TechSpot

Win XP eMachine seams to be dirty

By Problemsrbad
Jun 2, 2011
  1. This is my friends other desktop it is a Win XP emachines. Need some assistance on making sure its malware free please.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6750

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/2/2011 12:52:42 AM
    mbam-log-2011-06-02 (00-52-42).txt

    Scan type: Quick scan
    Objects scanned: 141916
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-02 01:01:29
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 Hitachi_HDT721016SLA380 rev.ST1OA31B
    Running: oib5cj6p.exe; Driver: C:\DOCUME~1\JAMES'~1\LOCALS~1\Temp\fxroiuog.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-01.06) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by JAMES'S BABII GIRL at 1:01:54 on 2011-06-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.368 [GMT -4:00]
    .
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0411&m=el1300g
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
    mWinlogon: UIHost=c:\windows\system32\logonuicpt.exe
    mWinlogon: SFCDisable=4 (0x4)
    BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
    uRun: [RocketDock] "c:\program files\custopacktools\utils\rocketdock\RocketDock.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\james's babii girl\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [TransBar] "c:\documents and settings\all users\custopacktools\softwares\transbar\TransBar.exe" /s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-1 353168]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
    R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2011-4-2 24576]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-1 366640]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-1 22712]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-3-13 14336]
    .
    =============== Created Last 30 ================
    .
    2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\winrm
    2011-06-02 03:26:59 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-06-02 03:26:51 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-06-02 02:11:36 -------- d-----w- c:\program files\TuneUpMedia
    2011-06-02 02:11:31 -------- d-----w- c:\documents and settings\james's babii girl\application data\TuneUpMedia
    2011-06-02 02:11:25 -------- d-----w- c:\documents and settings\all users\application data\TuneUpMedia
    2011-06-02 02:09:20 -------- d-----w- c:\documents and settings\james's babii girl\application data\Azureus
    2011-06-02 02:08:39 -------- d-----w- c:\program files\Vuze
    2011-06-01 23:38:45 -------- d-----w- C:\Torrent Magnets
    2011-06-01 23:35:21 -------- d-----w- c:\documents and settings\all users\application data\IObit
    2011-06-01 23:33:35 -------- d-----w- c:\documents and settings\james's babii girl\application data\Search Settings
    2011-06-01 23:33:31 -------- d-----w- c:\program files\Application Updater
    2011-06-01 23:33:30 -------- d-----w- c:\program files\IObit Toolbar
    2011-06-01 23:33:30 -------- d-----w- c:\program files\common files\Spigot
    2011-06-01 23:32:34 -------- d-----w- c:\documents and settings\james's babii girl\application data\IObit
    2011-06-01 23:32:32 -------- d-----w- c:\program files\IObit
    2011-06-01 23:30:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-01 22:25:06 -------- d-----w- c:\documents and settings\james's babii girl\application data\Malwarebytes
    2011-06-01 22:24:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-01 22:24:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-01 22:24:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-01 22:24:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-01 22:22:03 -------- d-----w- c:\documents and settings\james's babii girl\application data\Panda Security
    2011-06-01 22:20:13 -------- d-----w- c:\program files\Panda Security
    2011-06-01 22:20:13 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
    2011-06-01 22:18:27 -------- d-----w- C:\Program Installers
    2011-05-16 00:30:21 451 ----a-w- c:\program files\0515201120302095.bat
    2011-05-15 23:58:13 -------- d-----w- c:\program files\Oberon Media
    2011-05-15 23:58:00 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
    2011-05-15 23:57:48 -------- d-----w- c:\documents and settings\james's babii girl\application data\Oberon Media
    2011-05-15 23:57:41 -------- d-----w- c:\program files\common files\Oberon Media
    2011-05-15 23:54:30 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\Oberon Media
    2011-05-11 22:51:36 -------- d-----w- c:\program files\DVD Shrink
    2011-05-11 22:48:49 -------- d-----w- c:\documents and settings\james's babii girl\local settings\application data\WinZip
    2011-05-07 01:20:19 -------- d-----w- c:\program files\iPod
    2011-05-07 01:20:02 -------- d-----w- c:\program files\iTunes
    2011-05-07 01:16:19 -------- d-----w- c:\program files\Bonjour
    2011-05-06 01:56:26 -------- d-----w- c:\windows\ServicePackFiles
    .
    ==================== Find3M ====================
    .
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-04 21:02:35 2288640 ----a-w- c:\windows\system32\TUKernel.exe
    2011-04-04 19:52:22 218624 ----a-w- c:\windows\system32\uxtheme.dll
    2011-04-03 03:59:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-03 03:59:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    .
    ============= FINISH: 1:02:23.35 ===============
     
  2. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-01.06)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/2/2011 11:35:31 PM
    System Uptime: 6/2/2011 12:28:09 AM (1 hours ago)
    .
    Motherboard: eMachines | | WMCP61M
    Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 115.73 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&31AD995D&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&31AD995D&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP1: 4/2/2011 11:35:34 PM - System Checkpoint
    RP2: 4/2/2011 11:40:05 PM - Installed eMachines Recovery Management
    RP3: 4/2/2011 11:40:20 PM - Installed Acer Empowering Technology
    RP4: 4/2/2011 11:59:04 PM - Installed Java(TM) 6 Update 24
    RP5: 4/3/2011 12:38:15 AM - Removed Compatibility Pack for the 2007 Office system
    RP6: 4/3/2011 12:39:19 AM - Removed Microsoft Office Home and Student 2007
    RP7: 4/3/2011 12:46:53 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
    RP8: 4/3/2011 12:47:28 PM - Removed Microsoft Office Suite Activation Assistant.
    RP9: 4/3/2011 12:48:28 PM - Removed Microsoft Works
    RP10: 4/3/2011 12:52:37 PM - Software Distribution Service 3.0
    RP11: 4/3/2011 1:54:31 PM - Software Distribution Service 3.0
    RP12: 4/3/2011 2:49:03 PM - Software Distribution Service 3.0
    RP13: 4/3/2011 3:31:23 PM - Software Distribution Service 3.0
    RP14: 4/4/2011 4:49:07 PM - Installed TuneUp Utilities 2011
    RP15: 4/4/2011 6:02:45 PM - Installed WinZip 15.0
    RP16: 4/5/2011 8:31:40 PM - Installed iTunes
    RP17: 4/6/2011 8:34:46 PM - System Checkpoint
    RP18: 4/7/2011 8:33:43 PM - Installed Windows Media Player 11
    RP19: 4/7/2011 8:34:01 PM - Installed Windows XP Wudf01000.
    RP20: 4/7/2011 8:37:51 PM - Installed Windows XP MSCompPackV1.
    RP21: 4/8/2011 5:11:28 AM - Software Distribution Service 3.0
    RP22: 4/7/2011 6:52:23 PM - System Checkpoint
    RP23: 4/8/2011 9:24:23 PM - System Checkpoint
    RP24: 4/9/2011 3:12:28 PM - Norton Security Suite Registry
    RP25: 4/10/2011 3:16:14 PM - System Checkpoint
    RP26: 4/11/2011 4:39:06 PM - System Checkpoint
    RP27: 5/5/2011 9:55:05 PM - Software Distribution Service 3.0
    RP28: 5/6/2011 4:37:31 PM - Norton Security Suite Registry
    RP29: 5/8/2011 12:13:03 AM - System Checkpoint
    RP30: 5/11/2011 5:47:33 PM - Software Distribution Service 3.0
    RP31: 5/13/2011 3:22:03 AM - System Checkpoint
    RP32: 5/14/2011 3:48:23 AM - System Checkpoint
    RP33: 5/14/2011 9:48:46 PM - Norton Security Suite Registry
    RP34: 5/15/2011 10:28:22 PM - System Checkpoint
    RP35: 6/1/2011 6:11:24 PM - Removed TuneUp Utilities 2011
    RP36: 6/1/2011 6:11:45 PM - Removed TuneUp Utilities Language Pack (en-US)
    RP37: 6/1/2011 11:26:15 PM - Installed %1 %2.
    RP38: 6/1/2011 11:26:30 PM - Installed Windows XP Update for Microsoft Windows (KB971513).
    RP39: 6/1/2011 11:26:56 PM - Installed %1 %2.
    RP40: 6/1/2011 11:28:19 PM - Installed Windows XP KB2492386.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9.4.4
    Advanced SystemCare 4
    Agere Systems PCI-SV92EX Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Choice Guard
    CustoPackTools
    CyberLink DVD Suite
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD
    DVD Shrink 3.2
    eMachines Games
    eMachines Recovery Management
    FrostWire 4.21.7
    Game Booster
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    IObit Malware Fighter
    IObit Toolbar v4.4
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 5
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    NVIDIA Drivers
    Panda Cloud Antivirus
    Photodex Presenter
    ProShow Gold
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Segoe UI
    TuneUp Companion 2.0.9
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB951978)
    Vuze
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/2/2011 12:29:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    6/2/2011 12:29:49 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/2/2011 12:29:49 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    6/1/2011 7:29:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    6/1/2011 7:28:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    6/1/2011 7:28:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/1/2011 7:27:43 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    6/1/2011 6:15:12 PM, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    6/1/2011 11:00:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
    .
    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please tell me the symptoms are that you think the system is 'dirty'.
    ===============================
    I will comment though, that as long as the file sharing programs, Torrent Magnet, Azureus/Vuze, Vuze Toolbar and Frostwire are being used, your friend will continue to have a 'dirty' system. I can remove entries today that may easily be replaced tomorrow through use of those programs:
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest uninstalling these programs for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    ====================================
    Note: If you choose not to uninstall the file sharing programs, they must be disabled while we are cleaning.
    ==================================
    Recommend the IOBit program Advanced System Care be uninstalled. Neither the programs itself, nor the home download site is good for the system. Additionally, it bundles a program with it called SearchSettings which is considered a threat
    =======================================
    Using the Panda Cloud AV does not protect the system in the way that a resident AV would. Recommend replacing with either of these free and good AV programs:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast-Free Antivirus
    =======================================
    Part of Norton Internet Security is running and should be removed: Norton Removal Tool
    =======================================
    After you handle the above- including telling me what the problems are, run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ======================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please paste all logs into next reply.
     
  4. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    I think it may be dirty because it had a way out of date Norton security.

    C:\Documents and Settings\JAMES'S BABII GIRL\My Documents\Downloads\setup.exe Win32/Toolbar.Zugo application

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\windows\prefetch\keygen.exe-1f002736.pf
    c:\windows\prefetch\keygen.exe-37526a2c.pf
    scanner sequence 3.BD.11
    ----- EOF -----

    ComboFix 11-06-01.07 - JAMES'S BABII GIRL 06/02/2011 12:44:55.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.387 [GMT -4:00]
    Running from: c:\documents and settings\JAMES'S BABII GIRL\Desktop\ComboFix.exe
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\notepad.exe.bkpcpt
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://apnmedia.ask.com
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 15:42 . 2011-06-02 15:42 -------- d-----w- c:\program files\ESET
    2011-06-02 05:13 . 2011-06-02 05:13 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\IObit
    2011-06-02 03:26 . 2011-06-02 03:26 -------- d-----w- c:\windows\system32\winrm
    2011-06-02 03:26 . 2011-06-02 03:26 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-06-02 03:26 . 2011-06-02 03:27 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-06-02 02:09 . 2011-06-02 02:59 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus
    2011-06-02 02:08 . 2011-06-02 02:09 -------- d-----w- c:\program files\Vuze
    2011-06-01 23:38 . 2011-06-01 23:38 -------- d-----w- C:\Torrent Magnets
    2011-06-01 23:35 . 2011-06-01 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2011-06-01 23:33 . 2011-06-01 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
    2011-06-01 23:32 . 2011-06-01 23:35 -------- d-----w- c:\program files\IObit
    2011-06-01 23:30 . 2011-06-01 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-01 22:25 . 2011-06-01 22:25 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Malwarebytes
    2011-06-01 22:24 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-01 22:24 . 2011-06-01 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-01 22:24 . 2011-06-01 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-01 22:24 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-01 22:22 . 2011-06-01 22:22 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Panda Security
    2011-06-01 22:20 . 2011-06-01 22:20 -------- d-----w- c:\program files\Panda Security
    2011-06-01 22:20 . 2011-06-01 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2011-06-01 22:18 . 2011-06-02 00:12 -------- d-----w- C:\Program Installers
    2011-06-01 22:16 . 2011-06-01 22:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-05-16 00:30 . 2011-05-16 00:30 451 ----a-w- c:\program files\0515201120302095.bat
    2011-05-15 23:58 . 2011-05-16 00:30 -------- d-----w- c:\program files\Oberon Media
    2011-05-15 23:58 . 2011-05-16 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
    2011-05-15 23:57 . 2011-06-01 22:03 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Oberon Media
    2011-05-15 23:57 . 2011-05-15 23:57 -------- d-----w- c:\program files\Common Files\Oberon Media
    2011-05-15 23:54 . 2011-05-15 23:54 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Oberon Media
    2011-05-13 22:46 . 2011-05-13 22:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2011-05-11 22:51 . 2011-05-12 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2011-05-11 22:51 . 2011-05-11 22:51 -------- d-----w- c:\program files\DVD Shrink
    2011-05-11 22:48 . 2011-05-11 22:48 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\WinZip
    2011-05-07 01:20 . 2011-05-07 01:20 -------- d-----w- c:\program files\iPod
    2011-05-07 01:20 . 2011-06-02 02:12 -------- d-----w- c:\program files\iTunes
    2011-05-07 01:16 . 2011-05-07 01:16 -------- d-----w- c:\program files\Bonjour
    2011-05-06 01:56 . 2011-05-06 01:56 -------- d-----w- c:\windows\ServicePackFiles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-04 21:02 . 2011-04-04 21:02 2288640 ----a-w- c:\windows\system32\TUKernel.exe
    2011-04-04 19:52 . 2009-03-13 15:16 218624 ----a-w- c:\windows\system32\uxtheme.dll
    2011-04-03 03:59 . 2009-03-13 15:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-03 03:59 . 2011-04-03 03:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 14:10 . 2009-03-13 15:15 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2011-03-07 05:33 . 2009-03-13 15:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
    [-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
    .
    [-] 2008-04-14 . F16FB9505D3F21C37FA37B42C1CF601C . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . F16FB9505D3F21C37FA37B42C1CF601C . 975872 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 22:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 22:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "TransBar"="c:\documents and settings\All Users\CustoPackTools\Softwares\TransBar\TransBar.exe" [2005-06-01 65536]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,6c,\
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
    "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:32 PM 353168]
    R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [4/2/2011 11:40 PM 24576]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2011 6:24 PM 366640]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2011 6:24 PM 22712]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/13/2009 11:15 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-06-02 c:\windows\Tasks\ASC4_AutoCare.job
    - c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-06-01 18:46]
    .
    2011-06-02 c:\windows\Tasks\ASC4_AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-06-01 18:46]
    .
    2011-06-02 c:\windows\Tasks\ASC4_AutoUpdate.job
    - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-06-01 18:46]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822439336-2690133624-2694144459-1005Core.job
    - c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-04 07:10]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822439336-2690133624-2694144459-1005UA.job
    - c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-04 07:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 12:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    TransBar = "c:\documents and settings\All Users\CustoPackTools\Softwares\TransBar\TransBar.exe" /s?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-06-02 12:52:26
    ComboFix-quarantined-files.txt 2011-06-02 16:52
    .
    Pre-Run: 124,045,438,976 bytes free
    Post-Run: 124,093,829,120 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=QONT3M /Kernel=TUKernel.exe
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=QONT3M-BAK
    .
    - - End Of File - - E714FB5F2B24021B0F4E43D6C3417D02
     
  5. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    /bump I hope you have not forgot. :)
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\0515201120302095.bat
    c:\program files\IObit\Advanced SystemCare
    Folder::
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\IObit
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus
    c:\program files\Vuze
    C:\Torrent Magnets
    c:\documents and settings\All Users\Application Data\IObit
    c:\windows\system32\config\systemprofile\Application Data\Application Updater
    c:\program files\IObit
    c:\windows\system32\winrm
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TransBar"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=-
    "c:\\Program Files\\Vuze\\Azureus.exe"=-
    Driver::
    AdvancedSystemCareService
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Delete the Prefetch files:
    • Click on Start> Run> type in Prefetch> Enter
      [*]Press "Ctrl-A" to highlight all the files.
      [*]Press the Backspace button on the keyboard to Delete.

    =========================================
    Did you run the Eset scan? Log?
    ========================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ======================================
    Please do not bump the thread or send me a PM unless I have not replied for 2 days.
     
  7. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    yeah this is the eset log:
    C:\Documents and Settings\JAMES'S BABII GIRL\My Documents\Downloads\setup.exe Win32/Toolbar.Zugo application

    this is the other logs:
     
  8. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    ComboFix 11-06-01.07 - JAMES'S BABII GIRL 06/02/2011 23:46:59.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.426 [GMT -4:00]
    Running from: c:\documents and settings\JAMES'S BABII GIRL\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\JAMES'S BABII GIRL\Desktop\CFScript.txt
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    FILE ::
    "c:\program files\0515201120302095.bat"
    "c:\program files\IObit\Advanced SystemCare"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\IObit
    c:\documents and settings\All Users\Application Data\IObit\Game Booster\GameBooster.ini
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\.certs
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\.keystore
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\.lock
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\active\6D098963E8AF319B5CF9A8FEF530CD7070DB5A2B.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\active\cache.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\azureus.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\azureus.statistics
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\devices.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\dht\addresses.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\dht\contacts.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\dht\diverse.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\dht\general.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\downloads.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\ipfilter.cache
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\metasearch.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\net\pm_20115.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\net\pm_default.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\aefeatman_v\plugin.properties
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\aefeatman_v\plugin.properties_1.2
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\azupnpav\cd.dat
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\mlab\mlab_0.1.9.jar
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\mlab\mlab_0.1.9.zip
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\mlab\plugin.properties
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\sidebarauto.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\tables.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\torrents\Advanced System Care 3.7 keygen [h33t][terminator t-101].torrent
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\torrents\AZU3902427376347996833.tmp
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\torrents\AZU4529755843689526449.tmp
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\Azureus\VuzeActivities.config
    c:\documents and settings\JAMES'S BABII GIRL\Application Data\IObit
    c:\program files\0515201120302095.bat
    c:\program files\IObit
    c:\program files\IObit\Advanced SystemCare 4\About.dll
    c:\program files\IObit\Advanced SystemCare 4\ASC.exe
    c:\program files\IObit\Advanced SystemCare 4\ASCInit.exe
    c:\program files\IObit\Advanced SystemCare 4\ASCService.exe
    c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
    c:\program files\IObit\Advanced SystemCare 4\ASCv4ComputerMenu.dll
    c:\program files\IObit\Advanced SystemCare 4\ASCv4ComputerMenu_64.dll
    c:\program files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
    c:\program files\IObit\Advanced SystemCare 4\ASCv4ExtMenu_64.dll
    c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe
    c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe
    c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe
    c:\program files\IObit\Advanced SystemCare 4\ChangeType.exe
    c:\program files\IObit\Advanced SystemCare 4\checkinfo.txt
    c:\program files\IObit\Advanced SystemCare 4\cxLibraryD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\datastate.dll
    c:\program files\IObit\Advanced SystemCare 4\Def.dbd
    c:\program files\IObit\Advanced SystemCare 4\DiskMap.dll
    c:\program files\IObit\Advanced SystemCare 4\DiskScan.exe
    c:\program files\IObit\Advanced SystemCare 4\DriverData.db
    c:\program files\IObit\Advanced SystemCare 4\dxBarD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxComnD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxCoreD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxDockingD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxGDIPlusD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxSkinOffice2007BlueD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxSkinsCoreD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\dxThemeD12.bpl
    c:\program files\IObit\Advanced SystemCare 4\EULA.rtf
    c:\program files\IObit\Advanced SystemCare 4\fav.ico
    c:\program files\IObit\Advanced SystemCare 4\FfSweep.dll
    c:\program files\IObit\Advanced SystemCare 4\Freeware\ASC_FreeSoftwareDownloader.exe
    c:\program files\IObit\Advanced SystemCare 4\Freeware\Check.dll
    c:\program files\IObit\Advanced SystemCare 4\help.html
    c:\program files\IObit\Advanced SystemCare 4\images\dcScreen.png
    c:\program files\IObit\Advanced SystemCare 4\images\dcScreen2.png
    c:\program files\IObit\Advanced SystemCare 4\images\icon-dc.png
    c:\program files\IObit\Advanced SystemCare 4\images\icon-qc.png
    c:\program files\IObit\Advanced SystemCare 4\images\icon-tb.png
    c:\program files\IObit\Advanced SystemCare 4\images\icon-tbox.png
    c:\program files\IObit\Advanced SystemCare 4\images\main.png
    c:\program files\IObit\Advanced SystemCare 4\images\mainPro.png
    c:\program files\IObit\Advanced SystemCare 4\images\toolboxscreen.png
    c:\program files\IObit\Advanced SystemCare 4\images\turboboost.png
    c:\program files\IObit\Advanced SystemCare 4\Language\Arabic.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Belarusian.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Bulgarian.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\ChineseSimp.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\ChineseTrad.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Czech.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Danish.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Dutch.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\English.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\French.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\German.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Greek.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Hungarian.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Italiano.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Japanese.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Korean.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Polish.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\PortugueseBR.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Russian.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Serbian.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Spanish.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Swedish.lng
    c:\program files\IObit\Advanced SystemCare 4\Language\Turkish.lng
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\imagenews.png
    c:\program files\IObit\Advanced SystemCare 4\LatestNews\LatestNews.ini
    c:\program files\IObit\Advanced SystemCare 4\License.dat
    c:\program files\IObit\Advanced SystemCare 4\madbasic_.bpl
    c:\program files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
    c:\program files\IObit\Advanced SystemCare 4\madexcept_.bpl
    c:\program files\IObit\Advanced SystemCare 4\NtfsData.dll
    c:\program files\IObit\Advanced SystemCare 4\OFCommon.dll
    c:\program files\IObit\Advanced SystemCare 4\OFCommon3.dll
    c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe
    c:\program files\IObit\Advanced SystemCare 4\Register.exe
    c:\program files\IObit\Advanced SystemCare 4\RescueCenter.exe
    c:\program files\IObit\Advanced SystemCare 4\rtl120.bpl
    c:\program files\IObit\Advanced SystemCare 4\Scan.dll
    c:\program files\IObit\Advanced SystemCare 4\ScanCache.db
    c:\program files\IObit\Advanced SystemCare 4\sqlite3.dll
    c:\program files\IObit\Advanced SystemCare 4\StartMenu.exe
    c:\program files\IObit\Advanced SystemCare 4\Suc10_RegistryCleaner.exe
    c:\program files\IObit\Advanced SystemCare 4\Suc11_PrivacySweeper.exe
    c:\program files\IObit\Advanced SystemCare 4\Suc12_Uninstal.exe
    c:\program files\IObit\Advanced SystemCare 4\Suc13_DiskCleaner.exe
    c:\program files\IObit\Advanced SystemCare 4\Suc14_FileShredder.exe
    c:\program files\IObit\Advanced SystemCare 4\Sun10_ClonedFilesScanner.exe
    c:\program files\IObit\Advanced SystemCare 4\Sun11_DiskExplorer.exe
    c:\program files\IObit\Advanced SystemCare 4\Sun12_SystemInformation.exe
    c:\program files\IObit\Advanced SystemCare 4\Sun13_EmptyFoldersScanner.exe
    c:\program files\IObit\Advanced SystemCare 4\Sun14_SystemControl.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo11_InternetBooster.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo12_StartupManager.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo13_RegistryDefrag.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo14_SmartDefrag.exe
    c:\program files\IObit\Advanced SystemCare 4\Suo15_GameBooster.exe
    c:\program files\IObit\Advanced SystemCare 4\Sur10_Undelete.exe
    c:\program files\IObit\Advanced SystemCare 4\Sur11_ShortcutFixer.exe
    c:\program files\IObit\Advanced SystemCare 4\Sur12_DiskDoctor.exe
    c:\program files\IObit\Advanced SystemCare 4\Sur13_WinFix.exe
    c:\program files\IObit\Advanced SystemCare 4\Sur14_IEHelper.exe
    c:\program files\IObit\Advanced SystemCare 4\Sus10_SecurityHolesScanner.exe
    c:\program files\IObit\Advanced SystemCare 4\Sus11_ProcessManager.exe
    c:\program files\IObit\Advanced SystemCare 4\Sus12_DriverManager.exe
    c:\program files\IObit\Advanced SystemCare 4\Sus13_IMF.exe
    c:\program files\IObit\Advanced SystemCare 4\taskMgr.dll
    c:\program files\IObit\Advanced SystemCare 4\TaskSchedule.exe
    c:\program files\IObit\Advanced SystemCare 4\TbFfSweep.dll
    c:\program files\IObit\Advanced SystemCare 4\TbFileSweep.dll
    c:\program files\IObit\Advanced SystemCare 4\Test.log
    c:\program files\IObit\Advanced SystemCare 4\ToolBox.exe
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Arabic.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Belarusian.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Bulgarian.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\ChineseSimp.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\ChineseTrad.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Czech.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\English.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\French.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\German.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Hungarian.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Italiano.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Japanese.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Korean.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Polish.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Russian.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Serbian.LNG
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Spanish.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_Language\Turkish.lng
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_UI\img\btn-bg.png
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_UI\img\menu-bg.png
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_UI\Index.html
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_UI\js\jquery-1.4.2.min.js
    c:\program files\IObit\Advanced SystemCare 4\Toolbox_UI\Recently.html
    c:\program files\IObit\Advanced SystemCare 4\TurboBoost.exe
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Asia\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Setting_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Setting_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Black\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Blue\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\China\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\China\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\China\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\China\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\China\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Cute\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Default\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\js\jquery.easing.1.3.js
     
  9. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    c:\program files\IObit\Advanced SystemCare 4\UI\Flat\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Maya\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Metal\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Office\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnMLDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnMLNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnMLOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Public\upgrade\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\appimages\UpgraudD.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\White\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\White\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\White\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\White\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\White\main.html
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Back_Disable.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Back_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Back_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Back_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_BackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Btn_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\BtnStop_Down.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\BtnStop_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\BtnStop_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\btnUpgradeNormal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\btnUpgradeOver.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\CareBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\CareWorkBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\CheckBox_Checked.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\CheckBox_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Close_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Close_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Img_Error.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Img_NoProblem.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Layout.ini
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Main_Shade.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Min_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Min_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\More_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\More_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Preview.jpg
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ProgressBarBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ProgressBarInnerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ProgressBarInnerLeft.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ProgressBarInnerMid.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ProgressBarInnerRight.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Rescue_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Rescue_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ScannerBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\ScanningBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Skin_Move.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\Skin_Normal.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\TopBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\TrackBar.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\appimages\TrackBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\css\css.css
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\btnUpgradeDown.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\clear.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\dailycare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\deepcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\halo.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\hints.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\MainBG.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\quickcare.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\shadow.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\tip215.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\toolBox.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\toolboxs.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\transparent.gif
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\turboboostoff.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\images\turbobooston.png
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\js\action.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\js\action1.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\js\jquery-1.4.2.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\js\jquery.easing.1.3.js
    c:\program files\IObit\Advanced SystemCare 4\UI\Wood\main.html
    c:\program files\IObit\Advanced SystemCare 4\UnDelete.dll
    c:\program files\IObit\Advanced SystemCare 4\unins000.dat
    c:\program files\IObit\Advanced SystemCare 4\unins000.exe
    c:\program files\IObit\Advanced SystemCare 4\unins000.msg
    c:\program files\IObit\Advanced SystemCare 4\Update\Update.Ini
    c:\program files\IObit\Advanced SystemCare 4\vcl120.bpl
    c:\program files\IObit\Advanced SystemCare 4\vclx120.bpl
    c:\program files\IObit\Advanced SystemCare 4\Wizard.exe
    c:\program files\IObit\Game Booster\license.dat
    c:\program files\IObit\IObit Malware Fighter\license.dat
    c:\program files\IObit\IObit Malware Fighter\Quarantine Zone\info.db
    c:\program files\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
    c:\program files\Vuze
    c:\program files\Vuze\.install4j\_shfoldr.dll
    c:\program files\Vuze\.install4j\autoUninstall.0
    c:\program files\Vuze\.install4j\files.log
    c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_1_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_13_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_14_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_15_5p83tu_1q2vg51.png
    c:\program files\Vuze\.install4j\i4j_extf_16_5p83tu_1rjd818.png
    c:\program files\Vuze\.install4j\i4j_extf_17_5p83tu_qin5kk.png
    c:\program files\Vuze\.install4j\i4j_extf_18_5p83tu_xza4ha.png
    c:\program files\Vuze\.install4j\i4j_extf_19_5p83tu.exe
    c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_20_5p83tu_19c5po3.png
    c:\program files\Vuze\.install4j\i4j_extf_21_5p83tu_1dcx5tw.png
    c:\program files\Vuze\.install4j\i4j_extf_22_5p83tu.html
    c:\program files\Vuze\.install4j\i4j_extf_23_5p83tu_2p31hf.png
    c:\program files\Vuze\.install4j\i4j_extf_24_5p83tu.html
    c:\program files\Vuze\.install4j\i4j_extf_25_5p83tu_rz1c2y.png
    c:\program files\Vuze\.install4j\i4j_extf_26_5p83tu_bm8amj.ico
    c:\program files\Vuze\.install4j\i4j_extf_27_5p83tu.exe
    c:\program files\Vuze\.install4j\i4j_extf_28_5p83tu.dll
    c:\program files\Vuze\.install4j\i4j_extf_29_5p83tu.dll
    c:\program files\Vuze\.install4j\i4j_extf_3_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_30_5p83tu_1efhqvy.png
    c:\program files\Vuze\.install4j\i4j_extf_31_5p83tu_10qu06u.png
    c:\program files\Vuze\.install4j\i4j_extf_32_5p83tu.exe
    c:\program files\Vuze\.install4j\i4j_extf_33_5p83tu_1pn3dfg.png
    c:\program files\Vuze\.install4j\i4j_extf_34_5p83tu_z1x7tn.png
    c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_5_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_7_5p83tu.properties
    c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
    c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu.properties
    c:\program files\Vuze\.install4j\i4jdel.exe
    c:\program files\Vuze\.install4j\i4jinst.dll
    c:\program files\Vuze\.install4j\i4jparams.conf
    c:\program files\Vuze\.install4j\i4jruntime.jar
    c:\program files\Vuze\.install4j\inst_jre.cfg
    c:\program files\Vuze\.install4j\install.prop
    c:\program files\Vuze\.install4j\installation.log
    c:\program files\Vuze\.install4j\MessagesDefault
    c:\program files\Vuze\.install4j\response.varfile
    c:\program files\Vuze\.install4j\unicows.dll
    c:\program files\Vuze\.install4j\user.jar
    c:\program files\Vuze\aereg.dll
    c:\program files\Vuze\aereg64.dll
    c:\program files\Vuze\Azureus.exe
    c:\program files\Vuze\Azureus.exe.manifest
    c:\program files\Vuze\Azureus.exe.vmoptions
    c:\program files\Vuze\Azureus.properties
    c:\program files\Vuze\Azureus2.jar
    c:\program files\Vuze\AzureusUpdater.exe
    c:\program files\Vuze\installer.log
    c:\program files\Vuze\plugins\azitunes\azitunes_0.2.3.jar
    c:\program files\Vuze\plugins\azitunes\azureus.sig
    c:\program files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
    c:\program files\Vuze\plugins\azitunes\jacob_1.14.3.jar
    c:\program files\Vuze\plugins\azitunes\libProcessAccess.dll
    c:\program files\Vuze\plugins\azitunes\libProcessAccess_0.1.2.jar
    c:\program files\Vuze\plugins\azitunes\plugin.properties
    c:\program files\Vuze\plugins\azplugins\azplugins_2.1.6.jar
    c:\program files\Vuze\plugins\azrating\azrating_1.3.1.jar
    c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.17.jar
    c:\program files\Vuze\plugins\azupdater\azureus.sig
    c:\program files\Vuze\plugins\azupdater\plugin.properties
    c:\program files\Vuze\plugins\azupdater\Updater.jar
    c:\program files\Vuze\plugins\azupnpav\azupnpav_0.3.7.jar
    c:\program files\Vuze\plugins\azupnpav\azureus.sig
    c:\program files\Vuze\plugins\azupnpav\plugin.properties
    c:\program files\Vuze\swt.jar
    c:\program files\Vuze\uninstall.exe
    c:\program files\Vuze\Vuze.ico
    C:\Torrent Magnets
    c:\torrent magnets\Advanced System Care 3.7 keygen [h33t][terminator t-101].torrent
    c:\windows\system32\config\systemprofile\Application Data\Application Updater
    c:\windows\system32\winrm
    c:\windows\system32\winrm\0409\winrm.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ADVANCEDSYSTEMCARESERVICE
    -------\Service_AdvancedSystemCareService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 19:44 . 2011-06-02 19:44 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\TeamViewer
    2011-06-02 19:44 . 2011-06-03 00:17 -------- d-----w- c:\program files\TeamViewer
    2011-06-02 15:42 . 2011-06-02 15:42 -------- d-----w- c:\program files\ESET
    2011-06-02 03:26 . 2011-06-02 22:21 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-06-02 03:26 . 2011-06-02 03:27 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-06-01 23:30 . 2011-06-01 23:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-01 22:25 . 2011-06-01 22:25 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Malwarebytes
    2011-06-01 22:24 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-01 22:24 . 2011-06-01 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-01 22:24 . 2011-06-01 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-01 22:24 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-01 22:22 . 2011-06-01 22:22 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Panda Security
    2011-06-01 22:20 . 2011-06-01 22:20 -------- d-----w- c:\program files\Panda Security
    2011-06-01 22:20 . 2011-06-01 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2011-06-01 22:18 . 2011-06-03 03:42 -------- d-----w- C:\Program Installers
    2011-06-01 22:16 . 2011-06-01 22:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-05-15 23:58 . 2011-05-16 00:30 -------- d-----w- c:\program files\Oberon Media
    2011-05-15 23:58 . 2011-05-16 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
    2011-05-15 23:57 . 2011-06-01 22:03 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Application Data\Oberon Media
    2011-05-15 23:57 . 2011-05-15 23:57 -------- d-----w- c:\program files\Common Files\Oberon Media
    2011-05-15 23:54 . 2011-05-15 23:54 -------- d-----w- c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Oberon Media
    2011-05-13 22:46 . 2011-05-13 22:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2011-05-11 22:51 . 2011-05-12 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2011-05-11 22:51 . 2011-05-11 22:51 -------- d-----w- c:\program files\DVD Shrink
    2011-05-07 01:20 . 2011-05-07 01:20 -------- d-----w- c:\program files\iPod
    2011-05-07 01:20 . 2011-06-02 02:12 -------- d-----w- c:\program files\iTunes
    2011-05-07 01:16 . 2011-05-07 01:16 -------- d-----w- c:\program files\Bonjour
    2011-05-06 01:56 . 2011-05-06 01:56 -------- d-----w- c:\windows\ServicePackFiles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-04 21:02 . 2011-04-04 21:02 2288640 ----a-w- c:\windows\system32\TUKernel.exe
    2011-04-04 19:52 . 2009-03-13 15:16 218624 ----a-w- c:\windows\system32\uxtheme.dll
    2011-04-03 03:59 . 2009-03-13 15:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-03 03:59 . 2011-04-03 03:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 14:10 . 2009-03-13 15:15 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2011-03-07 05:33 . 2009-03-13 15:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
    [-] 2009-08-07 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
    .
    [-] 2008-04-14 . F16FB9505D3F21C37FA37B42C1CF601C . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . F16FB9505D3F21C37FA37B42C1CF601C . 975872 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 22:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 22:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,6c,\
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
    "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
    R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [4/2/2011 11:40 PM 24576]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2011 6:24 PM 366640]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/2010 6:19 PM 140608]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2011 6:24 PM 22712]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/13/2009 11:15 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822439336-2690133624-2694144459-1005Core.job
    - c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-04 07:10]
    .
    2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822439336-2690133624-2694144459-1005UA.job
    - c:\documents and settings\JAMES'S BABII GIRL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-04 07:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe
    AddRemove-Advanced SystemCare 4_is1 - c:\program files\IObit\Advanced SystemCare 4\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 23:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2560)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\WININET.dll
    c:\program files\CustoPackTools\utils\RocketDock\RocketDock.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Photodex\ProShowGold\ScsiAccess.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-03 00:01:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-03 04:01
    ComboFix2.txt 2011-06-02 16:52
    .
    Pre-Run: 124,169,740,288 bytes free
    Post-Run: 124,070,322,176 bytes free
    .
    - - End Of File - - 2B28236FA37D66CFB13933130796B59C
     
  10. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:11:12 AM, on 6/3/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\JAMES'S BABII GIRL\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe"
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

    --
    End of file - 7074 bytes
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Looks good! How is the system running?

    Just one removal
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Documents and Settings\JAMES'S BABII GIRL\My Documents\Downloads\setup.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). You don't need to leave this log.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==================================================
    If there are no more problems: You can remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ===========================================
    Please get some security on the system. Here are suggestions:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    6. Do regular Maintenance
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
     
  12. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    System is runing better now. Glad it could be cleand! Thanks a lot man!
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Glad to help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...