MD5: 13e171493337613a9e327983e265aabd
SHA1: 00af88651e047524b8ffbce2a01f550e3deaa87f
SHA256: 96129d9f0d188b9fd029093bb598955b5f7f98d2dd1e9660d5d9a55f10858a28
SSDeep: 196608:Eti1QBW/D4NK4wWwSQv60wsPL1xnd8kF77NOLhzXtIP1F 6ey77W81ipX23WT UU:fDIKrvjf3d8Q77NOJ9Ie5IqXVafv
Size: 14653600 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, BorlandDelphiv30, UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1004
Love.exe:860
netsh.exe:1516
IObit.Driver.Booster.PRO.3.0.3.261.exe:444
IObit.Driver.Booster.PRO.3.0.3.261.tmp:500

The Trojan injects its code into the following process(es):

Spark.exe:872
DBInstaller.exe:1592

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.ini (3 bytes)
%Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.exe (1976 bytes)
%System%\Love.exe (31 bytes)
%System%\IObit.Driver.Booster.PRO.3.0.3.261.exe (76821 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\$inst (0 bytes)

The process Spark.exe:872 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\7cae2ebe5541a32b7f108ae15bd707dd.exe (31 bytes)

The process DBInstaller.exe:1592 makes changes in the file system.
The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DBInstaller.madExcept (0 bytes)

The process Love.exe:860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Spark.exe (31 bytes)

The process IObit.Driver.Booster.PRO.3.0.3.261.exe:444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-FFBA0.tmp\IObit.Driver.Booster.PRO.3.0.3.261.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-FFBA0.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-FFBA0.tmp\IObit.Driver.Booster.PRO.3.0.3.261.tmp (0 bytes)

The process IObit.Driver.Booster.PRO.3.0.3.261.tmp:500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DBInstaller.exe (17072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DriverBooster.exe (32763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Setup Log 2015-12-26 #001.txt (5551 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\RdZone.dll (673 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DBInstaller.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DriverBooster.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\RdZone.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\_isetup\_shfoldr.dll (0 bytes)

Registry activity

The process %original file name%.exe:1004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"VersionMajor" = "3"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"love.exe" = "Love"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"Language" = "1025"
"InstallDate" = "20151226"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"InstallSource" = "c:\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"Publisher" = "IObit"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"IObit.Driver.Booster.PRO.3.0.3.261.exe" = "Driver Booster 3 Setup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"UninstallString" = "%Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"EstimatedSize" = "14107"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"NoRepair" = "1"

"DisplayVersion" = "3.0.3.261"
"VersionMinor" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 A2 06 45 78 6D 65 25 F2 88 81 E3 D2 C2 5D 71"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"DisplayIcon" = "%Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.exe"
"URLInfoAbout" = "http://www.IObit.com/"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"InstallLocation" = "%Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261]
"NoModify" = "1"
"DisplayName" = "IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.0.3.261"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process Spark.exe:872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 11 0C EB 26 D9 3E F3 93 87 16 1A 48 55 D6 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Environment]
"SEE_MASK_NOZONECHECKS" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7cae2ebe5541a32b7f108ae15bd707dd" = "%Documents and Settings%\%current user%\Application Data\Spark.exe .."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"7cae2ebe5541a32b7f108ae15bd707dd" = "%Documents and Settings%\%current user%\Application Data\Spark.exe .."

The process DBInstaller.exe:1592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 51 03 D5 AA FF 7A A5 D9 D9 7B 27 2D C6 E7 C3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

The process Love.exe:860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 BB 21 42 45 11 7E B2 2E 4C 21 99 46 A2 1D 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data]
"Spark.exe" = "Love"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process netsh.exe:1516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB F8 2F 0D 78 1D CC 28 E8 37 F2 36 57 F0 36 59"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data]
"Spark.exe" = "%Documents and Settings%\%current user%\Application Data\Spark.exe:*:Enabled:Spark.exe"

The process IObit.Driver.Booster.PRO.3.0.3.261.exe:444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 8F F7 46 EB EA 65 9A 0B 75 25 A2 73 94 B3 5F"

The process IObit.Driver.Booster.PRO.3.0.3.261.tmp:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 49 E0 2C 6E ED 8F 7B 6B 84 A8 20 D1 DE ED 8F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\is-9LJN0.tmp]
"DBInstaller.exe" = "Driver Booster Installer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: IObit
Product Name:
Product Version:
Legal Copyright: IObit
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.0.3.261
File Description: IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key 3.
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

.text

`.itext

`.data

.idata

.edata

@.tls

.rdata

@.reloc

B.rsrc

Windows

;!199{199

;0!8&2{199

Windows 95

Windows 95 OSR-2

Windows 98

Windows 98 SE

Windows ME

Windows 9x New

Windows NT 3

Windows NT 4

Windows 2000

Windows XP

Windows 2003

Windows Vista

Windows 2008

Windows 7

Windows 2008 R2

Windows NT New

user.exe

TMsgHandlers

madToolsMsgHandlerWindow

madToolsMsgHandlerMutex

cmovÌ

setÌ

pop %seg

push %seg

VVV.madshi.net

.data

.jdbg

Uh%xB

madExcept.HandleContactForm

madExcept.HandleScreenshotForm

.madExcept

The import table is invalid.

%exceptMsg%

%bugReport%

Úte%

Útetime%

%userappdata%

%commonappdata%

UhW%C

MailAsSmtpServer

MailAsSmtpClient

UploadViaHttp

SmtpServer

SmtpPort

SmtpAccount

SmtpPassword

HttpServer

HttpPort

HttpAccount

HttpPassword

bugreport.txt

screenshot.png

ExceptMsg

FrozenMsg

BitFaultMsg

send bug report

save bug report

print bug report

show bug report

continue bug report

restart bug report

close bug report

bug report

please find the bug report attached

Sending bug report...

PrepAttMsg

MxLookMsg

ConnMsg

AuthMsg

SendMailMsg

FieldMsg

SendAttMsg

SendFinalMsg

SendFailMsg

Sorry, sending the bug report didn't work.

TDABugReportCallback

TDABugReportCallbackOO

screenShot.bmp

VVV.google.de

SMTP:

Tcpip\Parameters

VxD\MSTCP

A.ROOT-SERVERS.NET

K.ROOT-SERVERS.NET

VVV.madshi.net_multipart_boundary

LOGIN

AUTH LOGIN

http=

HTTP/1.1

*.txt

TSendBugReportExRec

BugReport

screenShot.png

<tr><td><button onClick="history.back();" style="height:19.5pt;"> 

<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 

<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;

Software\Microsoft\Windows

operating system

GetThreadReport

GetCpuRegisters

kernel32.dll

user32.dll

internal error. please notify [email protected]

HardWareKey

ENoMonitorSupportException

.uvCOu

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

Uh4%F

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

EInvalidGraphicOperation

ssHorizontal

OnKeyDown

OnKeyPressh

OnKeyUp

TCustomButton.TButtonStyle

Proportional

Uh.TJ

AutoHotkeys

Leftp

TKeyEvent

TKeyPressEvent

HelpKeyword

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview0

WindowState

comctl32.dll

PasswordChar

EIdCanNotBindPortInRange

EIdInvalidPortRange

TIdSocketListWindows

TIdStackWindowsU

EIdIPVersionUnsupported8

ftpTransfer

ftpReady

ftpAborted

ClientPortMin

ClientPortMax

Port

EIdPortRequired

EIdTCPConnectionError

EIdObjectTypeNotSupported

Portl

"EIdTransparentProxyUDPNotSupported

TIdTCPClientCustom

TIdTCPClientCustomTIR

IdTCPClient

TIdTCPClient

BoundPortl

%EIdSocksUDPNotSupportedBySOCKSVersion

saUsernamePassword

Password

BoundPort

DefaultPort

TIdTCPConnection

IdTCPConnection

IdHTTPHeaderInfo

ProxyPasswordl

ProxyPort

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile

OnGetPassword8

EIdOSSLLoadingRootCertError8!T

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

TIdHTTPOption

IdHTTP

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnRedirectEvent

TIdHTTPOnHeadersAvailable

TIdHTTPResponse

TIdHTTPResponse@VT

TIdHTTPRequest

TIdHTTPProtocol8XT

TIdCustomHTTP

TIdCustomHTTP8XT

TIdHTTP<ZT

TIdHTTP|YT

HTTPOptions

EIdHTTPProtocolException

imgWindows

.TEnumerator<SendStatistics.TSendStatisticsThd>

.TEnumerable<SendStatistics.TSendStatisticsThd>

,:TList<SendStatistics.TSendStatisticsThd>.:1

,IComparer<SendStatistics.TSendStatisticsThd>

4TList<SendStatistics.TSendStatisticsThd>.TEnumerator

(TList<SendStatistics.TSendStatisticsThd>

,TComparer<SendStatistics.TSendStatisticsThd>

,:TList<SendStatistics.TSendStatisticsThd>.:3

6666666666666666

1.2.3

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

.AUi|

LRap

!$'*-147

"$') -02469;=?

"$&( -/1468:

!$&(*-/135

!#&(*,.1

!"#%&'(* ,-/01345689:;=>?@

!"#$&'(* ,-.01245678:;<>?

!"#$&'() ,-.012346789;<=

"#$%'()*,-./12345789:<

!#$%&()* -./02345689:

!#$%&')* ,./01245679

!"$%&'(* ,-/0123567

!"#%&'(* ,-.012346

!"#$&'() ,-./1234

!"#$%'()*,-./023

!"#$%'()* ,./01

"#$%&()* ,-/0

!#$%&')* ,-.

!"$%&'(* ,-

!"#%&'()*,

!"#$&'()*

!"#$%'()

?456789:;<=

!"#$%&'()* ,-./0123

oleaut32.dll

advapi32.dll

RegOpenKeyExW

RegCloseKey

GetKeyboardType

UnhookWindowsHookEx

SetWindowsHookExW

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjects

MapVirtualKeyW

LoadKeyboardLayoutW

GetKeyboardState

GetKeyboardLayoutNameW

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextW

EnumWindows

EnumThreadWindows

EnumChildWindows

ActivateKeyboardLayout

msimg32.dll

gdi32.dll

SetViewportOrgEx

GetViewportOrgEx

version.dll

GetWindowsDirectoryA

GetCPInfo

CreatePipe

RegQueryInfoKeyW

RegOpenKeyExA

RegFlushKey

RegEnumKeyA

RegCreateKeyExA

RegCreateKeyExW

wsock32.dll

shell32.dll

ShellExecuteExA

ShellExecuteA

ShellExecuteW

ole32.dll

comdlg32.dll

winspool.drv

shlwapi.dll

DBInstaller.exe

2#2/2:2[2

3"4'4[4`4

? ?$?(?,?0?4?8?<?

2#2'2 2/23272;2

? ?$?(?,?

2 2$2(2,2024282<2@2

55O5Z5d5n5}5

30444<4@4

7*8.828:8@8

0)1.12161<1

; ;$;(;,;0;4;8;<;

0-090W0c0}0

4!4C474;4\4|4

6h6S6a6m6{6

8~:);:???

: :$:(:6:

4 4$4(4,4044484

8œ9r9

0 0$0(0,0004080<0@0

?!?%?)?-?1?5?

6}7

= =$=(=,=0=4=

2/2T2c2z2

? ???^?}?

0 0$0(0,0004080<0@0`0

1 1$1(1,1014181<1@1\1|1

2 2$2(2,2024282\2|2

8)8-818{8

<(=/=6=">)>

0 0$0(0,0

2(2-222~2

3?3j3

= =$=(=,=0=4=8=<=@=

ldV.JP

zV.PS

~\.nm

]gCRT

'-Q}]$

r.xhC

.sL#D

m 0.SR

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

3333333

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

H%%xa11

 ....1110

 098:903

/09::::54

KWindows

UrlMon

IdStackWindows

 IdTCPServer

IdCustomTCPServer

0IdHTTPHeaderInfo

CGenerics.Defaults

Generics.Collections

ziTXtXML:com.adobe.xmp

<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">

<rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">

xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/">

xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/">

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Picture.Data

niTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:1E2AD51D2BA411E5BDC0A154452A3CD5" xmpMM:InstanceID="xmp.iid:1E2AD51C2BA411E5BDC0A154452A3CD5" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:d8850dbb-ee76-db42-9ef0-7d219bf4328a" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>S

ImageNormal.Data

iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0D75D13BA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0D75D13AA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

ImageDown.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:10353193A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:10353192A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

ImageOver.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F171B41A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F171B40A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

ImageDisabled.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:108BDE51A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:108BDE50A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

ImageOption.Left

ImageOption.Top

ImageOption.Right

ImageOption.Bottom

SubCaptionFont.Charset

SubCaptionFont.Color

SubCaptionFont.Height

SubCaptionFont.Name

SubCaptionFont.Style

SubCaptionDataFont.Charset

SubCaptionDataFont.Color

SubCaptionDataFont.Height

SubCaptionDataFont.Name

SubCaptionDataFont.Style

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0E199D2CA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0E199D2BA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>?

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0EA869D8A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0EA869D7A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>l

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0E6DD0FBA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0E6DD0FAA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>r=

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:1035318BA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0FF25B66A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

CheckBoxNormalImage.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0DBBC460A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0DBBC45FA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

CheckBoxCheckedImage.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0E199D28A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0E199D27A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

y.HB"

Lines.MyStrings

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:F521ABF4A5FC11E48035B6990AEADF12" xmpMM:InstanceID="xmp.iid:F521ABF3A5FC11E48035B6990AEADF12" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1026775FAA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>rc

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:F5CB49E8A5FC11E48035B6990AEADF12" xmpMM:InstanceID="xmp.iid:F5CB49E7A5FC11E48035B6990AEADF12" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1026775FAA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>B&

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:2CCEA382A5FD11E4BFD7FF2AD1C980FC" xmpMM:InstanceID="xmp.iid:2CCEA381A5FD11E4BFD7FF2AD1C980FC" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D3026775FAA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>K6

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:F5CB49ECA5FC11E48035B6990AEADF12" xmpMM:InstanceID="xmp.iid:F5CB49EBA5FC11E48035B6990AEADF12" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D1026775FAA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

Lines.Strings

BackgroundBorderOff.Left

BackgroundBorderOff.Top

BackgroundBorderOff.Right

BackgroundBorderOff.Bottom

BackgroundOption.Left

BackgroundOption.Top

BackgroundOption.Right

BackgroundOption.Bottom

VScrollBar.Left

VScrollBar.Top

VScrollBar.Width

VScrollBar.Height

!VScrollBar.AllSkinImage.AutoArrow

VScrollBar.AutoArrow

VScrollBar.Caption

VScrollBar.Visible

HScrollBar.Left

HScrollBar.Top

HScrollBar.Width

HScrollBar.Height

HScrollBar.Kind

sbHorizontal!HScrollBar.AllSkinImage.AutoArrow

HScrollBar.AutoArrow

HScrollBar.Caption

HScrollBar.Visible

PicNormal.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0DBBC45CA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0DBBC45BA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>9

PicHover.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0E199D30A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0E199D2FA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>rC$*

PicDisabled.Data

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0EA869D4A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0E6DD102A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

FontError.Charset

FontError.Color

FontError.Height

FontError.Name

FontError.Style

FontNormal.Charset

FontNormal.Color

FontNormal.Height

FontNormal.Name

FontNormal.Style

{9{9{9{9{

<!<!<!<!<!<!<"<"<"<"<"<"<"@"@"@!@!@!@!@!@

<!<!4!4!0

(!(!(!(!(!,

(!,!,!,!0!0

,!,!,!,!,!,

Z)%sN

%x>W:s!7:76

%X>7:

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F73D2FDA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F73D2FCA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>:4

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F73D2F9A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F73D2F8A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0FF25B5FA5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0FF25B5EA5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F171B49A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F171B48A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Iht

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F171B45A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F171B44A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0F73D2F5A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0F73D2F4A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:0FF25B63A5D111E4B5DEAF57C9B31555" xmpMM:InstanceID="xmp.iid:0FF25B62A5D111E4B5DEAF57C9B31555" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7485DFDBCEA5E411BF1C8B8B547D76D2" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>;

!iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:B12B3ACDD46611E4BA1BC840334AA508" xmpMM:DocumentID="xmp.did:B12B3ACED46611E4BA1BC840334AA508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B12B3ACBD46611E4BA1BC840334AA508" stRef:documentID="xmp.did:B12B3ACCD46611E4BA1BC840334AA508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

.Teq_x

JO%do

.Nc X=

Jz(%u

.sy==

For Windows, Mac && Linux

0Please read the following important information:

Windows XP, Windows Vista, Windows 7, Windows 8

ol</a>, <a>Nederlands</a>, <a>Portugu

oa single computer, running a validly licensed copy of the operating system for which the product was designed,

:with any support services agreed upon between the parties

mto and operate in accordance with its documentation for a period of sixty (60) days from the date you accept

qWarranty applies only if the nonconformance is reported to IObit during the Warranty Period and if IObit is able

kSection 7. Export Control. The United States controls the export of products and information. You agree to

lcomply with such restrictions and not to export or re-export the Product to countries or persons prohibited

junder the export control laws. By downloading the Product, you are agreeing that you are not in a country

fwhere such export is prohibited or are a person or entity to which such export is prohibited. You are

qresponsible for compliance with the laws of your local jurisdiction regarding the import, export or re-export of

s online support center

o(available at VVV.iobit.com/onlinefeedback.php) or by calling our customer service department at the toll-free

pnotice) to each party against whom a claim is asserted, in order to provide an opportunity to resolve the claim

jinformally or through mediation. Go to VVV.iobit.com/sampleclaim.php for a sample claim notice. The claim

eprovided to you, if any. The notice must be sent to [email protected]. If the claim proceeds to

352-5267, jamsadr.com), the American Arbitration Association (

) (1-800-778-7879, adr.org), or another

obegun or final judgment has been entered. Either you or IObit may delay enforcing or not exercise rights under

othis Arbitration provision, including the right to arbitrate a claim, without waiving the right to exercise or

ibrought in a purported representative capacity on behalf of the general public, other licensees or other

iThe arbitrator's authority is limited to claims between you and IObit alone. Claims may not be joined or

mNotwithstanding any other provision and without waiving the right to appeal such decision, if any portion of

nYou may reject this Arbitration provision by sending a rejection notice to IObit at: [email protected].

pany portion of this Claims Resolution provision, except as otherwise provided in the Limitations on Arbitration

sprovisions above, is deemed invalid or unenforceable, it will not invalidate the remaining portions of this Claims

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:3226D14AAA8611E49248A8C149FC4515" xmpMM:InstanceID="xmp.iid:3226D149AA8611E49248A8C149FC4515" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4FEA0EFB85AAE411A11F9358B2FC8482" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P

Q*Every NEW subscriber will get a Windows Tweak ebook <a> ($9 value) </a> for free

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:C44318A11E0C11E5BC3CAEC3E9BD5503" xmpMM:InstanceID="xmp.iid:C44318A01E0C11E5BC3CAEC3E9BD5503" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cd0f33b9-252c-da44-a570-a3b06aff5a8f" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>k

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:C4972D451E0C11E5BC3CAEC3E9BD5503" xmpMM:InstanceID="xmp.iid:C4972D441E0C11E5BC3CAEC3E9BD5503" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cd0f33b9-252c-da44-a570-a3b06aff5a8f" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>T

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:C443189D1E0C11E5BC3CAEC3E9BD5503" xmpMM:InstanceID="xmp.iid:C443189C1E0C11E5BC3CAEC3E9BD5503" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cd0f33b9-252c-da44-a570-a3b06aff5a8f" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>D

"b%SfP

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E734B3340DA5E411AFF1C83292DD0AD0" xmpMM:DocumentID="xmp.did:105EF16DF2F211E488C4861D686D3698" xmpMM:InstanceID="xmp.iid:105EF16CF2F211E488C4861D686D3698" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92da10cc-8379-8c41-877f-ab468fc258e3" stRef:documentID="xmp.did:E734B3340DA5E411AFF1C83292DD0AD0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

v".zw

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E734B3340DA5E411AFF1C83292DD0AD0" xmpMM:DocumentID="xmp.did:105EF171F2F211E488C4861D686D3698" xmpMM:InstanceID="xmp.iid:105EF170F2F211E488C4861D686D3698" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:92da10cc-8379-8c41-877f-ab468fc258e3" stRef:documentID="xmp.did:E734B3340DA5E411AFF1C83292DD0AD0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

Windows Tweak eBook

/The must-have guide for Windows 8, 7, Vista, XP

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:C9887EA22ACC11E5A6A9B13142D4459B" xmpMM:InstanceID="xmp.iid:C9887EA12ACC11E5A6A9B13142D4459B" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:90d87470-9e05-774f-b79b-996d9e13b21a" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>&y

#%d#j

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D" xmpMM:DocumentID="xmp.did:3264776AAA8611E49248A8C149FC4515" xmpMM:InstanceID="xmp.iid:32647769AA8611E49248A8C149FC4515" xmp:CreatorTool="Adobe Photoshop CS6 (13.0 20120305.m.415 2012/03/05:21:00:00) (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4FEA0EFB85AAE411A11F9358B2FC8482" stRef:documentID="xmp.did:78FC4BB55068E311A09ABB1FB785A90D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>3

Icon.Data

[email protected]

[Bug Report] - Driver Booster v3.0 - %appname%

attach a screenshot to the bug report

<!--This Id value indicates the application supports Windows Vista functionality -->

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--This Id value indicates the application supports Windows 7 functionality-->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<!--This Id value indicates the application supports Windows 8 functionality-->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<!--This Id value indicates the application supports Windows 8.1 functionality-->

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

<!-- Windows 10 -->

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<ms_asmv3:requestedExecutionLevel level="requireAdministrator" uiAccess="false">

</ms_asmv3:requestedExecutionLevel>

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

nuser32.dll

TaskDialogIndirect

ntdll.dll

cc3260mt.dll

cc3260.dll

madExceptIde_.bpl

wininet.dll

mapi32.dll

IpHlpApi.dll

wtsapi32.dll

nidapi32.dll

@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule

setupapi.dll

psapi.dll

%s[%d]

%s_%d

USER32.DLL

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

uxtheme.dll

DWMAPI.DLL

clWebSnow

clWebFloralWhite

clWebLavenderBlush

clWebOldLace

clWebIvory

clWebCornSilk

clWebBeige

clWebAntiqueWhite

clWebWheat

clWebAliceBlue

clWebGhostWhite

clWebLavender

clWebSeashell

clWebLightYellow

clWebPapayaWhip

clWebNavajoWhite

clWebMoccasin

clWebBurlywood

clWebAzure

clWebMintcream

clWebHoneydew

clWebLinen

clWebLemonChiffon

clWebBlanchedAlmond

clWebBisque

clWebPeachPuff

clWebTan

clWebYellow

clWebDarkOrange

clWebRed

clWebDarkRed

clWebMaroon

clWebIndianRed

clWebSalmon

clWebCoral

clWebGold

clWebTomato

clWebCrimson

clWebBrown

clWebChocolate

clWebSandyBrown

clWebLightSalmon

clWebLightCoral

clWebOrange

clWebOrangeRed

clWebFirebrick

clWebSaddleBrown

clWebSienna

clWebPeru

clWebDarkSalmon

clWebRosyBrown

clWebPaleGoldenrod

clWebLightGoldenrodYellow

clWebOlive

clWebForestGreen

clWebGreenYellow

clWebChartreuse

clWebLightGreen

clWebAquamarine

clWebSeaGreen

clWebGoldenRod

clWebKhaki

clWebOliveDrab

clWebGreen

clWebYellowGreen

clWebLawnGreen

clWebPaleGreen

clWebMediumAquamarine

clWebMediumSeaGreen

clWebDarkGoldenRod

clWebDarkKhaki

clWebDarkOliveGreen

clWebDarkgreen

clWebLimeGreen

clWebLime

clWebSpringGreen

clWebMediumSpringGreen

clWebDarkSeaGreen

clWebLightSeaGreen

clWebPaleTurquoise

clWebLightCyan

clWebLightBlue

clWebLightSkyBlue

clWebCornFlowerBlue

clWebDarkBlue

clWebIndigo

clWebMediumTurquoise

clWebTurquoise

clWebCyan

clWebPowderBlue

clWebSkyBlue

clWebRoyalBlue

clWebMediumBlue

clWebMidnightBlue

clWebDarkTurquoise

clWebCadetBlue

clWebDarkCyan

clWebTeal

clWebDeepskyBlue

clWebDodgerBlue

clWebBlue

clWebNavy

clWebDarkViolet

clWebDarkOrchid

clWebMagenta

clWebDarkMagenta

clWebMediumVioletRed

clWebPaleVioletRed

clWebBlueViolet

clWebMediumOrchid

clWebMediumPurple

clWebPurple

clWebDeepPink

clWebLightPink

clWebViolet

clWebOrchid

clWebPlum

clWebThistle

clWebHotPink

clWebPink

clWebLightSteelBlue

clWebMediumSlateBlue

clWebLightSlateGray

clWebWhite

clWebLightgrey

clWebGray

clWebSteelBlue

clWebSlateBlue

clWebSlateGray

clWebWhiteSmoke

clWebSilver

clWebDimGray

clWebMistyRose

clWebDarkSlateBlue

clWebDarkSlategray

clWebGainsboro

clWebDarkGray

clWebBlack

windows

MAPI32.DLL

RICHED20.DLL

%s%s%s%s%s%s%s%s%s%s

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

crSQLWait

%s (%s)

imm32.dll

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 5_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare Ultimate_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 6_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 7_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 8_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 9_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare Beta_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Malware Fighter_is1

IMF.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1

PNG, ShareImageData.RefCount <= 0

E:\Dropbox\Works\IObit\RdLibrary\RdControl\RdScrollBar.pas

supports

importNode

MSFTEDIT.DLL

C:\Builds\TP\indysockets\lib\System\IdStreamVCL.pas

C:\Builds\TP\indysockets\lib\System\IdGlobal.pas

%s, %.2d %s %.4d %s %s

WS2_32.DLL

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

MSWSOCK.DLL

WSARecvMsg

WSASendMsg

Wship6.dll

Fwpuclnt.dll

127.0.0.1

C:\Builds\TP\indysockets\lib\System\IdStack.pas

C:\Builds\TP\indysockets\lib\Core\IdIOHandler.pas

0.0.0.1

0.0.0.0

C:\Builds\TP\indysockets\lib\Core\IdIOHandlerStack.pas

ISO_646.irv:1991

ISO_646.basic:1983

ISO_646.irv:1983

csISO16Portuguese

csISO84Portuguese2

windows-936

csShiftJIS

ISO-8859-1-Windows-3.0-Latin-1

csWindows30Latin1

ISO-8859-1-Windows-3.1-Latin-1

csWindows31Latin1

ISO-8859-2-Windows-Latin-2

csWindows31Latin2

ISO-8859-9-Windows-Latin-5

csWindows31Latin5

csMicrosoftPublishing

Windows-31J

csWindows31J

windows-1250

windows-1251

windows-1252

windows-1253

windows-1254

windows-1255

windows-1256

windows-1257

windows-1258

HTTPS

TIdEncoder3to4.Encode: Calculated length exceeded (expected

C:\Builds\TP\indysockets\lib\Protocols\IdCoder3to4.pas

TIdEncoder3to4.Encode: Calculated length not met (expected

CommentURL

C:\Builds\TP\indysockets\lib\Protocols\IdZLibCompressorBase.pas

Mozilla/3.0 (compatible; Indy Library)

%d%s%d

C:\Builds\TP\indysockets\lib\Protocols\IdSSLOpenSSLHeaders.pas

libeay32.dll

ssleay32.dll

libssl32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_PrivateKey

SSL_CTX_use_certificate

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

DES_set_key

RSA_generate_key

RSA_check_key

i2d_PrivateKey_bio

X509_set_pubkey

X509_REQ_set_pubkey

PEM_write_bio_PKCS8PrivateKey

PEM_read_bio_PrivateKey

EVP_PKEY_type

EVP_PKEY_new

EVP_PKEY_free

EVP_PKEY_assign

C:\Builds\TP\indysockets\lib\Protocols\IdSSLOpenSSL.pas

C:\Builds\TP\indysockets\lib\Protocols\IdHTTP.pas

https

HTTP/1.0 200 OK

HTTP/

OFCommon.dll

app=%s&install=%d&%s=%s

app=%s&install=%d

application/x-www-form-urlencoded

hXXp://ascstats.iobit.com/multi_app/app_db3installemail.php?action=insert

hXXp://ascstats.iobit.com/multi_app/app_db3installermaila2.php?action=insert

hXXp://ascstats.iobit.com/multi_app/app_db3installermailb2.php?action=insert

hXXp://ascstats.iobit.com/multi_app/app_db3installemailb1.php?action=insert

hXXp://ascstats.iobit.com/other/installer/insert.php

hXXp://ascstats.iobit.com/multi_app/app_db3installer.php?action=insert

*Every NEW subscriber will get a Windows Tweak ebook %s for free

Please read the following important information:

Recommends Advanced SystemCare Free to speed up and optimize your PC. By installing Advanced SystemCare you agree to the %s.

Recommends IObit Malware Fighter Free to remove deepest hidden malware. By installing IObit Malware Fighter, you agree to the %s.

Welcome to %s Installer

msg_close_ask

msg_dir_error

msg_disk_low

Portuguese(PT-BR)

Portuguese(PT-PT)

hXXp://VVV.iobit.com/appgoto.php?to=index

hXXp://VVV.iobit.com/appgoto.php?to=dbproduct

hXXp://VVV.iobit.com/appgoto.php?to=compare

hXXp://VVV.iobit.com/appgoto.php?to=usermanual

hXXp://VVV.iobit.com/appgoto.php?to=feedback

hXXp://VVV.iobit.com/appgoto.php?to=faq

hXXp://VVV.iobit.com/appgoto.php?to=update

hXXp://VVV.iobit.com/appgoto.php?to=proupdate

hXXp://VVV.iobit.com/appgoto.php?to=othupdate

hXXp://VVV.iobit.com/appgoto.php?to=purchase

hXXp://VVV.iobit.com/appgoto.php?to=purchase-%d

hXXp://VVV.iobit.com/appgoto.php?to=htmlfailed

hXXp://VVV.iobit.com/appgoto.php?to=activateweb

hXXp://VVV.iobit.com/appgoto.php?to=feature

hXXp://VVV.iobit.com/appgoto.php?to=bannerbuy

hXXp://VVV.iobit.com/appgoto.php?to=expired

hXXp://VVV.iobit.com/appgoto.php?to=gaexpired

hXXp://VVV.iobit.com/appgoto.php?to=regexpired

hXXp://VVV.iobit.com/appgoto.php?to=reggaexpired

hXXp://VVV.iobit.com/appgoto.php?to=regovermax

hXXp://VVV.iobit.com/appgoto.php?to=lostcode

hXXp://VVV.iobit.com/appgoto.php?to=help

hXXp://VVV.iobit.com/appgoto.php?to=helptranslate

hXXp://VVV.iobit.com/appgoto.php?to=install

hXXp://VVV.iobit.com/appgoto.php?to=likefb

hXXp://VVV.iobit.com/appgoto.php?to=forum

hXXp://idb.iobit.com/check.php

hXXp://interface.cd4o.com/api.php

hXXp://interface2.cd4o.com/api.php

hXXp://VVV.cd4o.com/drivers/wlst/v.json

hXXp://VVV.cd4o.com/drivers/

hXXp://update.iobit.com/infofiles/db3/embhtml/update.upt

hXXp://VVV.iobit.com/goto.php?id=dbsurvey

hXXp://ascstats.iobit.com/usage.php

hXXp://ascstats.iobit.com/active.php

hXXp://updatestats.cd4o.com/api.php?act=update

hXXp://ascstats.iobit.com/other/insert.php

hXXps://VVV.facebook.com/iobitsoft

hXXps://twitter.com/iobitsoft

hXXp://VVV.iobit.com/goto.php?id=plusgp01_DB

%d.%d

%d.%d.%d

%d.%d.%d.%d

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

\IObit\Driver Booster\config.ini

DriverBooster.exe

LocalData\Config.ini

IObitDownloader.exe

/Config=hXXp://update.iobit.com/infofiles/db3/freeware-db.upt "Advanced SystemCare Installer"

/Config=hXXp://update.iobit.com/infofiles/db3/freeware-db.upt "IObit Malware Fighter Installer"

hXXp://VVV.iobit.com/privacy.html

local.dat

hXXp://VVV.iobit.com/appgoto.php?name=db&ver=%s&lan=%s&to=install

iexplore.exe

hXXp://VVV.iobit.com/privacy.php

hXXp://VVV.mypcbackup.com/terms#eula

hXXp://VVV.mypcbackup.com/terms#privacy

hXXp://VVV.iobit.com/de/eula.php

hXXp://VVV.iobit.com/fr/eula.php

hXXp://VVV.iobit.com/it/eula.php

hXXp://VVV.iobit.com/es/eula.php

hXXp://VVV.iobit.com/nl/eula.php

hXXp://VVV.iobit.com/pt/eula.php

%s (%d)

Portable Network Graphics

Borland.Sprig

Kernel32.dll

Open SSL Support DLL Delphi and C  Builder interface

hXXp://VVV.indyproject.org/

1993 - 2004

66006666

PORTUGUESEPTBR

PORTUGUESEPTPT

lblTitle=Mirsevini ne vendosjen e %s

lblTitle_rcmd=Driver Booster ju k

lbleBook=*Per xhdo keshillim do ju dhurojma nje Windows Tweak eBook %s falas

lblPromInfo_imf=Keshillojm IObit Malware Fighter Falas per te hequr kercenimet e fsheta. Duke vendosur IObit Malware Fighter, pranohen %s.

lblPromInfo_asc=Ju keshillojm Advanced SystemCare Falas per te shpejtesuar kompjuterin tuaj. Duke vendosur Advanced SystemCare pranoni %s.

msg_close_ask=Jeni i sigurt qe t

msg_dir_error=Vendi i dosjes qe zgjodhet nuk esht i sakt, lutemi te riprovoni perseri

msg_disk_low=Vendi i paket ne disk. Lutemi te pastroni diskun perpara vendosjes ose zgjdhni vendosjen n

lblTitle_rcmd=Driver Booster-

Windows Tweak eBook %s -

msg_close_ask=

msg_dir_error=

msg_disk_low=

lblTitle_rcmd=

Windows Tweak eBook %s

li u %s Instalaciju

lblTitle_rcmd=Driver Booster preporu

e dobiti Windows Tweak eBook %s besplatno

ete se sa %s.

msg_close_ask=Jeste li sigurni da

msg_dir_error=Instalacijski direktorij koji ste unijeli je pogre

msg_disk_low=Malo prostora na disku. Molimo o

lblTitle_rcmd=Driver Booster

Windows Tweak %s

lador de %s

lblTitle_rcmd=El Driver Booster et recomana que instal

tament l'ebook Windows Tweak %s

s important:

de sota per a executar-lo!

RdImgBtnInstall_finish=Executa el Driver Booster

s d'acord amb el %s.

msg_close_ask=Segur que vols cancel

msg_dir_error=El directori d'instal

msg_disk_low=No hi ha gaire espai al disc. Abans l'has de netejar o triar un dispositiu diferent que tingui l'espai lliure suficient.

Windows

Windows Tweak eBook %s

tor aplikace %s

lblTitle_rcmd=Driver Booster doporu

Windows Tweak eBook %s zdarma

te s %s.

msg_close_ask=Opravdu si p

msg_dir_error=Slo

msg_disk_low=Nedostatek m

lblTitle=Velkommen til %s Installer

lblTitle_rcmd=Driver Booster anbefaler at du installerer:

en Windows Tweak eBook %s helt gratis

lblPromInfo_imf=Anbefaler IObit Malware Fighter Gratis til at fjerne de dybeste skjulte malware. Ved at installere IObit Malware Fighter, accepterer du %s.

lblPromInfo_asc=Anbefaler Advanced SystemCare gratis for at accelerere og optimere din pc. Ved at installere Advanced SystemCare accepterer du %s.

msg_close_ask=Er du sikker p

msg_dir_error=Installations mappen er forkert, genindtast venligst.

msg_disk_low=Lav diskplads. Rens din disk f

lblTitle=Welkom bij %s Installatie

lblTitle_rcmd=Driver Booster beveelt u aan, installeer:

lbleBook=*Elke nieuwe abonnee krijgt gratis een Windows Tweak eBook %s

lblPromInfo_imf=Aanbevolen: IObit Malware Fighter Free om de diepste verborgen malware te verwijderen. Door het installeren van IObit Malware Fighter, gaat u akkoord met de %s.

lblPromInfo_asc=Aanbevolen: Advanced SystemCare Free om uw Pd te versnellen en te optimaliseren. Door het installeren van Advanced SystemCare gaat u akkoord met de %s.

msg_close_ask=Weet u zeker dat u de installatie wilt annuleren?

msg_dir_error=De installatie map die u heeft ingevoerd is onjuist, a.u.b. voer andere map in.

msg_disk_low=Te weinig schijfruimte. Verwijder enige bestanden of kies een andere schijf met voldoende vrije ruimte.

lblTitle=Welcome to %s Installer

lblTitle_rcmd=Driver Booster recommends you install:

lbleBook=*Every NEW subscriber will get a Windows Tweak eBook %s for free

lblLicenseInfo=Please read the following important information:

lblPromInfo_imf=Recommends IObit Malware Fighter Free to remove deepest hidden malware. By installing IObit Malware Fighter, you agree to the %s.

lblPromInfo_asc=Recommends Advanced SystemCare Free to speed up and optimize your PC. By installing Advanced SystemCare you agree to the %s.

msg_close_ask=Are you sure you want to cancel the installation?

msg_dir_error=The installation directory you entered is incorrect, please re-enter.

msg_disk_low=Low disk space. Please clean your disk first or choose a different drive with enough free space.

lblTitle=Tervetuloa %s asennukseen

lblTitle_rcmd=Driver Booster suosittelee asentamaan:

lbleBook=*Jokainen UUSI tilaaja saa Windows Tweak eBook %s ilmaiseksi

ksyt %s.

msg_close_ask=Haluatko varmasti peruuttaa asennuksen?

msg_dir_error=Antamasi asennuskansio ei kelpaa, kirjoita uudelleen.

msg_disk_low=Levytila on v

lblTitle=Bienvenue dans %s d'installation

lblTitle_rcmd=Driver Booster vous recommande d'installer:

lectronique pour personnaliser windows %s gratuitement

tre d'accord avec %s.

tes d'accord avec %s.

msg_close_ask=Etes vous s

msg_dir_error=Le r

msg_disk_low=L'espace disque est trop faible. Veuillez lib

Windows-

lblTitle=Willkommen zur %s Installation

lblTitle_rcmd=Driver Booster empfiehlt:

lt ein Windows Tweak eBook %s gratis

lblPromInfo_imf=Empfiehlt IObit Malware Fighter zur Entfernung tiefsitzender Malware. Mit der Installation stimmen Sie der %s zu.

lblPromInfo_asc=Empfiehlt Advanced SystemCare Free zur Optimierung Ihres PC. Mit der Installation stimmen Sie der %s zu.

msg_close_ask=Installation wirklich abbrechen?

msg_dir_error=Falsches Installationsverzeichnis, bitte erneut eingeben.

msg_disk_low=Zu wenig Speicherplatz. Bitte Festplatte bereinigen oder anderes Laufwerk w

Windows

lblPromInfo_imf=%s.

lblPromInfo_asc=%s.

WINDOWS

zli a %s telep

lblTitle_rcmd=Driver Booster aj

ingyenesen kap egy Windows Tweak ebook-ot %s

vel elfogadja az %s-t.

msg_close_ask=Biztos meg akarja szak

msg_dir_error=A megadott telep

msg_disk_low=Nincs el

lblTitle_rcmd=Driver Booster merekomendasikan anda memasang:

lbleBook=*Setaip berlangganan BARU akan mendapatkan eBook Windows Tweak %s secara gratis

lblPromInfo_imf=Merekomendasikan IObit Malware Fighter Free untuk menghapus malware terdalam yang tersembunyi. Dengan memasang IObit Malware Fighter, anda setuju dengan %s.

lblPromInfo_asc=Merekomendasikan Advanced SystemCare Free untuk mempercepat dan mengoptimalkan PC anda. Dengan memasang Advanced SystemCare anda setuju dengan %s.

msg_close_ask=Apakah anda yakin ingin membatalkan pemasangan?

msg_dir_error=Direktori pemasangan yang anda masukkan tidak benar, silahkan masukkan kembali.

msg_disk_low=Ruang disk rendah. Bersihkan disk anda terlebih dahulu atau pilih drive berbeda dengan ruang bebas yang mencukupi.

lblTitle=Benvenuto nell'installazione di %s

lblTitle_rcmd=Driver Booster raccomanda di installare:

un Windows Tweak eBook %s gratuito

lblLicenseInfo=Leggi le seguenti importanti informazioni:

profondi e nascosti malware. Installandolo accetti i %s.

lblPromInfo_asc=Raccomandiamo Advanced SystemCare Free Per velocizzare e ottimizzare il tuo PC. Installandolo accetti i %s.

msg_close_ask=Vuoi annullare l'installazione?

msg_dir_error=La cartella di installazione non

msg_disk_low=Spazio nel disco insufficiente!

Windows Tweak eBook %s

lblTitle=%s

lblTitle=%s

lblTitle_rcmd=Driver Booster

Windows

dzam %s instal

lblTitle_rcmd=Driver Booster iesaka instal

ems Windows uzlabo

matu %s par br

tat %s.

msg_close_ask=Vai tie

msg_dir_error=Instal

msg_disk_low=Maz vietas disk

lblTitle=Merhba lill%s Installer

lblTitle_rcmd=Id-Driver Booster jirrikomandalek biex tinstalla:

lbleBook=*Kull Abbonat GDID intuh 'Windows tweak E-Book%s B'Xejn

lblLicenseInfo=Jekk joghgbok aqra l-informazzjoni importanti:

lblPromInfo_imf=Jirrikkmandalek L- IObit Malware Fighter Free biex inehhilek malware mohbijin. Meta tinstalla L- IObit Malware Fighter, inti taccetta li %s.

lblPromInfo_asc=Jirrakkomanda L- Advanced SystemCare Free to biex ihaffef u jtejjeb il-PC. Meta tinstalla L- Advanced SystemCare inti taccetta li%s.

msg_close_ask=Inti zgur li trid tikkancella l-installazzjoni?

msg_dir_error=Id-Drettorju ta' l-installazzjoni li dahhalt huwa inkorrett, jekk joghgbok erga 'pprova

msg_disk_low=Ma'baqax spazzju fid-disk. Naddaf id-disk l-ewwel jew inkella ghazel 'drive' differenti b'aktar spazzju.

lblTitle=Witamy w instalatorze %s

lblTitle_rcmd=Driver Booster zaleca zainstalowanie:

atnie eBook Tweak dla Windows %s

na %s.

msg_close_ask=Czy na pewno chcesz anulowa

msg_dir_error=Katalog instalacji jest nieprawid

msg_disk_low=Zbyt ma

lblTitle=Bem-vindo ao instalador do %s

lblTitle_rcmd=O Driver Booster recomenda instalar:

um eBook Windows Tweak %s de gra

es importantes:

RdImgBtnInstall_finish=Executar Driver Bosster

concorda com o %s.

msg_close_ask=Tem certeza que deseja cancelar a instala

msg_dir_error=A pasta de instala

msg_disk_low=Pouco espa

lblTitle_rcmd=O Driver Booster recomenda que instale:

o obter um eBook %s de ajustes para Windows gratuitamente

o abaixo para execut

RdImgBtnInstall_finish=Executar o Driver Booster

mos o IObit Malware Fighter Free para remover o mais profundo e escondido malware. Ao instalar o IObit Malware Fighter, aceita o %s.

mos o Advanced SystemCare Free para acelerar e otimizar o seu PC. Ao instalar o Advanced SystemCare, aceita o %s.

msg_close_ask=Tem a certeza de que pretende cancelar a instala

msg_dir_error=O diret

lblTitle=Bine ai venit la instalarea %s

lblTitle_rcmd=Driver Booster recomand

lbleBook=*Fiecare abonat nou va primi un %s gratuit

ii importante:

ti de acord cu %s.

msg_close_ask=Sigur dore

msg_dir_error=Directorul de instalare introdus este incorect, Selecteaz

msg_disk_low=Spa

%s Installer

li - %s Installer

e besplatno dobiti Windows Tweak eBook %s

ete se %s.

msg_close_ask=Da li

msg_dir_error=Instalacioni direktorijum kojeg ste naveli je neispravan. Ponovite.

msg_disk_low=Prostor na disku je mali. o

lblTitle=Vitajte v %s in

lblTitle_rcmd=Driver Booster odpor

dostane Windows Tweak eBook %s zadarmo

msg_close_ask=Ste si ist

msg_dir_error=Adres

msg_disk_low=Nedostatok miesta na disku. Pros

lblTitle_rcmd=Driver Booster vam priporo

nik bo dobil eKnjigo Windows Tweak

%s brezpla

no odstrani globoko skrito zlonamerne programske opremo. Z namestitvijo IObit Malware Fighter, se strinjate z %s.

unalnik. Z namestitvijo Advanced SystemCare se strinjate z %s.

msg_close_ask=Ste prepri

msg_dir_error=Namestitveni imenik ki ste ga vnesli ni pravilenPosimo, ponovno ga vnesite.

msg_disk_low=Malo prostora na disku. O

lblTitle=Bienvenido al Instalador de %s

lblTitle_rcmd=Driver Booster le recomienda instalar:

un Windows Tweak eBook %s gratis

n importante:

de acuerdo con el %s.

msg_dir_error=El directorio de instalaci

msg_disk_low=Poco espacio en disco. Por favor, limpie su disco o elija un dispositivo diferente con suficiente espacio libre.

lkommen till %s Installerare

lblTitle_rcmd=Driver Booster rekommenderar att du installerar:

r en Windows Tweak eBook %s kostnadsfritt

r att ta bort din dolda skadeprogram. Genom att installera IObit Malware Fighter, accepterar du %s.

r att snabba upp och optimera din dator. Genom att installera Advanced SystemCare accepterar du %s.

msg_dir_error=Installationsmappen

msg_disk_low=L

lblTitle=%s Y

lblTitle_rcmd=Driver Booster'

abone bedelsiz olarak Windows Tweak eBook %s alacakt

klemekle, %s kabul etmi

msg_close_ask=Y

msg_dir_error=Girdi

msg_disk_low=D

lblTitle_rcmd=Driver Booster khuy

t Windows Tweak %s mi

i %s.

msg_close_ask=B

msg_dir_error=Th

msg_disk_low=B

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.

Reply Code is not valid: %s

Reply Code already exists: %s

Unknown Protocol(Request method requires HTTP version 1.1DThis authentication method is already registered with class name %s.KUnsupported hash algorithm. This implementation supports only MD5 encoding.$Error accepting connection with SSL.

Command not supported.

Address type not supported."%d: Circular links are not allowed

File "%s" not found

Object type not supported.

No encoding specified.)UDP is not support in this SOCKS version.

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.

Invalid Port Range (%d - %d)

%s is not a valid service.

%s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters4Failed attempting to retrieve time zone information.-Error on call to Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

Socket Error # %d

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.]The program tried to add a existent critical chunk to the current image which is not allowed.IIt's not allowed to add a new chunk because the current image is invalid.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.oThe "Portable Network Graphics" could not be created because invalid image type parameters have being provided.)"%s" DOMImplementation already registered;Property or Method "%s" is not supported by DOM Vendor "%s"

OLE error %.8x.Method '%s' not supported by automation objectÊnnot create shell notification icon"%s requires Windows Vista or later %s requires themes to be enabled

Button%d

RadioButton%d

Failed to Save StreamjThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

Text exceeds memo capacity.There is no default printer currently selected/Menu '%s' is already being used by another form

- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.

"%s" is an invalid path

UTF-7Ênnot remove shell notification icon

Value must be between %d and %d

Invalid clipboard format Clipboard does not support Icons

Cannot open clipboard: %s

%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active*A control cannot have itself as its parent

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'

%s property out of range

''%s'' is not a valid time

No help found for %s

Unsupported clipboard format

Failed to get data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)-Cannot terminate an externally created thread,Cannot wait for an externally created thread$No help viewer that supports filters

''%s'' is not a valid date#''%s'' is not a valid date and time#''%s'' is not a valid integer value

Cannot create file "%s". %s

Cannot open file "%s". %s

Invalid file name - %s

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s'

Item not found ($0%x) List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

"Character index out of bounds (%d)

Start index out of bounds (%d)

Invalid count (%d)

Invalid destination index (%d)

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range'List is locked during an active ForEach*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Object lock not owned(Monitor support function not initialized

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

('%s' is not a valid floating point value

I/O error %d

Integer overflow Invalid floating point operation

044444444444

44444444444

40000444400

00000000000

0,,,,000,0,

$$$$ $$$ $

3.0.3.0

Installer.exe

3.0.0.0

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   %original file name%.exe:1004
   Love.exe:860
   netsh.exe:1516
   IObit.Driver.Booster.PRO.3.0.3.261.exe:444
   IObit.Driver.Booster.PRO.3.0.3.261.tmp:500

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.ini (3 bytes)
   %Program Files%\IObit\IObit Driver Booster PRO 3.0.3.261 Final 2015 Serla Key\Uninstall.exe (1976 bytes)
   %System%\Love.exe (31 bytes)
   %System%\IObit.Driver.Booster.PRO.3.0.3.261.exe (76821 bytes)
   %Documents and Settings%\%current user%\Start Menu\Programs\Startup\7cae2ebe5541a32b7f108ae15bd707dd.exe (31 bytes)
   %Documents and Settings%\%current user%\Application Data\Spark.exe (31 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-FFBA0.tmp\IObit.Driver.Booster.PRO.3.0.3.261.tmp (7386 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DBInstaller.exe (17072 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\DriverBooster.exe (32763 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\Setup Log 2015-12-26 #001.txt (5551 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\_isetup\_shfoldr.dll (23 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-9LJN0.tmp\RdZone.dll (673 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "7cae2ebe5541a32b7f108ae15bd707dd" = "%Documents and Settings%\%current user%\Application Data\Spark.exe .."
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "7cae2ebe5541a32b7f108ae15bd707dd" = "%Documents and Settings%\%current user%\Application Data\Spark.exe .."

5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.