&eplu&in3dll plu&in( c(Tpro&ram 0ilesT;oo&leT$ic asa.Tnp$ic asa.3dll plu&in( c(Tpro&ram 0ilesT;oo&leTUpdateTK3)3K@.3K.Tnp;oo&le4neClic/@3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKK3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK)3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK.3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKN3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $Java.)3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $J$1KN)3dll plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $4J1LK*3dll HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H

FF H HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H c(TwindowsT"icroso0t3 FTTFramewor/Tv.3MT8indows $resentation FoundationT'ot et:ssistantF?tensionT 3 QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ catchme *3.3K.+@ 8)5/-$/Vista H root/it/stealth malware detec tor !y ;mer6 http(//www3&mer3net Root/it scan )**+HK)HK@ *+()* 8indows M3K3)L** Service $ac/ . TFS sc annin& hidden processes 333 sc annin& hidden autostart entries 333 sc annin& hidden 0iles 333 sc an completed success0ully hidden 0iles( * QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 3 HHHHHHHHHHHHHHHHHHHHH '%%s %oaded Under Runnin& $rocesses HHHHHHHHHHHHHHHHHHHHH H H H H H H H > 2e?plorer3e?e29NLM)= c(TwindowsTsystem.)T81 1 FT3dll c(Tpro&raUKT81 '48U)Twmp!and3dll c(TwindowsTsystem.)Tie0rame3dll c(TwindowsTsystem.)T8$'ShService4!j3dll c(TwindowsTsystem.)T$orta!le'eviceTypes3dll c(TwindowsTsystem.)T$orta!le'evice:pi3dll c(TwindowsTsystem.)TT$wrC0&3'%% c(TwindowsTsystem.)TT$wrRe&3dll c(TwindowsTsystem.)TT$STrac e3'%% 3 Completion time( )**+HK)HK@ *+()M(N+ Com!oFi?HXuarantinedH0iles3t?t )**+HK)HK@ *+()M Com!oFi?)3t?t )**+HK)HK, K@(.) $reHRun( K,6M*.6@.@6)*@ !ytes 0ree $ostHRun( K,6NL)6KL+6L** !ytes 0ree 8indows-$H5C.K*++NHS$)H$roHCoot'is/HF U3e?e O!oot loaderP timeoutI) de0aultImulti9*=dis/9*=rdis/9*=partition9K=T81 '48S Ooperatin& systemsP c(Tc mdconsTC44TSFCT3':TI>"icroso0t 8indows Recovery Console> /c mdcons multi9*=dis/9*=rdis/9*=partition9K=T81 '48SI>"icroso0t 8indows -$ $ro0essional> /0astdetect / oF?ecuteI4pt1n H H Fnd 40 File H H LCLFLFKFN)+C,*C,,.*FC'+F,FN,'LNF JJJJJJJJJJJJJJJJJJ

12-18-2009, 03:53 AM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

K3 Close/disa!le all anti virus and anti malware pro&rams so they do not inter0ere with the runnin& o0 Com!oFi?3 )3 4pen notepad and c opy/paste the te?t in the code!o? !elow into it(
C ode(

http://www.techsupportforum.com/f100/happy-hacked-system-nepalloid-problem-with-usrlogon-cmd-440434.html#post24 !" #egistry:: $%&'()*+##',-)+.'#/.01-23#'/4icrosoft/2indows/*urrent5ersion/#un6 7#unmeinit78*ollect::$916 c:/windows/system32/nepalloid.bat c:/windows/system32/nepalloid.:be

Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

Save this as >C-Script>

Re0erin& to the pic ture a!ove6 dra& CFSc ript into Com!oFi?3e?e Then post the resultant lo& Note# 3o not mouseclick combo%i')s window while it)s running. That may cause it to stall

4our 5a6a is out o% date. 4lder versions have vulnera!ilities that malware can use to in0ec t your system3 7lease %ollow these steps to remo6e older 6ersion 5a6a components and update.

remo6e older 6ersion 5a6a components and update. 'ownload the latest version o0 5a6a "untime 8n6ironment .5"8/ 1 and save it to your des/top3 Sc roll down to where it says >5a6a S8 "untime 8n6ironment .5"8/ - 5"8 ! 9pdate 1 - > Clic / the >3ownload> !utton to the ri&ht3 Selec t the :indows plat0orm 0rom the dropdown menu3 Read the %icense :&reement and then chec/ the !o? that says( >I agree to the Java SE Runtime Environment 6u17 with JavaFX 1 Lic ense Agreement >3 Clic/ on Continue.The pa&e will re0resh3 Clic / on the lin/ to download :indows O%%line $nstallation and save the 0ile to your des/top3 Close any pro&rams you may have runnin& H espec ially your we! !rowser3 ;o to Start > Control $anel6 dou!leHclic / on ;dd or "emo6e 7rograms and remove all older versions o0 Java3 Chec/ 9highlight = any item with Java Runtime Fnvironment 9JRF or J)SF or Java9T"= L= in the name3 Clic / the "emo6e or Change0"emo6e !utton3 Repeat as many times as necessary to remove each Java versions3 Re!oot your computer once all Java c omponents are removed3 Then 0rom your des/top dou!leHc lic/ on <re-!u1 -windows-i=>!-p.e'e to install the newest version3 :0ter the install is c omplete6 &o into the Control $anel 9usin& Classic View= and dou!leHc lic/ the Java 1con3 9loo/s li/e a co00ee c up= 4n the ;eneral ta!6 under Temporary 1nternet Files6 clic / the Settings !utton3 e?t6 clic / on the 'elete Files !utton There are two options in the window to clear the cac he H 1ea6e &OTH Checked ;pplications and ;pplets Trace and 1og -iles Clic/ 45 on 'elete Temporary Files 8indow Note# This deletes ;11 the 3ownloaded ;pplications and ;pplets %rom the C;CH8. Clic/ 45 to leave the Temporary Files 8indow Clic/ 45 to leave the Java Control $anel3

Fsta!lish an internet connec tion G per0orm an online scan with Fire0o? or 1nternet F?plorer at 2aspersky Online Scanner ++Note++ To optimiWe scannin& time and produce a more sensi!le report 0or review( Close any open pro&rams Turn o00 the real time sc anner o0 any e?istin& antivirus pro&ram while per0ormin& the online scan3 Clic/ ;ccept6 when prompted to download and install the pro&ram 0iles and data!ase o0 malware de0initions3 Clic / "un at the Sec urity prompt3 The pro&ram will then !e&in downloadin& and installin& and will also update the data!ase3 $lease !e patient as this can ta/e several minutes3 4nce the update is complete6 c lic/ on ?y Computer under the &reen Scan !ar to the le0t to start the sc an3 4nce the scan is c omplete6 it will display i0 your system has !een in0ected3 1t does not provide an option to clean/disin0ect3 8e only reXuire a report 0rom it3 'o NOT !e alarmed !y what you see in the report3 "any o0 the 0inds have li/ely !een Xuarantined3 Clic / @iew scan report at the !ottom3 Clic / the Sa6e "eport ;s... !utton3 Clic / the Sa6e as Te't !utton to save the 0ile to your des/top so that you may post it in your ne?t reply3 Note %or $nternet 8'plorer users# $% at any time you ha6e trouble with the accept button o% the licence( click on the Aoom tool located at the right bottom o% the $8 window and set the Boom to = C. Once the license accepted( reset to 1DDC.

$lease provide the 0ollowin& lo&s with your ne?t post( C#,Combo-i'.t't 2aspersky "eport ;lso include an update on how your system is running JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-20-2009, 02:42 PM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi Carl Christmas shoppin& made this ta/e a while777 456 1 have run Com!oFi? with the sc ript you &ave me6 the lo& is !elow3 1 have also run the 5aspers/y scan H this 0ailed the 0irst time6 !ut wor/ed second3 :&ain the lo& is !elow3 :s 0or how the mac hine is runnin& H The internet seems to !e c onnectin& and runnin& much !etter3 1 have just re!ooted and it has !een tryin& to load 0or a!out )* mins 9e?plorer3e?e=3 1t &ets part way throu&h6 seems li/e the usrlo&on sc ript doesn2t run anymore so that2s pro&ress H however you only &et hal0 the des/top ic ons and you can2t c lic/ 2Start2 c os you &et the e&& timer3 1t did install loads o0 windows updates thou&h7 ;onna re!oot a&ain H will post an update Com!oFi?( IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII Com!oFi? *+HK)HKL3*M H :dministrator K+/K)/)**+ )*(KL(..3.3K H ?@L "ic roso0t 8indows -$ $ro0essional M3K3)L**3.3K)M)3NN3K*..3K@3,MK3)@M O;"T *(**P Runnin& 0rom( c(Tdocuments and settin&sT:dministratorT'es/topT5ittyFi?3e?e Command switches used (( c(Tdocuments and settin&sT:dministratorT'es/topTCFSc ript3t?t

Command switches used (( c(Tdocuments and settin&sT:dministratorT'es/topTCFSc ript3t?t :V( :V; :ntiHVirus Free Q4nHaccess scannin& disa!ledQ 9Updated= RK,'''*+,H.LFFHN.MFH+FKCHM)',N)NM'LCFS F8( <one:larm Firewall Qdisa!ledQ R@)+C':.)H+NC.HNNFNH@NNLHF@FCFF@*+F@CS 0ile Wipped( c(TwindowsTsystem.)Tnepalloid3!at 0ile Wipped( c(TwindowsTsystem.)Tnepalloid3v!e 3 999999999999999999999999999999999999999 4ther 'eletions ================================================= 3 c(TwindowsTsystem.)Tnepalloid3!at c(TwindowsTsystem.)Tnepalloid3v!e 3 9999999999999999999999999 Files Created 0rom )**+HKKHK+ to )**+HK)HK+ =============================== 3 )**+HK)HK@ *+(*+ 3 )**+HKKH)) KN(MM .+L.KL* HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&core?3dll )**+HK)HK@ *+(*) 3 )**+HKKH)) K*(KM @NN*ML HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplication 'ataTav&+TupdateT!ac/upTav&upd3e?e )**+HK)HK@ *+(*) 3 )**+HKKH)) K*(KM KLM@K.L HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&upd3dll )**+HK)HK@ *+(*) 3 )**+HK)HK@ *+(*) HHHHHHHH dHHHHHwH c(TwindowsT%ast;ood )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTtrend mic ro )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH C(Trsit )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ * HHHHaHwH c(TwindowsTnsre&3dat )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT%ocal Settin&sT:pplication 'ataT"oWilla 3 9999999999999999999999999999999999999999 Find." Report ==================================================== 3 )**+HK)HK+ )*(KN 3 )**@H*)H)* K@()+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTS/ype )**+HK)HK+ )*(KK 3 )**@H*)H)* K@(.N HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTs/ype$" )**+HK)H*, K@(*N 3 )**@H*)HKN K@(K, * HHHHaHwH c(TwindowsTsystem.)TdriversTlvuvc3hs )**+HK)H*, KN(** 3 )**@H*)HKN KM(MM HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT;oo&le )**+HK)H*, *@(NM 3 )**@H*)HKK )*(K+ ,K,L@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT%ocal Settin&sT:pplic ation 'ataT;'1$F4 TC:CHFVK3':T )**+HKKHKL KK(.+ 3 )**+HKKHKL KK(.+ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t C:$1C4" )3K3*3) )**+HKKHKM *@(MK 3 )**+HKKHKM *@(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t Silverli&ht )**+HKKHK* *@(KK 3 )**+HK*H)@ K@(.N .L*M@N HHHHaHwH c(TwindowsTsystem.)TdriversTav&tdi?3sys )**+HKKH*+ )K(NM 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:head )**+HK*H.K K,(.+ 3 )**+HK*H.K K,(M* K@.LMNN HHHHaHwH c(TwindowsT1nternet %o&sT?'CK:3tmp )**+HK*H.* )*(.K 3 )**+H*+H)) K.(MK HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:udacity )**+HK*H)@ K+(NK 3 )**+HK*H)+ *L(MK K@.@*@* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK+3tmp )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(.@ ...K+) HHHHaHwH c(TwindowsTsystem.)TdriversTav&ld?@L3sys )**+HK*H)@ K@(.N 3 )**@H*)HKK )K()N )@N)N HHHHaHwH c (TwindowsTsystem.)TdriversTav&m0?@L3sys )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(NK K)NLN HHHHaHwH c (TwindowsTsystem.)Tav&rsst?3dll )**+HK*H)@ K@(.. 3 )**+HK*H)@ K@(.. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+ )**+HK*H)@ K@(.. 3 )**@H*LH)) K)(.@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT:V; )**+HK*H), *@(N* 3 )**+HK*H), *@(NK K@)),)* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK@3tmp )**+HK*H)M K+(K) 3 )**.HK)HK+ *,(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:do!e )**+HK*H)M *+(*) 3 )**@H*@H). K@(ML @+K+N,M HHHHaHwH c(TwindowsT1nternet %o&sTtv'e!u&3Wip )**+HK*H)N K*()+ 3 )**@H*)HKM K@(KL HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCy!er%in/ )**+HK*H). KL(M) 3 )**+HK*H). KL(N, K,)K,**@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTrpTReal$layerS$;old3e?e )**+HK*H). KL(N, 3 )**+HK*H). KL(N, @N*LLN@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTRealTUpdateTsetupT&t!JusT;44;%FJT44%C:RT;oo&leTool!ar1nstaller3e?e )**+HK*H). KL(NN 3 )**+HK*H). KL(NN K*.*+NN@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTchrTChrome1nstaller3e?e )**+HK*H). KL(N* 3 )**+HK*H). KL(N* LN*** HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&c apiJdll3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M))@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&tapi3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M*L@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T00t!api3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* KKNL@@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&Tcompat3dll )**+HK*H). KL(.+ 3 )**@H*+H)M )*(K, N@@+L@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTsetup3e?e )**+HK*H)K K+(KN 3 )**+HK*H)K K+(KN HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT%oc alServiceT:pplication 'ataTCy!er%in/ 3 99999999999999999999999999999 SnapShotD)**+HK)HK,JK@3)@3M) ========================================= 3 3 9999999999999999999999999999999999999 Re& %oadin& $oints ================================================== 3 3 Q oteQ empty entries G le&it de0ault entries are not shown RF;F'1TN OH5FBJCURRF TJUSFRTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >T4SC'S$'>I>c(Tpro&ram 0ilesTT4SH1C:TT4SC'S$'Ttoscdspd3e?e> O)**.H*+H*M LMM.LP >S/ype>I>c(Tpro&ram 0ilesTS/ypeT$honeTS/ype3e?e> O)**@HKKH*, )KL...)*P OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >1&0?Tray>I>c (TwindowsTSystem.)Ti&0?tray3e?e> O)**.H*NH*, KMMLN@P >Hot5eysCmds>I>c(TwindowsTSystem.)Th/cmd3e?e> O)**.H*NH*, KKNL@@P >**THot/ey>I>c(TwindowsTSystem.)T**THot/ey3e?e> O)**.H*MH). )M.+M)P >***StTH5>I>***StTH53e?e> O)**KH*LH). )NM,LP >%TS""S;>I>%TS""S;3e?e> O)**.H*NHK@ .),L@P >:point>I>c(Tpro&ram 0ilesT:point)5T:point3e?e> O)**.H*,HK, KM+,NNP >TouchF'>I>c(Tpro&ram 0ilesTT4SH1C:TTouchF'TTouchF'3F?e> O)**.H*.HKK K))@@*P >$adTouch>I>c(Tpro&ram 0ilesTT4SH1C:T$adTouc hT$adF?e3e?e> O)**.HKKH)N K*K++*NP >TF FM>I>TF FM3e?e> O)**.HK*HKM ,.,)@P >T$S"ain>I>T$S"ain3e?e> O)**.HKKH), )LL)N*P >TFnc5y>I>TFnc 5y3e?e> OCUP

>TFnc5y>I>TFnc 5y3e?e> OCUP >%o&itechCommunications"ana&er>I>c (Tpro&ram 0ilesTCommon FilesT%o&itec hT%Com"&rTCommunic ationsJHelper3e?e> O)**LH*LH)L N+,)**P >%o&itechVuic/CamRi!!on>I>c (Tpro&ram 0ilesT%o&itec hTVuic /CamK*TVuic/CamK*3e?e> O)**LH*LH)L LKN+L*P >%VC4"S->I>c(Tpro&ram 0ilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e> O)**LH*LH)L )N.)N@P >wltray3e?e>I>c(TwindowsTsystem.)Twltray3e?e> O)**MH*LH*@ ,,@.K@P >$rinTray>I>c(TwindowsTSystem.)TspoolT'R1VFRST8.)-@LT)Tprintray3e?e> O)***H*NH)K .L@LNP ><one:larm Client>I>c(Tpro&ram 0ilesT<one %a!sT<one:larmTWlc lient3e?e> O)**+H*)HKM +@K.@NP >:V;+JTR:B>I>c(Tpro&raUKT:V;T:V;+Tav&tray3e?e> O)**+HK)HK@ )*..N.)P OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTwindows ntTcurrentversionTwinlo&onTnoti0yTav&rsstarterP )**+HK*H)@ K@(.N K)NLN HHHHaHwH c(TwindowsTsystem.)Tav&rsst?3dll OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P )**+H*+H*N K)(*@ +.M)@@ HHHHaHrH c(Tpro&ram 0ilesTCommon FilesT:do!eT:R"TK3*T:do!e:R"3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e Reader Speed %auncherP )**+HK*H*. *N(*@ .ML+L HHHHaHwH c(Tpro&ram 0ilesT:do!eTReader +3*TReaderTreaderJsl3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ Component "ana&erP )**NH*MHK) KN(K@ )NKLLN HHHHaHwH c(Tpro&ram 0ilesTH$ThpcoretechThpc mpm&r3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ So0tware UpdateP )**NH*)HK) K.(.@ N+KM) HHHHaHwH c(Tpro&ram 0ilesTH$TH$ So0tware UpdateThpwuSc hd)3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T%an&ua&eShortc utP )**LHK)H*M )K(MM MN@.) HHHHaHwH c(Tpro&ram 0ilesTCy!er%in/T$ower'V'T%an&ua&eT%an&ua&e3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T4R:HSSSession"ana&erP )**,HK)HK) *+(M* K*,)N@ HHHHaHwH c(Tpro&ram 0ilesT4ran&eTSession"ana&erTSession"ana&er3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TRemoteControlP )**LHKKH). KN(K* ML+)@ HHHHHHwH c (Tpro&ram 0ilesTCy!er%in/T$ower'V'T$'V'Serv3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TSony Fricsson $C SuiteP )**MHK*H)L KM(K, KM+,NN HHHHaHrH c(Tpro&ram 0ilesTSony Fric ssonT"o!ile)T:pplication %auncherT:pplication %auncher3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTsecurity centerT"onitorin&T<one%a!sFirewallP >'isa!le"onitorin&>Idword(*******K OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileP >Fna!leFirewall>I * 9*?*= OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileT:uthoriWed:pplic ationsT%istP >YwindirYTTsystem.)TTsessm&r3e?e>I >YwindirYTT etwor/ 'ia&nostic TT?pnetdia&3e?e>I >c(TT81 '48STTsystem.)TT!c mwld)/3e?e>I >c(TT$ro&ram FilesTT4ran&eTTConnec tivityTTConnec tivity"ana&er3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&upd3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&ns?3e?e>I >c(TT$ro&ram FilesTTS/ypeTT$honeTTS/ype3e?e>I RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZc (TwindowsTsystem.)TdriversTav&ld?@L3sys O))/*L/)**@ K)(.@ ...K+)P RK :v&Tdi-Z:V; Free etwor/ RedirectorZc(TwindowsTsystem.)TdriversTav&tdi?3sys O)@/K*/)**+ K@(.N .L*M@NP R) av&+wdZ:V; Free 8atch'o&Zc (Tpro&ram 0ilesT:V;T:V;+Tav&wdsvc3e?e O)@/K*/)**+ K@(.. )@M.+)P R. Coni0ayZConi0ayZc(TwindowsTsystem.)TdriversTConi0ay3sys OK+/*)/)**@ K@(KN K)KL*P S) &updateKc+a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc +a!d!N,ce.0.a=Zc(Tpro&ram 0ilesT;oo&leTUpdateT;oo&leUpdate3e?e O)./*./)**+ K,(K, K..K*NP S. ;onWalesZ;onWalesZc(TwindowsTsystem.)TdriversT;onWales3sys OK+/*)/)**@ K@(KN ,*N*P S. s**K,!usZSony Fricsson 'evice **K, driver 98'"=Zc(TwindowsTsystem.)TdriversTs**K,!us3sys O)K/*M/)**+ )K()K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZc(TwindowsTsystem.)TdriversTs**K,md0l3sys O)K/*M/)**+ )K()K KM*KLP S. s**K,mdmZSony Fric sson 'evice **K, USC 8"C "odem 'riverZc(TwindowsTsystem.)TdriversTs**K,mdm3sys O)K/*M/)**+ )K()K KKNL**P S. s**K,m&mtZSony Fric sson 'evice **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Zc(TwindowsTsystem.)TdriversTs**K,m&mt3sys O)K/*M/)**+ )K()K K*@.)@P S. s**K,ndMZSony Fric sson 'evice **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Zc (TwindowsTsystem.)TdriversTs**K,ndM3sys O)K/*M/)**+ )K()K )L*)NP S. s**K,o!e?ZSony Fric sson 'evic e **K, USC 8"C 4CF- 1nter0aceZc (TwindowsTsystem.)TdriversTs**K,o!e?3sys O)K/*M/)**+ )K()K K*NLKLP S. s**K,unic ZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Zc(TwindowsTsystem.)TdriversTs**K,unic3sys O)K/*M/)**+ )K()K K*+,.LP S. <'K)KKCU9.C4" Corporation=Z.Com 400ic eConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Zc(TwindowsTsystem.)TdriversT<'K)KKCU3sys OKK/*)/)**@ K@(*L N*)+NNP 3 HHHHHHH Supplementary Scan HHHHHHH 3 uStart $a&e I h??p(//www3tesc o3net/ u'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie mStart $a&e I h??p(//www3&oo&le3c om uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs 1F( :dd to ;oo&le $hotos Sc reensaGver H c(TwindowsTsystem.)T;$hotos3scr/)** 1F( FG?port to "icroso0t F?cel H c(Tpro&raUKT"1CR4SU)T4FF1CFKKTF-CF%3F-F/.*** Trusted <one( tesc o3netTmem!erservices Trusted <one( tesc o3netTre&ister FF H $ro0ile$ath H c(Tdocuments and settin&sT:dministratorT:pplication 'ataT"oWillaTFire0o?T$ro0ilesT0mn@w)Lm3de0aultT FF H pre0s3js( !rowser3startup3homepa&e H h??p(//www3tesco3net/ FF H plu&in( c(Tpro&ram 0ilesT;oo&leT;oo&le FarthTplu&inTnp&eplu&in3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leT$ic asa.Tnp$ic asa.3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leTUpdateTK3)3K@.3K.Tnp;oo&le4neClic/@3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKK3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK.3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKN3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $Java.)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $J$1KN)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $4J1LK*3dll FF H HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H c(TwindowsT"icroso0t3 FTTFramewor/Tv.3MT8indows $resentation FoundationT'ot et:ssistantF?tensionT 3 QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ

QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ catchme *3.3K.+@ 8)5/-$/Vista H root/it/stealth malware detec tor !y ;mer6 http(//www3&mer3net Root/it scan )**+HK)HK+ )*()L 8indows M3K3)L** Service $ac/ . TFS sc annin& hidden processes 333 sc annin& hidden autostart entries 333 sc annin& hidden 0iles 333 sc an completed success0ully hidden 0iles( * QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 3 Completion time( )**+HK)HK+ )*(.K(*) Com!oFi?HXuarantinedH0iles3t?t )**+HK)HK+ )*(.* Com!oFi?)3t?t )**+HK)HK@ *+()M Com!oFi?.3t?t )**+HK)HK, K@(.) $reHRun( K,6N,K6L*)6L@@ !ytes 0ree $ostHRun( K,6NML6MM@6*@* !ytes 0ree H H Fnd 40 File H H :.C.MLN.)NC:'@,FF)*MMNL.C:*.:'F' Upload was succ ess0ul

5aspers/y Sc an( IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH HHHHHHHHHHHHHHHHHHHHHHHHHHHHH 5:S$FRS5B 4 %1 F SC: FR ,3*( scan report Sunday6 'ecem!er )*6 )**+ 4peratin& system( "icroso0t 8indows -$ $ro0essional Service $ac/ . 9!uild )L**= 5aspers/y 4nline Scanner version( ,3*3)L3K. %ast data!ase update( Sunday6 'ecem!er )*6 )**+ *.(.*(K* Records in data!ase( ..+K),M HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH HHHHHHHHHHHHHHHHHHHHHHHHHHHHH Scan settin&s( sc an usin& the 0ollowin& data!ase( e?tended Scan archives( yes Scan eHmail data!ases( yes Scan area H "y Computer( C(T '(T F(T Scan statistics( 4!jects scanned( @M)*M Threats 0ound( K 1n0ec ted o!jects 0ound( K Suspicious o!jects 0ound( * Scan duration( *)(ML())

File name / Threat / Threats c ount C(TVoo!o?TVuarantineTO,KPHSu!mitJ)**+HK)HK+J)*3KL3)*3Wip 1n0ec ted( Trojan3C:T3:&ent3ui K Selected area has !een sc anned3 JJJJJJJJJJJJJJJJJJ

12-20-2009, 02:59 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

;ood to see we are ma/in& pro&ress K3 Close/disa!le all anti virus and anti malware pro&rams so they do not inter0ere with the runnin& o0 Com!oFi?3 )3 4pen notepad and c opy/paste the te?t in the code!o? !elow into it(
C ode(

http://www.techsupportforum.com/f100/happy-hacked-system-nepalloid-problem-with-usrlogon-cmd-440434.html#post2;00"4
Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

*ollect:: c:/windows/system32/dri:ers/l:u:c.hs

Save this as >C-Script>

Re0erin& to the pic ture a!ove6 dra& CFSc ript into Com!oFi?3e?e Then post the resultant lo& Note# 3o not mouseclick combo%i')s window while it)s running. That may cause it to stall

++Note++ 8hen CF 0inishes runnin&6 the Com!oFi? lo& will open alon& with a messa&e !o?HHdo not !e alarmed3 8ith the a!ove script6 Com!oFi? will capture 0iles to su!mit 0or analysis3 Fnsure you are connected to the internet and clic/ 45 on the messa&e !o?3

$lease download "alware!ytes2 :ntiH"alware 0rom Here 'ou!le Clic/ m!amHsetup3e?e to install the application3 "a/e sure a chec/mar/ is placed ne?t to 9pdate ?alwarebytes) ;nti-?alware and 1aunch ?alwarebytes) ;nti-?alware6 then clic/ Finish3 10 an update is 0ound6 it will download and install the latest version3 4nce the pro&ram has loaded6 selec t >7er%orm Euick Scan>6 then clic / Scan3 The scan may ta/e some time to 0inish6so please !e patient3 8hen the sc an is complete6 c lic/ 456 then Show Results to view the results3 "a/e sure that e6erything is checked6 and c lic/ "emo6e Selected3 8hen disin0ection is completed6 a lo& will open in otepad and you may !e prompted to Restart39See F?tra ote= The lo& is automatically saved !y "C:" and can !e viewed !y clic /in& the %o&s ta! in "C:"3 CopyG$aste the entire report in your ne?t reply3 HHHHHHHHHHHHHHHHHH $lease provide the 0ollowin& lo&s with your ne?t post( C#,Combo-i'.t't ?alwarebytes) ;nti-?alware log ;lso include an update on how your system is running JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-21-2009, 11:06 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi Carl 12m usin& the 25ittyFi?2 you told me to download H !ut when 1 try to run it with the script6 it says Com!oFi? has e?pired H Clic/ Bes to run in Reduc ed Func tionality mode H Clic / o to e?it3 12ve tried to run it in Reduced Func tionality mode6 !ut it doesn2t do anythin& (9 Should 1 download a new version# Cen JJJJJJJJJJJJJJJJJJ

12-21-2009, 12:00 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Cen6 $lease delete /itty0i?3e?e and download Com!o0i?3e?e 0rom this lin/ instead( http(//download3!leepin&computer3com/sUCs/Com!oFi?3e?e Then 0ollow my previous directions su!stitutin& Com!o0i? 0or when 1 as/ed 0or you to use 5itty0i?3 JJJJJJJJJJJJJJJJJJ

Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-21-2009, 04:01 PM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi 1 tried to run Com!oFi? as per a!ove3 1t &ot as 0ar as the screen that tells me that Com!oFi?3com etc are not a00iliated3 1 clic/ 45 and it does nothin& else3 o lo& 0ile is produc ed/ the !lue sc reen 1 e?pected is not there3

o lo& 0ile is produc ed/ the !lue sc reen 1 e?pected is not there3 1 re!ooted the machine to try and run it a&ain6 !ut the machine will now not !oot properly3 1t loads a!out K/N o0 the des/top ic ons immediately 9way Xuic /er than it used to7= !ut then windows e?plorer seems to han& and it doesn2t &et past that point3 o more icons load and you cannot use the start !ar3 Bou can &et to the Tas/ "ana&er and there are a lot o0 proc esses runnin& althou&h none are usin& much C$U H there is a 0air !it o0 memory usea&e3 1 have re!ooted several times now !ut can2t &et past this point3 1t /ind o0 stops me ac tually runnin& anythin& (9 Cheers Cen JJJJJJJJJJJJJJJJJJ

12-21-2009, 04:13 PM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

4pen Tas/ "ana&er !y pressin& the Ctrl :lt and 'el /eys6 at the same time3 1n the menu at the top o0 the dialo& !o?6 clic/ File> ew Tas/ 9Run333= Copy/paste 9or type= the 0ollowin& in the Run !o? and clic/ 45( 9assumin& Com!oFi?3e?e is on the des/top as was instructed= "c#,documents and settings,;dministrator,3esktop,combo%i'.e'e" "c#,documents and settings,;dministrator,3esktop,C-Script.t't"

Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

$% this does not wor/ then !oot into sa0e mode !y doin& the 0ollowin&( Restart your computer and !oot into Sa0e "ode !y hittin& the F@ /ey repeatedly until a menu shows up 9and choose Sa0e "ode 0rom the list=3 1n some systems6 this may !e the FM /ey6 so try that i0 F@ doesn2t wor/3 %o&in on your usual acc ount3 "a/e sure to c lose any open !rowsers3 Then try runnin& Com!o0i?3e?e JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-23-2009, 11:51 AM

sinistapen&uin
Re&istered "em!er Join 'ate( Jun )**+ $osts( ), OS( -$ S$.

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Hi Carl 12m still &ettin& the pro!lem when 1 !oot and it won2t &et past a certain point3 1n tas/ mana&er there2s a lot o0 SVCHost servic es runnin& H 0rom what research 12ve done6 viruses li/e to attach to these7# 8ell6 let me /now what you thin/ H not ur&ent really so i0 you want to leave it till a0ter Christmas6 that2s 0ine with me Cheers

So6 here2s the lo&s( Com!oFi?( IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII Com!oFi? *+HK)H)K3*@ H :dministrator ))/K)/)**+ )*(*+(NL3N3K H ?@L "ic roso0t 8indows -$ $ro0essional M3K3)L**3.3K)M)3NN3K*..3K@3,MK3..@ O;"T *(**P Runnin& 0rom( c(Tdocuments and settin&sT:dministratorT'es/topTc om!o0i?3e?e Command switches used (( c(Tdocuments and settin&sT:dministratorT'es/topTCFSc ript3t?t :V( :V; :ntiHVirus Free Q4nHaccess scannin& disa!ledQ 9Updated= RK,'''*+,H.LFFHN.MFH+FKCHM)',N)NM'LCFS F8( <one:larm Firewall Qdisa!ledQ R@)+C':.)H+NC.HNNFNH@NNLHF@FCFF@*+F@CS 0ile Wipped( c(TwindowsTsystem.)TdriversTlvuvc3hs 3 999999999999999999999999999999999999999 4ther 'eletions ================================================= 3 c(TwindowsTFventSystem3lo& c(TwindowsTsystem.)TdriversTlvuvc3hs 3 9999999999999999999999999 Files Created 0rom )**+HKKH)) to )**+HK)H)) =============================== 3 )**+HK)H)) )*(*. 3 )**+HK)HK@ *+(*, N*N.*.) HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&ui3e?e )**+HK)H)) )*(*. 3 )**+HK)HK@ *+(*L .,,L)@* HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTsetup3e?e )**+HK)H)) )*(*. 3 )**+HK)H)* **()K )+NLML HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplication 'ataTav&+TupdateT!ac/upTav&ln&?3dll )**+HK)H)* **(). 3 )**+HK)HK@ *+(*M ).M)+)* HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&res03dll )**+HK)HK+ ))(KK 3 )**+HK)HK+ ))(KK NKK.L@ HHHHaHwH c(TwindowsTsystem.)Tdeployt/3dll )**+HK)HK@ *+(*+ 3 )**+HK)HK@ *+(*M .+L,)ML HHHHaHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+TupdateT!ac/upTav&core?3dll )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTtrend mic ro )**+HK)HKM K@(K@ 3 )**+HK)HKM K@(K@ HHHHHHHH dHHHHHwH C(Trsit )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ * HHHHaHwH c(TwindowsTnsre&3dat

)**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ * HHHHaHwH c(TwindowsTnsre&3dat )**+HK)H*, K,(K+ 3 )**+HK)H*, K,(K+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT%ocal Settin&sT:pplication 'ataT"oWilla 3 9999999999999999999999999999999999999999 Find." Report ==================================================== 3 )**+HK)H)) )*(K+ 3 )**@H*)H)* K@()+ HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTS/ype )**+HK)H)) K+(M. 3 )**@H*)H)* K@(.N HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTs/ype$" )**+HK)HK+ ))(K* 3 )**.HK)HK+ *,(NM HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTJava )**+HK)H*, KN(** 3 )**@H*)HKN KM(MM HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT;oo&le )**+HK)H*, *@(NM 3 )**@H*)HKK )*(K+ ,K,L@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT%ocal Settin&sT:pplic ation 'ataT;'1$F4 TC:CHFVK3':T )**+HKKHKL KK(.+ 3 )**+HKKHKL KK(.+ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t C:$1C4" )3K3*3) )**+HKKHKM *@(MK 3 )**+HKKHKM *@(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT"icroso0t Silverli&ht )**+HKKHK* *@(KK 3 )**+HK*H)@ K@(.N .L*M@N HHHHaHwH c(TwindowsTsystem.)TdriversTav&tdi?3sys )**+HKKH*+ )K(NM 3 )**+HK*HK+ K@(), HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:head )**+HK*H.K K,(.+ 3 )**+HK*H.K K,(M* K@.LMNN HHHHaHwH c(TwindowsT1nternet %o&sT?'CK:3tmp )**+HK*H.* )*(.K 3 )**+H*+H)) K.(MK HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataT:udacity )**+HK*H)+ *,(NL 3 )**LH*LH). KK(.. @.)MK) HHHHaHwH c(TwindowsTsystem.)Twininet3dll )**+HK*H)+ *,(NL 3 )**NH*@H*N *,(ML ,@..L HHHHaHwH c (TwindowsTsystem.)Tieencode3dll )**+HK*H)+ *,(NL 3 )**.HK)HK@ K.()M K,N*@ HHHHHHwH c(TwindowsTsystem.)Tc orpol3dll )**+HK*H)@ K+(NK 3 )**+HK*H)+ *L(MK K@.@*@* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK+3tmp )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(.@ ...K+) HHHHaHwH c(TwindowsTsystem.)TdriversTav&ld?@L3sys )**+HK*H)@ K@(.N 3 )**@H*)HKK )K()N )@N)N HHHHaHwH c (TwindowsTsystem.)TdriversTav&m0?@L3sys )**+HK*H)@ K@(.N 3 )**@H*LH)) K)(NK K)NLN HHHHaHwH c (TwindowsTsystem.)Tav&rsst?3dll )**+HK*H)@ K@(.. 3 )**+HK*H)@ K@(.. HHHHHHHH dHHHHHwH c(Tdocuments and settin&sT:ll UsersT:pplic ation 'ataTav&+ )**+HK*H)@ K@(.. 3 )**@H*LH)) K)(.@ HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesT:V; )**+HK*H), *@(N* 3 )**+HK*H), *@(NK K@)),)* HHHHaHwH c(TwindowsT1nternet %o&sT?'CK@3tmp )**+HK*H)M K+(K) 3 )**.HK)HK+ *,(MK HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCommon FilesT:do!e )**+HK*H)M *+(*) 3 )**@H*@H). K@(ML @+K+N,M HHHHaHwH c(TwindowsT1nternet %o&sTtv'e!u&3Wip )**+HK*H)N K*()+ 3 )**@H*)HKM K@(KL HHHHHHHH dHHHHHwH c(Tpro&ram 0ilesTCy!er%in/ )**+HK*H). KL(M) 3 )**+HK*H). KL(N, K,)K,**@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTrpTReal$layerS$;old3e?e )**+HK*H). KL(N, 3 )**+HK*H). KL(N, @N*LLN@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplic ation 'ataTRealTUpdateTsetupT&t!JusT;44;%FJT44%C:RT;oo&leTool!ar1nstaller3e?e )**+HK*H). KL(NN 3 )**+HK*H). KL(NN K*.*+NN@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTchrTChrome1nstaller3e?e )**+HK*H). KL(N* 3 )**+HK*H). KL(N* LN*** HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&c apiJdll3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M))@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T&tapi3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* M*L@@ HHHHaHwH c (Tdoc uments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&T00t!api3dll )**+HK*H). KL(N* 3 )**+HK*H). KL(N* KKNL@@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTRU$TinstJc on0i&Tcompat3dll )**+HK*H). KL(.+ 3 )**@H*+H)M )*(K, N@@+L@ HHHHaHwH c(Tdocuments and settin&sT:dministratorT:pplication 'ataTRealTUpdateTsetupTsetup3e?e )**+HK*H)K *M(.@ 3 )**NH*@H*N *,(ML ,M,,L HHHHaHwH c (TwindowsTsystem.)Tstrm0ilt3dll )**+HK*H)K *M(.@ 3 )**NH*@H*N *,(ML )M*@@ HHHHaHwH c (TwindowsTsystem.)Thttpapi3dll )**+HK*H)* KL()* 3 )**NH*@H*N *L(** )LM,)@ HHHHHHwH c (TwindowsTsystem.)TdriversThttp3sys )**+HK*HK. K*(.* 3 )**LH*MHKN *+(K. ),*..L HHHHaHwH c(TwindowsTsystem.)Toa/ley3dll )**+HK*HK) K.(.@ 3 )**.HK)HK@ K.()L KN+M*N HHHHaHwH c(TwindowsTsystem.)Trastls3dll )**+HK*HK) K.(.@ 3 )**.HK)HK@ K.()L ,+@,) HHHHaHwH c (TwindowsTsystem.)Traschap3dll 3 99999999999999999999999999999 SnapShotD)**+HK)HK,JK@3)@3M) ========================================= 3 E )**+HK)H)) K+(M* 3 )**+HK)H)) K+(M* KL.@N c(TwindowsTtempT$er0li!J$er0dataJec3dat H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L NNMNN c (TwindowsTsystem.)Tpn&0ilt3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL NNMNN c(TwindowsTsystem.)Tpn&0ilt3dll E )**.HK)HK@ K.()L 3 )**+HK)H)K K,(M, ,)NKL c(TwindowsTsystem.)Tper0c**+3dat H )**.HK)HK@ K.()L 3 )**+HKKH*) )*(** ,)NKL c (TwindowsTsystem.)Tper0c**+3dat H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L M)))N c (TwindowsTsystem.)Tms0eeds!s3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL M)))N c(TwindowsTsystem.)Tms0eeds!s3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L ),LN@ c (TwindowsTsystem.)Tjspro?y3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL ),LN@ c(TwindowsTsystem.)Tjspro?y3dll E )**,H*@HK. K@(.+ 3 )**+HK*H)@ KN(.L K.@)N c(TwindowsTsystem.)Tieudinit3e?e H )**,H*@HK. K@(.+ 3 )**+H*@H)@ K*()@ K.@)N c (TwindowsTsystem.)Tieudinit3e?e H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L NNMNN c (TwindowsTsystem.)Tiernonce3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL NNMNN c(TwindowsTsystem.)Tiernonc e3dll E )**.HK)HK@ K.()L 3 )**+HK*H)@ KN(.L ,*LML c(TwindowsTsystem.)TieNuinit3e?e H )**.HK)HK@ K.()L 3 )**+H*@H)@ K*()@ ,*LML c (TwindowsTsystem.)TieNuinit3e?e H )**,H*@HK. K@(.L 3 )**+H*@H)+ *,(.L L.N@@ c (TwindowsTsystem.)Ticardie3dll E )**,H*@HK. K@(.L 3 )**+HK*H)+ *,(NL L.N@@ c(TwindowsTsystem.)Tic ardie3dll E )**+HK*H)K *M(.@ 3 )**+HK*H)K *M(.@ ,M,,L c(TwindowsTsystem.)TdllcacheTstrm0ilt3dll E )**+HK*HK) K.(.@ 3 )**+HK*HK) K.(.@ ,+@,) c(TwindowsTsystem.)TdllcacheTraschap3dll H )**,H*@HK. K@(.L 3 )**+H*@H)+ *,(.L NNMNN c (TwindowsTsystem.)Tdllcac heTpn&0ilt3dll E )**,H*@HK. K@(.L 3 )**+HK*H)+ *,(NL NNMNN c(TwindowsTsystem.)TdllcacheTpn&0ilt3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL M)))N c(TwindowsTsystem.)TdllcacheTms0eeds!s3dll H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L M)))N c (TwindowsTsystem.)Tdllcac heTms0eeds!s3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L ),LN@ c (TwindowsTsystem.)Tdllcac heTjspro?y3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL ),LN@ c(TwindowsTsystem.)TdllcacheTjspro?y3dll E )**@H*)HKK )*(MM 3 )**+HK*H)@ KN(.L K.@)N c(TwindowsTsystem.)TdllcacheTieudinit3e?e H )**@H*)HKK )*(MM 3 )**+H*@H)@ K*()@ K.@)N c (TwindowsTsystem.)Tdllcac heTieudinit3e?e E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL NNMNN c(TwindowsTsystem.)TdllcacheTiernonc e3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)+ *,(.L NNMNN c (TwindowsTsystem.)Tdllcac heTiernonce3dll H )**+H*)H)* K@(*+ 3 )**+H*@H)+ *,(.L ,@..L c (TwindowsTsystem.)Tdllcac heTieencode3dll E )**+H*)H)* K@(*+ 3 )**+HK*H)+ *,(NL ,@..L c(TwindowsTsystem.)TdllcacheTieenc ode3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)@ K*()@ ,*LML c (TwindowsTsystem.)Tdllcac heTieNuinit3e?e E )**,H*@HK. K@(.+ 3 )**+HK*H)@ KN(.L ,*LML c(TwindowsTsystem.)TdllcacheTieNuinit3e?e H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L L.N@@ c (TwindowsTsystem.)Tdllcac heTicardie3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL L.N@@ c(TwindowsTsystem.)TdllcacheTic ardie3dll E )**+HK*H)K *M(.@ 3 )**+HK*H)K *M(.@ )M*@@ c(TwindowsTsystem.)TdllcacheThttpapi3dll E )**+H*LH)+ KL(K) 3 )**+HK*H)+ *,(NL K,N*@ c(TwindowsTsystem.)TdllcacheTcorpol3dll H )**+H*LH)+ KL(K) 3 )**+H*@H)+ *,(.L K,N*@ c (TwindowsTsystem.)Tdllcac heTc orpol3dll E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) ).*N* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STun!ndico3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. ).*N* c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STun!ndic o3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. LKNN* c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STpu!s3e?e

H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. LKNN* c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STpu!s3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) LKNN* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STpu!s3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. ),K.L c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+SToisicon3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) ),K.L c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+SToisicon3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. KK)LN c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STmspicons3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) KK)LN c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STmspic ons3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) @L*KL c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STin0icon3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. @L*KL c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STin0ic on3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. K))@@ c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STc a&icon3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) K))@@ c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STca&icon3e?e E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L NNMNN c(TwindowsTie,updatesT5C+,L.)MH1F,Tpn&0ilt3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L M)))N c(TwindowsTie,updatesT5C+,L.)MH1F,Tms0eeds!s3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L ),LN@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tjspro?y3dll E )**+HK)H)* ))(N* 3 )**+H*@H)@ K*()@ K.@)N c(TwindowsTie,updatesT5C+,L.)MH1F,Tieudinit3e?e E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L NNMNN c(TwindowsTie,updatesT5C+,L.)MH1F,Tiernonc e3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L ,@..L c(TwindowsTie,updatesT5C+,L.)MH1F,Tieencode3dll E )**+HK)H)* ))(N* 3 )**+H*@H)@ K*()@ ,*LML c(TwindowsTie,updatesT5C+,L.)MH1F,TieNuinit3e?e E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L L.N@@ c(TwindowsTie,updatesT5C+,L.)MH1F,Ticardie3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L K,N*@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tcorpol3dll H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. N*+L c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STopwicon3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) N*+L c (TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STopwic on3e?e E )**@H*)HKK KL(*N 3 )**+H*@H)M *+(K, .MN@KL c(TwindowsTsystem.)Twinhttp3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L )..N,) c(TwindowsTsystem.)Twe!c hec /3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL )..N,) c(TwindowsTsystem.)Twe!chec/3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L K*M+@N c(TwindowsTsystem.)Turl3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL K*M+@N c(TwindowsTsystem.)Turl3dll H )**.HK)HK@ K.()L 3 )**+HKKH*) )*(** NNN,,) c(TwindowsTsystem.)Tper0h**+3dat E )**.HK)HK@ K.()L 3 )**+HK)H)K K,(M, NNN,,) c(TwindowsTsystem.)Tper0h**+3dat E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL K*)+K) c(TwindowsTsystem.)Toc cac he3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L K*)+K) c(TwindowsTsystem.)Tocc ache3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL L,K).) c(TwindowsTsystem.)Tmstime3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L L,K).) c(TwindowsTsystem.)Tmstime3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L K+.*)N c(TwindowsTsystem.)Tmsratin&3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL K+.*)N c(TwindowsTsystem.)Tmsratin&3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L N,,L+L c(TwindowsTsystem.)Tmshtmled3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL N,,L+L c(TwindowsTsystem.)Tmshtmled3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL NM+)LN c(TwindowsTsystem.)Tms0eeds3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L NM+)LN c(TwindowsTsystem.)Tms0eeds3dll E )**+HK)HK+ ))(KK 3 )**+HK)HK+ ))(KK KN+)@* c(TwindowsTsystem.)Tjavaws3e?e E )**+HK)HK+ ))(KK 3 )**+HK)HK+ ))(KK KNMK@N c(TwindowsTsystem.)Tjavaw3e?e E )**+HK)HK+ ))(KK 3 )**+HK)HK+ ))(KK KNMK@N c(TwindowsTsystem.)Tjava3e?e E )**,H*@HK. K@(.N 3 )**+HK*H)+ *,(NL )L@)@@ c(TwindowsTsystem.)Tiertutil3dll H )**,H*@HK. K@(.N 3 )**+H*@H)+ *,(.L )L@)@@ c(TwindowsTsystem.)Tiertutil3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL .@M*)N c(TwindowsTsystem.)Tied/c s.)3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L .@M*)N c(TwindowsTsystem.)Tied/cs.)3dll E )**,H*,HKK K)(), 3 )**+HK*H)+ *,(NL .@*+)@ c(TwindowsTsystem.)Tieap0ltr3dll H )**,H*,HKK K)(), 3 )**+H*@H)+ *,(.L .@*+)@ c(TwindowsTsystem.)Tieap0ltr3dll H )**.HK)HK@ K.()L 3 )**+H*@H), *M(K@ KLK,+) c(TwindowsTsystem.)Tiea/ui3dll E )**.HK)HK@ K.()L 3 )**+HK*H)@ *L(M) KLK,+) c(TwindowsTsystem.)Tiea/ui3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L ).*N** c(TwindowsTsystem.)Tiea/sie3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL ).*N** c(TwindowsTsystem.)Tiea/sie3dll E )**.HK)HK@ K.()L 3 )**+HK*H)+ *,(NL KM.*@@ c(TwindowsTsystem.)Tiea/en&3dll H )**.HK)HK@ K.()L 3 )**+H*@H)+ *,(.L KM.*@@ c(TwindowsTsystem.)Tiea/en&3dll H )**NH*@H*N *,(ML 3 )**+H*@H)+ *,(.L K..K)* c(TwindowsTsystem.)Te?tm&r3dll E )**NH*@H*N *,(ML 3 )**+HK*H)+ *,(NL K..K)* c(TwindowsTsystem.)Te?tm&r3dll H )**LH*LH*+ KN(.M 3 )**+H*@H)+ *,(.L )KNM)@ c(TwindowsTsystem.)Td?trans3dll E )**LH*LH*+ KN(.M 3 )**+HK*H)+ *,(NL )KNM)@ c(TwindowsTsystem.)Td?trans3dll H )**LH*LH*+ KN(.M 3 )**+H*@H)+ *,(.L .N,K.L c(TwindowsTsystem.)Td?tms0t3dll E )**LH*LH*+ KN(.M 3 )**+HK*H)+ *,(NL .N,K.L c(TwindowsTsystem.)Td?tms0t3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L @.)MK) c(TwindowsTsystem.)TdllcacheTwininet3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL @.)MK) c(TwindowsTsystem.)Tdllc acheTwininet3dll E )**@HK)HKL K)(.* 3 )**+H*@H)M *+(K, .MN@KL c(TwindowsTsystem.)Tdllc acheTwinhttp3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL )..N,) c(TwindowsTsystem.)Tdllc acheTwe!chec/3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L )..N,) c(TwindowsTsystem.)TdllcacheTwe!c hec /3dll H )**,H*@HK. K@(NN 3 )**+H*@H)+ *,(.L K*M+@N c(TwindowsTsystem.)TdllcacheTurl3dll E )**,H*@HK. K@(NN 3 )**+HK*H)+ *,(NL K*M+@N c(TwindowsTsystem.)Tdllc acheTurl3dll E )**+HK*HK) K.(.@ 3 )**+HK*HK) K.(.@ KN+M*N c(TwindowsTsystem.)Tdllc acheTrastls3dll H )**,H*@HK. K@(NN 3 )**+H*@H)+ *,(.L K*)+K) c(TwindowsTsystem.)TdllcacheTocc ache3dll E )**,H*@HK. K@(NN 3 )**+HK*H)+ *,(NL K*)+K) c(TwindowsTsystem.)Tdllc acheToc cac he3dll E )**+HK*HK. K*(.* 3 )**+HK*HK. K*(.* ),*..L c(TwindowsTsystem.)Tdllc acheToa/ley3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL L,K).) c(TwindowsTsystem.)Tdllc acheTmstime3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L L,K).) c(TwindowsTsystem.)TdllcacheTmstime3dll E )**,H*@HK. K@(NN 3 )**+HK*H)+ *,(NL K+.*)N c(TwindowsTsystem.)Tdllc acheTmsratin&3dll H )**,H*@HK. K@(NN 3 )**+H*@H)+ *,(.L K+.*)N c(TwindowsTsystem.)TdllcacheTmsratin&3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L N,,L+L c(TwindowsTsystem.)TdllcacheTmshtmled3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL N,,L+L c(TwindowsTsystem.)Tdllc acheTmshtmled3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL NM+)LN c(TwindowsTsystem.)Tdllc acheTms0eeds3dll H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L NM+)LN c(TwindowsTsystem.)TdllcacheTms0eeds3dll E )**,H*@HK. K@(N. 3 )**+HK*H)@ *L(MN L.NL.) c(TwindowsTsystem.)Tdllc acheTie?plore3e?e H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L )L@)@@ c(TwindowsTsystem.)TdllcacheTiertutil3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL )L@)@@ c(TwindowsTsystem.)Tdllc acheTiertutil3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)+ *,(.L .@M*)N c(TwindowsTsystem.)TdllcacheTied/cs.)3dll E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL .@M*)N c(TwindowsTsystem.)Tdllc acheTied/c s.)3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL .@*+)@ c(TwindowsTsystem.)Tdllc acheTieap0ltr3dll H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L .@*+)@ c(TwindowsTsystem.)TdllcacheTieap0ltr3dll E )**,H*@HK. K,(ML 3 )**+HK*H)@ *L(M) KLK,+) c(TwindowsTsystem.)Tdllc acheTiea/ui3dll H )**,H*@HK. K,(ML 3 )**+H*@H), *M(K@ KLK,+) c(TwindowsTsystem.)TdllcacheTiea/ui3dll E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL ).*N** c(TwindowsTsystem.)Tdllc acheTiea/sie3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)+ *,(.L ).*N** c(TwindowsTsystem.)TdllcacheTiea/sie3dll E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL KM.*@@ c(TwindowsTsystem.)Tdllc acheTiea/en&3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)+ *,(.L KM.*@@ c(TwindowsTsystem.)TdllcacheTiea/en&3dll E )**+HK*H)* KL()* 3 )**+HK*H)* KL()* )LM,)@ c(TwindowsTsystem.)Tdllc acheThttp3sys E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL K..K)* c(TwindowsTsystem.)Tdllc acheTe?tm&r3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L K..K)* c(TwindowsTsystem.)TdllcacheTe?tm&r3dll H )**,H*@HK. K@(.M 3 )**+H*@H)+ *,(.L )KNM)@ c(TwindowsTsystem.)TdllcacheTd?trans3dll E )**,H*@HK. K@(.M 3 )**+HK*H)+ *,(NL )KNM)@ c(TwindowsTsystem.)Tdllc acheTd?trans3dll E )**,H*@HK. K@(.M 3 )**+HK*H)+ *,(NL .N,K.L c(TwindowsTsystem.)Tdllc acheTd?tms0t3dll H )**,H*@HK. K@(.M 3 )**+H*@H)+ *,(.L .N,K.L c(TwindowsTsystem.)TdllcacheTd?tms0t3dll E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL K)N+)@ c(TwindowsTsystem.)Tdllc acheTadvpac/3dll

E )**,H*@HK. K@(.+ 3 )**+HK*H)+ *,(NL K)N+)@ c(TwindowsTsystem.)Tdllc acheTadvpac/3dll H )**,H*@HK. K@(.+ 3 )**+H*@H)+ *,(.L K)N+)@ c(TwindowsTsystem.)TdllcacheTadvpac /3dll E )**.HK)HK@ K.()M 3 )**+HK*H)+ *,(NL K)N+)@ c(TwindowsTsystem.)Tadvpac/3dll H )**.HK)HK@ K.()M 3 )**+H*@H)+ *,(.L K)N+)@ c(TwindowsTsystem.)Tadvpac /3dll E )**+H*+H*+ KM(N* 3 )**+H*+H*+ KM(N* L.).)* c(TwindowsT1nstallerTdM!*,dM3msp H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. N*+L** c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+ST?licons3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) N*+L** c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+ST?licons3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. )@L,)* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STwordic on3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) )@L,)* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STwordicon3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) )N+@ML c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STpptico3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. )N+@ML c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STpptico3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) ,+NL)N c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STouticon3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. ,+NL)N c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STouticon3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. K.MKL@ c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STmisc3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) K.MKL@ c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STmisc 3e?e H )**@H*)HKK K@(.K 3 )**+HKKHK, )*(K. M+.+)* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STacc icons3e?e E )**@H*)HKK K@(.K 3 )**+HK)H)* ))(N) M+.+)* c(TwindowsT1nstallerTR+*KK*N*+HL***HKK'.H@CFFH*KM**N@.@.C+STac cic ons3e?e E )**,H*MHK* KN(.M 3 )**,H*MHK* KN(.M K)*KL* c(TwindowsT1nstallerT]$atchCache]T"ana&edT+*N*KK*+***L.'KKC@FFK**MN*.@.@+CTKK3*3@K,.T"SC4 V+,3'%% E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L @.)MK) c(TwindowsTie,updatesT5C+,L.)MH1F,Twininet3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L )..N,) c(TwindowsTie,updatesT5C+,L.)MH1F,Twe!c hec /3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L K*M+@N c(TwindowsTie,updatesT5C+,L.)MH1F,Turl3dll E )**+HK)H)* ))(NK 3 )**+H*MH)L KK(N* .@)@N* c(TwindowsTie,updatesT5C+,L.)MH1F,TspuninstTupdspapi3dll E )**+HK)H)* ))(NK 3 )**+H*MH)L KK(N* ).K)@@ c(TwindowsTie,updatesT5C+,L.)MH1F,TspuninstTspuninst3e?e E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L K*)+K) c(TwindowsTie,updatesT5C+,L.)MH1F,Toc cac he3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L L,K).) c(TwindowsTie,updatesT5C+,L.)MH1F,Tmstime3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L K+.*)N c(TwindowsTie,updatesT5C+,L.)MH1F,Tmsratin&3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L N,,L+L c(TwindowsTie,updatesT5C+,L.)MH1F,Tmshtmled3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L NM+)LN c(TwindowsTie,updatesT5C+,L.)MH1F,Tms0eeds3dll E )**+HK)H)* ))(NK 3 )**+H*@H), *M(K@ L.NLN@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tie?plore3e?e E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L )L@)@@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tiertutil3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L .@M*)N c(TwindowsTie,updatesT5C+,L.)MH1F,Tied/c s.)3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L .@*+)@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tieap0ltr3dll E )**+HK)H)* ))(N* 3 )**+H*@H), *M(K@ KLK,+) c(TwindowsTie,updatesT5C+,L.)MH1F,Tiea/ui3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L ).*N** c(TwindowsTie,updatesT5C+,L.)MH1F,Tiea/sie3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L KM.*@@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tiea/en&3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L K..K)* c(TwindowsTie,updatesT5C+,L.)MH1F,Te?tm&r3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L )KNM)@ c(TwindowsTie,updatesT5C+,L.)MH1F,Td?trans3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L .N,K.L c(TwindowsTie,updatesT5C+,L.)MH1F,Td?tms0t3dll E )**+HK)H)* ))(NK 3 )**+H*@H)+ *,(.L K)N+)@ c(TwindowsTie,updatesT5C+,L.)MH1F,Tadvpac/3dll E )**+HK*H)* KL()* 3 )**+HK*H)* KL()* )LM,)@ c(TwindowsT'river CacheTi.@LThttp3sys H )**LH*@H.* )*(N) 3 )**+H*@H)+ *,(.L KKL@.@N c(TwindowsTsystem.)Turlmon3dll E )**LH*@H.* )*(N) 3 )**+HK*H)+ *,(NL KKL@.@N c (TwindowsTsystem.)Turlmon3dll H )**LH*LH.* K*()@ 3 )**+HK*H)K *N(*@ .M+@..L c(TwindowsTsystem.)Tmshtml3dll E )**LH*LH.* K*()@ 3 )**+HK*H)+ *,(NL .M+@..L c (TwindowsTsystem.)Tmshtml3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL L*L,)** c (TwindowsTsystem.)Tie0rame3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L L*L,)** c(TwindowsTsystem.)Tie0rame3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL KKL@.@N c (TwindowsTsystem.)Tdllcac heTurlmon3dll H )**,H*@HK. K@(MN 3 )**+H*@H)+ *,(.L KKL@.@N c(TwindowsTsystem.)Tdllc acheTurlmon3dll H )**,H*@HK. K@(MN 3 )**+HK*H)K *N(*@ .M+@..L c(TwindowsTsystem.)Tdllc acheTmshtml3dll E )**,H*@HK. K@(MN 3 )**+HK*H)+ *,(NL .M+@..L c (TwindowsTsystem.)Tdllcac heTmshtml3dll E )**@H*)HKK )*(MM 3 )**+HK*H)+ *,(NL L*L,)** c (TwindowsTsystem.)Tdllcac heTie0rame3dll H )**@H*)HKK )*(MM 3 )**+H*@H)+ *,(.L L*L,)** c(TwindowsTsystem.)Tdllc acheTie0rame3dll E )**+HK)HKL ))(M@ 3 )**+HK)HKL ))(M@ M.@)KNN c (TwindowsT1nstallerTdM!*,c *3msp E )**+HKKH)* KM(** 3 )**+HKKH)* KM(** MM)KN*@ c (TwindowsT1nstallerTad@+*3msp E )**+HK)HK+ ))(K* 3 )**+HK)HK+ ))(K* K,M,L+L c (TwindowsT1nstallerT@)@N,..3msi E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L KKL@.@N c (TwindowsTie,updatesT5C+,L.)MH1F,Turlmon3dll E )**+HK)H)* ))(N* 3 )**+HK*H)K *N(*@ .M+@..L c (TwindowsTie,updatesT5C+,L.)MH1F,Tmshtml3dll E )**+HK)H)* ))(N* 3 )**+H*@H)+ *,(.L L*L,)** c (TwindowsTie,updatesT5C+,L.)MH1F,Tie0rame3dll E )**@H*)HKK K,()M 3 )**+HK)H*K )*(*L )M+LL*)N c(TwindowsTsystem.)T"RT3e?e 3 HH Snapshot reset to current date HH 3 9999999999999999999999999999999999999 Re& %oadin& $oints ================================================== 3 3 Q oteQ empty entries G le&it de0ault entries are not shown RF;F'1TN OH5FBJCURRF TJUSFRTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >T4SC'S$'>I>c(Tpro&ram 0ilesTT4SH1C:TT4SC'S$'Ttoscdspd3e?e> O)**.H*+H*M LMM.LP >S/ype>I>c(Tpro&ram 0ilesTS/ypeT$honeTS/ype3e?e> O)**@HKKH*, )KL...)*P OH5FBJ%4C:%J":CH1 FTS4FT8:RFT"icroso0tT8indowsTCurrentVersionTRunP >1&0?Tray>I>c (TwindowsTSystem.)Ti&0?tray3e?e> O)**.H*NH*, KMMLN@P >Hot5eysCmds>I>c(TwindowsTSystem.)Th/cmd3e?e> O)**.H*NH*, KKNL@@P >**THot/ey>I>c(TwindowsTSystem.)T**THot/ey3e?e> O)**.H*MH). )M.+M)P >***StTH5>I>***StTH53e?e> O)**KH*LH). )NM,LP >%TS""S;>I>%TS""S;3e?e> O)**.H*NHK@ .),L@P >:point>I>c(Tpro&ram 0ilesT:point)5T:point3e?e> O)**.H*,HK, KM+,NNP >TouchF'>I>c(Tpro&ram 0ilesTT4SH1C:TTouchF'TTouchF'3F?e> O)**.H*.HKK K))@@*P >$adTouch>I>c(Tpro&ram 0ilesTT4SH1C:T$adTouc hT$adF?e3e?e> O)**.HKKH)N K*K++*NP >TF FM>I>TF FM3e?e> O)**.HK*HKM ,.,)@P >T$S"ain>I>T$S"ain3e?e> O)**.HKKH), )LL)N*P >TFnc5y>I>TFnc 5y3e?e> OCUP >%o&itechCommunications"ana&er>I>c (Tpro&ram 0ilesTCommon FilesT%o&itec hT%Com"&rTCommunic ationsJHelper3e?e> O)**LH*LH)L N+,)**P >%o&itechVuic/CamRi!!on>I>c (Tpro&ram 0ilesT%o&itec hTVuic /CamK*TVuic/CamK*3e?e> O)**LH*LH)L LKN+L*P >%VC4"S->I>c(Tpro&ram 0ilesTCommon FilesT%o&itechT%Com"&rT%VComS-3e?e> O)**LH*LH)L )N.)N@P >wltray3e?e>I>c(TwindowsTsystem.)Twltray3e?e> O)**MH*LH*@ ,,@.K@P >$rinTray>I>c(TwindowsTSystem.)TspoolT'R1VFRST8.)-@LT)Tprintray3e?e> O)***H*NH)K .L@LNP ><one:larm Client>I>c(Tpro&ram 0ilesT<one %a!sT<one:larmTWlc lient3e?e> O)**+H*)HKM +@K.@NP >:V;+JTR:B>I>c(Tpro&raUKT:V;T:V;+Tav&tray3e?e> O)**+HK)HK@ )*..N.)P >SunJavaUpdateSc hed>I>c(Tpro&ram 0ilesTJavaTjreLT!inTjusched3e?e> O)**+HK)HK+ KN+)@*P OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTwindows ntTcurrentversionTwinlo&onTnoti0yTav&rsstarterP )**+HK*H)@ K@(.N K)NLN HHHHaHwH c(TwindowsTsystem.)Tav&rsst?3dll OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P

OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e :R"P )**+H*+H*N K)(*@ +.M)@@ HHHHaHrH c(Tpro&ram 0ilesTCommon FilesT:do!eT:R"TK3*T:do!e:R"3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T:do!e Reader Speed %auncherP )**+HK*H*. *N(*@ .ML+L HHHHaHwH c(Tpro&ram 0ilesT:do!eTReader +3*TReaderTreaderJsl3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ Component "ana&erP )**NH*MHK) KN(K@ )NKLLN HHHHaHwH c(Tpro&ram 0ilesTH$ThpcoretechThpc mpm&r3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TH$ So0tware UpdateP )**NH*)HK) K.(.@ N+KM) HHHHaHwH c(Tpro&ram 0ilesTH$TH$ So0tware UpdateThpwuSc hd)3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T%an&ua&eShortc utP )**LHK)H*M )K(MM MN@.) HHHHaHwH c(Tpro&ram 0ilesTCy!er%in/T$ower'V'T%an&ua&eT%an&ua&e3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&T4R:HSSSession"ana&erP )**,HK)HK) *+(M* K*,)N@ HHHHaHwH c(Tpro&ram 0ilesT4ran&eTSession"ana&erTSession"ana&er3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TRemoteControlP )**LHKKH). KN(K* ML+)@ HHHHHHwH c (Tpro&ram 0ilesTCy!er%in/T$ower'V'T$'V'Serv3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTshared toolsTmscon0i&Tstartupre&TSony Fricsson $C SuiteP )**MHK*H)L KM(K, KM+,NN HHHHaHrH c(Tpro&ram 0ilesTSony Fric ssonT"o!ile)T:pplication %auncherT:pplication %auncher3e?e OH5FBJ%4C:%J":CH1 FTso0twareTmic roso0tTsecurity centerT"onitorin&T<one%a!sFirewallP >'isa!le"onitorin&>Idword(*******K OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileP >Fna!leFirewall>I * 9*?*= OH5%"TUTservicesTsharedac cessTparametersT0irewallpolic yTstandardpro0ileT:uthoriWed:pplic ationsT%istP >YwindirYTTsystem.)TTsessm&r3e?e>I >YwindirYTT etwor/ 'ia&nostic TT?pnetdia&3e?e>I >c(TT81 '48STTsystem.)TT!c mwld)/3e?e>I >c(TT$ro&ram FilesTT4ran&eTTConnec tivityTTConnec tivity"ana&er3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&upd3e?e>I >c(TT$ro&ram FilesTT:V;TT:V;+TTav&ns?3e?e>I >c(TT$ro&ram FilesTTS/ypeTT$honeTTS/ype3e?e>I RK :v&%d?@LZ:V; :V1 %oader 'river ?@LZc (TwindowsTsystem.)TdriversTav&ld?@L3sys O))/*L/)**@ K)(.@ ...K+)P RK :v&Tdi-Z:V; Free etwor/ RedirectorZc(TwindowsTsystem.)TdriversTav&tdi?3sys O)@/K*/)**+ K@(.N .L*M@NP R) av&+wdZ:V; Free 8atch'o&Zc (Tpro&ram 0ilesT:V;T:V;+Tav&wdsvc3e?e O)@/K*/)**+ K@(.. )@M.+)P R. Coni0ayZConi0ayZc(TwindowsTsystem.)TdriversTConi0ay3sys OK+/*)/)**@ K@(KN K)KL*P S) &updateKc+a!d!N,ce.0.aZ;oo&le Update Service 9&updateKc +a!d!N,ce.0.a=Zc(Tpro&ram 0ilesT;oo&leTUpdateT;oo&leUpdate3e?e O)./*./)**+ K,(K, K..K*NP S. ;onWalesZ;onWalesZc(TwindowsTsystem.)TdriversT;onWales3sys OK+/*)/)**@ K@(KN ,*N*P S. s**K,!usZSony Fricsson 'evice **K, driver 98'"=Zc(TwindowsTsystem.)TdriversTs**K,!us3sys O)K/*M/)**+ )K()K @L@)NP S. s**K,md0lZSony Fricsson 'evice **K, USC 8"C "odem FilterZc(TwindowsTsystem.)TdriversTs**K,md0l3sys O)K/*M/)**+ )K()K KM*KLP S. s**K,mdmZSony Fric sson 'evice **K, USC 8"C "odem 'riverZc(TwindowsTsystem.)TdriversTs**K,mdm3sys O)K/*M/)**+ )K()K KKNL**P S. s**K,m&mtZSony Fric sson 'evice **K, USC 8"C 'evice "ana&ement 'rivers 98'"=Zc(TwindowsTsystem.)TdriversTs**K,m&mt3sys O)K/*M/)**+ )K()K K*@.)@P S. s**K,ndMZSony Fric sson 'evice **K, USC Fthernet Fmulation SF"C**K, 9 '1S=Zc (TwindowsTsystem.)TdriversTs**K,ndM3sys O)K/*M/)**+ )K()K )L*)NP S. s**K,o!e?ZSony Fric sson 'evic e **K, USC 8"C 4CF- 1nter0aceZc (TwindowsTsystem.)TdriversTs**K,o!e?3sys O)K/*M/)**+ )K()K K*NLKLP S. s**K,unic ZSony Fricsson 'evice **K, USC Fthernet Fmulation SF"C**K, 98'"=Zc(TwindowsTsystem.)TdriversTs**K,unic3sys O)K/*M/)**+ )K()K K*+,.LP S. <'K)KKCU9.C4" Corporation=Z.Com 400ic eConnect 8ireless MN"!ps KK& Compac t USC :dapter9.C4" Corporation=Zc(TwindowsTsystem.)TdriversT<'K)KKCU3sys OKK/*)/)**@ K@(*L N*)+NNP 3 HHHHHHH Supplementary Scan HHHHHHH 3 uStart $a&e I h??p(//www3tesc o3net/ u'e0aultJSearchJUR% I h??p(//www3&oo&le3com/ie mStart $a&e I h??p(//www3&oo&le3c om uSearc hUR%69'e0ault= I h??p(//www3&oo&le3c om/searc h#XIYs 1F( :dd to ;oo&le $hotos Sc reensaGver H c(TwindowsTsystem.)T;$hotos3scr/)** 1F( FG?port to "icroso0t F?cel H c(Tpro&raUKT"1CR4SU)T4FF1CFKKTF-CF%3F-F/.*** Trusted <one( tesc o3netTmem!erservices Trusted <one( tesc o3netTre&ister FF H $ro0ile$ath H c(Tdocuments and settin&sT:dministratorT:pplication 'ataT"oWillaTFire0o?T$ro0ilesT0mn@w)Lm3de0aultT FF H pre0s3js( !rowser3startup3homepa&e H h??p(//www3tesco3net/ FF H plu&in( c(Tpro&ram 0ilesT;oo&leT;oo&le FarthTplu&inTnp&eplu&in3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leT$ic asa.Tnp$ic asa.3dll FF H plu&in( c(Tpro&ram 0ilesT;oo&leTUpdateTK3)3K@.3K.Tnp;oo&le4neClic/@3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKK3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaK.3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $JavaKN3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $Java.)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $J$1KN)3dll FF H plu&in( c(Tpro&ram 0ilesTJavaTj)reK3N3)T!inT $4J1LK*3dll FF H HiddenF?tension( "icroso0t 3 FT Framewor/ :ssistant( R)*a@)LNMHc*+MHNLedH@*e.H*@@)M,L*M.N!S H c(TwindowsT"icroso0t3 FTTFramewor/Tv.3MT8indows $resentation FoundationT'ot et:ssistantF?tensionT 3 QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ catchme *3.3K.+@ 8)5/-$/Vista H root/it/stealth malware detec tor !y ;mer6 http(//www3&mer3net Root/it scan )**+HK)H)) )*(K@ 8indows M3K3)L** Service $ac/ . TFS sc annin& hidden processes 333 sc annin& hidden autostart entries 333 sc annin& hidden 0iles 333 sc an completed success0ully

sc an completed success0ully hidden 0iles( * QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ 3 Completion time( )**+HK)H)) )*()N(K, Com!oFi?HXuarantinedH0iles3t?t )**+HK)H)) )*()N Com!oFi?)3t?t )**+HK)HK@ *+()M Com!oFi?.3t?t )**+HK)HK, K@(.) $reHRun( KL6+M*6.K)6+L* !ytes 0ree $ostHRun( K,6*.M6),)6K+) !ytes 0ree H H Fnd 40 File H H +L,F:NMFNFK*CM@K')K'.FLFLMN*,F)M Upload was succ ess0ul "C:" IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII"alware!ytes2 :ntiH"alware K3N) 'ata!ase version( .NK* 8indows M3K3)L** Service $ac/ . 1nternet F?plorer ,3*3M,.*3K. ))/K)/)**+ )*(N.(K* m!amHlo&H)**+HK)H)) 9)*HN.HK*=3t?t Scan type( Vuic/ Scan 4!jects scanned( K*@)@@ Time elapsed( , minute9s=6 N. second9s= "emory $rocesses 1n0ected( * "emory "odules 1n0ec ted( * Re&istry 5eys 1n0ected( * Re&istry Values 1n0ected( * Re&istry 'ata 1tems 1n0ected( K Folders 1n0ected( * Files 1n0ected( * "emory $rocesses 1n0ected( 9 o malicious items detected= "emory "odules 1n0ec ted( 9 o malicious items detected= Re&istry 5eys 1n0ected( 9 o malicious items detected= Re&istry Values 1n0ected( 9 o malicious items detected= Re&istry 'ata 1tems 1n0ected( H5FBJCURRF TJUSFRTS4FT8:RFT"icroso0tTSec urity CenterTFirewall'isa!le oti0y 9'isa!led3SecurityCenter= H> Cad( 9K= ;ood( 9*= H> Vuarantined and deleted success0ully3 Folders 1n0ected( 9 o malicious items detected= Files 1n0ected( 9 o malicious items detected= JJJJJJJJJJJJJJJJJJ

12-24-2009, 06:21 AM

Clark !
Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Just to ma/e sure 1 understand c orrectly6 the pro!lems you are currently havin& is that start menu and tas/ !ar are not usa!le and not all your ic ons will appear on start up6 correc t# 1s there any other pro!lems#

$lease &o to( @irusTotal 4n the pa&e you2ll 0ind a >&rowse> !utton3 e?t to the !rowse !utton you2ll see a !o? to enter te?t3 $lease copy/paste the 0ollowin& in &O13( c#,windows,systemFG,dri6ers,HonBales.sys
Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

Then clic / the >Send -ile> !utton just !elow3 This will sc an the 0ile3 $lease !e patient3 4nce sc anned6 copy and paste the results in your ne?t reply3 10 VirusTotal is !usy6 try the same at 5otti JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

12-30-2009, 05:18 PM

Clark !
Security Team

"e# "Happy Hacked System" - Nepalloid problem with usrlogon.cmd

Security Team "oderator6 :nalyst Ran&emaster6 TSF :cademy

Still with me6 Cen# 1 &enerally unsu!scri!e 0rom threads a0ter , days o0 inactivity3 10 1 don2t receive a reply 0rom you within ) days o0 this post6 this topic will !e closed3

:ds !y ;oo &le

Rparer Erreur Windows %o&iciel $our ettoyer 8indow s3 Scan Systme ;ratuit3 Talachar&eW7
Join 'ate( Jun )**L %ocation( C leveland6 4hio $osts( )6@@+ OS( -$ $ro6 8indows ,6 Fedora

Systwe a/ 3co m /4 ptim ise rJ8 indows

JJJJJJJJJJJJJJJJJJ

$ roud "e m !e r o0 :S:$ $roud "e m !e r o0 U 1TF

[40 all the thin&s 12ve lost6 1 miss my mind the most\ H "ar/ Twain

Page 1 of 2 1 I OS4%VF'P ;oo&le 1nstaller Virus ^ :V; threat alerts E random 1F popups when 12m usuin& 0ire0o?3 J Posting Rules Bou Bou Bou Bou may may may may not not not not post new threads post replies post attachments edit your posts

CC code is on Smilies are on O1";P code is on HT"% code is O%% Trac/!ac/s are O%% $in&!ac/s are O%% Re0!ac/s are O%% Forum Rules

:ll times are ;"T H,3 The time now is *N(K, :"3

HH TSF H v)3*

Contact 9s - Tech Support -orum - Site ?ap - Community "ules - Terms o% Ser6ice - 7ri6acy - Top

C opyri&ht )**K H )*K*6 Tech Support Forum

8indows , H 8indows -$ H 8indows Vista H Trojan Removal H Spyware Removal H Virus Removal H

etwor/in& H Sec urity