Application.Generic.1399158_61c9b41d85

by malwarelabrobot on August 29th, 2015 in Malware Descriptions.

Application.Generic.1399158 (AdAware), Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 61c9b41d85c7704ba8e73355c94552c9
SHA1: c5f8b70c2bf7eced060585158d8446b096838f9e
SHA256: 5b9bf06e3f66c869d7079a5cd0393c9c434cf9020f4c623c1d48004ec26bd53c
SSDeep: 1536:IpgpHzb9dZVX9fHMvG0D3XJ3VZvcrspFIY: gXdZt9P6D3XJ3V2r 3
Size: 56476 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit


Summary:

Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

EasySpeedCheckSetup.exe:380
EasySpeedCheckSetup.exe:1988
7za.exe:252
7za.exe:636
EasySpeedPC.exe:1452
easyspeedcheck.exe:2032
%original file name%.exe:432

The Application injects its code into the following process(es):

EasySpeedPC.exe:1240
ESPCSchedule.exe:284

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process EasySpeedCheckSetup.exe:380 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\start_install.txt (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\easyspeedcheck_1_1_3[1].data (67199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\7za.exe (15192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsExec.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\temp.txt (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\log-install[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\System.dll (11 bytes)
%Program Files%\Easy Speed Check\uninstall.exe (309 bytes)
%Program Files%\Easy Speed Check\esc.ico (1217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\easyspeedcheck.data (67199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsA.tmp (6 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\start_install.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\7za.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\temp.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\easyspeedcheck.data (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsA.tmp (0 bytes)

The process EasySpeedCheckSetup.exe:1988 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\EasySpeedCheckSetup.exe (33720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedCheckSetup[1].app (33720 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\EasySpeedCheckSetup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj6.tmp (0 bytes)

The process 7za.exe:252 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files%\Easy Speed Check\ssleay32.dll (1127 bytes)
%Program Files%\Easy Speed Check\libstdc -6.dll (4515 bytes)
%Program Files%\Easy Speed Check\cwebpage.dll (496 bytes)
%Program Files%\Easy Speed Check\easyspeedcheck.exe (687 bytes)
%Program Files%\Easy Speed Check\libeay32.dll (9956 bytes)
%Program Files%\Easy Speed Check\libgcc_s_dw2-1.dll (250 bytes)
%Program Files%\Easy Speed Check\libidn-11.dll (1354 bytes)
%Program Files%\Easy Speed Check\zlib1.dll (861 bytes)
%Program Files%\Easy Speed Check\libcurl.dll (1903 bytes)

The process 7za.exe:636 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files%\Probit Software\Easy Speed PC\ESPCSchedule.exe (9321 bytes)
%Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.exe (29679 bytes)
%Program Files%\Probit Software\Easy Speed PC\CookiesException.txt (712 bytes)
%Program Files%\Probit Software\Easy Speed PC\StartupList.txt (84 bytes)
%Program Files%\Probit Software\Easy Speed PC\scanning.gif (1 bytes)
%Program Files%\Probit Software\Easy Speed PC\file_id.diz (890 bytes)
%Program Files%\Probit Software\Easy Speed PC\sqlite3.dll (4969 bytes)

The process EasySpeedPC.exe:1452 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\check_installer.txt (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\easyspeedpc.data (66979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\System.dll (11 bytes)
%Program Files%\Probit Software\Easy Speed PC\HomePage.url (50 bytes)
%Program Files%\Probit Software\Easy Speed PC\esp.ico (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\temp.txt (14 bytes)
%Program Files%\Probit Software\Easy Speed PC\uninstall.exe (2068 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Easy Speed PC on the Web.lnk (887 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Program Files%\Probit Software\Easy Speed PC\English.ini (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\EasySpeedCheckSetup.exe (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\start_install.txt (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Uninstall.lnk (892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\ns5.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Easy Speed PC.lnk (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\easyspeedpc820[1].data (66979 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\log-install[1].htm (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\nsExec.dll (6 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Help.lnk (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\EasySpeedCheckSetup[1].exe (5952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\7za.exe (15192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\md5dll.dll (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\log-install[2].htm (8 bytes)
%Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.chm (902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\thank-you[1].htm (6 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\EasySpeedCheckSetup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\check_installer.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\easyspeedpc.data (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\ns5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\md5dll.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\start_install.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\7za.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\temp.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn3.tmp (0 bytes)

The process %original file name%.exe:432 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedPC[1].app (63248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\EasySpeedPC.exe (63248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (20 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\EasySpeedPC.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (0 bytes)

Registry activity

The process EasySpeedCheckSetup.exe:380 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Easy Speed Check]
"srid" = "NG5661UA7M"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\ClkApp]
"a1t" = "0"
"umid" = "A8A67A25"
"u1" = "18000"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\ClkApp]
"u2" = "3600"
"vts" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 2E 9D 19 8B 0B 7F 21 89 01 54 37 61 F2 DB A6"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Easy Speed Check]
"ver" = "1.1.3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\ClkApp]
"a1p" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"EasySpeedCheck" = "%Program Files%\Easy Speed Check\easyspeedcheck.exe"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process EasySpeedCheckSetup.exe:1988 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk2.tmp\EasySpeedPC.exe, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk2.tmp\, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp7.tmp\EasySpeedCheckSetup.exe,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0B 8A CE F2 F3 07 66 40 79 42 4F 6E 96 1A 3B EF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 7za.exe:252 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 D1 EF 67 A4 E4 CB 92 A7 A9 A9 42 B5 D9 15 CB"

The process 7za.exe:636 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 AB 11 4C CA FA 16 7E A3 5D 99 C3 E5 E1 58 5C"

The process EasySpeedPC.exe:1240 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Probit Software\Easy Speed PC]
"ShowRecycleBin" = "1"
"ItemsCleaned" = "0"
"LOGDIR" = "%Documents and Settings%\%current user%\Application Data\Easy Speed PC\Log"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Probit Software\Easy Speed PC]
"UpgradeID" = "BZDV_PCSM_ML_PROBIT_EASYSPEEDPC"
"ItemsToClean" = "36"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Probit Software\Easy Speed PC]
"ItemsToPrivacyScan" = "1111"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Probit Software\Easy Speed PC]
"ItemsToFix" = "185"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Probit Software\Easy Speed PC]
"CompilerVersion" = "Feb2015"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Probit Software\Easy Speed PC]
"Version" = "4.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Probit Software\Easy Speed PC]
"InstallationDate" = "01 16 34 AF 88 A0 E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Probit Software\Easy Speed PC]
"s_Time" = "01 16 34 AF 88 A0 E4 40"
"UpdateReminderDisabled" = "0"
"JunkFiles" = "6"
"LastScanChecked" = "1110010"

"AppStart" = "1"
"BuildID" = "BZDV_PCSM4_ML_PROBIT_EASYSPEEDPC"
"UpgradeIDPro" = "BZDV_PCSM_ML_PROBIT_EASYSPEEDPC_PRO"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Probit Software\Easy Speed PC]
"ShowRebootMessage" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Probit Software\Easy Speed PC]
"s_Enable" = "0"
"LastScanDate" = "C3 8A B6 B4 88 A0 E4 40"
"LastScanFound" = "221"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Probit Software\Easy Speed PC]
"UseExclusions" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Probit Software\Easy Speed PC]
"LastUpdateChecking" = "01 16 34 AF 88 A0 E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 A2 71 67 CE 4A E4 A9 79 65 87 85 56 8B C3 63"

[HKCU\Software\Probit Software\Easy Speed PC]
"UndoDir" = "%Documents and Settings%\%current user%\Application Data\Easy Speed PC\Undo"
"ItemsToRegistryScan" = "1111111111"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Probit Software\Easy Speed PC]
"DisplayName" = "Easy Speed PC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Probit Software\Easy Speed PC]
"ItemsFixed" = "0"
"InstallStat" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Probit Software\Easy Speed PC]
"JunkFilesCleaned" = "0"
"ItemsToRecoveryScan" = "1111"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process EasySpeedPC.exe:1452 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Speed PC]
"UninstallString" = "%Program Files%\Probit Software\Easy Speed PC\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Probit Software\Easy Speed PC]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Speed PC]
"DisplayVersion" = "8.2.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Speed PC]
"Publisher" = "Probit Software LTD"

"DisplayName" = "Easy Speed PC"
"DisplayIcon" = "%Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Probit Software\Easy Speed PC]
"srid" = "679YZN0OJC&iid=20251130&umi=A8A67A25&sst=5ac60396d901c36191fc2047bed07c07"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 61 E1 47 E7 84 AD D0 69 4D 26 23 73 87 3B 8D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Easy Speed PC" = "%Program Files%\Probit Software\Easy Speed PC\ESPCSchedule.exe"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Speed PC" = "%Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.exe"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process easyspeedcheck.exe:2032 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 4F 31 60 7D 42 D9 BC 5B C2 78 BE AF 95 E8 9B"

[HKCU\Software\ClkApp]
"u1" = "3600"
"u2" = "1800"
"a1t" = "1440730882"
"vts" = "1440732680"
"UID" = "QEUFYWBO6Q"
"a1p" = "1440731182"

The process %original file name%.exe:432 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk2.tmp\EasySpeedPC.exe,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C5 3F 0F BF EF 6A 64 66 16 B9 0C 82 67 10 8E CC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ESPCSchedule.exe:284 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 5D F7 C2 40 19 6D 86 8C FA 6D B4 DA D8 E5 DF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Probit Software\Easy Speed PC]
"StartupNotifier" = "1"
"CacheNotifier" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Probit Software\Easy Speed PC]
"Reminder" = "1"
"StartWithWindows" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Probit Software\Easy Speed PC]
"s_SmartMode" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Probit Software\Easy Speed PC]
"s_SmartScan" = "1"
"s_SmartDate" = "FE 34 2A AF 68 A0 E4 40"

Dropped PE files

MD5 File path
7676b7823e62c8714f0a9b694880692a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsk2.tmp\EasySpeedPC.exe
63e9ec142b6343072bc3852e6ee1a991 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp7.tmp\EasySpeedCheckSetup.exe
a4c4fdbb8605fddf1ff065f69de7496f c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\EasySpeedCheckSetup[1].exe
63e9ec142b6343072bc3852e6ee1a991 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedCheckSetup[1].app
7676b7823e62c8714f0a9b694880692a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedPC[1].app
4a157413b45164b775c7c065d243f714 c:\Program Files\Easy Speed Check\cwebpage.dll
532009a6f3f750cb22ea28f2893a7127 c:\Program Files\Easy Speed Check\easyspeedcheck.exe
981f71bc1f50cfbe711bf895f4ed0e1b c:\Program Files\Easy Speed Check\libcurl.dll
a9f8f35cc2caf8dba7167b91420a680b c:\Program Files\Easy Speed Check\libeay32.dll
e2ac23418781f632311513944edd0a4c c:\Program Files\Easy Speed Check\libgcc_s_dw2-1.dll
56295c7afe3f0542d59d12ca955380db c:\Program Files\Easy Speed Check\libidn-11.dll
c5e6c6eaef1c0f4468525bf3375b1d42 c:\Program Files\Easy Speed Check\libstdc -6.dll
612b2747d39d9ef838ab9eacbc1f6c3a c:\Program Files\Easy Speed Check\ssleay32.dll
8753cc49922cbc954ade4ff14d0046a4 c:\Program Files\Easy Speed Check\uninstall.exe
5ff2481c69e5dd4107c44ab42cc27ba2 c:\Program Files\Easy Speed Check\zlib1.dll
e671fda88feb2a3e4495ea73d5d11526 c:\Program Files\Probit Software\Easy Speed PC\ESPCSchedule.exe
738b7d4899ec156f898388317b1757e7 c:\Program Files\Probit Software\Easy Speed PC\EasySpeedPC.exe
0f66e8e2340569fb17e774dac2010e31 c:\Program Files\Probit Software\Easy Speed PC\sqlite3.dll
598a7f855193c3967d8b7f6024a9453e c:\Program Files\Probit Software\Easy Speed PC\uninstall.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 8.2.0
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 8.2.0.541
File Description:
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 36864 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 229376 12984 13312 3.77902 f471022aa9f8b2f17a829328040d71f4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 5
935d8c0bf1ca5ddec8664a1ad5ac1e95
75a97a5e0771fc29b3a2131d83aebb78
f44810cd4568c4d3d45cae4882d8b47a
0276b77f90d177b0434ea0b36792b017
6633da07758a83451af28efe03ffcd7e

URLs

URL IP
hxxp://d1e0sagtwf5bmy.cloudfront.net/publishers/26/697/EasySpeedPC.app
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/easyinstallprolib/easyinstallprolog/log-status.php?ins=679YZN0OJC&umi=A8A67A25&sig=4e7a6e577d5fe06e8d06c174d327dcc6
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=1&umi=A8A67A25
hxxp://d58211dyd6nci.cloudfront.net/easyspeedpc820.data
hxxp://d1ys4d6w5g5meo.cloudfront.net/publishers/3/857/EasySpeedCheckSetup.exe
hxxp://d1ys4d6w5g5meo.cloudfront.net/publishers/3/857/EasySpeedCheckSetup.app
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=100&umi=A8A67A25&iid=20251130&comp=42-6-1
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/thank-you.php?ins=679YZN0OJC&umi=A8A67A25&iid=20251130&sst=5ac60396d901c36191fc2047bed07c07
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=1&umi=A8A67A25
hxxp://d1ys4d6w5g5meo.cloudfront.net/easyspeedcheck_1_1_3.data
hxxp://service.smartpcupdate.com/rpc/sendspminstall?partner=BZDV_PCSM4_ML_PROBIT_EASYSPEEDPC&build=4.0&compiler=Feb2015 176.9.2.106
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=100&umi=A8A67A25&iid=20251131&comp=0
hxxp://lb1-1907411912.us-east-1.elb.amazonaws.com/applib/appmsg/appmsg.php
hxxp://www.easyspeedcheck.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=1&umi=A8A67A25 107.22.242.100
hxxp://download.easyspeedcheck.com/easyspeedcheck_1_1_3.data 54.230.12.17
hxxp://www.easyspeedcheck.com/applib/appmsg/appmsg.php 107.22.242.100
hxxp://download.easyspeedcheck.com/publishers/3/857/EasySpeedCheckSetup.exe 54.230.12.17
hxxp://download.easyspeedpc.com/easyspeedpc820.data 54.230.13.153
hxxp://www.easyspeedcheck.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=100&umi=A8A67A25&iid=20251131&comp=0 107.22.242.100
hxxp://www.easyspeedpc.com/easyinstallprolib/easyinstallprolog/log-status.php?ins=679YZN0OJC&umi=A8A67A25&sig=4e7a6e577d5fe06e8d06c174d327dcc6 107.22.242.100
hxxp://www.easyspeedpc.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=100&umi=A8A67A25&iid=20251130&comp=42-6-1 107.22.242.100
hxxp://www.easyspeedpc.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=1&umi=A8A67A25 107.22.242.100
hxxp://download.easyspeedpc.net/publishers/26/697/EasySpeedPC.app 54.192.14.177
hxxp://www.easyspeedpc.com/thank-you.php?ins=679YZN0OJC&umi=A8A67A25&iid=20251130&sst=5ac60396d901c36191fc2047bed07c07 107.22.242.100
hxxp://download.easyspeedcheck.com/publishers/3/857/EasySpeedCheckSetup.app 54.230.12.17


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET POLICY Executable served from Amazon S3

Traffic

GET /easyinstallprolib/easyinstallprolog/log-status.php?ins=679YZN0OJC&umi=A8A67A25&sig=4e7a6e577d5fe06e8d06c174d327dcc6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedpc.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:45 GMT
Server: Apache/2.2.29 (Amazon)
Set-Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F786533CCAD1290C9E7C73AC0327025B450A04ECE00C443B46A30A543F0C213113;PATH=/
X-Powered-By: PHP/5.3.29
Content-Length: 49
Connection: keep-alive
1,194.242.96.218,178b9648e6302440bce0e5061792fe50....


GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=1&umi=A8A67A25 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedpc.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F786533CCAD1290C9E7C73AC0327025B450A04ECE00C443B46A30A543F0C213113


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:45 GMT
Server: Apache/2.2.29 (Amazon)
X-Powered-By: PHP/5.3.29
Content-Length: 16
Connection: keep-alive
20251130....HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..D
ate: Fri, 28 Aug 2015 03:30:45 GMT..Server: Apache/2.2.29 (Amazon)..X-
Powered-By: PHP/5.3.29..Content-Length: 16..Connection: keep-alive..20
251130........


GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=679YZN0OJC&ver=8.2.0.1037&st=100&umi=A8A67A25&iid=20251130&comp=42-6-1 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedpc.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F786533CCAD1290C9E7C73AC0327025B450A04ECE00C443B46A30A543F0C213113


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:50 GMT
Server: Apache/2.2.29 (Amazon)
X-Powered-By: PHP/5.3.29
Content-Length: 8
Connection: keep-alive
........


GET /thank-you.php?ins=679YZN0OJC&umi=A8A67A25&iid=20251130&sst=5ac60396d901c36191fc2047bed07c07 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedpc.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F786533CCAD1290C9E7C73AC0327025B450A04ECE00C443B46A30A543F0C213113


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:50 GMT
Server: Apache/2.2.29 (Amazon)
X-Powered-By: PHP/5.3.29
Content-Length: 6392
Connection: keep-alive
            <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transition
al//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.
    <html xmlns="hXXp://VVV.w3.org/1999/xhtml">.        <head
>.            <meta http-equiv="Content-Type" content="text/html
; charset=utf-8" />.            <title>Easy Speed PC - Optimi
ze Your PC With Ease</title>.            <meta name="keywords
" content=""/>..    <meta name="description" content="Try it Now
 for FREE - Optimize your PC and keep it running like new." />.    
        <link href="./css/style.css" rel="stylesheet" charset="utf-
8" />.            <link href="./css/feature-carousel.css" rel="s
tylesheet" charset="utf-8" />.            <link href="./css/temp
late.css" rel="stylesheet" charset="utf-8" />.            <link 
href="./css/thank-you-support-line.css" rel="stylesheet" charset="utf-
8" />.            <link rel="shortcut icon" href="images/favicon
.ico" />.            <script src="./js/jquery-1.7.min.js" type="
text/javascript" charset="utf-8"></script>.            <sc
ript src="./js/jquery.featureCarousel.js" type="text/javascript" chars
et="utf-8"></script>.            <script type="text/javasc
ript">.                $(document).ready(function() {.             
       var carousel = $("#carousel").featureCarousel({.               
         // include options like this:.                        // (use
 quotes only for string values, and no trailing comma after last o
<<< skipped >>>


GET /easyspeedcheck_1_1_3.data HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedcheck.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1224408
Connection: keep-alive
Date: Thu, 27 Aug 2015 18:38:25 GMT
x-amz-meta-cb-modifiedtime: Fri, 19 Dec 2014 21:42:23 GMT
Last-Modified: Fri, 19 Dec 2014 21:45:13 GMT
ETag: "e45b126418dcdd6ce225adb86a78692e"
Accept-Ranges: bytes
Server: AmazonS3
Age: 31946
X-Cache: Hit from cloudfront
Via: 1.1 0ed2a932a304d3970026849f3c0f55a1.cloudfront.net (CloudFront)
X-Amz-Cf-Id: UkG-YDt-Oc1qbqu8j08_OrKtma_F7KQj8LR1UhDjMPsVhyLn6h-jFA==
7z..'.....N.........$........5`-.&..p.........../D.N..T.!.P.A? ....qt.
..\.....8..hnlX.P..OYt.45.Yi.J..........p.?9....x<..X.t..B.0..c....
...C.m5._Z..v(...U.Q8....y..NTnD'...E.^%...M..x....b`.3.O.S..y......(.
.H ...>.........2....k.e. .U..73.....z.....6.>.........:.8..OG/,
..DW...$T.R.}QP......:......(.....b...A]......vg.m..).......*.K..W.x..
. ..]....Cq..M\.MQ@p"gO...P.k..w..a..*.?(w.@JI....v......w..."p.J..}.t
i$w..!.....46=;C>.G. .A.?...r..f.2..x.'Zi..K`A....#...o.t.K.......R
C.n_i.h..&.#.h.......*...`..zk..X^...........z[mT.G.=....A..9.........
It...(....n.B....."5..Ad?...1"8n..|1.yw.3>....LjzkI.D.t...@8..<.
30...=..&..dc..... ..7..............=F.*S..2[.9LAZL...i..RB.s....Y.6U.
....._M[U..W..6.?.r.^..\`a./c...@..._N....U%t..c)..=u9@\r.....?..A..Gu
..W.V..}.s.....#.j....t'.q...Z....o.....H'E...%...~r.MC......4%..GN.{.
...F.Y..B$......e..#...b#nE.H4u.K...&..)..\..~.....qb.1=7EK.......P..{
L7cP.~.I..|.")..5..M.x....D.....C?.....a..4C......i....%...%....C.-{.R
.4..e.}..8.{....,..=g.Zn%...P@.....U..u....@..!~...}/.].?.^TpBAU..&=..
xy.*....}bg.^S.........B..Z9...IjG..!................o.....M."........
.....F<o.)......*.0..I..G8k.4.<".~...te....(......W.!..T...G.%%.
..`...b....d.....Mt..A.6..?O..9...0...A..m...)...iL.c......N........u.
.i."$2..a...]....s...g..Ft@p.A...*..[n..(z.!..... .y..]...G\...SY".:..
'...y../M....z.X!Or.%.....vT.d ...1}.q...B..L.?.=..'...C..4......."..B
1...y.SY..._..4..o....O..&.....B._.(.Y..x.B.......|J%.e.x../..0..Mygd.
.'..P........x....'.32......H,7..u`C..-.66........D..h...ez...f...
<<< skipped >>>


GET /publishers/3/857/EasySpeedCheckSetup.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedcheck.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 79012
Connection: keep-alive
Date: Thu, 27 Aug 2015 21:31:29 GMT
Last-Modified: Tue, 25 Aug 2015 18:03:54 GMT
ETag: "a4c4fdbb8605fddf1ff065f69de7496f"
Accept-Ranges: bytes
Server: AmazonS3
Age: 21560
X-Cache: Hit from cloudfront
Via: 1.1 501b84b5d9f61429c5fb6aabff5f1807.cloudfront.net (CloudFront)
X-Amz-Cf-Id: uWy8BnLJ1LHHBqXm5lNnOZh7vWSt2dIJJq17FEVzYG1fhrL1WjvTSw==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
......................................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
...............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /rpc/sendspminstall?partner=BZDV_PCSM4_ML_PROBIT_EASYSPEEDPC&build=4.0&compiler=Feb2015 HTTP/1.1
Content-Type: text/html
Host: service.smartpcupdate.com
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)


HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 28 Aug 2015 03:30:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.26
12..{"ok":1,"error":0}..0..



GET /applib/appmsg/appmsg.php HTTP/1.1
Host: VVV.easyspeedcheck.com
Accept: */*


HTTP/1.1 200 OK
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:31:23 GMT
Server: Apache/2.2.29 (Amazon)
Set-Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F700EE3018267B7CEFA8DADE6B3A2064F555FB2B91CDCB6219C605A1A9617B47C6;PATH=/
X-Powered-By: PHP/5.3.29
Content-Length: 2
Connection: keep-alive
....



GET /easyspeedpc820.data HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1219863
Connection: keep-alive
Date: Thu, 27 Aug 2015 21:25:16 GMT
x-amz-meta-cb-modifiedtime: Thu, 07 May 2015 13:54:05 GMT
Last-Modified: Thu, 07 May 2015 13:58:41 GMT
ETag: "7df16650a35df80579b1abe7fd63d1ea"
Accept-Ranges: bytes
Server: AmazonS3
Age: 21931
X-Cache: Hit from cloudfront
Via: 1.1 f04ebace8f2f02676b5355bccdbf3993.cloudfront.net (CloudFront)
X-Amz-Cf-Id: AZIwrpXNE6QGzbwY42GLherwi9j4i3AAwO6qDIY6ds3p_MrsRqcydA==
7z..'...Ong.........$........W.,..n.E0...[..Ko..._3.>Fz..1... .....
.".h...)..i....@&b.K......%g..I...S.(...:..Np..H5D....4.......r!.V.wY.
.s............x..I"...&.$I...=;bco..<...<..p.C.zV\.j..!......Y V
./%y.c.p.y....@k...|ZoF....v....B.A.,.....[p...q.o.%....H...3..&2t.is%
..{..-.W?w..N6x...{1JMf.g..G....f.o..F*.(.'Q..AI".....4..FX...EP..~&.k
7j..Y.......^>...............u.....j.......Ai._...p..............C.
.a9......@...z.O..(vn......@.....V..<..}.m.@V.9.....{$g...#.D./.'.T
'd..N..Lr..Q.I........0.......C#\.-.....B...I...E;te.N.e.......r...X..
0.0l.1A....x... '....F.G...E..^.F..V._...s<H..yyL..4bB........Z..u.
.LH.3.z%.....u&'...Nl..$.t.$....PUhX.v[.. O.6%.3...........#.....&....
;...!3.DO.))~..L1..q.Y.z..f.A{..u.]............Eq..0..7k...m..\j.\[.Su
..e."...h`..a...y.............#K.BQ<...f.3N...t........}....)|.x...
e..*8........... %..W.T.p...\^............._\.4...<>.[...,....DO
.%......1.q`.....9..c..\.c.._.}.E...C..q..8..S.S...{C&&...W..@L-d.....
.fb]...Mw.....^...Z....=.h..u`.1..1P..N.N...m.....^...}f...v..<" .Y
...i...........B....U..`R.1....6.r.UL....>....e.X..1.....d.[-'.j..%
.#.U......5}-...w....^F......R.i.U.:.MR....Z.G.....?*.%......gD...<
.8....L.....K....'.<...B.......`........ .^.....O....3...H...}.2.t.
...Gs.-.u.v......O..P..Z...bk.....R.io"f(. ...:.|.....k..[.....L...<
;e.....Q....4....*........v.....h.#...H....x@...kB.....h.[.i..........
.4.S.... ..S.....U......qe.....2...M.......mzd..S.O#V.....Y.{#6..y8...
...ArD.D:..a......{..1..#.^.....~.x~....C...XW.6.3...nl..N... .A..
<<< skipped >>>


GET /publishers/26/697/EasySpeedPC.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedpc.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 984697
Connection: keep-alive
Date: Thu, 27 Aug 2015 21:31:10 GMT
Last-Modified: Tue, 25 Aug 2015 18:02:08 GMT
ETag: "7676b7823e62c8714f0a9b694880692a"
Accept-Ranges: bytes
Server: AmazonS3
Age: 21574
X-Cache: Hit from cloudfront
Via: 1.1 9d087ae042196d42f77dddb98f17f1fd.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LKlEdAM05g1X4Z9NqLVcvl7jjTzAP0PQD1wvEmOkigi9VZDT1kpY3Q==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
......`...............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
..`............z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


POST /applib/appmsg/appmsg.php HTTP/1.1
Host: VVV.easyspeedcheck.com
Accept: */*
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

msg=<?xml version="1.0" encoding="UTF-8"?><umid>A8A67A25</umid><ver>1.1.3</ver><srid>NG5661UA7M</srid><msg>get_unique_id</msg>
HTTP/1.1 200 OK
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:31:24 GMT
Server: Apache/2.2.29 (Amazon)
Set-Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43D0A6101C0C5F35065914BE87027964F700EE3018267B7CEFA8DADE6B3A2064F555FB2B91CDCB6219C605A1A9617B47C6;PATH=/
X-Powered-By: PHP/5.



GET /publishers/3/857/EasySpeedCheckSetup.app HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: download.easyspeedcheck.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 511228
Connection: keep-alive
Date: Thu, 27 Aug 2015 21:31:32 GMT
Last-Modified: Tue, 25 Aug 2015 18:03:51 GMT
ETag: "63e9ec142b6343072bc3852e6ee1a991"
Accept-Ranges: bytes
Server: AmazonS3
Age: 21558
X-Cache: Hit from cloudfront
Via: 1.1 297739e3d74d139e546f90d2ef5a6887.cloudfront.net (CloudFront)
X-Amz-Cf-Id: egYmV1Smrn80z_DoZBBo7MBe3lk9zw7ebmFa1sunLfkkIRVNKg8zxA==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
...p..................................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@..@.data...X\......
.....v..............@....ndata...................................rsrc.
.......p.......z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
.h.B..H.P.u..u..u...Hr@..B...SV.5p.B..E.WP.u...Lr@..e...E..E.P.u...Pr@
..}..e....Dp@........FR..VV..U... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...Tr@..u
....E..9}...w....~X.te.v4..Lp@....E.tU.}.j.W.E......E.......Pp@..vXW..
Tp@..u..5Xp@.W...E..E.h ...Pj.h`.B.W..Xr@..u.W...u....E.P.u...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=1&umi=A8A67A25 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedcheck.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:50 GMT
Server: Apache/2.2.29 (Amazon)
Set-Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43848465A091DEAD66785387A011A7F52000EE3018267B7CEFA8DADE6B3A2064F555FB2B91CDCB6219C605A1A9617B47C6;PATH=/
X-Powered-By: PHP/5.3.29
Content-Length: 16
Connection: keep-alive
20251131....HTTP/1.1 200 OK..Cache-control: no-cache="set-cookie"..Con
tent-Type: text/html; charset=UTF-8..Date: Fri, 28 Aug 2015 03:30:50 G
MT..Server: Apache/2.2.29 (Amazon)..Set-Cookie: AWSELB=A17117411E832F9
D98DB2044090E2E26C2B7540D43848465A091DEAD66785387A011A7F52000EE3018267
B7CEFA8DADE6B3A2064F555FB2B91CDCB6219C605A1A9617B47C6;PATH=/..X-Powere
d-By: PHP/5.3.29..Content-Length: 16..Connection: keep-alive..20251131
........


GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=NG5661UA7M&ver=1.1.3.1810&st=100&umi=A8A67A25&iid=20251131&comp=0 HTTP/1.1


User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.easyspeedcheck.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: AWSELB=A17117411E832F9D98DB2044090E2E26C2B7540D43848465A091DEAD66785387A011A7F52000EE3018267B7CEFA8DADE6B3A2064F555FB2B91CDCB6219C605A1A9617B47C6


HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Aug 2015 03:30:52 GMT
Server: Apache/2.2.29 (Amazon)
X-Powered-By: PHP/5.3.29
Content-Length: 8
Connection: keep-alive







The Application connects to the servers at the folowing location(s):







EasySpeedPC.exe_1240:




.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
HKEY
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
Uhú
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
TObjectList %C
comctl32.dll
USER32.DLL
uxtheme.dll
Proportional
MAPI32.DLL
vsReport
OnKeyDown
OnKeyPress4
OnKeyUpX
OnKeyUp
acoUpDownKeyDropsList
TComboBoxExEnumerator
ole32.dll
PasswordChar
ssHorizontal
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
imm32.dll
OnExecutel
AutoHotkeys
AutoHotkeys@ G
Uh.oG
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState$"G
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
tcPW
!"#$%&*;<=>@[]^_`{|}
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntClasses.pas
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntActnList.pas
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntForms.pas
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
%Program Files%\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas
1111111111
StartWithWindows
English.ini
French.ini
German.ini
Spanish.ini
Italian.ini
Portuguese.ini
Danish.ini
Dutch.ini
Swedish.ini
Polish.ini
Russian.ini
Brazilian.ini
Finnish.ini
Norwegian.ini
Czech.ini
\$RECYCLE.BIN\
\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Mozilla\Firefox\
profiles.ini
\cookies.sqlite
\formhistory.sqlite
\sessionstore.js
Google\Chrome\User Data\Default\
Content.IE5\
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
regedit.exe
%SYSTEMROOT%\
%Program Files%\
%Program Files% (x86)\
%COMMONPROGRAMFILES%\
%Program Files%\Common Files\
%COMMONPROGRAMFILES(X86)%\
%Program Files% (x86)\Common Files\
%COMMONPROGRAMW6432%\
%USERPROFILE%\
SrClient.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
\tmp.reg" "
\tmp.reg
\ESPCSchedule.exe
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
TMonochromeLookup
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
%s, %d %s %d %s %s
password
Password
IdHTTPHeaderInfo
ProxyPasswordT
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
ftpTransfer
ftpReady
ftpAborted
ClientPortMinT
ClientPortMax
Port
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
saUsernamePassword
PasswordT
0.0.0.1
TIdTCPConnection
TIdTCPConnection$
IdTCPConnection
EIdTCPConnectionError
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFile,
CertFile,
KeyFileL@L
OnGetPassword
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertError|LL
EIdOSSLLoadingKeyError
TIdTCPClient
IdTCPClient
BoundPort
PortU
CommentURL
Content-Disposition: form-data; name="%s"
; filename="%s"
Content-Type: %s
Unsupported operation.
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponsep
TIdHTTPRequest
TIdHTTPRequest(
TIdHTTPProtocol<
TIdCustomHTTP
TIdCustomHTTP<
TIdHTTP$
TIdHTTPl
HTTPOptions
PortT
EIdHTTPProtocolException
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
\Animation.gif
UserKey
\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Easy Speed PC
softupdates.smartpcupdate.com
hXXp://softupdates.smartpcupdate.com/data/update-versions-maximizer-t.txt?upgrade_id=
hXXp://softupdates.smartpcupdate.com/scripts/get_link_maximizer_t.php?license_key=
HomePageURL
OnActionExecute0
WNNC_NET_FTP_NFS
TCommonKeyState
cksShift
TCommonKeyStates
%Program Files%\Borland\Common Library\Source\MPCommonUtilities.pas
shell32.dll
user32.dll
gdi32.dll
advapi32.dll
shlwapi.dll
Userenv.dll
ShellExecuteExW
ShellExecuteW
GetWindowsDirectoryW
RegOpenKeyW
RegOpenKeyExW
SHFileOperationW
olepro32.dll
TCommonShellExecuteThreadU
%Program Files%\Borland\Common Library\Source\MPThreadManager.pas
\\.\vwin32
Mpr.dll
%Program Files%\Borland\Common Library\Source\MPShellUtilities.pas
To show a Context Menu using TNamespace you must pass a valid Owner TWinControl
THKeyArray
%Program Files%\Borland\EasyListview\Source\EasyListviewAccessible.pas
TEasyAccessibleManager.Create not a TCustomEasyListview type
TEasyGroupAccessibleManager.Create not a TEasyGroup type
TEasyItemAccessibleManager.Create not a TEasyItem type
TEasyColumnAccessibleManager.Create not a TEasyColumn type
TEasyHeaderAccessibleManager.Create not a TEasyHeader type
elsReport
elsReportThumb
TAutoGroupGetKeyEvent
TColumnGetImageIndexEvent
TColumnSetImageIndexEvent
KeyState
KeyStates
TGroupGetImageIndexEvent
TGroupSetImageIndexEvent
HintWindowShown
TItemGetGroupKeyEvent
GroupKey
TItemGetImageIndexEvent
TItemSetGroupKeyEvent
TItemSetImageIndexEvent
MouseMsg
TEasyKeyActionEvent
EscapeKeyPressed
TEasyViewReportItem
TEasyViewReportThumbItem
TEasyViewReportThumbItem(oO
TEasyGridReportGroup
TEasyGridReportGroupD{O
TEasyGridReportThumbGroup
TEasyGridReportThumbGroup |O
TEasyCellSizeReport
TEasyCellSizeReportThumb
ReportThumb
Report$
AlwaysShow
OnAutoGroupGetKey
OnItemGetGroupKey
OnItemSetGroupKeyl1O
OnKeyAction
%Program Files%\Borland\EasyListview\Source\EasyListview.pas
FTPf
Can not find TEasyGroups.AdjacentItem of an Invisible Item
EasyListview.Header
windows-1251
Uh%1S
sqlite3.dll
sqlite3_bind_parameter_count
sqlite3_bind_parameter_name
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_name
sqlite3_column_name16
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_data_count
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_get_table
sqlite3_free_table
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_reset
sqlite3_step
sqlite3_total_changes
sqlite3_libversion
Uh.cS
Yahoo.Messenger\CLSID
Yahoo.Messenger.1\CLSID
Software\Microsoft\Windows Live\Messenger
Software\Microsoft\MSNMessenger\PerPassportSettings
imApp.im.loggingLogPath
C:\PRG\SmartPCSolutions\Affiliates\ProbitSoftware\EasySpeedPC\Version 4_1 T\NetFwTypeLib_TLB.pas
DefaultInterface is NULL. Component is not connected to Server. You must call "Connect" or "ConnectTo" before this operation
C:\PRG\SmartPCSolutions\Affiliates\ProbitSoftware\EasySpeedPC\Version 4_1 T\WUApiLib_TLB.pas
IWebBrowser
IWebBrowserApp
IWebBrowser28
TWebBrowserStatusTextChange
TWebBrowserProgressChange
TWebBrowserCommandStateChange
TWebBrowserTitleChange
TWebBrowserPropertyChange
TWebBrowserBeforeNavigate2
TWebBrowserNewWindow2
TWebBrowserNavigateComplete2
TWebBrowserDocumentComplete
TWebBrowserOnVisible
TWebBrowserOnToolBar
TWebBrowserOnMenuBar
TWebBrowserOnStatusBar
TWebBrowserOnFullScreen
TWebBrowserOnTheaterMode
TWebBrowser
TWebBrowserp
FormKeyDown
The Windows registry stores settings and options for Microsoft Windows. Over time, the registry becomes cluttered with invalid and obsolete data.
\UserExclusionsR.txt
Free up disk space and protect your privacy by removing web pages, images, videos and audio files saved by your browser as you surf the Internet.
Free up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited.
\UserExclusionsF.txt
Com/ActiveX - invalid Com or Active X entries in the windows registry can cause application failures, system crashes or information loss.
1.1.4
Portable Network Graphics
.MPEG
WrongKey1
Check the email you received after you purchased the product for the correct license key.
WrongKey2
Your license key will look like this:
WrongKey3
WrongKey4
Do you have a License Key?
If you already have a license key, enter it in the field below and click Activate Now
License key
LicenseKey
Do you need a License Key?
To purchase a license key for Easy Speed PC Pro click
service.smartpcupdate.com
hXXp://service.smartpcupdate.com/rpc/sendspmpurchase?partner=
&key=
\*.ini
Licensing key has reached its usage limit!
8.2.0
Support
::{645FF040-5081-101B-9F08-00AA002F954E}
Registry keys
RegistryKeys
\ProgramExclusionsR.txt
\ProgramExclusionsF.txt
Specify registry key
SpecifyKey
KeyExample
Key not found in the registry!
KeyNotFound
Example: twitter.com
\CookieExclusions.txt
s_Exec
PSAPI.dll
IdHTTP1
hXXp://service.smartpcupdate.com/drivers/startup/set_program_rate.php
\StartupList.txt
*.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
\*.lnk
hXXp://VVV.google.com/search?hl=en&q=
hkey
Show Windows updates
MSIEXEC
\ARPPRODUCTICON.exe
msiexec.exe
WINDOWS LIVE
\SizeList.txt
\TimeList.txt
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\
HKEY_CURRENT_USER#SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\|
WINDOWS
HKEY_CURRENT_USER#
HKEY_LOCAL_MACHINE#
HKEY_CURRENT_USER#Software\
HKEY_LOCAL_MACHINE#Software\
HKEY_CLASSES_ROOT#CLSID\
HKEY_CLASSES_ROOT#Installer\Products\
HKEY_CURRENT_USER#SOFTWARE\Classes\Installer\Products\
HKEY_LOCAL_MACHINE#SOFTWARE\Classes\Installer\Products\
Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
HKEY_CURRENT_USER#Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
HKEY_LOCAL_MACHINE#Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
HKEY_CURRENT_USER#Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
HKEY_LOCAL_MACHINE#Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER#Software\Microsoft\Windows\ShellNoRoam\MUICache#
MsiExec.exe
appwiz.cpl
control.exe
Are you sure you wish to cancel operation?
\LeftOverList.txt
Optimization Report
Report
IdHTTP1h
WebBrowser1p
HTTP1Work
Panel5EFListKeyUp
ScanCustomRegKeys
ScanWindowsLogs
Portuguese
hXXp://VVV.easyspeedpc.com
hXXp://support.easyspeedpc.com
hXXp://VVV.easyspeedpc.com/go-register.php
hXXp://VVV.easyspeedpc.com/go-register.php?srid=
hXXp://webtools.avanquest.com/redirect.cfm?eredirectId=BZDV-SPC-V4-antivirus
UninstallURL
\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation
Windows XP
Windows Vista
Windows 7
Windows 8
Windows 8.1
Windows 10
Remove invalid and unnecessary items to optimize your Windows registry.
Search histories, cookies, recently viewed web pages, videos, photos, music and more.
Importance
Only shred files you are 100% sure you will not need again. Shredding overwrites the information in files a certain number of times making them unrecoverable.
Windows tracking of user actions
Send error reports to Microsoft
Ask password after quitting standby mode
Automatic login to system w/o password entry
Use autofill for URLs
Autofill of login names and passwords in forms
Request for password save
Windows Updates
Windows tools
Popular Windows optimization tools
ReportHint
AfterInstallURL
HideAfterInstallURL
\EasySpeedPC.reg
\EasySpeedPC2.reg
\EasySpeedPC.chm
hXXp://service.smartpcupdate.com/rpc/sendspminstall?partner=
WbemScripting.SWbemLocator
%s\%s
SELECT * FROM %s
\easydriverpro.exe
\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Easy Driver Pro
hXXp://
Easy Driver Pro\Smarteasydriverpro.exe
IEXPLORE.EXE
FIREFOX.EXE
CHROME.EXE
SKYPE.EXE
\PendingExclusionsR.txt
\PendingExclusionsF.txt
Visited Web pages and cookies
\scanning.gif
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\Help
SOFTWARE\Microsoft\Windows\HTML Help
SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\
SOFTWARE\Microsoft\Internet Explorer\TypedURLs\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
Scanning visited Web pages and cookies
\places.sqlite
host_key not like
\EasySpeedPC.reg"
\EasySpeedPC2.reg"
Cleaning visited webpages
Visited Web pages removed
\ProgramExclusionR.txt
System32\reg.exe
File Windows\System32\reg.exe not found!
\HKCR.reg
\HKCU.reg
\HKLM.reg
\HKU.reg
EXPORT HKCR "
\HKCR.reg"
EXPORT HKCU "
\HKCU.reg"
EXPORT HKLM "
\HKLM.reg"
EXPORT HKU "
\HKU.reg"
\*.reg
IMPORT "
.TMP.BAK.$$$.OLD
DATA.BAK
CUSTOM.BAK
OPA11.BAK
.EXE.DLL.SYS.CAB.MSI.DAT.INF.TLB.BIN.OCX.INI.XML.LOG
desktop.ini
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
DoReport
SOFTWARE\Microsoft\PCHealth\ErrorReporting
PromptPasswordOnResume
SOFTWARE\Policies\Microsoft\Windows\System\Power
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
FormSuggest Passwords
.EXE.DLL.MSI.MSI.DAT.DOC.TXT.LOG.XLS.RAR.ZIP.JPG.BMP.GIF.PNG.HTM.URL.AVI.MP3
Windows Updates are not set to install automatically
Windows updates are set to automatically install
\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
wscui.cpl
firewall.cpl
wuaucpl.cpl
msinfo32.exe
Sysdm.cpl
Unable to perform this operation!
ncpa.cpl
powercfg.cpl
/name Microsoft.WindowsUpdate
shell32.dll,Control_RunDLL
rundll32.exe
Restore\rstrui.exe
rstrui.exe
dfrg.msc
dfrgui.exe
.DOC.DOCX.XLS.XLSX.PPT.PPTX.TXT.PDF
.JPG.GIF.PNG.BMP.ICO
.MP3.WAV.AVI.MPG.MPEG.VOB
.ZIP.RAR.7Z
The software supports only FAT and NTFS file systems!
3333333
\*.log
EasySpeedPC.reg
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
=HKEY_LOCAL_MACHINE#
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#
=HKEY_CLASSES_ROOT#
[-HKEY_CLASSES_ROOT\Applications\
Empty key
EmptyKey
[-HKEY_CLASSES_ROOT\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
=HKEY_CURRENT_USER#
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
HKEY_CLASSES_ROOT\
[-HKEY_CLASSES_ROOT\CLSID\
[HKEY_CLASSES_ROOT\CLSID\
HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
HKEY_CLASSES_ROOT\Interface\
[-HKEY_CLASSES_ROOT\Interface\
HKEY_CLASSES_ROOT\Typelib\
[-HKEY_CLASSES_ROOT\Typelib\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs
: HKEY_CURRENT_USER\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
: HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders#
[HKEY_LOCAL_MACHINE\
AppEvents\Schemes\Apps\.Default
AppEvents\Schemes\Apps\.Default\
\.Current
\.Default
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
\.Current]
\.Default]
HKEY_CURRENT_USER\
[HKEY_CURRENT_USER\
=HKEY_USERS#
HKEY_USERS\
[HKEY_USERS\
*.txt
LOGIN
*.lo?
INDEX.DAT
deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly
inflate 1.1.4 Copyright 1995-2002 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
%Program Files%\Windows Media Player\wmplayer.exe
stall.exe
wmplayer.exe
GetKeyboardType
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
GetWindowsDirectoryA
GetCPInfo
version.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetAsyncKeyState
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
ShellExecuteExA
ShellExecuteA
SHFileOperationA
wininet.dll
comdlg32.dll
SHFolder.dll
winmm.dll
oleacc.dll
Shell32.dll
2 2$2(2,2024282<2@2
?#?6?>?}?
:#:': :/:3:7:;:?:
<!<%<)<-<1<5<9<
1%1U1
;&;.;6;>;
= =$=(=,=0=4=8=[=}=
?!?-?1?5?9?@?
'0 0/03070<0
3'4 4/43474;4@4
8"8 858|8
6 6$6(6,6064686<6\6|6
4 4$4(4,4044484
< <$<(<,<0<4<8<<<@<\<|<
< <$<8<^<
>!>%>)>->4>
< <$<(<,<0<6<><
2%2X2
;#;'; ;/;3;7;
= =$=(=,=0=4=8=<=
4 4$4(4,404
9 9$9(9,9094989
: :$:(:,:::
2*3.32363<3
4 4$4(4,4{4
6 7/73787
3(4,4044484<4
4)5-51585
9': :/:4:
9#:': :/:4:
2%3)3-35393@3
6 6$6(6,6064686<6@6`6~6
=.=>=}=|>
5 5$525{8
6 6$6(6,6064686<6@6
? ?$?(?,?0?4?8?
0/13181{1
?&?/?6?;?]?
6)61686}6
2$2S2
3(31383=3
9œ9W9d9x9
3M4
55j5q5x5
6"6/696\6
5*535:5?5
88
6!6&656|6
4#404:4[4{4
88T8
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
&//%Sa
#**3"**5
KWindows
UrlMon
TntWindows
0IdHTTPHeaderInfo
 IdTCPServer
IdTCPStream
UrlHistory
wlibsqlite3
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
PNe)%x
Items.Strings
Lines.Strings
"Popular Windows optimization tools
EditManager.Font.Charset
EditManager.Font.Color
EditManager.Font.Height
EditManager.Font.Name
EditManager.Font.Style
Header.Columns.Items
Header.Height
Panel5EImageList1)PaintInfoGroup.MarginBottom.CaptionIndent
Scrollbars.HorzEnabled
Selection.FullItemPaint
IconOptions.AutoArrange
IconOptions.Arrangement
GRemove invalid and unnecessary items to optimize your Windows registry.
%Scan selected areas for privacy risks
USearch histories, cookies, recently viewed web pages, videos, photos, music and more.
Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.
Optimization report
%See how disk space is being allocated
.Autofill of login names and passwords in forms
,Automatic login to system w/o password entry
(Ask password after quitting standby mode
Windows tracking of user actions
WebBrowser1
.Logs of conversations in Skype, Yahoo and more
Log files|*.log|All files|*.*
*.tmp
*.bak
*.old
TIdHTTP
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.ContentRangeEnd
Request.ContentRangeStart
Request.ContentType
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
The Windows registry stores settings and options for Microsoft Windows. Overtime, the registry becomes cluttered with invalid and obsolete data.
)PaintInfoGroup.MarginBottom.CaptionIndent
oFree up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited
Version 8.2.0
hXXp://easyspeedpc.com
Support:
UIf you already have a license key, enter it in the field below and click Activate Now
1To purchase a license key for Easy Speed PC click
YCheck the email you received after you purchased the product for the correct license key.
%Your license key will look like this:
All files|*.*
GroupFont.Charset
GroupFont.Color
GroupFont.Height
GroupFont.Name
GroupFont.Style
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
ImageList1)PaintInfoGroup.MarginBottom.CaptionIndent
Selection.FullRowSelect
<assemblyIdentity version="1.0.0.0"
name="EasySpeedPC.exe"
<requestedExecutionLevel
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
Unspecified error (%d) from %s.
miranda32.exe
PIDLs to operate on are not siblings of the Namespace doing the operation.
Unable to find RegSvr32.exe executable.
RegSvr32.exe
*.dat
\msnmsgr.exe
\msgslang.dll
\msgslang.
Software\Microsoft\MSNMessenger\PerPassportSettings\
*.xml
*.html
\settings.xml
\config.xml
\main.db
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]
"DoReport"=dword:00000001
"DoReport"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Power]
"PromptPasswordOnResume"=dword:00000001
"PromptPasswordOnResume"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
"FormSuggest Passwords"="YES"
"FormSuggest Passwords"="NO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.
The "Portable Network Graphics" image can not be resize by changing width and height properties. Try assigning the image from a bitmap.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s&Cannot change the size of a JPEG image
JPEG error #%d
JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
"%s".%
"%s"8
SSL status: "%s"
Uneven size in Encode.oUnsupported object type. You can assign only one of the following types or thir descendants: TStrings, TStream.
"%s".
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket Error # %d
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Chunk StartedDThis authentication method is already registered with class name %s.
%s is not a valid service.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
File "%s" not found1Only one TIdAntiFreeze can exist per application.
Unsupported PixelFormat
Invalid stream operation
Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
úiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range
No help keyword specified.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or time
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Value must be between %d and %d
Unable to insert a line Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Invalid operation on TOleGraphic
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
?#''%s'' is not a valid date and time
'%s' is an invalid mask at (%d)$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
8.2.0.0

ESPCSchedule.exe_284:




.idata
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s_%d
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
uxtheme.dll
Proportional
MAPI32.DLL
OnKeyDownt
OnKeyPress(
OnKeyUpL
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword4
crSQLWait
%s (%s)
imm32.dll
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
OnActionExecute
\EasySpeedPC.exe
just added itself to your Windows startup menu.
English.ini
French.ini
German.ini
Spanish.ini
Italian.ini
Portuguese.ini
Danish.ini
Dutch.ini
Swedish.ini
Polish.ini
Russian.ini
Brazilian.ini
Finnish.ini
Norwegian.ini
Czech.ini
Content.IE5\
Google\Chrome\User Data\Default\Cache\
Mozilla\Firefox\
profiles.ini
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
StartWithWindows
UserKey
\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Easy Speed PC
s_Exec
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunOnce
*.lnk
INDEX.DAT
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegNotifyChangeKeyValue
RegFlushKey
RegCreateKeyExA
GetCPInfo
version.dll
gdi32.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
shell32.dll
ShellExecuteA
SHFolder.dll
1 1$1(1,101
:!:%:):-:
6!6h6X6`6d6h6l6p6t6x6|6
7 7$7(7,7074787
>#>'> >/>3>8>
>,?0?4?8?<?
0#0'0 0/040
1 1$1(1,1014181<1
>!> >?>|>
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
UrlMon
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
$%Ïd
0just added itself to your Windows startup menu.
<assemblyIdentity version="1.0.0.0"
name="EasySpeedPC.exe"
<requestedExecutionLevel
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
No help keyword specified.
/Menu '%s' is already being used by another form
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Alt  Clipboard does not support Icons
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
8.2.0.0

easyspeedcheck.exe_2032:




.text
P`.data
.rdata
0@.bss
.idata
.rsrc
libgcc_s_dw2-1.dll
libgcj-13.dll
hXXp://VVV.easyspeedcheck.com
/applib/appmsg/appmsg.php
hXXp://download.easyspeedcheck.com/publishers/3/741/
EasySpeedCheckSetup.exe
cwebpage.dll
hXXp://VVV.easyspeedcheck.com/easyspeedcheck-1.php
msg=<?xml version="1.0" encoding="UTF-8"?>
curl_easy_perform() failed: %s
<msg>get_unique_id</msg>
<msg>get_popup_ad</msg>
window_url
<msg>get_system</msg>
<msg>get_tray_ad</msg>
SOFTWARE\Classes\http\shell\open\command
VirtualQuery failed for %d bytes at address %p
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
11CMsgDataInt
17CMsgUserIdDataImp
18CMsgTrayAdsDataImp
19CMsgPopupAdsDataImp
23CMsgCheckVersionDataImp
GCC: (GNU) 4.8.1
curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_global_init
RegOpenKeyExA
ShellExecuteA
libcurl.dll
advapi32.dll
gdi32.dll
kernel32.dll
msvcrt.dll
shell32.dll
user32.dll
libstdc  -6.dll
GNU C 4.8.1 -mtune=generic -march=pentiumpro -g -O2
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/crt1.c
e:\p\giaw\src\pkg\mingwrt-4.0.3-1-mingw32-src\bld
cmdline
cmdbuf
cmdptr
*__mingw_CRTStartup
;mainCRTStartup
;WinMainCRTStartup
C_CRT_glob
C_CRT_fmode
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/tlssup.c
#_CRT_MT
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/CRTglob.c
_CRT_glob
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/CRTfmode.c
_CRT_fmode
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/txtmode.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/CRT_fp10.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/cpu_features.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/pseudo-reloc.c
__report_error
.abort
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/gccmain.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/main.c
szCmd
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/crtst.c
_CRT_MT
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/tlsthrd.c
__mingwthr_key_t
__mingwthr_key
__mingwthr_run_key_dtors
keyp
___w64_mingwthr_add_key_dtor
new_key
___w64_mingwthr_remove_key_dtor
prev_key
cur_key
!key_dtor_list
Êlloc
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/pseudo-reloc-list.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/misc/glob.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/posix/libgen/dirname.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/tchar/dirent.c
%closedir
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt
e:/p/giaw/mingw/bin/../lib/gcc/mingw32/4.8.1/include
../mingwrt-4.0.3-1-mingw32-src/include
crt1.c
CRTglob.c
CRTfmode.c
CRT_fp10.c
crtst.c
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/misc
../mingwrt-4.0.3-1-mingw32-src/include/sys
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/posix/libgen
../mingwrt-4.0.3-1-mingw32-src/src/libcrt/tchar
,.jy}=
.jO7=
1.1.3.0
EasySpeedCheck.exe






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    EasySpeedCheckSetup.exe:380
    EasySpeedCheckSetup.exe:1988
    7za.exe:252
    7za.exe:636
    EasySpeedPC.exe:1452
    easyspeedcheck.exe:2032
    %original file name%.exe:432
    

    2. 

  2. Delete the original Application file.
    3. 

  3. Delete or disinfect the following files created/modified by the Application:
    

    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\start_install.txt (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\easyspeedcheck_1_1_3[1].data (67199 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\7za.exe (15192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsExec.dll (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\temp.txt (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\inetc.dll (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\log-install[1].htm (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\System.dll (11 bytes)
    %Program Files%\Easy Speed Check\uninstall.exe (309 bytes)
    %Program Files%\Easy Speed Check\esc.ico (1217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\easyspeedcheck.data (67199 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsv9.tmp\nsA.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\inetc.dll (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp7.tmp\EasySpeedCheckSetup.exe (33720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedCheckSetup[1].app (33720 bytes)
    %Program Files%\Easy Speed Check\ssleay32.dll (1127 bytes)
    %Program Files%\Easy Speed Check\libstdc  -6.dll (4515 bytes)
    %Program Files%\Easy Speed Check\cwebpage.dll (496 bytes)
    %Program Files%\Easy Speed Check\easyspeedcheck.exe (687 bytes)
    %Program Files%\Easy Speed Check\libeay32.dll (9956 bytes)
    %Program Files%\Easy Speed Check\libgcc_s_dw2-1.dll (250 bytes)
    %Program Files%\Easy Speed Check\libidn-11.dll (1354 bytes)
    %Program Files%\Easy Speed Check\zlib1.dll (861 bytes)
    %Program Files%\Easy Speed Check\libcurl.dll (1903 bytes)
    %Program Files%\Probit Software\Easy Speed PC\ESPCSchedule.exe (9321 bytes)
    %Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.exe (29679 bytes)
    %Program Files%\Probit Software\Easy Speed PC\CookiesException.txt (712 bytes)
    %Program Files%\Probit Software\Easy Speed PC\StartupList.txt (84 bytes)
    %Program Files%\Probit Software\Easy Speed PC\scanning.gif (1 bytes)
    %Program Files%\Probit Software\Easy Speed PC\file_id.diz (890 bytes)
    %Program Files%\Probit Software\Easy Speed PC\sqlite3.dll (4969 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\check_installer.txt (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\easyspeedpc.data (66979 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\System.dll (11 bytes)
    %Program Files%\Probit Software\Easy Speed PC\HomePage.url (50 bytes)
    %Program Files%\Probit Software\Easy Speed PC\esp.ico (1552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\temp.txt (14 bytes)
    %Program Files%\Probit Software\Easy Speed PC\uninstall.exe (2068 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Easy Speed PC on the Web.lnk (887 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Program Files%\Probit Software\Easy Speed PC\English.ini (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\EasySpeedCheckSetup.exe (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\start_install.txt (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Uninstall.lnk (892 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\ns5.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Easy Speed PC.lnk (902 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\inetc.dll (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\easyspeedpc820[1].data (66979 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\log-install[1].htm (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\nsExec.dll (6 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Help.lnk (902 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\EasySpeedCheckSetup[1].exe (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\7za.exe (15192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsc4.tmp\md5dll.dll (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\log-install[2].htm (8 bytes)
    %Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.chm (902 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\thank-you[1].htm (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\EasySpeedPC[1].app (63248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\EasySpeedPC.exe (63248 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp\inetc.dll (20 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "EasySpeedCheck" = "%Program Files%\Easy Speed Check\easyspeedcheck.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Easy Speed PC" = "%Program Files%\Probit Software\Easy Speed PC\ESPCSchedule.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Easy Speed PC" = "%Program Files%\Probit Software\Easy Speed PC\EasySpeedPC.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2025 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now