Adware.Agent.POI_aef4e48a74

by malwarelabrobot on June 10th, 2015 in Malware Descriptions.

Adware.Agent.POI (B) (Emsisoft), Adware.Agent.POI (AdAware), Backdoor.Win32.PcClient.FD, Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, Backdoor, Worm, EmailWorm, VirTool, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: aef4e48a74f6e8adc8110c779d07b8c0
SHA1: 96f20a1bbe0e41f17c1c9f2796ee470043f18b50
SHA256: 12f5b983e20f8e695b1bfc1ba39de349c284cb6606dd3ca0235689a17c80b180
SSDeep: 196608:sZQSzuSAlsXx7qyG 1aCCxF50mxzXOBVuS:sZQsTisXxy xUF56BIS
Size: 6360921 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-05-12 20:31:14
Analyzed on: WindowsXP SP3 32-bit

Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Adware creates the following process(es):

SupOptStart.exe:224
SupOptStart.exe:1312
supoptsetup.tmp:1908
supoptsetup.exe:1168
rundll32.exe:1928
%original file name%.exe:320
SuperOptimizer.exe:1376

The Adware injects its code into the following process(es):

rundll32.exe:968
SuperOptimizer.exe:1856

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process supoptsetup.tmp:1908 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\Super Optimizer\is-ULSUB.tmp (601 bytes)
%Program Files%\Super Optimizer\is-O1QI1.tmp (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Super Optimizer\is-OKAFO.tmp (909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptHelper.dll (7971 bytes)
%Program Files%\Super Optimizer\unins000.msg (646 bytes)
%Program Files%\Super Optimizer\is-88AAS.tmp (3073 bytes)
%Program Files%\Super Optimizer\is-SEE00.tmp (7726 bytes)
%Program Files%\Super Optimizer\is-1D4JT.tmp (32242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptStats.dll (12287 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk (773 bytes)
%Program Files%\Super Optimizer\is-7OO2S.tmp (8657 bytes)
%Program Files%\Super Optimizer\is-SEBIC.tmp (11 bytes)
%Program Files%\Super Optimizer\is-UBUMU.tmp (33652 bytes)
%Program Files%\Super Optimizer\is-T82O7.tmp (7433 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Help.lnk (773 bytes)
%Program Files%\Super Optimizer\is-AA1TL.tmp (712 bytes)
%Program Files%\Super Optimizer\is-UCNKG.tmp (2321 bytes)
%Program Files%\Super Optimizer\is-8GQIL.tmp (1281 bytes)
%Program Files%\Super Optimizer\unins000.dat (31301 bytes)
%Program Files%\Super Optimizer\SupOptStats.dll (104989 bytes)
%Program Files%\Super Optimizer\is-N71QS.tmp (601 bytes)
%Program Files%\Super Optimizer\is-F990H.tmp (1281 bytes)
%Program Files%\Super Optimizer\is-65PO7.tmp (8657 bytes)
%Program Files%\Super Optimizer\is-2RLG1.tmp (601 bytes)
%Program Files%\Super Optimizer\is-4MUTH.tmp (20 bytes)
%Program Files%\Super Optimizer\is-J0RO8.tmp (22 bytes)
%Program Files%\Super Optimizer\is-KHH97.tmp (4545 bytes)
%Program Files%\Super Optimizer\is-FBIFR.tmp (7345 bytes)
%Program Files%\Super Optimizer\is-S0615.tmp (601 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk (743 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Check updates.lnk (801 bytes)
%Program Files%\Super Optimizer\is-R2NNU.tmp (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\idp.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\itdownload.dll (1281 bytes)
%Program Files%\Super Optimizer\is-RAEP8.tmp (127 bytes)
%Program Files%\Super Optimizer\is-QK2Q4.tmp (30 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer on the Web.lnk (743 bytes)
%Documents and Settings%\%current user%\Desktop\Super Optimizer.lnk (761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp (4 bytes)
%Program Files%\Super Optimizer\is-CHN5I.tmp (7345 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\idp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptStats.dll (0 bytes)

The process supoptsetup.exe:1168 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JAU9O.tmp\supoptsetup.tmp (7386 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JAU9O.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JAU9O.tmp\supoptsetup.tmp (0 bytes)

The process %original file name%.exe:320 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KU1BA6V4\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\T1SNN46Q\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (268 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\supoptsetup.exe (775882 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (7044 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (658 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (788 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\hqghumeaylnlf.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2BOVUXU9\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O56XSTCJ\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\{3f13498d-830d-3597-3f13-3498d8302636}\hqghumeaylnlf.dat (1210 bytes)
%Documents and Settings%\All Users\Application Data\{3f13498d-830d-3597-3f13-3498d8302636}\hqghumeaylnlf.exe (201856 bytes)

The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process SuperOptimizer.exe:1856 makes changes in the file system.
The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\SuperOptimizer.madExcept (0 bytes)

The process SuperOptimizer.exe:1376 makes changes in the file system.
The Adware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\SuperOptimizer.madExcept (0 bytes)

Registry activity

The process SupOptStart.exe:224 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Super Optimizer]
"SuperOptimizer.exe" = "SuperOptimizer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D7 EF 07 77 3E 87 B4 85 FF 03 13 C3 5C F7 CD A7"

[HKCU\Software\Super Optimizer]
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Super Optimizer]
"InstallDate" = "B3 50 F6 DF 94 96 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process SupOptStart.exe:1312 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process supoptsetup.tmp:1908 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f0bf0bde" = "///%"
"bbf88800" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"MajorVersion" = "3"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"usr.1" = "wH2LHAXZTVNPRJLFHw"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"fe94ce1e" = "V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"iiid" = "1"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"uuid" = "3146920063"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Icon Group" = "Super Optimizer"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"usr.0" = "i77srvztvqomjlhabc"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"27ddcf6f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_5d7409c6\eae10f9d]
"dbaf3ce3" = "/P////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"Version" = "22022138"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"370856c7" = ""

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"7f69fa1f" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"65114b36" = "VP/ ////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"7367429f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c99a5f5c" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"414bc593" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"date" = "1433846347"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"c6c5dd44" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"URLUpdateInfo" = "http://www.superpctools.com/"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"a47da861" = "o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780i01D06O0px1g02I0nl1 07x0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780mU1P0780pl1h02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y06h0i01J02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1O06l0px1R06t0ql0Z07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1O0640oU1 07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y07b0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1R06l0qx1O0640iU1 0680mU1P0700px1M06E0m01O06h0nx1D07C0px1M02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780iU1 0680ql1D06I0pU0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1N07t0m01 0780mU1 07x0al1g06E0nx0T07t0nl1D06I0mU1O0640n01YI"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\00000000]
"370856c7" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"414bc593" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"DisplayVersion" = "3.2.0.1"
"DisplayIcon" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"1c311243" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\00000000]
"493c7345" = "mU1P0700px1M06E0m01O06h0nx1D07C0px1M07b0al1D06I0pl1T00%%, mU1P0700px1M06E0m01O06h0nx1D07C0px1M07x0ox1Z06t0al1S06t0i00%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f6ad6fa6" = "V/////%%"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"n" = "1"

[HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
"n" = "1"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"414bc593" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"587b5709" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "1"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"f0bf0bde" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"Mode" = "4026531840"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a1dcff5b" = "V/////%%"
"0dc3ee96" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"51d2f2ea" = "JlA /Y//GPAf/D6/b/Ah/Xt/aPAp/Yq/GPAf/B//JlAh/XD/c/Ag/B//VP/j/Cx/V//j/CZ/V//h/CZ////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"NoRepair" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0dc3ee96" = "/P////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c6c5dd44" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"iiid" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"appid.0" = "8/iVPRF pqrg6tvqomBhkSrm ARD9UdjfBYTqk"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"493c7345" = "mU1P0700px1M06E0m01O06h0nx1D07C0px1M07b0al1D06I0pl1T00%%, mU1P0700px1M06E0m01O06h0nx1D07C0px1M07x0ox1Z06t0al1S06t0i00%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"060df2cd" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAp/YP/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"48bd1aff" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"1c311243" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"State" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"7367429f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"LRTS" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"c99a5f5c" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"HelpLink" = "http://www.superpctools.com/"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"a2e3b941" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"e46c271e" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"svi" = "0"

[HKCU\Software\Super Optimizer]
"cufValue" = "CUF=0"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"
"48bd1aff" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c5705860" = "Vx////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"uuid" = "3146920063"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"a47da861" = "o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780i01D06O0px1g02I0nl1 07x0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780mU1P0780pl1h02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y06h0i01J02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1O06l0px1R06t0ql0Z07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1O0640oU1 07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y07b0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1R06l0qx1O0640iU1 0680mU1P0700px1M06E0m01O06h0nx1D07C0px1M02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780iU1 0680ql1D06I0pU0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1N07t0m01 0780mU1 07x0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"51d2f2ea" = "JlA /Y//GPAf/D6/b/Ah/Xt/aPAp/Yq/GPAf/B//JlAh/XD/c/Ag/B//VP/j/Cx/V//j/CZ/V//h/CZ////%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"2e22d94e" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Super Optimizer]
"SessionID" = "5ADAEFD3-AD59-454C-A2C5-6F519963995A"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"usr.1" = "wH2LHAXZTVNPRJLFHw"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0e93c3f3" = "///%"
"e46c271e" = "///%"
"65114b36" = "VP/ ////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"usr.0" = "i77srvztvqomjlhabc"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"NoModify" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"Version" = "22022138"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"c5705860" = "Vx////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"svx" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}]
"Cache" = "2212488501164653044"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"51d2f2ea" = "JlA /Y//GPAf/D6/b/Ah/Xt/aPAp/Yq/GPAf/B//JlAh/XD/c/Ag/B//VP/j/Cx/V//j/CZ/V//h/CZ////%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"dbaf3ce3" = "/P////%%"

[HKCU\Software\Super Optimizer]
"ia" = "%Program Files%\Super Optimizer\SupOptCashier.exe"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"uuid" = "3146920063"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0c230bcb" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"2e22d94e" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c5705860" = "Vx////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0c230bcb" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"72758a5d" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: App Path" = "%Program Files%\Super Optimizer"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"a0743acc" = "N/////%%"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 FD C1 0D 96 EB 15 7A C7 FD AD 93 7F FE 10 C7"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"d94388d2" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"QuietUninstallString" = "%Program Files%\Super Optimizer\unins000.exe /SILENT"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"svn" = "SuperOptimizer Stats"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a2e3b941" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"d1abcdb6" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"493c7345" = "mU1P0700px1M06E0m01O06h0nx1D07C0px1M07b0al1D06I0pl1T00%%, mU1P0700px1M06E0m01O06h0nx1D07C0px1M07x0ox1Z06t0al1S06t0i00%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a2e3b941" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a0743acc" = "N/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"27ddcf6f" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"1c311243" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"svt" = "1433853552"
"appid.0" = "8/iVPRF pqrg6tvqomBhkSrm ARD9UdjfBYTqk"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"0dc3ee96" = "/P////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"fe94ce1e" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"060df2cd" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAp/YP/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"1520c6f1" = "V/////%%"

[HKCU\Software\Super Optimizer]
"Language" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"48bd1aff" = "V/////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"LRTS" = "0"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"1520c6f1" = "V/////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"fe94ce1e" = "V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"587b5709" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"370856c7" = ""

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"0c230bcb" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"65114b36" = "VP/ ////"
"d94388d2" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"
"f1f24e29" = "Vl/l/C/////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"DisplayName" = "Super Optimizer v3.2"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\00000000]
"a47da861" = "o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780i01D06O0px1g02I0nl1 07x0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780mU1P0780pl1h02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y06h0i01J02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1O06l0px1R06t0ql0Z07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1O0640oU1 07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y07b0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1R06l0qx1O0640iU1 0680mU1P0700px1M06E0m01O06h0nx1D07C0px1M02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780iU1 0680ql1D06I0pU0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1N07t0m01 0780mU1 07x0al1g06E0nx0T07t0nl1D06I0mU1O0640n01YE"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"340d3099" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Super Optimizer]
"SupOptStart.exe" = "SupOptStart"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"iiid" = "1"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"svi" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"InstallDate" = "20150609"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0e93c3f3" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_5d7409c6\eae10f9d]
"340d3099" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"340d3099" = "/P////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"3efeb33e" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c6c5dd44" = "V/////%%"
"d94388d2" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"data.1" = "bKN02uFpVRdSurpnik5OE1KQ7iEnj3nhq rf1Xo EPltYzARoA4Ct 2oRPp44cLMu2TD8vK4ECkqvEib81bi/Va7h4pMdq5aEuUUXb1mcpcV7"
"data.0" = "qxcE Ne9cLZV/WEG xQPvPVq3i031TrMSlEEerZqBeho2okOZn4ZFWrTUosAqRyFR8Gf4sN89"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Publisher" = "Super PC Tools ltd"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"a1dcff5b" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a1dcff5b" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"MinorVersion" = "2"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"22134214" = "%Program Files%\Super Optimizer\SupOptStats.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"URLInfoAbout" = "http://www.superpctools.com/"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"1520c6f1" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"State" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"UninstallString" = "%Program Files%\Super Optimizer\unins000.exe"
"Inno Setup: Language" = "en"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"340d3099" = "/P////%%"
"060df2cd" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAp/YP/UxAs/X6/aP////%%"
"2e22d94e" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"bbf88800" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"c99a5f5c" = "///%"
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"InstallLocation" = "%Program Files%\Super Optimizer\"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f0bf0bde" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"72758a5d" = "///%"
"8b9e4cbc" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"7f69fa1f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"27ddcf6f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"f6ad6fa6" = "V/////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"587b5709" = "V/////%%"
"0e93c3f3" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"svpath" = "c:\Program Files\Super Optimizer\SupOptStats.dll"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"8b9e4cbc" = "V/////%%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"e46c271e" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"7f69fa1f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"Mode" = "4026531840"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"date" = "1433846347"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"a0743acc" = "N/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"svn" = "SuperOptimizer Stats"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"Mode" = "4026531840"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"f6ad6fa6" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"72758a5d" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"3efeb33e" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"svx" = ""
"dlpath" = "c:\progra~1\supero~1\supopt~2.dll"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"usr.1" = "wH2LHAXZTVNPRJLFHw"
"usr.0" = "i77srvztvqomjlhabc"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"svt" = "1433853552"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"7367429f" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"bbf88800" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"data.0" = "qxcE Ne9cLZV/WEG xQPvPVq3i031TrMSlEEerZqBeho2okOZn4ZFWrTUosAqRyFR8Gf4sN89"
"data.1" = "bKN02uFpVRdSurpnik5OE1KQ7iEnj3nhq rf1Xo EPltYzARoA4Ct 2oRPp44cLMu2TD8vK4ECkqvEib81bi/Va7h4pMdq5aEuUUXb1mcpcV7"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"date" = "1433846347"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420]
"data.1" = "bKN02uFpVRdSurpnik5OE1KQ7iEnj3nhq rf1Xo EPltYzARoA4Ct 2oRPp44cLMu2TD8vK4ECkqvEib81bi/Va7h4pMdq5aEuUUXb1mcpcV7"
"data.0" = "qxcE Ne9cLZV/WEG xQPvPVq3i031TrMSlEEerZqBeho2okOZn4ZFWrTUosAqRyFR8Gf4sN89"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\eae10f9d]
"8b9e4cbc" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\1b470b21-511b-642f-2315-9dee23e76d13\10162061603631420\00000000]
"3efeb33e" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"LRTS" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Adware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Super Optimizer" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process supoptsetup.exe:1168 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 FC EE B8 FB B4 12 C1 C6 1F 35 CB A8 75 68 E4"

The process rundll32.exe:1928 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 F7 01 34 68 D6 51 8C 2F 35 D1 7F F6 82 9A 31"

The process rundll32.exe:968 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214]
"iiid" = "1"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"7f69fa1f" = "///%"
"65114b36" = "VP/ ////"
"48bd1aff" = "V/////%%"
"c6c5dd44" = "V/////%%"
"a0743acc" = "N/////%%"
"51d2f2ea" = "JlA /Y//GPAf/D6/b/Ah/Xt/aPAp/Yq/GPAf/B//JlAh/XD/c/Ag/B//VP/j/Cx/V//j/CZ/V//h/CZ////%"
"27ddcf6f" = "///%"
"414bc593" = "///%"
"c5705860" = "Vx////%%"
"8b9e4cbc" = "V/////%%"
"587b5709" = "V/////%%"
"2d71d5ab" = "V/////%%"
"d94388d2" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"
"f2c53c49" = "UlAr/XJ/c//k////"
"d1abcdb6" = "///%"
"6185d035" = "VP/h/CP/V//l////"
"0dc3ee96" = "/P////%%"
"1520c6f1" = "V/////%%"
"c99a5f5c" = "///%"
"c24899a6" = "VP/g/CV/Vl/1/CF////%"
"fe94ce1e" = "V/////%%"
"1c311243" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAf/YV/cPAf/XF/UxAs/X6/aP////%%"
"a2e3b941" = "///%"
"f6ad6fa6" = "V/////%%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"370856c7" = ""

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"493c7345" = "mU1P0700px1M06E0m01O06h0nx1D07C0px1M07b0al1D06I0pl1T00%%, mU1P0700px1M06E0m01O06h0nx1D07C0px1M07x0ox1Z06t0al1S06t0i00%"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 5B DC FE 8B CD 4F 2E 0F 2D 58 5D 95 AC ED 61"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"0e93c3f3" = "///%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"a47da861" = "o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780i01D06O0px1g02I0nl1 07x0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780mU1P0780pl1h02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y06h0i01J02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1O06l0px1R06t0ql0Z07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1O0640oU1 07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml1P07x0ox1Y07b0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1R06l0qx1O0640iU1 0680mU1P0700px1M06E0m01O06h0nx1D07C0px1M02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1e07b0ix1U06t0ml1T0700i01D06O0ox1K06t0ml0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1N07t0m01 0780nU1U07x0ox1Z06h0jl1 0780iU1 0680ql1D06I0pU0S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1N07t0m01 0780mU1 07x0al1g06E0nx0T07t0nl1D06I0mU1O0640n01Y"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"340d3099" = "/P////%%"
"0c230bcb" = "///%"
"f1f24e29" = "Vl/l/C/////%"
"38583bc3" = "Ml/2/CF/M//g/CZ////%"
"bbf88800" = "///%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\00000000]
"3efeb33e" = ""

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_22134214\eae10f9d]
"72758a5d" = "///%"
"2e22d94e" = "///%"
"f0bf0bde" = "///%"
"7367429f" = "///%"
"e8f9dcc7" = "UlAr/XJ/c//k////"
"a1dcff5b" = "V/////%%"
"e46c271e" = "///%"
"3c09c42b" = "///%"
"060df2cd" = "blA /Y//GPAf/X6/b/Ah/Xt/aPAp/Yq/GPAp/YP/UxAs/X6/aP////%%"

The process %original file name%.exe:320 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"setupname" = "c:\%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 A8 4B 48 2F 48 05 43 86 26 28 11 AB DD A2 2D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Adware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Adware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process SuperOptimizer.exe:1856 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Super Optimizer]
"UndoDir" = "%Documents and Settings%\%current user%\Application Data\Super Optimizer\Undo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Super Optimizer]
"s_SmartMode" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Super Optimizer]
"UpgradeID" = "BZDV_PCSM_ML_PCUP_SUPEROPTIMIZER_RED"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Super Optimizer]
"s_SmartExec" = "0"
"Stat1a" = "185"
"ItemsToScan" = "1111111111"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"LastScanFound" = "216"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Super Optimizer]
"ItemsCleaned" = "0"
"s_Enable" = "0"

"InstallStat" = "1"
"Version" = "3.2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Super Optimizer]
"s_SmartScan" = "1"
"SpeedGuard" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Super Optimizer]
"BuyNowURL" = ""
"LastScanChecked" = "1101010"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Super Optimizer]
"LOGDIR" = "%Documents and Settings%\%current user%\Application Data\Super Optimizer\Log"
"ProblemsFixed" = "0"
"ResidualFilesCleaned" = "0"
"RunDate" = "D9 07 0A E2 94 96 E4 40"
"Reminder" = "1"
"ShowRebootMessage" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "06 43 2B 34 9A 1F 45 96 D5 93 A9 5E 38 3B 16 D2"

[HKCU\Software\Super Optimizer]
"AppStart" = "1"
"DisplayName" = "Super Optimizer"
"ItemsToFix" = "209"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Super Optimizer]
"UseExceptionList" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"s_Time" = "48 71 18 E0 94 96 E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Super Optimizer]
"LastVersionChecking" = "48 71 18 E0 94 96 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Super Optimizer]
"ScanAtStartup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Super Optimizer]
"ItemsToClean" = "7"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process SuperOptimizer.exe:1376 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 54 40 05 20 70 CF 37 9B F6 87 0C AF 75 E6 DD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

Dropped PE files

MD5	File path
d5cffe391c44bb7121c8613a1d6519ad	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\supoptsetup.exe
432273fbf170bef34170aee039559980	c:\Program Files\Super Optimizer\SupOptCashier.exe
6f34da59fe1b9ce3a74b6dd3d9759e1c	c:\Program Files\Super Optimizer\SupOptGuard.exe
b4373efde1810d3537f1c9ca007a3c5b	c:\Program Files\Super Optimizer\SupOptHelper.dll
3a099f18ad6b57458f46d856d9540e04	c:\Program Files\Super Optimizer\SupOptLauncher.exe
d52774f057e7ec926d3ce0405265f5d5	c:\Program Files\Super Optimizer\SupOptReminder.exe
155c10411b33c463f2b982df9237c35d	c:\Program Files\Super Optimizer\SupOptSchedule.exe
817288206e77debeb7b4cc981aa5b274	c:\Program Files\Super Optimizer\SupOptSmartScan.exe
e2106202c248769c1af0b1a0355c988b	c:\Program Files\Super Optimizer\SupOptStart.exe
eddfb0a861469000191f6ade808f3aa0	c:\Program Files\Super Optimizer\SupOptStats.dll
c114ac32dc34221ca69c17e78aa92058	c:\Program Files\Super Optimizer\SupOptUninstaller.exe
80f80636d887cfa744fffb8e455ac49d	c:\Program Files\Super Optimizer\SuperOptimizer.exe
9a83f220bf8ca569e3cfa654539a47a4	c:\Program Files\Super Optimizer\idp.dll
d82a429efd885ca0f324dd92afb6b7b8	c:\Program Files\Super Optimizer\itdownload.dll
0f66e8e2340569fb17e774dac2010e31	c:\Program Files\Super Optimizer\sqlite3.dll
9a27d6a32e40914238757a368f17f5d1	c:\Program Files\Super Optimizer\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Super PC Tools Ltd
Product Name: Super Optimizer v3.2
Product Version: 3.2.0.0
Legal Copyright: Super PC Tools Ltd
Legal Trademarks:
Original Filename: Super Optimizer
Internal Name: Super Optimizer
File Version: 3.2.0.0
File Description: Fix PC problems and optimize performance
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	150701	151040	4.5721	a37e6b766591788ce7b40ae4b13b8f28
.rdata	155648	32734	32768	3.36434	85ff3aab613e986f96f9105a959a19eb
.data	188416	19428	7680	2.49701	269fcabd7d3115b34e5daecb51e135b7
.rsrc	208896	6136432	6136832	5.52537	0491da82279186fcba4f1d2c106952f4
.reloc	6348800	26178	26624	1.90165	d9070faad863bd8ed2cad7926ee92e1a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 49
fdaf1fa5bb5d73f001e7cbafa574ae15
7b5cb9af8c106aa4c9578a7b29e10262
452cab82be82b7f8dd0cbed1355077e2
f4408b3a82cc1210f945a9e8fcc7ecc7
44eef142ac0ccf2dec203e2c4557f30c
89711fc991b7a2fd7010bc0baecb6b6d
dfcb72a31818d8c94d99e71c0ebe0dc7
c25d3e36b5ae10c5b78224d083cd04c2
85ba4988ff7d3e4dca8d6e698728d3b7
7329d17482a6c3f4fe4bc10340ffd8d5
24a5675a3c4d9008f22bd1ef2ba23384
fc9afec24e59ed3baf843a00b54ff787
02b1890807f227a246f753d3f9cd5ec9
be130f41f89ca704e3a1682ca6e5007a
3a76502c3caaf63c2edd27310f6624c4
3985269d729fbb768c638ebd4a76ec1d
8f364f81021711128748b13250d3f5d6
a30020732b942b6a6c4ed7d3e73abf87
03d4a9eea159e821c6a76d0eafe1fc81
1d7e0a1dd2175ff9b42da93b8664399d
7b5938e7c0e02d72784e76f317936573
f23f67b0e6f39f01bc6aaa6e54e8b82a
0f0f5d8626d1563a794d143bc26918a4
b92014bf10e5c1f36cc8aaa8531a85da
e9df38a4dd6c46bf03c3540386c1b1d9

URLs

URL	IP
hxxp://www.google.com/	216.58.209.196
hxxp://www.google.com.ua/?gfe_rd=cr&ei=Zd52Vc72B4Ou8wfzrIHQDg	216.58.209.195
hxxp://superoptimizeit.com/install/	52.26.11.145
hxxp://www-bbc-com.bbc.net.uk/
hxxp://superoptimizeit.com/get/?q=358R3A2d7xV22qJ345ppnJ6pDlNuex8ATvF7Kgg3d6WUolm49/X+o9/xj2dwsxnyT3o97FGnFg1QrZGvdLh5mMlS2DmIz3nyuzGvjHxjRN3wL/WHUaKvWGM9IzCo6KWg9QaIFlhHsEh6gUjlXh8eOVLFpo/LGKc5pmegi1bBZdYNk5bq38iCi/XEavRdUi1887rrVZ+mbC2VDah5zZrguODLOVRTPFFEFcP3+V0jMCib229DO1aXZaZOCzLxdFU6hsoa1X6To/E+gQXD+XiiRn+cAmELA8ETfvbJFvVMzuHHNKxSOeT3XezRXHCgnoGposCSkRum/i4vDQUnaEO8ebOhJSFrqliRSNbo7QnImoMW8AZ4MXcQm357M0TehK3FXJI98BTAS4CAIuOu+j1dZXPRktaFQ9ehtDW48ndgxUY7UNypXDAWNlHDDxyQzAZwPW/E5qYP62fQ145Z/nJvuJ/iAhp3CA2uxuzvXN5tOSK065FA5zYW8BJnWNFnfC6Lp7fe2f9cYzSVsHjfDYf0xp2UKGMJl8f0VLwTV+UeEWvuXH/Pb34N5w/bzu25D86UqChWYYNrxtWKuKcYdfovdKCvAz	52.26.11.145
hxxp://www.bbc.com/	212.58.246.54
service.smartpcupdate.com	176.9.2.106

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN W32/SpeedingUpMyPC.Rootkit Install CnC Beacon
ET USER_AGENTS Suspicious Win32 User Agent
ET TROJAN W32/SpeedingUpMyPC.Rootkit CnC Beacon

Traffic

HEAD / HTTP/1.1

Host: VVV.bbc.com

Connection: close

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)


HTTP/1.1 200 OK

Server: Apache

X-Cache-Action: HIT

X-Cache-Hits: 1

Vary: X-CDN

Cache-Control: private, max-age=60

X-Cache-Age: 22

Content-Type: text/html

Date: Tue, 09 Jun 2015 12:39:07 GMT

Expires: Tue, 09 Jun 2015 12:39:45 GMT

Content-Language: en

Etag: "12a9999e778fdf768c9f0246662e9950"

X-LB-NoCache: true

X-PAL-Host: pal057.back.live.cwwtf.local:80

Connection: close

Set-Cookie: BBC-UID=15c567d6dd3e56dba8c4c0ecb14d4f420c656ffac3486613bb9b8423468961940Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1); expires=Sat, 08-Jun-19 12:39:07 GMT; path=/; domain=.bbc.com

Content-Length: 118183

HEAD /?gfe_rd=cr&ei=Zd52Vc72B4Ou8wfzrIHQDg HTTP/1.1

Accept: */*

Host: VVV.google.com.ua

Content-Length: 0

Cache-Control: no-cache

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 09 Jun 2015 12:39:01 GMT

Expires: -1

Cache-Control: private, max-age=0

Content-Type: text/html; charset=windows-1251

Set-Cookie: PREF=ID=0213507da9a4c3d3:FF=0:TM=1433853541:LM=1433853541:S=T6j6f9A1lAqRNDCw; expires=Thu, 08-Jun-2017 12:39:01 GMT; path=/; domain=.google.com.ua

Set-Cookie: NID=68=SqBxsOuxayofIyQdAmJlhgReMam_dcnpKf3FWw-vKQ1cAixnPw7KZhjG_OmI4vt9gc24lLzC-PQQsP0KTTj0BNJ5tsqIzZyjczekPRrNgeRMnBU25-ac2L4FCK5rcvo3; expires=Wed, 09-Dec-2015 12:39:01 GMT; path=/; domain=.google.com.ua; HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Server: gws

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic,p=0

Transfer-Encoding: chunked

Accept-Ranges: none

Vary: Accept-Encoding

HEAD / HTTP/1.1

Accept: */*

Host: VVV.google.com

Content-Length: 0

Cache-Control: no-cache


HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=Zd52Vc72B4Ou8wfzrIHQDg

Content-Length: 262

Date: Tue, 09 Jun 2015 12:39:01 GMT

Server: GFE/2.0

Alternate-Protocol: 80:quic,p=0

GET /get/?q=358R3A2d7xV22qJ345ppnJ6pDlNuex8ATvF7Kgg3d6WUolm49/X+o9/xj2dwsxnyT3o97FGnFg1QrZGvdLh5mMlS2DmIz3nyuzGvjHxjRN3wL/WHUaKvWGM9IzCo6KWg9QaIFlhHsEh6gUjlXh8eOVLFpo/LGKc5pmegi1bBZdYNk5bq38iCi/XEavRdUi1887rrVZ+mbC2VDah5zZrguODLOVRTPFFEFcP3+V0jMCib229DO1aXZaZOCzLxdFU6hsoa1X6To/E+gQXD+XiiRn+cAmELA8ETfvbJFvVMzuHHNKxSOeT3XezRXHCgnoGposCSkRum/i4vDQUnaEO8ebOhJSFrqliRSNbo7QnImoMW8AZ4MXcQm357M0TehK3FXJI98BTAS4CAIuOu+j1dZXPRktaFQ9ehtDW48ndgxUY7UNypXDAWNlHDDxyQzAZwPW/E5qYP62fQ145Z/nJvuJ/iAhp3CA2uxuzvXN5tOSK065FA5zYW8BJnWNFnfC6Lp7fe2f9cYzSVsHjfDYf0xp2UKGMJl8f0VLwTV+UeEWvuXH/Pb34N5w/bzu25D86UqChWYYNrxtWKuKcYdfovdKCvAz HTTP/1.1

Accept: */*

User-Agent: win32

Host: superoptimizeit.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: ngx_openresty

Date: Tue, 09 Jun 2015 12:39:11 GMT

Content-Length: 0

Connection: close

The Adware connects to the servers at the folowing location(s):

rundll32.exe_968:

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

IMAGEHLP.dll

rundll32.pdb

.....eZXnnnnnnnnnnnn3

....eDXnnnnnnnnnnnn3

...eDXnnnnnnnnnnnn,

.eDXnnnnnnnnnnnn,

%Xnnnnnnnnnnnnnnn1

O3$dS7"%U9

.manifest

5.1.2600.5512 (xpsp.080413-2105)

RUNDLL.EXE

Windows

Operating System

5.1.2600.5512

YThere is not enough memory to run the file %s.

Please close other windows and try again.

9The file %s or one of its components could not be opened.

0The file %s or one of its components cannot run.

MThe file %s or one of its components requires a different version of Windows.

UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"

Error in %s

Missing entry:%s

Error loading %s

rundll32.exe_968_rwx_10021000_00023000:

.fffff.

ÿf.

SuperOptimizer.exe_1856:

.idata

.edata

P.tls

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

HKEY

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

;!199{199

;0!8&2{199

"<;=!!%{199

Windows 95

Windows 95 OSR-2

Windows 98

Windows 98 SE

Windows ME

Windows 9x New

Windows NT 3

Windows NT 4

Windows 2000

Windows XP

Windows 2003

Windows Vista

Windows 2008

Windows 7

Windows 2008 R2

Windows 8

Windows Server 8

Windows NT New

user.exe

TMsgHandlers

madToolsMsgHandlerWindow

user32.dll

>0';0974&0{199

cmovÌ

setÌ

pop %seg

push %seg

Uh.GA

msvcrt.dll

Uh.wA

VVV.madshi.net

dbghelp.dll

comctl32.dll

4.0.11

ntdll.dll

advapi32.dll

The import table is invalid.

shell32.dll

WindowsLogo

ReportLeaks

UploadViaHttp

HttpServer

HttpSsl

HttpPort

HttpAccount

HttpPassword

BugTrPassword

MailAsSmtpServer

MailAsSmtpClient

SmtpServer

SmtpSsl

SmtpTls

SmtpPort

SmtpAccount

SmtpPassword

bugreport.mbr

screenshot.png

ExceptMsg

FrozenMsg

BitFaultMsg

send bug report

save bug report

print bug report

show bug report

%appname%, %exceptMsg%

bug report

please find the bug report attached

Sending bug report...

PrepAttMsg

MxLookMsg

ConnMsg

SendMailMsg

FieldMsg

SendAttMsg

SendFinalMsg

SendFailMsg

Sorry, sending the bug report didn't work.

TDABugReportCallback

TDABugReportCallbackOO

ShellExecuteExW

madExceptIde_.bpl

wininet.dll

VVV.google.com

SMTP:

mapi32.dll

IpHlpApi.dll

A.ROOT-SERVERS.NET

K.ROOT-SERVERS.NET

VVV.madshi.net_multipart_boundary

TSmtpU

LOGIN

AUTH LOGIN

security.dll

secur32.dll

TWinHttp

winhttp.dll

WinHttpOpen

WinHttpConnect

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpSetOption

WinHttpWriteData

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpQueryAuthSchemes

WinHttpSetCredentials

WinHttpQueryDataAvailable

WinHttpReadData

WinHttpCloseHandle

/api.xml

<url>

password

?cmd=

/xmlrpc.cgi

Bugzilla.version

Product.get_enterable_products

Product.get

Bug.fields

Bugzilla_login

Bugzilla_password

Bug.create

Bug.add_attachment

/api/soap/mantisconnect.php

<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="hXXp://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns1:

</username><password xsi:type="xsd:string">

</password>

*.txt

TSendBugReportExRec

wtsapi32.dll

idapi32.dll

kernelbase.dll

madExcept32.dll

c:\sources\madshi\madExcept32.dll

ReportLeaksNow

GetLeakReport

ShowLeakReport

madExcept32.dll has the wrong version.

coreide70.bpl

ReportFault

FaultRep.dll

internal error. please notify [email protected]

@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule

HardWareKey

setupapi.dll

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

USER32.DLL

uxtheme.dll

PasswordChar

OnKeyDown

OnKeyPress@SJ

OnKeyUpdRJ

ssHorizontal

OnKeyUp

Proportional

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

Uh.WK

imm32.dll

OnExecute`

OnExecute

AutoHotkeys8

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview,

WindowStated

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

Uh%DM

%s, %d %s %d %s %s

Password

IdHTTPHeaderInfo

ProxyPasswordl

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

ftpTransfer

ftpReady

ftpAborted

ClientPortMinl

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

saUsernamePassword

Passwordl

0.0.0.1

TIdTCPConnection

IdTCPConnection

EIdTCPConnectionError

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile

OnGetPasswordD

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

TIdTCPClient

TIdTCPClient\'N

IdTCPClient

BoundPort

PortU

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPResponse<QN

TIdHTTPRequest

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTP

TIdHTTP8TN

HTTPOptions

PortlDN

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

1.2.3

Portable Network Graphics

%s, ClassID: %s

ole32.dll

TNT Internal Error: TWideComponentHelper.Create should never be encountered.

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas

!"#$%&*;<=>@[]^_`{|}

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas

Internal Error: SubClassUnicodeControl.Control is not Unicode.

.UnicodeClass

TntUnicodeVcl.DestroyWindow

MAPI32.DLL

vsReport

TComboBoxExEnumerator

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas

Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").

hXXp://gen.securedshopgate.com/?b=21

superupdater.exe

Super Updater\SuperUpdater.exe

hXXp://VVV.superpctools.com

UninstallURL

AdsDownloadURL

HomePageURL

SupportURL

BuyNowURL

AdsBuyNowURL

\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\

Launcher.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

SrClient.dll

1111111111

s_SmartExec

English.ini

French.ini

German.ini

Spanish.ini

Italian.ini

Portuguese.ini

Danish.ini

Dutch.ini

Swedish.ini

Polish.ini

Russian.ini

Brazilian.ini

Finnish.ini

Norwegian.ini

Turkish.ini

Czech.ini

Japanese.ini

Chinese.ini

Arabic.ini

\$RECYCLE.BIN\

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Mozilla\Firefox\

profiles.ini

\cookies.sqlite

\formhistory.sqlite

Google\Chrome\User Data\Default\Cache\

Content.IE5\

regedit.exe

%SYSTEMROOT%\

%Program Files%\

%Program Files% (x86)\

%COMMONPROGRAMFILES%\

%Program Files%\Common Files\

%COMMONPROGRAMFILES(X86)%\

%Program Files% (x86)\Common Files\

%COMMONPROGRAMW6432%\

%USERPROFILE%\

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

\tmp.reg" "

\tmp.reg

WNNC_NET_FTP_NFS

olepro32.dll

\\.\vwin32

shlwapi.dll

Mpr.dll

D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas

To show a Context Menu using TNamespace you must pass a valid Owner TWinControl

THKeyArray

TCommonShellExecuteThreadU

D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas

TCommonKeyState

cksShift

TCommonKeyStates

D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas

Uh.RT

gdi32.dll

Userenv.dll

ShellExecuteW

GetWindowsDirectoryW

RegOpenKeyW

RegOpenKeyExW

SHFileOperationW

D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas

TEasyAccessibleManager.Create not a TCustomEasyListview type

TEasyGroupAccessibleManager.Create not a TEasyGroup type

TEasyItemAccessibleManager.Create not a TEasyItem type

TEasyColumnAccessibleManager.Create not a TEasyColumn type

TEasyHeaderAccessibleManager.Create not a TEasyHeader type

elsReport

elsReportThumb

TAutoGroupGetKeyEvent

TColumnGetImageIndexEvent

TColumnSetImageIndexEvent

KeyState

KeyStates

TGroupGetImageIndexEvent

TGroupSetImageIndexEvent

HintWindowShown

TItemGetGroupKeyEvent

GroupKey

TItemGetImageIndexEvent

TItemSetGroupKeyEvent

TItemSetImageIndexEvent

MouseMsg

TEasyKeyActionEvent

EscapeKeyPressed

TEasyViewReportItem

TEasyViewReportItemP5U

TEasyViewReportThumbItem

TEasyGridReportGroup

TEasyGridReportThumbGroup

TEasyCellSizeReport8]U

TEasyCellSizeReport

TEasyCellSizeReportThumb

TEasyCellSizeReportThumb ^U

ReportThumb

Report

AlwaysShow

OnAutoGroupGetKeyp

OnItemGetGroupKey\

OnItemSetGroupKey

OnKeyActiond

D:\SmartPC\Components\EasyListview\Source\EasyListview.pas

Can not find TEasyGroups.AdjacentItem of an Invisible Item

Uh.hX

EasyListview.Header

TChangesShortForm

An updated version of %s is now available

FormKeyDown

http\shell\open\command

\chrome.exe

\Internet Explorer\iexplore.exe

hXXp://softupdates.smartpcupdate.com/data/update-versions-%s.txt?upgrade_id=%s

&user_major_version=%s&upgrade_id=%s&user_version=%s

hXXp://softupdates.smartpcupdate.com/scripts/get_link_%s.php?license_key=%s&purchase_date=%s

You are already using the latest version of %s

OnActionExecute

windows-1251

sqlite3.dll

sqlite3_bind_parameter_count

sqlite3_bind_parameter_name

sqlite3_busy_handler

sqlite3_busy_timeout

sqlite3_changes

sqlite3_close

sqlite3_collation_needed

sqlite3_collation_needed16

sqlite3_column_blob

sqlite3_column_bytes

sqlite3_column_bytes16

sqlite3_column_count

sqlite3_column_double

sqlite3_column_int

sqlite3_column_int64

sqlite3_column_text

sqlite3_column_text16

sqlite3_column_type

sqlite3_column_decltype

sqlite3_column_decltype16

sqlite3_column_name

sqlite3_column_name16

sqlite3_complete

sqlite3_complete16

sqlite3_create_collation

sqlite3_create_collation16

sqlite3_data_count

sqlite3_errcode

sqlite3_errmsg

sqlite3_errmsg16

sqlite3_exec

sqlite3_finalize

sqlite3_free

sqlite3_get_table

sqlite3_free_table

sqlite3_interrupt

sqlite3_last_insert_rowid

sqlite3_open

sqlite3_open16

sqlite3_prepare

sqlite3_prepare16

sqlite3_reset

sqlite3_step

sqlite3_total_changes

sqlite3_libversion

Yahoo.Messenger\CLSID

Yahoo.Messenger.1\CLSID

Software\Microsoft\Windows Live\Messenger

Software\Microsoft\MSNMessenger\PerPassportSettings

imApp.im.loggingLogPath

TMonochromeLookup

The Windows registry stores settings and options for Microsoft Windows. Over time, the registry becomes cluttered with invalid and obsolete data.

%s can remove these unnecessary and invalid registry entries. Check the items you wish to delete and click Save && Close.

\UserExceptionR.txt

Free up disk space and protect your privacy by removing web pages, images, videos and audio files saved by your browser as you surf the Internet.

Free up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited.

When you remove an application there are often residual files or junk files leftover on your system. %s safely finds and removes these unnecessary files.

\UserExceptionF.txt

Registry keys

RegistryKeys

\ProgramExceptionR.txt

\ProgramExceptionF.txt

IdHTTP1

HTTP1Work

Thank you for purchasing %s!

We are now replacing your current version of %s with %s which includes these additional features:

ProVersionUrl

hXXp://

service.smartpcupdate.com

hXXp://service.smartpcupdate.com/rpc/sendspmpurchase

hXXp://service.smartpcupdate.com/rpc/sendpurchase

&key=

hXXp://service.smartpcupdate.com/rpc/sendspminstall

hXXp://service.smartpcupdate.com/rpc/sendspmuninstall

hXXp://service.smartpcupdate.com/rpc/sendinstall

hXXp://service.smartpcupdate.com/rpc/senduninstall

callbanner.png

BannerURL

Do you have a License Key?

If you purchased %s a license key will have been emailed to you. Please enter the license key below and click Activate Now.

License key

Do you need a License Key?

We recommend that you upgrade to the full version of %s

To purchase %s and obtain a license key click

Licensing key has reached its usage limit!

UserKey

Thank you for registering %s!

Support

Register %s

To optimize settings, fix problems and speed up your PC you need to register %s.

Would you like to register %s now?

To immediately fix these problems and speed up your PC you need to register %s.

To remove these privacy risks from your computer you need to register %s.

To immediately fix these problems and to remove invalid shortcuts you need to register %s

To immediately fix these problems and to remove programs from your startup menu you need to register %s.

%s is the leading and award-winning system optimization tool that cleans, repairs and optimizes your system.

To fix problems and speed up your PC, you need to register %s

This is normal and we have marked these items and will attempt to remove them later. It is best to close as many applications (browser, instant messanger, email, etc.) before running %s.

Specify registry key

SpecifyKey

Example: Software\%s

KeyExample

Key not found in the registry!

KeyNotFound

Offers direct access to key features

Guard.exe

Reminder.exe

s_Exec

Schedule.exe

SmartScan.exe

Example: twitter.com

\CookiesException.txt

PSAPI.dll

*.exe

hXXp://VVV.google.com/search?hl=en&q=

hkey

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

FormOptReport

Optimization Report

TfrmFreshWindows

FormFreshWindows

\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Register %s now to keep it that way.

CleanEmptyKeys

ScanCustomRegKeys

ScanWindowsLogs

actDebugExecute

Welcome to %s

%s's benefits may include faster performance, increased startup speed and fewer error messages when regularly used.

Why register %s?

Remove invalid and unnecessary items to optimize your Windows registry.

Search histories, cookies, recently viewed web pages, videos, photos, music and more.

%s has found the following potential privacy risks on your computer. To keep your information private and free up valuable disk space we recommend deleting the selected items.

Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.

Optimization report

Windows tracking of user actions

Send error reports to Microsoft

Ask password after quitting standby mode

Automatic login to system w/o password entry

Use autofill for URLs

Autofill of login names and passwords in forms

Request for password save

Get the maximum benefit from %s by customizing the settings to meet your needs.

Undo changes made by %s

Information about your version of %s

If there are certain registry keys, files or cookies that you do not want to have included in the %s scan you can use this feature to create an exclusion list.

Log && Undo makes it easy to undo changes made by %s

List of items that could not to be cleaned because they were locked or in use by another application. %s will attempt to remove these items each time you clean your PC.

\*.lnk

IEXPLORE.EXE

FIREFOX.EXE

CHROME.EXE

SKYPE.EXE

\PendingExceptionR.txt

\PendingExceptionF.txt

\Scan.gif

SOFTWARE\Microsoft\Windows\Help

SOFTWARE\Microsoft\Windows\HTML Help

SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\

SOFTWARE\Microsoft\Internet Explorer\TypedURLs\

SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\

SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\

SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\

\places.sqlite

visited Web pages and cookies available for removal

.reg"

Cleaning visited webpages...

macromedia.com\support\flashplayer\sys\

Visited Web pages removed

System32\reg.exe

File Windows\System32\reg.exe not found!

\HKCR.reg

\HKCU.reg

\HKLM.reg

\HKU.reg

EXPORT HKCR "

\HKCR.reg"

EXPORT HKCU "

\HKCU.reg"

EXPORT HKLM "

\HKLM.reg"

EXPORT HKU "

\HKU.reg"

\*.reg

IMPORT "

dfrg.msc

DFRGUI.EXE

dfrgui.exe

DATA.BAK

CUSTOM.BAK

OPA11.BAK

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

DoReport

SOFTWARE\Microsoft\PCHealth\ErrorReporting

PromptPasswordOnResume

SOFTWARE\Policies\Microsoft\Windows\System\Power

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete

FormSuggest Passwords

Register your copy of %s

\*.log

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

=HKEY_LOCAL_MACHINE#

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#

=HKEY_CLASSES_ROOT#

[-HKEY_CLASSES_ROOT\Applications\

Empty key

EmptyKey

[-HKEY_CLASSES_ROOT\

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\

=HKEY_CURRENT_USER#

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\

HKEY_CLASSES_ROOT\

[-HKEY_CLASSES_ROOT\CLSID\

[HKEY_CLASSES_ROOT\CLSID\

HKEY_LOCAL_MACHINE\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\

HKEY_CLASSES_ROOT\Interface\

[-HKEY_CLASSES_ROOT\Interface\

HKEY_CLASSES_ROOT\Typelib\

[-HKEY_CLASSES_ROOT\Typelib\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\

Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs

Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\

: HKEY_CURRENT_USER\

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

: HKEY_LOCAL_MACHINE\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache

SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders#

[HKEY_LOCAL_MACHINE\

AppEvents\Schemes\Apps\.Default

AppEvents\Schemes\Apps\.Default\

\.Current

\.Default

[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\

\.Current]

\.Default]

HKEY_CURRENT_USER\

[HKEY_CURRENT_USER\

=HKEY_CURRENT_USER#SOFTWARE\

HKEY_CURRENT_USER\SOFTWARE\

[-HKEY_CURRENT_USER\SOFTWARE\

=HKEY_LOCAL_MACHINE#SOFTWARE\

HKEY_LOCAL_MACHINE\SOFTWARE\

[-HKEY_LOCAL_MACHINE\SOFTWARE\

=HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\

HKEY_USERS\...\SOFTWARE\

[-HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\

=HKEY_USERS#

HKEY_USERS\

[HKEY_USERS\

LOGIN

.EXE.DLL.SYS.CAB.MSI.DAT.INF.TLB.BIN.OCX.INI.XML.LOG

*.lo?

INDEX.DAT

c:\debug.pc

Start.exe

6666666666666666

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

%Program Files%\Windows Media Player\wmplayer.exe

a\{3f13498d-830d-3597-3f13-3498d8302636}\hqghumeaylnlf.exe

wmplayer.exe

GetKeyboardType

RegOpenKeyExA

RegCloseKey

RegQueryInfoKeyA

RegFlushKey

RegEnumKeyA

RegEnumKeyExA

RegDeleteKeyA

RegCreateKeyExW

RegCreateKeyExA

WinExec

GetWindowsDirectoryA

GetCPInfo

CreatePipe

version.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExA

MsgWaitForMultipleObjects

MapVirtualKeyW

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextW

GetKeyNameTextA

GetAsyncKeyState

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

ShellExecuteExA

ShellExecuteA

SHFileOperationA

comdlg32.dll

wsock32.dll

shfolder.dll

oleacc.dll

winmm.dll

Shell32.dll

MainProgram.exe

7"8*828_8

6$60656]6

>#>(>0>5>:>

;';5;:;_;~;

4!4%4)4-4145494

9!9%9)9-919

051'2|2

6 6$6(6,6064686

> ?/?3?7???

2-3135393@3

= =$=(=,=0=>=`=|=

5 5$5(5,5054585<5@5\5|5

9 9*91969<9

,1014181<1@1

5'5>5(6}6

4)4.484=4

3 4$4=4^4

7 7$7(7,707

11g1

< <$<(<,<0<4<8<<<

= =$=(=,=0=>=

%0)0-01050<0

6#6'6 606

5,6064686

7 8%8)8-8185898@8

#0'0 03070<0

3#4 4/444

9 9$9(9,909>9`9|9

1%2U2y2

7 7$7(7,7

= =$=(=.=

; ;$;(;,;2;

3"3.353:3

9!:-:4:9:

9!9&92999>9

3=3M3T3Y3s3

3-3E3Q3a3p3}3

6!6(6-6<6_6

:!:*:1:6:

0 00C0F1O1V1[1g1

1)131@1^1

5_5f5x5

2'2`2|2

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

33333333330

3333333330

3333833330

333333330

3333333333

338333?330

33383?3330

|||%UUU

|||'}}};

4|||){{{

|||%}}}=

kzzz.yyy

d|||ÿf

|||#}}}1|||@

|||'}}}9

|||)}}}=

|||D|||%xxx

|||!}}}=

|||%}}}3

|||!}}}-

6}}} {{{

"|||#{{{

|||%}}}/

|||#}}}

|||#|||)}}}/

5}}}/|||)

,}}}-}}}-}}}-}}}-}}}-}}}-

$|||!{{{

|||!|||'

,}}}/}}}/}}}/}}}/

,|||'|||!

/|||'{{{

.xxx${{{

9}}} {{{

|||%}}}5

5|||%uuu

|||#}}}3

|||'{{{:

|||)}}}?

|||'}}}=

|||'{{{>

|||)|||@

Z}}};|||%sss

.zzzE

|||'}}}?

[}}}1{{{

|||!}}} }}}5

(}}}3}}}=

$|||%yyy&yyy&uuu%xxx"www

0{{{8}}}?

|||!|||%|||)}}}/

,}}}1{{{6

9}}}5}}}1

,|||'|||#{{{

.yyy*|||'|||#xxx rrr

|||!|||#

&|||#|||!

*}}} }}}-}}}/}}}/

2}}}3}}}3}}}3}}}3}}}3}}}3

0}}}/}}}/}}}-}}}

(|||'|||%xxx"|||!{{{

|||!|||%

(|||%|||!{{{

4}}}7{{{6}}}5}}}5

|||#|||)

(|||#{{{

,|||%{{{

|||!|||)

*|||#{{{

/|||%{{{

3|||){{{

5|||){{{

6|||){{{

"|||#|||!

4|||'{{{

1|||%{{{

2|||%{{{

5|||'{{{

7|||'{{{

:|||){{{

|||){{{4

.|||'|||!{{{

 |||%{{{

/|||)|||#{{{

 zzz.xxx3

*|||)|||'|||%|||!{{{

6|||'|||!{{{

|||!|||%|||)

|||#|||'

(|||%|||#

"|||#|||#

$|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%

$|||#|||#

paint.net 4.0;

8).eJ

F.Eax

<p.lFl^lv

Y%SkW

z%Ue4

K)zbo%X

,.QYAHV#

F=w.XS

wx".MSR

^.fU5F

Jdo%f

<z.ZX

~2.Kb2

f.XFB!

.UTTdd

..zPI

=>95<&><6

1999666<<

#,,,)))   77733311144

3_%C-

0>551952>

e5y%U

Dîÿ&fF$d

%XoYXfe

g`

0|.qD/n

$!6222***:

0777%%f6**

..6!!>1!

!*2"&*2.6

4'=%3-9--

`ssshX

$#F.pbHh#%

/.TVUao

mmmMLL.ik )(H

,:.(6!4>1*95.-

%9 ;...""

~ =555))

$'/. /)'

322 ( !)1

OCB^$&%UWW3

r%djaN!

\%S)!

Q&%S>w

.aT/uT#

}ee%x

! I%X

o].bS!bG

%x=YY}

Jb.Zf

`m%U yMH

f/..yBl

$W.oc

.FBYw]

2w.Ks?

/Vv*Qq.Uu.

GFÞ'

>,"&4<&,<

!!111$!!!

KWindows

UrlMon

UrlHistory

wlibsqlite3

TntWindows

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

LFormFreshWindows

78*6%d

9N.sV

8.YrT

4777))):::44

764TUq-'%X

.,48<,0$4 84 (

?"8 !:"/

340 <8(4

 -.).*(/,

,((()*./-

\3**"""*22

&:,<2<"

{'*)5",<$,

`h%u$*

8)%>&,"$(

_t3.62.6

.=6&=>6#!.%..!

,9>.5!&')

A9-.EK

L*OM.MK

"8":5=-)

>';3.)9/7{

f.Moq

(=[[[;::

0H.sl

\(A.TFP

.ukD %Tr

F.Sn8

q%S@QQ

.tRaw

ChangesShortForm

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Picture.Data

;A new version of %s (version %s) is available for download.

All windows

Windows tracking of user actions

(Ask password after quitting standby mode

,Automatic login to system w/o password entry

5Attention! %s found 0 privacy risks on your computer

4Log && Undo makes it easy to undo changes made by %s

Lines.Strings

If there are certain registry keys or files that you do not want to have included in the %s scan you can use this feature to create an exclusion list.

.Autofill of login names and passwords in forms

Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.

OGet the maximum benefit from %s by customizing the settings to meet your needs.

$Information about your version of %s

s%s's benefits may include faster performance, increased startup speed and fewer error messages when regularly used.

GRemove invalid and unnecessary items to optimize your Windows registry.

Windows .....

When you remove an application there are often residual files or junk files leftover on your system. %s safely finds and removes these unnecessary files.

IconOptions.Arrangement

3visited Web pages and cookies available for removal

%Scan selected areas for privacy risks

USearch histories, cookies, recently viewed web pages, videos, photos, music and more.

Log files|*.log|All files|*.*

*.tmp

*.bak

*.old

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

&Mozilla/3.0 (compatible; Indy Library)

The Windows registry stores settings and options for Microsoft Windows. Overtime, the registry becomes cluttered with invalid and obsolete data.

m%s can help you clean and optimize your registry. Check the items you wish to delete and click Save && Close.

EditManager.Font.Charset

EditManager.Font.Color

EditManager.Font.Height

EditManager.Font.Name

EditManager.Font.Style

GroupFont.Charset

GroupFont.Color

GroupFont.Height

GroupFont.Name

GroupFont.Style

Header.Columns.Items

Header.Font.Charset

Header.Font.Color

Header.Font.Height

Header.Font.Name

Header.Font.Style

Header.Height

)PaintInfoGroup.MarginBottom.CaptionIndent

Selection.FullItemPaint

oFree up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited

version %s

Support:

OTo immediately fix these problems and speed up your PC you need to register %s.

"Would you like to register %s now?

PTo optimize settings, fix problems and speed up your PC you need to register %s.

l%s is the leading and award winning system optimization tool that cleans, repairs and optimizes your system.

=To fix problems and speed up your PC, you need to register %s

{If you purchased %s a license key will have been emailed to you. Please enter the license key below and click Activate Now.

.To purchase %s and obtain a license key click

YCheck the email you received after you purchased the product for the correct license key.

&Your license key will look like this:

Thank you for purchasing PC %s!

eWe are now replacing your current version of %s with %s Pro which includes these additional features:

Items.Strings

All files|*.*

R* Monitor your PC's performance right from your desktop without having to start %s

&* Offers direct access to key features

The startup menu contains programs that are automatically started by Windows every time you start your PC. As more and more programs insert themselves in your startup menu your PCs valuable resources are drained causing it to operate more slowly.

frmFreshWindows

$Register %s now to keep it that way.

<assemblyIdentity version="1.0.0.0"

name="OptimizerPro.exe"

<requestedExecutionLevel

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

.jdbg

madExcept.HandleContactForm

madExcept.HandleScreenshotForm

.madExcept

%exceptMsg%

%bugReport%

Úte%

Útetime%

%computerName%

Þsktop%

%userappdata%

%commonappdata%

screenShot.bmp

Tcpip\Parameters

VxD\MSTCP

.jpeg

hXXps://

%userappdata%\

BugReport

screenShot.png

operating system

<tr><td><button onClick="history.back();" style="height:19.5pt;">

<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;">

<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;

Software\Microsoft\Windows

GetThreadReport

GetCpuRegisters

\madExcept\Dlls\madExcept32.dll

psapi.dll

suser32.dll

Unspecified error (%d) from %s.

miranda32.exe

PIDLs to operate on are not siblings of the Namespace doing the operation.

Unable to find RegSvr32.exe executable.

RegSvr32.exe

*.dat

\msnmsgr.exe

\msgslang.dll

\msgslang.

Software\Microsoft\MSNMessenger\PerPassportSettings\

*.xml

*.html

\settings.xml

\config.xml

\main.db

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]

"DoReport"=dword:00000001

"DoReport"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Power]

"PromptPasswordOnResume"=dword:00000001

"PromptPasswordOnResume"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]

"FormSuggest Passwords"="YES"

"FormSuggest Passwords"="NO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

66006666

FORMOPTREPORT

TCHANGESSHORTFORM

TFRMFRESHWINDOWS

OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode

Unsupported PixelFormat

Invalid stream operation

Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor

Invalid extension introducerúiled to allocate memory for GIF DIB

Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size

Unknown GIF block type'Object type not supported for operation

"%s"8

úiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range

"%s".

"%s".%

oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL

Date exceeds maximum of %s

Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or time

jThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.7The png image could not be loaded from the resource ID.

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Command not supported.

Address type not supported.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

No help keyword specified.

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Value must be between %d and %d

Unable to insert a line Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

$Unknown picture file extension (.%s)

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

?#''%s'' is not a valid date and time

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation

Invalid NULL variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

SupOptStart.exe:224
SupOptStart.exe:1312
supoptsetup.tmp:1908
supoptsetup.exe:1168
rundll32.exe:1928
%original file name%.exe:320
SuperOptimizer.exe:1376
Delete the original Adware file.
Delete or disinfect the following files created/modified by the Adware:

%Program Files%\Super Optimizer\is-ULSUB.tmp (601 bytes)
%Program Files%\Super Optimizer\is-O1QI1.tmp (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Super Optimizer\is-OKAFO.tmp (909 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptHelper.dll (7971 bytes)
%Program Files%\Super Optimizer\unins000.msg (646 bytes)
%Program Files%\Super Optimizer\is-88AAS.tmp (3073 bytes)
%Program Files%\Super Optimizer\is-SEE00.tmp (7726 bytes)
%Program Files%\Super Optimizer\is-1D4JT.tmp (32242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\SupOptStats.dll (12287 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk (773 bytes)
%Program Files%\Super Optimizer\is-7OO2S.tmp (8657 bytes)
%Program Files%\Super Optimizer\is-SEBIC.tmp (11 bytes)
%Program Files%\Super Optimizer\is-UBUMU.tmp (33652 bytes)
%Program Files%\Super Optimizer\is-T82O7.tmp (7433 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Help.lnk (773 bytes)
%Program Files%\Super Optimizer\is-AA1TL.tmp (712 bytes)
%Program Files%\Super Optimizer\is-UCNKG.tmp (2321 bytes)
%Program Files%\Super Optimizer\is-8GQIL.tmp (1281 bytes)
%Program Files%\Super Optimizer\unins000.dat (31301 bytes)
%Program Files%\Super Optimizer\SupOptStats.dll (104989 bytes)
%Program Files%\Super Optimizer\is-N71QS.tmp (601 bytes)
%Program Files%\Super Optimizer\is-F990H.tmp (1281 bytes)
%Program Files%\Super Optimizer\is-65PO7.tmp (8657 bytes)
%Program Files%\Super Optimizer\is-2RLG1.tmp (601 bytes)
%Program Files%\Super Optimizer\is-4MUTH.tmp (20 bytes)
%Program Files%\Super Optimizer\is-J0RO8.tmp (22 bytes)
%Program Files%\Super Optimizer\is-KHH97.tmp (4545 bytes)
%Program Files%\Super Optimizer\is-FBIFR.tmp (7345 bytes)
%Program Files%\Super Optimizer\is-S0615.tmp (601 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk (743 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Check updates.lnk (801 bytes)
%Program Files%\Super Optimizer\is-R2NNU.tmp (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\idp.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-C89MQ.tmp\itdownload.dll (1281 bytes)
%Program Files%\Super Optimizer\is-RAEP8.tmp (127 bytes)
%Program Files%\Super Optimizer\is-QK2Q4.tmp (30 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer on the Web.lnk (743 bytes)
%Documents and Settings%\%current user%\Desktop\Super Optimizer.lnk (761 bytes)
%Program Files%\Super Optimizer\is-CHN5I.tmp (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JAU9O.tmp\supoptsetup.tmp (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KU1BA6V4\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\T1SNN46Q\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (268 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\supoptsetup.exe (775882 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (658 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (788 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\hqghumeaylnlf.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2BOVUXU9\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O56XSTCJ\desktop.ini (67 bytes)
%Documents and Settings%\All Users\Application Data\{3f13498d-830d-3597-3f13-3498d8302636}\hqghumeaylnlf.dat (1210 bytes)
%Documents and Settings%\All Users\Application Data\{3f13498d-830d-3597-3f13-3498d8302636}\hqghumeaylnlf.exe (201856 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Super Optimizer" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Adware.Agent.POI_aef4e48a74

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Adware.Agent.POI_aef4e48a74

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet