Adware.GenericKD.3656740_6f822bf633

by malwarelabrobot on July 19th, 2017 in Malware Descriptions.

not-a-virus:RiskTool.Win32.Agent.ihv (Kaspersky), Trojan.Fakealert.44938 (DrWeb), OptimizerPro (Symantec), Skodna.SecurityTool.SM (AVG), Adware.GenericKD.3656740 (AdAware), Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD (Lavasoft MAS)
Behaviour: Trojan, VirTool, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 6f822bf633c41a50f0dab8ebba74abde
SHA1: ed915f7422a4fe1b5eaca18ff17e08addebd7dfb
SHA256: c959ac38dd9668ccbb30ce5b60025492d9298970cf2664eaf7a97dbcc32a4ddc
SSDeep: 196608:cdSmCahuLa1AUa91p0TkR5DwzqQ8X9tbk9jdd Qik:cg3y5a91pNDwzqQ8X9WTi
Size: 6565456 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphiv60v70_v2, BorlandDelphi30, BorlandDelphiv30, UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7 SP1 32-bit


Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The Adware creates the following process(es):

%original file name%.exe:2060
setup.exe:1900
setup.tmp:2932

The Adware injects its code into the following process(es):

OptProStart.exe:780

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2060 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{31BDF95D-6368-47C4-A7B2-B9ED6361151E}\setup.exe (1024 bytes)

The Adware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{31BDF95D-6368-47C4-A7B2-B9ED6361151E} (0 bytes)

The process setup.exe:1900 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-8OQ49.tmp\setup.tmp (50 bytes)

The Adware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-8OQ49.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-8OQ49.tmp\setup.tmp (0 bytes)

The process OptProStart.exe:780 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\Optimizer Pro\OptProCrash.dll (145 bytes)

The process setup.tmp:2932 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\Optimizer Pro\is-6Q50R.tmp (7547 bytes)
%Program Files%\Optimizer Pro\is-43R7S.tmp (2321 bytes)
%Program Files%\Optimizer Pro\OptProCrash.exe (290 bytes)
%Program Files%\Optimizer Pro\is-17GOC.tmp (3073 bytes)
%Program Files%\Optimizer Pro\OptimizerPro.exe (10397 bytes)
%Program Files%\Optimizer Pro\is-RMLFE.tmp (31891 bytes)
%Program Files%\Optimizer Pro\is-AHIBS.tmp (4545 bytes)
%Program Files%\Optimizer Pro\OptProCrash.dll (20504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files%\Optimizer Pro\is-S7HR1.tmp (2321 bytes)
%Program Files%\Optimizer Pro\is-KFETA.tmp (601 bytes)
%Program Files%\Optimizer Pro\is-4NN7C.tmp (54 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (1 bytes)
%Program Files%\Optimizer Pro\is-S35RH.tmp (673 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (1 bytes)
%Program Files%\Optimizer Pro\unins000.msg (646 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (1 bytes)
%Program Files%\Optimizer Pro\is-QD6A6.tmp (185630 bytes)
%Program Files%\Optimizer Pro\is-1KF2C.tmp (7433 bytes)
%Program Files%\Optimizer Pro\unins000.dat (8540 bytes)
%Program Files%\Optimizer Pro\is-VUM33.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Optimizer Pro.lnk (1 bytes)
%Program Files%\Optimizer Pro\is-L5F5U.tmp (898 bytes)
%Program Files%\Optimizer Pro\unins000.exe (49 bytes)
%Program Files%\Optimizer Pro\is-T2HBQ.tmp (22 bytes)
%Program Files%\Optimizer Pro\is-D7DO5.tmp (48 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\OptProCrash.dll (20650 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (1 bytes)
%Program Files%\Optimizer Pro\is-QBTCO.tmp (712 bytes)
%Program Files%\Optimizer Pro\is-SAAC4.tmp (3073 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (1 bytes)

The Adware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\_isetup (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\_isetup\_shfoldr.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\OptProCrash.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp (0 bytes)

Registry activity

The process %original file name%.exe:2060 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Optimizer Pro]
"setupname" = "c:\%original file name%.exe"

The process OptProStart.exe:780 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Optimizer Pro]
"homepageurl" = "http://www.pcutilitiespro.com/"
"BuyNowURL" = "http://pcup49.pcutilitiespro.revenuewire.net/optimizerpro/register?111001042-US-006_30B1FF41-00DA-791A-70E8-015DC26D20C5"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Optimizer Pro]
"UseAds" = "1"
"AdsDownloadURL" = "http://dl.softservers.net/121001042/DriverPro.exe"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"
"UninstallURL" = "https://safecart.com/pcutilitiespro/.op-special/purchase?sid=111001042-US-006"
"DelayedStart" = "5"
"WelcomeURL" = ""

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Optimizer Pro]
"SupportURL" = "http://support.pcutilitiespro.com/"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Optimizer Pro]
"Querry" = "http://bi.softservers.net/t/op?sid=111001042-US-006&dt=%dt%&gid=%GID%&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=2486539481"
"AdsBuyNowURL" = "http://pcup49.pcutilitiespro.revenuewire.net/driverpro/register?121001042-US-006_30B1FF41-00DA-791A-70E8-015DC26D20C5"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "A4 C3 B9 BA DC F6 E4 40"

"AdsHost" = "dl.softservers.net"
"OS" = "106"
"MachineGuid" = "30B1FF41-00DA-791A-70E8-015DC26D20C5"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process setup.tmp:2932 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c24899a6" = "Vx/g/C//M/////%%"
"6185d035" = "VP/h/CP/V//l////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c5705860" = "Vx////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"svpath" = "c:\progra~1\optimi~1\OptProCrash.exe"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"uuid" = "2955261160"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c5705860" = "Vx////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c99a5f5c" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"appid.0" = "kRw79xXM1Zoe9jlhabZP4dgYNnGBVPiaZKhM"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"dlpath" = "c:\progra~1\optimi~1\optpro~1.dll"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"bbf88800" = "///%"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"n" = "1"

[HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
"n" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"0dc3ee96" = "/P////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"data.0" = "pvOacdzgGMoWtNHwys2K7SkgsDJAE5thbnA9USsyKh9M3geLplDPjfRuh3g1QG9TEBZDbz56gFDI2EGIowijki9bv0g4Gce3IljktG67/Q"
"data.1" = "BAbKGXGtQ6H9n9MOQItFf2WOANh8/T51Fk6iehTj9etWJM6zijEF4NtcJvavY4B4XjeaTIFFv0ctsGDO5udIkJxxiG5UQvzes0mX3TKv3CzBviDcf//AIllYOm7Rgnik"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c99a5f5c" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Publisher" = "PC Utilities Software Limited"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"a2e3b941" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"65114b36" = "VP/ ////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"uuid" = "2955261160"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoRepair" = "1"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_5a3bacd7\eae10f9d]
"dbaf3ce3" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"date" = "1500402762"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"a1dcff5b" = "V/////%%"
"51d2f2ea" = "IlAl/YP/J/Af/X6/PlAf/XD/blAq/B//VP/j/Cx/V//j/CD/Ml/ /CP////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"URLUpdateInfo" = "http://www.pcutilitiespro.com"

[HKCU\Software\Optimizer Pro]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "c:\progra~1\optimi~1\optpro~1.dll"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"EstimatedSize" = "30153"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"e46c271e" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoModify" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f0bf0bde" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"InstallDate" = "20170718"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"72758a5d" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"1520c6f1" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"340d3099" = "/P////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"State" = "0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"7f69fa1f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_5a3bacd7\eae10f9d]
"340d3099" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"0e93c3f3" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Language" = "en"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"414bc593" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"e46c271e" = "///%"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "54 96 A5 5D FC B4 EF E3 85 21 5D 89 4E 38 51 57"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"svt" = "1500402762"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000" = "%Program Files%\Optimizer Pro\OptimizerPro.exe, %Program Files%\Optimizer Pro\sqlite3.dll, %Program Files%\Optimizer Pro\OptProStart.exe, %Program Files%\Optimizer Pro\OptProReminder.exe, %Program Files%\Optimizer Pro\OptProSmartScan.exe, %Program Files%\Optimizer Pro\OptProGuard.exe, %Program Files%\Optimizer Pro\OptProSchedule.exe, %Program Files%\Optimizer Pro\OptProLauncher.exe, %Program Files%\Optimizer Pro\OptProUninstaller.exe, %Program Files%\Optimizer Pro\OptimizerPro.chm"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"0e93c3f3" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"URLInfoAbout" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"
"0c230bcb" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f0bf0bde" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"340d3099" = "/P////%%"
"0dc3ee96" = "/P////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"
"a1dcff5b" = "V/////%%"
"c24899a6" = "Vx/g/C//M/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"
"DisplayName" = "Optimizer Pro v3.2"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"HelpLink" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"ca82e1a5" = "%Program Files%\Optimizer Pro\OptProCrash.dll"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c6c5dd44" = "V/////%%"
"72758a5d" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"Version" = "22021850"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"1520c6f1" = "V/////%%"
"0c230bcb" = "///%"
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"date" = "1500402762"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"svi" = "0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"bbf88800" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"svx" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"7367429f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"a0743acc" = "N/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"a0743acc" = "N/////%%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"7f69fa1f" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: App Path" = "%Program Files%\Optimizer Pro"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"QuietUninstallString" = "%Program Files%\Optimizer Pro\unins000.exe /SILENT"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"dbaf3ce3" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "F6 3D 87 5A 14 C6 81 DE F8 05 96 5E 16 FC DC 0A"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"493c7345" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Icon Group" = "Optimizer Pro v3.2"
"DisplayIcon" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5]
"data.1" = "BAbKGXGtQ6H9n9MOQItFf2WOANh8/T51Fk6iehTj9etWJM6zijEF4NtcJvavY4B4XjeaTIFFv0ctsGDO5udIkJxxiG5UQvzes0mX3TKv3CzBviDcf//AIllYOm7Rgnik"
"data.0" = "pvOacdzgGMoWtNHwys2K7SkgsDJAE5thbnA9USsyKh9M3geLplDPjfRuh3g1QG9TEBZDbz56gFDI2EGIowijki9bv0g4Gce3IljktG67/Q"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"
"51d2f2ea" = "IlAl/YP/J/Af/X6/PlAf/XD/blAq/B//VP/j/Cx/V//j/CD/Ml/ /CP////%"
"414bc593" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"c6c5dd44" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"65114b36" = "VP/ ////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
"3c09c42b" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\00000000]
"493c7345" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"7367429f" = "///%"
"d1abcdb6" = "///%"
"a2e3b941" = "///%"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Owner" = "74 0B 00 00 5B BD FA 3C F4 FF D2 01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"UninstallString" = "%Program Files%\Optimizer Pro\unins000.exe"
"InstallLocation" = "%Program Files%\Optimizer Pro\"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_ca82e1a5\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Adware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

The Adware deletes the following registry key(s):

[HKCU\Software\Microsoft\RestartManager\Session0000]

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"
"Sequence"
"Owner"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000"

Dropped PE files

MD5 File path
717cab814965e9935222f4bfed02f843 c:\Program Files\Optimizer Pro\OptProCrash.dll
bb9571c543f69c7adc297e47a93332b0 c:\Program Files\Optimizer Pro\OptProCrash.exe
4b8fdcba6de804866ea31d2ae0e204cd c:\Program Files\Optimizer Pro\OptProGuard.exe
a039078e54bd95e5c3f6e05112b17203 c:\Program Files\Optimizer Pro\OptProLauncher.exe
3f1e03d6381cab691fcf45d961730316 c:\Program Files\Optimizer Pro\OptProReminder.exe
99f0897a0bc9583626eb8a81e54a6cdf c:\Program Files\Optimizer Pro\OptProSchedule.exe
1d47c9905810fe671a3940e1d009535a c:\Program Files\Optimizer Pro\OptProSmartScan.exe
7a8ddffb859233c994581a363b4cf7c9 c:\Program Files\Optimizer Pro\OptProStart.exe
b56d5701a72decbf1772e38cb9943338 c:\Program Files\Optimizer Pro\OptProUninstaller.exe
a296dad032f0f9ab1d894798aae53d31 c:\Program Files\Optimizer Pro\OptimizerPro.exe
0f66e8e2340569fb17e774dac2010e31 c:\Program Files\Optimizer Pro\sqlite3.dll
76395a5fe6fb2d8d09987924a603212c c:\Program Files\Optimizer Pro\unins000.exe
717cab814965e9935222f4bfed02f843 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\OptProCrash.dll
a2173fb133374b46a7316b5295cebf4c c:\Users\"%CurrentUserName%"\AppData\Local\Temp\{31BDF95D-6368-47C4-A7B2-B9ED6361151E}\setup.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 3.2.0.0
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.2.0.0
File Description:
Comments:
Language: Malay (Malaysia)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE 4096 77176 77312 4.45397 8cdf506610c77680710c532a8e785850
DATA 81920 1432 1536 2.79418 4fbde1bee81054636b74c1ec1d396a87
BSS 86016 2185 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 90112 3052 3072 3.24914 3289dca798362153d1930338644a5a0a
.tls 94208 12 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 98304 24 512 0.14174 6b2b783af3ecd764905292c9b75d8ea4
.reloc 102400 6152 6656 4.44005 d10d5848db6f7cbf3108a1c5cb177cf1
.rsrc 110592 6468608 6468608 5.54251 cb2b62ca8f69d95a7131de7adf30b683

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 27
9e9e89b4be509fecb126c72a902a66b4
a4fd97c6f334b44891cbf04f4318b51e
34229b6a4816c137b63755b6a5c30f06
f956e03e29015b3afca3a8a56bbeb212
92fa6bb6c538044f5af26c433c6f4778
fe50fd00c3641d30a109ba359caa092b
02e1841489bbc3b2a87856a90d2a3335
76a90926ed8438cdf141cbecda052793
db5e373136987dc4cf99ca7fcc232bb6
255761f364560327a76734b64d09571a
8bc5bade53567772a35a2e422668ea9b
814183007a6d1b14b5ad3769b064f3a2
2cfe904cf67b03f594d4d6d9b2deeae6
fa8ce188a6a0d404590be76adbb68f36
82678c88a6281b7ebf77b12223c9b28a
2e297f848f06d9b6cb0132eb9abc38d9
91d72daaa6095b7c9ccff73039591203
945c49930ec80b5f187ef6d2cbc597bb
8118549dfcc683dba9dfcbce68896e81
0ce61435e33b064d465a2206cfbd4c08
cd3985243d880601f7b339860ad12771
dace51b0184830b356555ca411a61bce
373a9ac61249aefb51d49969e842e7dc
031890acbde91359156e95773a390e11
997c9704698cf26a24fb3ac20b2229f2

URLs

URL IP
hxxp://optimizerproutility.info/get/?q=XKNsrcKvsfKkzkXnikF8TFTBnU7sweYY2hksx2iWDzH6KmtgTJA4owe87IbeZwKMOubX5MNWuzH/yuYS4GVyH/IBhr1H5WILpfG9HCnMTZyhWjQS22wDUgzjxJ01rTc6k9yKhO52Bt6mOahyuxH05QWADWfij6cNf1eKAsIGpLzAdLakzBcghcjSIheiFUeaahLNu4PTTrVmqCRv05uD6VTmqEamkZZtxk+B0EsP/1qIO/ByF/o8bQP4pL4rVU1GRr2DfDC+dnEYgmxuYenWQr37X8j0y8mEF+3vPH9OwyKK/kwFdh031hh1UIGd0uGLrXpAV9FvCxpIV7hSaxar+dVMZ6lgUtCkjBSNKrqBoRaJI0YlTlCVjRscfAAXefrnXnGy2X2rjp6iv5eyHc3DQZGNc9GP1hvsilslohX0LuYBEbAOG25LGeaSp2Ga9vQFEfpZh4C6PKH6JAGVzyX+bokU9TFQAsMXLPEidzs+99H2jVWONlNbzaiidNgQ4O81t68dkX1yCGqR6KiX0xLGZVrgs/5ZlzM1kvs2CpG3ih1noT91JRefcFVMJBsnUP+EkhT/zzZ2KMOuNXf1KjO7qEqmsR8frHfIuLYTrVhtky2K4Zhn10PR 98.124.204.16
hxxp://optimizerproutility.info/get/?q=b1bWSZCOptgW4zIcdeq1Fc7kzuoZHIkwmnSvnk0xY5PEpEAdhzVc59oFCh68tgeaRlmt85tFe4IL8/gyqACDBLF/Rj7sIdjagR2oDS8DC8rKjEOvZbI5m42KJ0u/36JsrtwI488sISrGcAYCCEmKzpvrMBcY6rI6ay9PRGksEvwJWy2q/RvSpvz/Niv+rAUvRtZIMwC69wJfZr8MrgptZE0K7T+Yp9ufHK2ZI0bcL4Pw8FlJIB/N0UH1CstLazNdjLv2/50TXonhaxz8KYLsZfWi1WBtbcfyBjL6vlcoaiaOZ0o7i9jAeoilCrRmqfGr1p+RDLBaxWgsN1L0ZB2ItcFZDDixmgfXrQCBucVp7o+6v0ZB85byNqTExx7WgV9VAEL+HwTDouWL2w6VuK4xq6IdFXwgzwfwXrkeXNMdl37lcyCFkH5ZUyXbRLCivBlN/ZGBS+rCczCyFVg2NMqiQL+8dcVa8Wai4lZbM3OTafq3w1VFT2yax5e52F7PnZZ5mZtFNScetHyEUsdqYf6WeQEXnVHY5kH4FhquRdCe9Y20/0yQD0E5/7gQky041iWUxnDY9r5jytv33P3wB786iwifaDQZZ772guLw1HlJs9FNM+pYQOXZ 98.124.204.16
hxxp://optimizerproutility.info/get/?q=gC4TNwaBmgDHFyu/XZ2gyaglR/5BuDVFqZWYfF1qQiaFswYUBBfPit0xjsykQMdvdye+qr/VbtfNn6M0OOjwnV0wbwhq00JZBcIKR8on+OWUSTFrxeDTz7BiGfNP9nQzuU8d80stgye1FDIOoa5/NKP4kyJxZk3/JrNlfw3I/gYvutbuuABCc9DUKaQr0BzY1uSrhAWkBGQjn/Bd4RTdKoaGXHwcmWx3H42ZJ6vKPdO2PRAMjdrREeZdTX1dIiHEmr9I3Ks5LoqYkWxo+MwsTAZypjY8xMfwx+dj8TRN94BqrVtRdhCG29ORUQCY0ulRs9p6n9Eu8+r28gOmQnY/wUq+3mDN8+KkiM0gzTqBoe7YX5fkDz8UmPrfCHQ8S5x0PMhrrL/m1Milz1nHjebd0oA8MCRVHoyClbslv+FuZBWGCRJX4a16BXRTfWrRD5ZBla8M8m1/Najrq9UFMEfPuFxRSxUjHGEP25nkyf4bR83tfKio2G0iLVuvHde+B56NA93laKCiODS0z6W1MQGBPhax+zpL0RszRmigdkntCXiwKuA2pm0sOOFOoS/Vw6EyMJhgfEp6bdeVCQqdH2w+DcDUBaznT8FVksPInsAxN0p1wKwR6TAB 98.124.204.16
hxxp://bi.softservers.net/t/op?sid=111001042-US-006&dt=1500413569&gid=30B1FF41-00DA-791A-70E8-015DC26D20C5&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=106&f=2486539481 104.24.107.203
hxxp://optimizerprosurfing.info/get/?q=gC4TNwaBmgDHFyu/XZ2gyaglR/5BuDVFqZWYfF1qQiaFswYUBBfPit0xjsykQMdvdye+qr/VbtfNn6M0OOjwnV0wbwhq00JZBcIKR8on+OWUSTFrxeDTz7BiGfNP9nQzuU8d80stgye1FDIOoa5/NKP4kyJxZk3/JrNlfw3I/gYvutbuuABCc9DUKaQr0BzY1uSrhAWkBGQjn/Bd4RTdKoaGXHwcmWx3H42ZJ6vKPdO2PRAMjdrREeZdTX1dIiHEmr9I3Ks5LoqYkWxo+MwsTAZypjY8xMfwx+dj8TRN94BqrVtRdhCG29ORUQCY0ulRs9p6n9Eu8+r28gOmQnY/wUq+3mDN8+KkiM0gzTqBoe7YX5fkDz8UmPrfCHQ8S5x0PMhrrL/m1Milz1nHjebd0oA8MCRVHoyClbslv+FuZBWGCRJX4a16BXRTfWrRD5ZBla8M8m1/Najrq9UFMEfPuFxRSxUjHGEP25nkyf4bR83tfKio2G0iLVuvHde+B56NA93laKCiODS0z6W1MQGBPhax+zpL0RszRmigdkntCXiwKuA2pm0sOOFOoS/Vw6EyMJhgfEp6bdeVCQqdH2w+DcDUBaznT8FVksPInsAxN0p1wKwR6TAB 98.124.204.16
hxxp://optimizerprobrowser.info/get/?q=b1bWSZCOptgW4zIcdeq1Fc7kzuoZHIkwmnSvnk0xY5PEpEAdhzVc59oFCh68tgeaRlmt85tFe4IL8/gyqACDBLF/Rj7sIdjagR2oDS8DC8rKjEOvZbI5m42KJ0u/36JsrtwI488sISrGcAYCCEmKzpvrMBcY6rI6ay9PRGksEvwJWy2q/RvSpvz/Niv+rAUvRtZIMwC69wJfZr8MrgptZE0K7T+Yp9ufHK2ZI0bcL4Pw8FlJIB/N0UH1CstLazNdjLv2/50TXonhaxz8KYLsZfWi1WBtbcfyBjL6vlcoaiaOZ0o7i9jAeoilCrRmqfGr1p+RDLBaxWgsN1L0ZB2ItcFZDDixmgfXrQCBucVp7o+6v0ZB85byNqTExx7WgV9VAEL+HwTDouWL2w6VuK4xq6IdFXwgzwfwXrkeXNMdl37lcyCFkH5ZUyXbRLCivBlN/ZGBS+rCczCyFVg2NMqiQL+8dcVa8Wai4lZbM3OTafq3w1VFT2yax5e52F7PnZZ5mZtFNScetHyEUsdqYf6WeQEXnVHY5kH4FhquRdCe9Y20/0yQD0E5/7gQky041iWUxnDY9r5jytv33P3wB786iwifaDQZZ772guLw1HlJs9FNM+pYQOXZ 98.124.204.16
optpro.info


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET USER_AGENTS Suspicious Win32 User Agent
ET TROJAN W32/SpeedingUpMyPC.Rootkit CnC Beacon
ET MALWARE OptimizerPro Checkin

Traffic

GET /get/?q=b1bWSZCOptgW4zIcdeq1Fc7kzuoZHIkwmnSvnk0xY5PEpEAdhzVc59oFCh68tgeaRlmt85tFe4IL8/gyqACDBLF/Rj7sIdjagR2oDS8DC8rKjEOvZbI5m42KJ0u/36JsrtwI488sISrGcAYCCEmKzpvrMBcY6rI6ay9PRGksEvwJWy2q/RvSpvz/Niv+rAUvRtZIMwC69wJfZr8MrgptZE0K7T+Yp9ufHK2ZI0bcL4Pw8FlJIB/N0UH1CstLazNdjLv2/50TXonhaxz8KYLsZfWi1WBtbcfyBjL6vlcoaiaOZ0o7i9jAeoilCrRmqfGr1p+RDLBaxWgsN1L0ZB2ItcFZDDixmgfXrQCBucVp7o+6v0ZB85byNqTExx7WgV9VAEL+HwTDouWL2w6VuK4xq6IdFXwgzwfwXrkeXNMdl37lcyCFkH5ZUyXbRLCivBlN/ZGBS+rCczCyFVg2NMqiQL+8dcVa8Wai4lZbM3OTafq3w1VFT2yax5e52F7PnZZ5mZtFNScetHyEUsdqYf6WeQEXnVHY5kH4FhquRdCe9Y20/0yQD0E5/7gQky041iWUxnDY9r5jytv33P3wB786iwifaDQZZ772guLw1HlJs9FNM+pYQOXZ HTTP/1.1
Accept: */*
User-Agent: win32
Host: optimizerprobrowser.info
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 18 Jul 2017 18:32:43 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


GET /get/?q=XKNsrcKvsfKkzkXnikF8TFTBnU7sweYY2hksx2iWDzH6KmtgTJA4owe87IbeZwKMOubX5MNWuzH/yuYS4GVyH/IBhr1H5WILpfG9HCnMTZyhWjQS22wDUgzjxJ01rTc6k9yKhO52Bt6mOahyuxH05QWADWfij6cNf1eKAsIGpLzAdLakzBcghcjSIheiFUeaahLNu4PTTrVmqCRv05uD6VTmqEamkZZtxk+B0EsP/1qIO/ByF/o8bQP4pL4rVU1GRr2DfDC+dnEYgmxuYenWQr37X8j0y8mEF+3vPH9OwyKK/kwFdh031hh1UIGd0uGLrXpAV9FvCxpIV7hSaxar+dVMZ6lgUtCkjBSNKrqBoRaJI0YlTlCVjRscfAAXefrnXnGy2X2rjp6iv5eyHc3DQZGNc9GP1hvsilslohX0LuYBEbAOG25LGeaSp2Ga9vQFEfpZh4C6PKH6JAGVzyX+bokU9TFQAsMXLPEidzs+99H2jVWONlNbzaiidNgQ4O81t68dkX1yCGqR6KiX0xLGZVrgs/5ZlzM1kvs2CpG3ih1noT91JRefcFVMJBsnUP+EkhT/zzZ2KMOuNXf1KjO7qEqmsR8frHfIuLYTrVhtky2K4Zhn10PR HTTP/1.1
Accept: */*
User-Agent: win32
Host: optimizerproutility.info
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 18 Jul 2017 18:32:42 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


GET /t/op?sid=111001042-US-006&dt=1500413569&gid=30B1FF41-00DA-791A-70E8-015DC26D20C5&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=106&f=2486539481 HTTP/1.1
Host: bi.softservers.net
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)


HTTP/1.1 403 Forbidden
Date: Tue, 18 Jul 2017 18:32:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d7953d72187d3b0f151946979eb5b10481500402769; expires=Wed, 18-Jul-18 18:32:49 GMT; path=/; domain=.softservers.net; HttpOnly
Cache-Control: max-age=10
Expires: Tue, 18 Jul 2017 18:32:59 GMT
X-Frame-Options: SAMEORIGIN
Server: cloudflare-nginx
CF-RAY: 3807869d61b38400-KBP
ce1..<!DOCTYPE html>.<!--[if lt IE 7]> <html class="no-
js ie6 oldie" lang="en-US"> <![endif]-->.<!--[if IE 7]>
    <html class="no-js ie7 oldie" lang="en-US"> <![endif]--&g
t;.<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-U
S"> <![endif]-->.<!--[if gt IE 8]><!--> <html 
class="no-js" lang="en-US"> <!--<![endif]-->.<head>.
<title>Access denied | bi.softservers.net used Cloudflare to res
trict access</title>.<meta charset="UTF-8" />.<meta htt
p-equiv="Content-Type" content="text/html; charset=UTF-8" />.<me
ta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<m
eta name="robots" content="noindex, nofollow" />.<meta name="vie
wport" content="width=device-width,initial-scale=1,maximum-scale=1" /&
gt;.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles
/cf.errors.css" type="text/css" media="screen,projection" />.<!-
-[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href=
"/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,proje
ction" /><![endif]-->.<style type="text/css">body{margi
n:0;padding:0}</style>.<!--[if lte IE 9]><script type="
text/javascript" src="/cdn-cgi/scripts/jquery.min.js"></script&g
t;<![endif]-->.<!--[if gte IE 10]><!--><script ty
pe="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></scrip
t><!--<![endif]-->.<script type="text/javascript" s
<<< skipped >>>


GET /get/?q=gC4TNwaBmgDHFyu/XZ2gyaglR/5BuDVFqZWYfF1qQiaFswYUBBfPit0xjsykQMdvdye+qr/VbtfNn6M0OOjwnV0wbwhq00JZBcIKR8on+OWUSTFrxeDTz7BiGfNP9nQzuU8d80stgye1FDIOoa5/NKP4kyJxZk3/JrNlfw3I/gYvutbuuABCc9DUKaQr0BzY1uSrhAWkBGQjn/Bd4RTdKoaGXHwcmWx3H42ZJ6vKPdO2PRAMjdrREeZdTX1dIiHEmr9I3Ks5LoqYkWxo+MwsTAZypjY8xMfwx+dj8TRN94BqrVtRdhCG29ORUQCY0ulRs9p6n9Eu8+r28gOmQnY/wUq+3mDN8+KkiM0gzTqBoe7YX5fkDz8UmPrfCHQ8S5x0PMhrrL/m1Milz1nHjebd0oA8MCRVHoyClbslv+FuZBWGCRJX4a16BXRTfWrRD5ZBla8M8m1/Najrq9UFMEfPuFxRSxUjHGEP25nkyf4bR83tfKio2G0iLVuvHde+B56NA93laKCiODS0z6W1MQGBPhax+zpL0RszRmigdkntCXiwKuA2pm0sOOFOoS/Vw6EyMJhgfEp6bdeVCQqdH2w+DcDUBaznT8FVksPInsAxN0p1wKwR6TAB HTTP/1.1
Accept: */*
User-Agent: win32
Host: optimizerprosurfing.info
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 18 Jul 2017 18:32:44 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>

The Adware connects to the servers at the folowing location(s):

OptProCrash.exe_2544:

.text
`.rdata
@.data
.rsrc
@.reloc
RCv.SCv
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
explorer.exe
KERNEL32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
GetCPInfo
GetProcessHeap
c:\progra~1\optimi~1\OptProCrash.exe
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
;mscoree.dll
- CRT not initialized
- Attempt to initialize the CRT more than once.
- floating point support not loaded
kernel32.dll
USER32.DLL
USERENV.dll
Local\SM%s%d
{1146AC44-2F03-4431-B4FD-889BC837521F}
SOFTWARE\%s\_%s
Local\CrashMonitorSVC%s%d
rundll32.exe "%s",_init

OptProStart.exe_780:

.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
uxtheme.dll
!"#$%d
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyworddRA
crSQLWait
%s (%s)
imm32.dll
AutoHotkeys\
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreviewP
WindowState
OnKeyDown
OnKeyPress
OnKeyUp
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
UhExE
%s, %.2d %s %.4d %s %s
%s, %d %s %d %s %s
password
Password
IdHTTPHeaderInfo
ProxyPassword<
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
ftpTransfer
ftpReady
ftpAborted
ClientPortMin<
ClientPortMax
Port
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
saUsernamePassword
Password<
0.0.0.1
TIdTCPConnection
IdTCPConnection
EIdTCPConnectionError
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFile
CertFile
KeyFile
OnGetPassword(<F
EIdOSSLLoadingRootCertErrorlFF
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
TIdTCPClient
TIdTCPClient@dF
IdTCPClient
BoundPort
PortU
CommentURL
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPOnHeadersAvailable
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPProtocol
TIdCustomHTTP
TIdHTTP
HTTPOptions
PortP
EIdHTTPProtocolException
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
OnActionExecuteX
%s, ClassID: %s
ole32.dll
\OptimizerPro.exe
WelcomeURL
SupportURL
HomePageURL
BuyNowURL
UninstallURL
AdsDownloadURL
AdsBuyNowURL
BannerURL
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
?456789:;<=
!"#$%&'()* ,-./0123
TBv}.Bv
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegFlushKey
RegCreateKeyExA
GetCPInfo
version.dll
gdi32.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
shell32.dll
ShellExecuteA
wininet.dll
6!606@6`6
5!5%5)5-515
> >$>(>,>0>4>8><>@>\>|>
0#0'0 0/03070;0
= >$>(>,>0>4>
3 3$3(3,30343
9%9u9
5 5$5(5,5:5
8"9&9*92989
2 2$2(2,20242
5"5&5*5.52565:5
2"292\2?3
3 3$3(3,3034383<3@3\3|3
9 9$9(9,90949\9|9
5&5*5>5`5
2-2`2
KWindows
UrlMon
0IdHTTPHeaderInfo
 IdTCPServer
IdTCPStream
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Icon.Data
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Chunk StartedDThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
%s is not a valid IP address.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
No help keyword specified.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation
3.0.0.0


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:2060
    setup.exe:1900
    setup.tmp:2932

  2. Delete the original Adware file.
  3. Delete or disinfect the following files created/modified by the Adware:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{31BDF95D-6368-47C4-A7B2-B9ED6361151E}\setup.exe (1024 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-8OQ49.tmp\setup.tmp (50 bytes)
    %Program Files%\Optimizer Pro\OptProCrash.dll (145 bytes)
    %Program Files%\Optimizer Pro\is-6Q50R.tmp (7547 bytes)
    %Program Files%\Optimizer Pro\is-43R7S.tmp (2321 bytes)
    %Program Files%\Optimizer Pro\OptProCrash.exe (290 bytes)
    %Program Files%\Optimizer Pro\is-17GOC.tmp (3073 bytes)
    %Program Files%\Optimizer Pro\OptimizerPro.exe (10397 bytes)
    %Program Files%\Optimizer Pro\is-RMLFE.tmp (31891 bytes)
    %Program Files%\Optimizer Pro\is-AHIBS.tmp (4545 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\_isetup\_shfoldr.dll (47 bytes)
    %Program Files%\Optimizer Pro\is-S7HR1.tmp (2321 bytes)
    %Program Files%\Optimizer Pro\is-KFETA.tmp (601 bytes)
    %Program Files%\Optimizer Pro\is-4NN7C.tmp (54 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (1 bytes)
    %Program Files%\Optimizer Pro\is-S35RH.tmp (673 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (1 bytes)
    %Program Files%\Optimizer Pro\unins000.msg (646 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (1 bytes)
    %Program Files%\Optimizer Pro\is-QD6A6.tmp (185630 bytes)
    %Program Files%\Optimizer Pro\is-1KF2C.tmp (7433 bytes)
    %Program Files%\Optimizer Pro\unins000.dat (8540 bytes)
    %Program Files%\Optimizer Pro\is-VUM33.tmp (56 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\Optimizer Pro.lnk (1 bytes)
    %Program Files%\Optimizer Pro\is-L5F5U.tmp (898 bytes)
    %Program Files%\Optimizer Pro\unins000.exe (49 bytes)
    %Program Files%\Optimizer Pro\is-T2HBQ.tmp (22 bytes)
    %Program Files%\Optimizer Pro\is-D7DO5.tmp (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFQ3I.tmp\OptProCrash.dll (20650 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (1 bytes)
    %Program Files%\Optimizer Pro\is-QBTCO.tmp (712 bytes)
    %Program Files%\Optimizer Pro\is-SAAC4.tmp (3073 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (1 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now