Trojan.Win32.Delphi_c3ac2c14a0

by malwarelabrobot on July 17th, 2015 in Malware Descriptions.

Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, EmailWorm, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: c3ac2c14a01df47014adc315b8f84e71
SHA1: 4d9e238c25f6f500240ce0fcdab108e642527e19
SHA256: 0efe073c0bc82c90e32bda3d088870aae0dd3dee364044d9bb3993bee696ad31
SSDeep: 98304:ZybRr7JbOqb330lAqwaCdPuqbeaOOv M3ZOxe59vyz4eK7/:41xqplCdPuqrDpUe59vkVC
Size: 4916888 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Super PC Tools Ltd
Created at: 2015-06-22 14:46:57
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan creates the following process(es):

%original file name%.exe:2036
SupOptStart.exe:1336
supoptsetup.exe:448
supoptsetup.tmp:520

The Trojan injects its code into the following process(es):

SuperOptimizer.exe:1412

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\{e73b1754-c60f-a3e2-e73b-b1754c605d53}\hqghumeaylnlf.dat (4 bytes)
%Documents and Settings%\All Users\Application Data\{e73b1754-c60f-a3e2-e73b-b1754c605d53}\hqghumeaylnlf.exe (159388 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (279 bytes)
%WinDir%\Tasks\Bidaily Synchronize Task[8da6].job (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\supoptsetup.exe (557145 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (9152 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (9124 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (671 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process supoptsetup.exe:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-9J7U9.tmp\supoptsetup.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-9J7U9.tmp\supoptsetup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-9J7U9.tmp (0 bytes)

The process supoptsetup.tmp:520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Super Optimizer\is-B0IC6.tmp (8657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\itdownload.dll (1281 bytes)
%Program Files%\Super Optimizer\is-ULM21.tmp (601 bytes)
%Program Files%\Super Optimizer\is-4169A.tmp (3073 bytes)
%Program Files%\Super Optimizer\is-53MR7.tmp (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Super Optimizer\is-Q1UCD.tmp (127 bytes)
%Program Files%\Super Optimizer\is-NPR81.tmp (601 bytes)
%Program Files%\Super Optimizer\is-8F5DM.tmp (1281 bytes)
%Program Files%\Super Optimizer\is-1TB65.tmp (712 bytes)
%Program Files%\Super Optimizer\is-TP865.tmp (33652 bytes)
%Program Files%\Super Optimizer\is-IHN21.tmp (30 bytes)
%Program Files%\Super Optimizer\is-J4MK0.tmp (2321 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk (773 bytes)
%Program Files%\Super Optimizer\is-84TB5.tmp (601 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Check updates.lnk (801 bytes)
%Program Files%\Super Optimizer\is-SFN4F.tmp (32242 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer on the Web.lnk (743 bytes)
%Program Files%\Super Optimizer\unins000.dat (29605 bytes)
%Program Files%\Super Optimizer\is-IRME4.tmp (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\idp.dll (1281 bytes)
%Program Files%\Super Optimizer\unins000.msg (646 bytes)
%Program Files%\Super Optimizer\is-IOFT2.tmp (11 bytes)
%Program Files%\Super Optimizer\is-QM104.tmp (601 bytes)
%Program Files%\Super Optimizer\is-NFCS6.tmp (1281 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk (769 bytes)
%Program Files%\Super Optimizer\is-7EH8L.tmp (7345 bytes)
%Program Files%\Super Optimizer\is-E3CIU.tmp (7726 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Help.lnk (773 bytes)
%Program Files%\Super Optimizer\is-7NII0.tmp (7433 bytes)
%Program Files%\Super Optimizer\is-IIPI8.tmp (4545 bytes)
%Program Files%\Super Optimizer\is-9E50R.tmp (20 bytes)
%Program Files%\Super Optimizer\is-T89RT.tmp (909 bytes)
%Documents and Settings%\%current user%\Desktop\Super Optimizer.lnk (761 bytes)
%Program Files%\Super Optimizer\is-KSQTV.tmp (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\SupOptHelper.dll (7971 bytes)
%Program Files%\Super Optimizer\is-DLQ29.tmp (601 bytes)
%Program Files%\Super Optimizer\is-L6TE5.tmp (8657 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\idp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\SupOptHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\_isetup (0 bytes)

The process SuperOptimizer.exe:1412 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\My Documents\Super Optimizer\CookiesException.txt (68 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\SuperOptimizer.madExcept (0 bytes)

Registry activity

The process %original file name%.exe:2036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Super Optimizer]
"setupname" = "c:\%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\e76c3b9ef6fd48f2]
"(Default)" = "Mbztq48OpQvqlhTVNPyFeUqTMIR/aTredfIA21ug z tNXziMscB5p0fqObLx1WEU6JjbztQ2y g796ik"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 02 B6 39 5A 40 86 70 EF 13 2A 5F 83 F6 D7 7E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process SupOptStart.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Super Optimizer]
"SuperOptimizer.exe" = "SuperOptimizer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 E9 96 32 F1 48 AD 56 AB 30 DD 78 87 F2 07 42"

[HKCU\Software\Super Optimizer]
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Super Optimizer]
"InstallDate" = "6F F0 AC FF 2A 9B E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process supoptsetup.exe:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 2C 60 9A 52 8B 75 52 FF C8 AB B0 47 1B 22 F6"

The process supoptsetup.tmp:520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: User" = "%CurrentUserName%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"UninstallString" = "%Program Files%\Super Optimizer\unins000.exe"
"Inno Setup: Language" = "en"

[HKCU\Software\Super Optimizer]
"Language" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"InstallLocation" = "%Program Files%\Super Optimizer\"

[HKCU\Software\Super Optimizer]
"ia" = "%Program Files%\Super Optimizer\SupOptCashier.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Publisher" = "Super PC Tools ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Super Optimizer]
"AdsDownloadURL" = "http://dl.superpcdownload.net/221002137/SuperUpdaterSetup.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"SessionID" = "35803CFC-1F83-4CE2-ADAC-A08FF8C7169D"

"DelayedStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKCU\Software\Super Optimizer]
"SupportURL" = "http://superpctools.com/support/"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"DisplayName" = "Super Optimizer v3.2"
"URLUpdateInfo" = "http://www.superpctools.com/"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Icon Group" = "Super Optimizer"

[HKCU\Software\Super Optimizer]
"UninstallURL" = "https://safecart.com/superpctools/.spo-special/purchase?sid=211002137-US-267"
"Querry" = "http://bi.superpcdownload.net/t/i/sp?sid=211002137-US-267&dt=%dt%&gid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=859407948&at=www.webroot.com/469354800747542733"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Super Optimizer]
"SupOptStart.exe" = "SupOptStart"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"DisplayVersion" = "3.2.0.1"
"DisplayIcon" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"
"NoRepair" = "1"
"MajorVersion" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Super Optimizer]
"AdsHost" = "dl.superpcdownload.net"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"InstallDate" = "20150716"

[HKCU\Software\Super Optimizer]
"BuyNowURL" = "http://gen.securedshopgate.com/?t=01&b=21&tid=211002137-US-267_35803CFC-1F83-4CE2-ADAC-A08FF8C7169D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"HelpLink" = "http://www.superpctools.com/"

[HKCU\Software\Super Optimizer]
"UseAds" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"Inno Setup: App Path" = "%Program Files%\Super Optimizer"

[HKCU\Software\Super Optimizer]
"Ir" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 1D E8 3F AA 83 1A CF B2 42 D6 05 23 82 82 D7"

[HKCU\Software\Super Optimizer]
"AdsBuyNowURL" = "http://supc35.superpctools.revenuewire.net/spu/register?221002137_35803CFC-1F83-4CE2-ADAC-A08FF8C7169D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"QuietUninstallString" = "%Program Files%\Super Optimizer\unins000.exe /SILENT"

[HKCU\Software\Super Optimizer]
"sc" = "http://gen.securedshopgate.com/?t=01&b=21&tid=211002137-US-267_35803CFC-1F83-4CE2-ADAC-A08FF8C7169D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"cufValue" = "CUF=0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"homepageurl" = "http://www.superpctools.com"
"CBM" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1]
"MinorVersion" = "2"
"Inno Setup: Deselected Tasks" = ""
"URLInfoAbout" = "http://www.superpctools.com/"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Super Optimizer" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"

The process SuperOptimizer.exe:1412 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Super Optimizer]
"QuerryDate" = "DF 5E 84 04 2B 9B E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Super Optimizer]
"UndoDir" = "%Documents and Settings%\%current user%\Application Data\Super Optimizer\Undo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Super Optimizer]
"s_SmartMode" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Super Optimizer]
"UpgradeID" = "BZDV_PCSM_ML_PCUP_SUPEROPTIMIZER_RED"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Super Optimizer]
"s_SmartExec" = "0"
"Stat1a" = "186"
"ItemsToScan" = "1111111111"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"LastScanFound" = "240"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Super Optimizer]
"ItemsCleaned" = "0"
"s_Enable" = "0"

"InstallStat" = "1"
"Version" = "3.2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Super Optimizer]
"s_SmartScan" = "1"
"SpeedGuard" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Super Optimizer]
"LastScanChecked" = "1101010"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Super Optimizer]
"LOGDIR" = "%Documents and Settings%\%current user%\Application Data\Super Optimizer\Log"
"ProblemsFixed" = "0"
"ResidualFilesCleaned" = "0"
"RunDate" = "DF 5E 84 04 2B 9B E4 40"
"Reminder" = "1"
"ShowRebootMessage" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 09 D0 56 31 94 DB A0 5D CD 56 79 9F E1 8B 6F"

[HKCU\Software\Super Optimizer]
"AppStart" = "1"
"DisplayName" = "Super Optimizer"
"ItemsToFix" = "210"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Super Optimizer]
"UseExceptionList" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Super Optimizer]
"s_Time" = "E7 7F F3 FF 2A 9B E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Super Optimizer]
"LastVersionChecking" = "7B 1C F3 FF 2A 9B E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Super Optimizer]
"ScanAtStartup" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Super Optimizer]
"ItemsToClean" = "30"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
593afa13b6da05a70de72bd3c736095e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\supoptsetup.exe
48d81fc1114264b3932d667635b9f3cc c:\Program Files\Super Optimizer\SupOptCashier.exe
d8af670a7d6e60f90ecdfd4fc1063ef0 c:\Program Files\Super Optimizer\SupOptGuard.exe
b4373efde1810d3537f1c9ca007a3c5b c:\Program Files\Super Optimizer\SupOptHelper.dll
8e5ecda65ad6aa2f8ffad2ea5c897c74 c:\Program Files\Super Optimizer\SupOptLauncher.exe
5605830425d888fa1078faa381df63c4 c:\Program Files\Super Optimizer\SupOptReminder.exe
9642da80058d4901de0dc01dc07fb2ff c:\Program Files\Super Optimizer\SupOptSchedule.exe
5ccbee03cb408a847d5599220ed19e1b c:\Program Files\Super Optimizer\SupOptSmartScan.exe
47659f03e4d81dd1f22b360042c654d0 c:\Program Files\Super Optimizer\SupOptStart.exe
496c9b762333e98622d47de7db0a6c2b c:\Program Files\Super Optimizer\SupOptUninstaller.exe
a3fb94a403e3112a161ff419065df83a c:\Program Files\Super Optimizer\SuperOptimizer.exe
9a83f220bf8ca569e3cfa654539a47a4 c:\Program Files\Super Optimizer\idp.dll
d82a429efd885ca0f324dd92afb6b7b8 c:\Program Files\Super Optimizer\itdownload.dll
0f66e8e2340569fb17e774dac2010e31 c:\Program Files\Super Optimizer\sqlite3.dll
fd70f934209d8a7cb04f7a9b597d6dd9 c:\Program Files\Super Optimizer\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Super PC Tools Ltd
Product Name: Super Optimizer v3.2
Product Version: 3.2.0.0
Legal Copyright: Super PC Tools Ltd
Legal Trademarks:
Original Filename: Super Optimizer
Internal Name: Super Optimizer
File Version: 3.2.0.0
File Description: Fix PC problems and optimize performance
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 153188 153600 4.5698 7573cde6259b03bd3d6663b85caccfbf
.rdata 159744 33940 34304 3.34322 7da5fd3b180ff6b40212f7e8ab4c928e
.data 196608 19332 7680 2.50762 9108770d8c2e1fbe6aa30aa0b1cac099
.rsrc 217088 4690708 4690944 5.51459 167eb91794154f7817840aa65aa037d5
.reloc 4911104 22832 23040 2.1718 3f1ddd4b352a3472fc05e323e6e93cbe

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://isuperopt.com/inst?hid=6e7a0c36c05f265871d3419939db81981b7ce149&sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tr=211002137-US-267&a=NA&adm=1&os=5.1&x64=0&sil=1&st=201506222&e=200 104.28.19.88
hxxp://isuperopt.com/inst?sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&st=0&e=210 104.28.19.88
hxxp://isuperopt.com/inst?sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&st=0&du=5875&e=400 104.28.19.88
hxxp://bi.superpcdownload.net/t/i/sp?sid=211002137-US-267&dt=1437034497&gid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=&f=859407948&at=www.webroot.com/469354800747542733 198.20.86.29
hxxp://bi.superpcdownload.net/t/i/sp?sid=211002137-US-267&dt=1437034547&gid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tz=2&ln=1&lc=0&bis=1&bief=0&biefx=0&bif=0&os=&f=859407948&at=www.webroot.com/469354800747542733 198.20.86.29
service.smartpcupdate.com 176.9.2.105


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /inst?hid=6e7a0c36c05f265871d3419939db81981b7ce149&sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tr=211002137-US-267&a=NA&adm=1&os=5.1&x64=0&sil=1&st=201506222&e=200 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: isuperopt.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Thu, 16 Jul 2015 05:14:51 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d3dade3974a3a6d2f76745b522017f8f51437023691; expires=Fri, 15-Jul-16 05:14:51 GMT; path=/; domain=.isuperopt.com; HttpOnly
Server: cloudflare-nginx
CF-RAY: 206b39d4ffef05d5-WAW
....


GET /inst?sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&st=0&e=210 HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: isuperopt.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Thu, 16 Jul 2015 05:14:51 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d3dade3974a3a6d2f76745b522017f8f51437023691; expires=Fri, 15-Jul-16 05:14:51 GMT; path=/; domain=.isuperopt.com; HttpOnly
Server: cloudflare-nginx
CF-RAY: 206b39d7bff105d5-WAW
HTTP/1.1 200 OK..Date: Thu, 16 Jul 2015 05:14:51 GMT..Content-Type: te
xt/plain..Content-Length: 0..Connection: keep-alive..Set-Cookie: __cfd
uid=d3dade3974a3a6d2f76745b522017f8f51437023691; expires=Fri, 15-Jul-1
6 05:14:51 GMT; path=/; domain=.isuperopt.com; HttpOnly..Server: cloud
flare-nginx..CF-RAY: 206b39d7bff105d5-WAW......


GET /inst?sid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&st=0&du=5875&e=400 HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: isuperopt.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Thu, 16 Jul 2015 05:14:56 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: __cfduid=d6bba76baed466da4083a54e9e81e42611437023696; expires=Fri, 15-Jul-16 05:14:56 GMT; path=/; domain=.isuperopt.com; HttpOnly
Server: cloudflare-nginx
CF-RAY: 206b39f5001e05d5-WAW
HTTP/1.1 200 OK..Date: Thu, 16 Jul 2015 05:14:56 GMT..Content-Type: te
xt/plain..Content-Length: 0..Connection: keep-alive..Set-Cookie: __cfd
uid=d6bba76baed466da4083a54e9e81e42611437023696; expires=Fri, 15-Jul-1
6 05:14:56 GMT; path=/; domain=.isuperopt.com; HttpOnly..Server: cloud
flare-nginx..CF-RAY: 206b39f5001e05d5-WAW..



GET /t/i/sp?sid=211002137-US-267&dt=1437034497&gid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=&f=859407948&at=VVV.webroot.com/469354800747542733 HTTP/1.1
Host: bi.superpcdownload.net
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)


HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Thu, 16 Jul 2015 05:14:57 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
content-type: text/html



GET /t/i/sp?sid=211002137-US-267&dt=1437034547&gid=35803CFC-1F83-4CE2-ADAC-A08FF8C7169D&tz=2&ln=1&lc=0&bis=1&bief=0&biefx=0&bif=0&os=&f=859407948&at=VVV.webroot.com/469354800747542733 HTTP/1.1
Content-Type: text/html
Host: bi.superpcdownload.net
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)


HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Thu, 16 Jul 2015 05:15:47 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
content-type: text/html







The Trojan connects to the servers at the folowing location(s):







SuperOptimizer.exe_1412:




.idata
.edata
P.tls
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
HKEY
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
;!199{199
;0!8&2{199
"<;=!!%{199
Windows 95
Windows 95 OSR-2
Windows 98
Windows 98 SE
Windows ME
Windows 9x New
Windows NT 3
Windows NT 4
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 2008
Windows 7
Windows 2008 R2
Windows 8
Windows Server 8
Windows NT New
user.exe
TMsgHandlers
madToolsMsgHandlerWindow
user32.dll
>0';0974&0{199
cmovÌ
setÌ
pop %seg
push %seg
Uh.GA
msvcrt.dll
Uh.wA
VVV.madshi.net
dbghelp.dll
comctl32.dll
4.0.11
ntdll.dll
advapi32.dll
The import table is invalid.
shell32.dll
WindowsLogo
ReportLeaks
UploadViaHttp
HttpServer
HttpSsl
HttpPort
HttpAccount
HttpPassword
BugTrPassword
MailAsSmtpServer
MailAsSmtpClient
SmtpServer
SmtpSsl
SmtpTls
SmtpPort
SmtpAccount
SmtpPassword
bugreport.mbr
screenshot.png
ExceptMsg
FrozenMsg
BitFaultMsg
send bug report
save bug report
print bug report
show bug report
%appname%, %exceptMsg%
bug report
please find the bug report attached
Sending bug report...
PrepAttMsg
MxLookMsg
ConnMsg
SendMailMsg
FieldMsg
SendAttMsg
SendFinalMsg
SendFailMsg
Sorry, sending the bug report didn't work.
TDABugReportCallback
TDABugReportCallbackOO
ShellExecuteExW
madExceptIde_.bpl
wininet.dll
VVV.google.com
SMTP:
mapi32.dll
IpHlpApi.dll
A.ROOT-SERVERS.NET
K.ROOT-SERVERS.NET
VVV.madshi.net_multipart_boundary
TSmtpU
LOGIN
AUTH LOGIN
security.dll
secur32.dll
TWinHttp
winhttp.dll
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
/api.xml
<url>
password
?cmd=
/xmlrpc.cgi
Bugzilla.version
Product.get_enterable_products
Product.get
Bug.fields
Bugzilla_login
Bugzilla_password
Bug.create
Bug.add_attachment
/api/soap/mantisconnect.php
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="hXXp://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns1:
</username><password xsi:type="xsd:string">
</password>
*.txt
TSendBugReportExRec
wtsapi32.dll
idapi32.dll
kernelbase.dll
madExcept32.dll
c:\sources\madshi\madExcept32.dll
ReportLeaksNow
GetLeakReport
ShowLeakReport
madExcept32.dll has the wrong version.
coreide70.bpl
ReportFault
FaultRep.dll
internal error. please notify [email protected]
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
HardWareKey
setupapi.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
USER32.DLL
uxtheme.dll
PasswordChar
OnKeyDown
OnKeyPress@SJ
OnKeyUpdRJ
ssHorizontal
OnKeyUp
Proportional
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
Uh.WK
imm32.dll
OnExecute`
OnExecute
AutoHotkeys8
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview,
WindowStated
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
%s, %.2d %s %.4d %s %s
Uh%DM
%s, %d %s %d %s %s
Password
IdHTTPHeaderInfo
ProxyPasswordl
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
ftpTransfer
ftpReady
ftpAborted
ClientPortMinl
ClientPortMax
Port
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
saUsernamePassword
Passwordl
0.0.0.1
TIdTCPConnection
IdTCPConnection
EIdTCPConnectionError
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFile
CertFile
KeyFile
OnGetPasswordD
EIdOSSLLoadingRootCertError
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
TIdTCPClient
TIdTCPClient\'N
IdTCPClient
BoundPort
PortU
CommentURL
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPOnHeadersAvailable
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPResponse<QN
TIdHTTPRequest
TIdHTTPProtocol
TIdCustomHTTP
TIdHTTP
TIdHTTP8TN
HTTPOptions
PortlDN
EIdHTTPProtocolException
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
1.2.3
Portable Network Graphics
%s, ClassID: %s
ole32.dll
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas
!"#$%&*;<=>@[]^_`{|}
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
MAPI32.DLL
vsReport
TComboBoxExEnumerator
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
hXXp://gen.securedshopgate.com/?b=21
superupdater.exe
Super Updater\SuperUpdater.exe
hXXp://VVV.superpctools.com
UninstallURL
AdsDownloadURL
HomePageURL
SupportURL
BuyNowURL
AdsBuyNowURL
\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\
Launcher.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SrClient.dll
1111111111
s_SmartExec
English.ini
French.ini
German.ini
Spanish.ini
Italian.ini
Portuguese.ini
Danish.ini
Dutch.ini
Swedish.ini
Polish.ini
Russian.ini
Brazilian.ini
Finnish.ini
Norwegian.ini
Turkish.ini
Czech.ini
Japanese.ini
Chinese.ini
Arabic.ini
\$RECYCLE.BIN\
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Mozilla\Firefox\
profiles.ini
\cookies.sqlite
\formhistory.sqlite
Google\Chrome\User Data\Default\Cache\
Content.IE5\
regedit.exe
%SYSTEMROOT%\
%Program Files%\
%Program Files% (x86)\
%COMMONPROGRAMFILES%\
%Program Files%\Common Files\
%COMMONPROGRAMFILES(X86)%\
%Program Files% (x86)\Common Files\
%COMMONPROGRAMW6432%\
%USERPROFILE%\
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
\tmp.reg" "
\tmp.reg
WNNC_NET_FTP_NFS
olepro32.dll
\\.\vwin32
shlwapi.dll
Mpr.dll
D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas
To show a Context Menu using TNamespace you must pass a valid Owner TWinControl
THKeyArray
TCommonShellExecuteThreadU
D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas
TCommonKeyState
cksShift
TCommonKeyStates
D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas
Uh.RT
gdi32.dll
Userenv.dll
ShellExecuteW
GetWindowsDirectoryW
RegOpenKeyW
RegOpenKeyExW
SHFileOperationW
D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas
TEasyAccessibleManager.Create not a TCustomEasyListview type
TEasyGroupAccessibleManager.Create not a TEasyGroup type
TEasyItemAccessibleManager.Create not a TEasyItem type
TEasyColumnAccessibleManager.Create not a TEasyColumn type
TEasyHeaderAccessibleManager.Create not a TEasyHeader type
elsReport
elsReportThumb
TAutoGroupGetKeyEvent
TColumnGetImageIndexEvent
TColumnSetImageIndexEvent
KeyState
KeyStates
TGroupGetImageIndexEvent
TGroupSetImageIndexEvent
HintWindowShown
TItemGetGroupKeyEvent
GroupKey
TItemGetImageIndexEvent
TItemSetGroupKeyEvent
TItemSetImageIndexEvent
MouseMsg
TEasyKeyActionEvent
EscapeKeyPressed
TEasyViewReportItem
TEasyViewReportItemP5U
TEasyViewReportThumbItem
TEasyGridReportGroup
TEasyGridReportThumbGroup
TEasyCellSizeReport8]U
TEasyCellSizeReport
TEasyCellSizeReportThumb
TEasyCellSizeReportThumb ^U
ReportThumb
Report
AlwaysShow
OnAutoGroupGetKeyp
OnItemGetGroupKey\
OnItemSetGroupKey
OnKeyActiond
D:\SmartPC\Components\EasyListview\Source\EasyListview.pas
Can not find TEasyGroups.AdjacentItem of an Invisible Item
Uh.hX
EasyListview.Header
TChangesShortForm
An updated version of %s is now available
FormKeyDown
http\shell\open\command
\chrome.exe
\Internet Explorer\iexplore.exe
hXXp://softupdates.smartpcupdate.com/data/update-versions-%s.txt?upgrade_id=%s
&user_major_version=%s&upgrade_id=%s&user_version=%s
hXXp://softupdates.smartpcupdate.com/scripts/get_link_%s.php?license_key=%s&purchase_date=%s
You are already using the latest version of %s
OnActionExecute
windows-1251
sqlite3.dll
sqlite3_bind_parameter_count
sqlite3_bind_parameter_name
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_name
sqlite3_column_name16
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_data_count
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_get_table
sqlite3_free_table
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_reset
sqlite3_step
sqlite3_total_changes
sqlite3_libversion
Yahoo.Messenger\CLSID
Yahoo.Messenger.1\CLSID
Software\Microsoft\Windows Live\Messenger
Software\Microsoft\MSNMessenger\PerPassportSettings
imApp.im.loggingLogPath
TMonochromeLookup
The Windows registry stores settings and options for Microsoft Windows. Over time, the registry becomes cluttered with invalid and obsolete data.
%s can remove these unnecessary and invalid registry entries. Check the items you wish to delete and click Save && Close.
\UserExceptionR.txt
Free up disk space and protect your privacy by removing web pages, images, videos and audio files saved by your browser as you surf the Internet.
Free up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited.
When you remove an application there are often residual files or junk files leftover on your system. %s safely finds and removes these unnecessary files.
\UserExceptionF.txt
Registry keys
RegistryKeys
\ProgramExceptionR.txt
\ProgramExceptionF.txt
IdHTTP1
HTTP1Work
Thank you for purchasing %s!
We are now replacing your current version of %s with %s which includes these additional features:
ProVersionUrl
hXXp://
service.smartpcupdate.com
hXXp://service.smartpcupdate.com/rpc/sendspmpurchase
hXXp://service.smartpcupdate.com/rpc/sendpurchase
&key=
hXXp://service.smartpcupdate.com/rpc/sendspminstall
hXXp://service.smartpcupdate.com/rpc/sendspmuninstall
hXXp://service.smartpcupdate.com/rpc/sendinstall
hXXp://service.smartpcupdate.com/rpc/senduninstall
callbanner.png
BannerURL
Do you have a License Key?
If you purchased %s a license key will have been emailed to you. Please enter the license key below and click Activate Now.
License key
Do you need a License Key?
We recommend that you upgrade to the full version of %s
To purchase %s and obtain a license key click
Licensing key has reached its usage limit!
UserKey
Thank you for registering %s!
Support
Register %s
To optimize settings, fix problems and speed up your PC you need to register %s.
Would you like to register %s now?
To immediately fix these problems and speed up your PC you need to register %s.
To remove these privacy risks from your computer you need to register %s.
To immediately fix these problems and to remove invalid shortcuts you need to register %s
To immediately fix these problems and to remove programs from your startup menu you need to register %s.
%s is the leading and award-winning system optimization tool that cleans, repairs and optimizes your system.
To fix problems and speed up your PC, you need to register %s
This is normal and we have marked these items and will attempt to remove them later. It is best to close as many applications (browser, instant messanger, email, etc.) before running %s.
Specify registry key
SpecifyKey
Example: Software\%s
KeyExample
Key not found in the registry!
KeyNotFound
Offers direct access to key features
Guard.exe
Reminder.exe
s_Exec
Schedule.exe
SmartScan.exe
Example: twitter.com
\CookiesException.txt
PSAPI.dll
*.exe
hXXp://VVV.google.com/search?hl=en&q=
hkey
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
FormOptReport
Optimization Report
TfrmFreshWindows
FormFreshWindows
\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Register %s now to keep it that way.
CleanEmptyKeys
ScanCustomRegKeys
ScanWindowsLogs
actDebugExecute
Welcome to %s
%s's benefits may include faster performance, increased startup speed and fewer error messages when regularly used.
Why register %s?
Remove invalid and unnecessary items to optimize your Windows registry.
Search histories, cookies, recently viewed web pages, videos, photos, music and more.
%s has found the following potential privacy risks on your computer. To keep your information private and free up valuable disk space we recommend deleting the selected items.
Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.
Optimization report
Windows tracking of user actions
Send error reports to Microsoft
Ask password after quitting standby mode
Automatic login to system w/o password entry
Use autofill for URLs
Autofill of login names and passwords in forms
Request for password save
Get the maximum benefit from %s by customizing the settings to meet your needs.
Undo changes made by %s
Information about your version of %s
If there are certain registry keys, files or cookies that you do not want to have included in the %s scan you can use this feature to create an exclusion list.
Log && Undo makes it easy to undo changes made by %s
List of items that could not to be cleaned because they were locked or in use by another application. %s will attempt to remove these items each time you clean your PC.
\*.lnk
IEXPLORE.EXE
FIREFOX.EXE
CHROME.EXE
SKYPE.EXE
\PendingExceptionR.txt
\PendingExceptionF.txt
\Scan.gif
SOFTWARE\Microsoft\Windows\Help
SOFTWARE\Microsoft\Windows\HTML Help
SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\
SOFTWARE\Microsoft\Internet Explorer\TypedURLs\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
\places.sqlite
visited Web pages and cookies available for removal
.reg"
Cleaning visited webpages...
macromedia.com\support\flashplayer\sys\
Visited Web pages removed
System32\reg.exe
File Windows\System32\reg.exe not found!
\HKCR.reg
\HKCU.reg
\HKLM.reg
\HKU.reg
EXPORT HKCR "
\HKCR.reg"
EXPORT HKCU "
\HKCU.reg"
EXPORT HKLM "
\HKLM.reg"
EXPORT HKU "
\HKU.reg"
\*.reg
IMPORT "
dfrg.msc
DFRGUI.EXE
dfrgui.exe
DATA.BAK
CUSTOM.BAK
OPA11.BAK
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
DoReport
SOFTWARE\Microsoft\PCHealth\ErrorReporting
PromptPasswordOnResume
SOFTWARE\Policies\Microsoft\Windows\System\Power
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
FormSuggest Passwords
Register your copy of %s
\*.log
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
=HKEY_LOCAL_MACHINE#
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#
=HKEY_CLASSES_ROOT#
[-HKEY_CLASSES_ROOT\Applications\
Empty key
EmptyKey
[-HKEY_CLASSES_ROOT\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
=HKEY_CURRENT_USER#
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
HKEY_CLASSES_ROOT\
[-HKEY_CLASSES_ROOT\CLSID\
[HKEY_CLASSES_ROOT\CLSID\
HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
HKEY_CLASSES_ROOT\Interface\
[-HKEY_CLASSES_ROOT\Interface\
HKEY_CLASSES_ROOT\Typelib\
[-HKEY_CLASSES_ROOT\Typelib\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
: HKEY_CURRENT_USER\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
: HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders#
[HKEY_LOCAL_MACHINE\
AppEvents\Schemes\Apps\.Default
AppEvents\Schemes\Apps\.Default\
\.Current
\.Default
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
\.Current]
\.Default]
HKEY_CURRENT_USER\
[HKEY_CURRENT_USER\
=HKEY_CURRENT_USER#SOFTWARE\
HKEY_CURRENT_USER\SOFTWARE\
[-HKEY_CURRENT_USER\SOFTWARE\
=HKEY_LOCAL_MACHINE#SOFTWARE\
HKEY_LOCAL_MACHINE\SOFTWARE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\
=HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\
HKEY_USERS\...\SOFTWARE\
[-HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\
=HKEY_USERS#
HKEY_USERS\
[HKEY_USERS\
LOGIN
.EXE.DLL.SYS.CAB.MSI.DAT.INF.TLB.BIN.OCX.INI.XML.LOG
*.lo?
INDEX.DAT
c:\debug.pc
Start.exe
6666666666666666
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
?456789:;<=
!"#$%&'()* ,-./0123
%Program Files%\Windows Media Player\wmplayer.exe
wmplayer.exe
GetKeyboardType
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
WinExec
GetWindowsDirectoryA
GetCPInfo
CreatePipe
version.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetAsyncKeyState
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
ShellExecuteExA
ShellExecuteA
SHFileOperationA
comdlg32.dll
wsock32.dll
shfolder.dll
oleacc.dll
winmm.dll
Shell32.dll
MainProgram.exe
7"8*828_8
6$60656]6
>#>(>0>5>:>
;';5;:;_;~;
4!4%4)4-4145494
9!9%9)9-919
051'2|2
6 6$6(6,6064686
> ?/?3?7???
2-3135393@3
= =$=(=,=0=>=`=|=
5 5$5(5,5054585<5@5\5|5
9 9*91969<9
,1014181<1@1
5'5>5(6}6
4)4.484=4
3 4$4=4^4
7 7$7(7,707
11g1
< <$<(<,<0<4<8<<<
= =$=(=,=0=>=
%0)0-01050<0
6#6'6 606
5,6064686
7 8%8)8-8185898@8
#0'0 03070<0
3#4 4/444
9 9$9(9,909>9`9|9
1%2U2y2
7 7$7(7,7
= =$=(=.=
; ;$;(;,;2;
3"3.353:3
9!:-:4:9:
9!9&92999>9
3=3M3T3Y3s3
3-3E3Q3a3p3}3
6!6(6-6<6_6
:!:*:1:6:
0 00C0F1O1V1[1g1
1)131@1^1
5_5f5x5
2'2`2|2
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
33333333330
3333338
3333333330
3333833330
3333330
333333330
3333333333
338333?330
33383?3330
3833830
|||%UUU
|||'}}};
4|||){{{
|||%}}}=
kzzz.yyy
d|||ÿf
|||#}}}1|||@
|||'}}}9
|||)}}}=
|||D|||%xxx
|||!}}}=
|||%}}}3
|||!}}}-
6}}} {{{
"|||#{{{
|||%}}}/
|||#}}} 
|||#|||)}}}/
5}}}/|||)
,}}}-}}}-}}}-}}}-}}}-}}}-
$|||!{{{
|||!|||'
,}}}/}}}/}}}/}}}/
,|||'|||!
/|||'{{{
.xxx${{{
9}}} {{{
|||%}}}5
5|||%uuu
|||#}}}3
|||'{{{:
|||)}}}?
|||'}}}=
|||'{{{>
|||)|||@
Z}}};|||%sss
.zzzE
|||'}}}?
[}}}1{{{
|||!}}} }}}5
(}}}3}}}=
$|||%yyy&yyy&uuu%xxx"www
0{{{8}}}?
|||!|||%|||)}}}/
,}}}1{{{6
9}}}5}}}1
,|||'|||#{{{
.yyy*|||'|||#xxx rrr
|||!|||#
&|||#|||!
*}}} }}}-}}}/}}}/
2}}}3}}}3}}}3}}}3}}}3}}}3
0}}}/}}}/}}}-}}} 
(|||'|||%xxx"|||!{{{
|||!|||%
(|||%|||!{{{
4}}}7{{{6}}}5}}}5
|||#|||)
(|||#{{{
,|||%{{{
|||!|||)
*|||#{{{
/|||%{{{
3|||){{{
5|||){{{
6|||){{{
"|||#|||!
4|||'{{{
1|||%{{{
2|||%{{{
5|||'{{{
7|||'{{{
:|||){{{
|||){{{4
.|||'|||!{{{
 |||%{{{
/|||)|||#{{{
 zzz.xxx3
*|||)|||'|||%|||!{{{
6|||'|||!{{{
|||!|||%|||)
|||#|||'
(|||%|||#
"|||#|||#
$|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%|||%
$|||#|||#
paint.net 4.0;
8).eJ
F.Eax
<p.lFl^lv
Y%SkW 
z%Ue4
K)zbo%X
,.QYAHV#
F=w.XS
wx".MSR
^.fU5F
Jdo%f
<z.ZX
~2.Kb2
f.XFB!
.UTTdd
..zPI
=>95<&><6
1999666<<
#,,,)))   77733311144
3_%C-
0>551952>
e5y%U
Dîÿ&fF$d
%XoYXfe
g`
0|.qD/n
$!6222***:
0777%%f6**
..6!!>1!
!*2"&*2.6
4'=%3-9--
`ssshX
$#F.pbHh#%
/.TVUao
mmmMLL.ik )(H
,:.(6!4>1*95.-
%9 ;...""
~ =555))
$'/. /)'
322 ( !)1
OCB^$&%UWW3
r%djaN!
\%S)!
Q&%S>w
.aT/uT#
}ee%x
! I%X
o].bS!bG
%x=YY}
Jb.Zf
`m%U yMH
f/..yBl
$W.oc
.FBYw]
2w.Ks?
/Vv*Qq.Uu.
GFÞ'
>,"&4<&,<
!!111$!!!
KWindows
UrlMon
UrlHistory
wlibsqlite3
TntWindows
0IdHTTPHeaderInfo
 IdTCPServer
IdTCPStream
LFormFreshWindows
78*6%d
9N.sV
8.YrT
4777))):::44
764TUq-'%X
.,48<,0$4 84 (
?"8 !:"/ 
340 <8(4
 -.).*(/,
,((()*./-
\3**"""*22
&:,<2<" 
{'*)5",<$,
`h%u$*
8)%>&,"$(
_t3.62.6
.=6&=>6#!.%..!
,9>.5!&')
A9-.EK
L*OM.MK
"8":5=-) 
>';3.)9/7{
f.Moq
(=[[[;::
0H.sl
\(A.TFP
.ukD %Tr
F.Sn8
q%S@QQ
.tRaw
ChangesShortForm
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
;A new version of %s (version %s) is available for download.
All windows
Windows tracking of user actions
(Ask password after quitting standby mode
,Automatic login to system w/o password entry
5Attention! %s found 0 privacy risks on your computer
4Log && Undo makes it easy to undo changes made by %s
Lines.Strings
If there are certain registry keys or files that you do not want to have included in the %s scan you can use this feature to create an exclusion list.
.Autofill of login names and passwords in forms
Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.
OGet the maximum benefit from %s by customizing the settings to meet your needs.
$Information about your version of %s
s%s's benefits may include faster performance, increased startup speed and fewer error messages when regularly used.
GRemove invalid and unnecessary items to optimize your Windows registry.
Windows .....
When you remove an application there are often residual files or junk files leftover on your system. %s safely finds and removes these unnecessary files.
IconOptions.Arrangement
3visited Web pages and cookies available for removal
%Scan selected areas for privacy risks
USearch histories, cookies, recently viewed web pages, videos, photos, music and more.
Log files|*.log|All files|*.*
*.tmp
*.bak
*.old
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.ContentRangeEnd
Request.ContentRangeStart
Request.ContentType
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
The Windows registry stores settings and options for Microsoft Windows. Overtime, the registry becomes cluttered with invalid and obsolete data.
m%s can help you clean and optimize your registry. Check the items you wish to delete and click Save && Close.
EditManager.Font.Charset
EditManager.Font.Color
EditManager.Font.Height
EditManager.Font.Name
EditManager.Font.Style
GroupFont.Charset
GroupFont.Color
GroupFont.Height
GroupFont.Name
GroupFont.Style
Header.Columns.Items
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
Header.Height
)PaintInfoGroup.MarginBottom.CaptionIndent
Selection.FullItemPaint
oFree up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited
version %s
Support:
OTo immediately fix these problems and speed up your PC you need to register %s.
"Would you like to register %s now?
PTo optimize settings, fix problems and speed up your PC you need to register %s.
l%s is the leading and award winning system optimization tool that cleans, repairs and optimizes your system.
=To fix problems and speed up your PC, you need to register %s
{If you purchased %s a license key will have been emailed to you. Please enter the license key below and click Activate Now.
.To purchase %s and obtain a license key click
YCheck the email you received after you purchased the product for the correct license key.
&Your license key will look like this:
Thank you for purchasing PC %s!
eWe are now replacing your current version of %s with %s Pro which includes these additional features:
Items.Strings
All files|*.*
R* Monitor your PC's performance right from your desktop without having to start %s
&* Offers direct access to key features
The startup menu contains programs that are automatically started by Windows every time you start your PC. As more and more programs insert themselves in your startup menu your PCs valuable resources are drained causing it to operate more slowly.
frmFreshWindows
$Register %s now to keep it that way.
<assemblyIdentity version="1.0.0.0"
name="OptimizerPro.exe"
<requestedExecutionLevel
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
.jdbg
madExcept.HandleContactForm
madExcept.HandleScreenshotForm
.madExcept
%exceptMsg%
%bugReport%
Úte%
Útetime%
%computerName%
Þsktop%
%userappdata%
%commonappdata%
screenShot.bmp
Tcpip\Parameters
VxD\MSTCP
.jpeg
hXXps://
%userappdata%\
BugReport
screenShot.png
operating system
<tr><td><button onClick="history.back();" style="height:19.5pt;"> 
<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 
<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;
Software\Microsoft\Windows
GetThreadReport
GetCpuRegisters
\madExcept\Dlls\madExcept32.dll
psapi.dll
suser32.dll
Unspecified error (%d) from %s.
miranda32.exe
PIDLs to operate on are not siblings of the Namespace doing the operation.
Unable to find RegSvr32.exe executable.
RegSvr32.exe
*.dat
\msnmsgr.exe
\msgslang.dll
\msgslang.
Software\Microsoft\MSNMessenger\PerPassportSettings\
*.xml
*.html
\settings.xml
\config.xml
\main.db
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]
"DoReport"=dword:00000001
"DoReport"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Power]
"PromptPasswordOnResume"=dword:00000001
"PromptPasswordOnResume"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
"FormSuggest Passwords"="YES"
"FormSuggest Passwords"="NO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
66006666
FORMOPTREPORT
TCHANGESSHORTFORM
TFRMFRESHWINDOWS
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design mode
Unsupported PixelFormat
Invalid stream operation
Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
"%s"8
úiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range
"%s".
"%s".%
oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or time
jThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.
Description: BThe "Portable Network Graphics" image contains an invalid palette.
The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.
This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.
There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.7The png image could not be loaded from the resource ID.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Command not supported.
Address type not supported.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Chunk StartedDThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
%s is not a valid IP address.
File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
No help keyword specified.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Value must be between %d and %d
Unable to insert a line Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
$Unknown picture file extension (.%s)
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
?#''%s'' is not a valid date and time
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Unable to write to %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    %original file name%.exe:2036
    SupOptStart.exe:1336
    supoptsetup.exe:448
    supoptsetup.tmp:520
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %Documents and Settings%\All Users\Application Data\{e73b1754-c60f-a3e2-e73b-b1754c605d53}\hqghumeaylnlf.dat (4 bytes)
    %Documents and Settings%\All Users\Application Data\{e73b1754-c60f-a3e2-e73b-b1754c605d53}\hqghumeaylnlf.exe (159388 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (279 bytes)
    %WinDir%\Tasks\Bidaily Synchronize Task[8da6].job (412 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\supoptsetup.exe (557145 bytes)
    %Documents and Settings%\%current user%\NTUSER.DAT.LOG (9152 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (671 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-9J7U9.tmp\supoptsetup.tmp (7386 bytes)
    %Program Files%\Super Optimizer\is-B0IC6.tmp (8657 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\itdownload.dll (1281 bytes)
    %Program Files%\Super Optimizer\is-ULM21.tmp (601 bytes)
    %Program Files%\Super Optimizer\is-4169A.tmp (3073 bytes)
    %Program Files%\Super Optimizer\is-53MR7.tmp (7971 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Program Files%\Super Optimizer\is-Q1UCD.tmp (127 bytes)
    %Program Files%\Super Optimizer\is-NPR81.tmp (601 bytes)
    %Program Files%\Super Optimizer\is-8F5DM.tmp (1281 bytes)
    %Program Files%\Super Optimizer\is-1TB65.tmp (712 bytes)
    %Program Files%\Super Optimizer\is-TP865.tmp (33652 bytes)
    %Program Files%\Super Optimizer\is-IHN21.tmp (30 bytes)
    %Program Files%\Super Optimizer\is-J4MK0.tmp (2321 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk (773 bytes)
    %Program Files%\Super Optimizer\is-84TB5.tmp (601 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Check updates.lnk (801 bytes)
    %Program Files%\Super Optimizer\is-SFN4F.tmp (32242 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Super Optimizer on the Web.lnk (743 bytes)
    %Program Files%\Super Optimizer\unins000.dat (29605 bytes)
    %Program Files%\Super Optimizer\is-IRME4.tmp (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\idp.dll (1281 bytes)
    %Program Files%\Super Optimizer\unins000.msg (646 bytes)
    %Program Files%\Super Optimizer\is-IOFT2.tmp (11 bytes)
    %Program Files%\Super Optimizer\is-QM104.tmp (601 bytes)
    %Program Files%\Super Optimizer\is-NFCS6.tmp (1281 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk (769 bytes)
    %Program Files%\Super Optimizer\is-7EH8L.tmp (7345 bytes)
    %Program Files%\Super Optimizer\is-E3CIU.tmp (7726 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Super Optimizer\Help.lnk (773 bytes)
    %Program Files%\Super Optimizer\is-7NII0.tmp (7433 bytes)
    %Program Files%\Super Optimizer\is-IIPI8.tmp (4545 bytes)
    %Program Files%\Super Optimizer\is-9E50R.tmp (20 bytes)
    %Program Files%\Super Optimizer\is-T89RT.tmp (909 bytes)
    %Documents and Settings%\%current user%\Desktop\Super Optimizer.lnk (761 bytes)
    %Program Files%\Super Optimizer\is-KSQTV.tmp (7345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-LDU1B.tmp\SupOptHelper.dll (7971 bytes)
    %Program Files%\Super Optimizer\is-DLQ29.tmp (601 bytes)
    %Program Files%\Super Optimizer\is-L6TE5.tmp (8657 bytes)
    %Documents and Settings%\%current user%\My Documents\Super Optimizer\CookiesException.txt (68 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Super Optimizer" = "%Program Files%\Super Optimizer\SupOptLauncher.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now