Trojan.Win32.Swrort.3_cfe722f0fd

by malwarelabrobot on June 29th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: cfe722f0fd36bdd66e357797e1bf65ee
SHA1: 5e2f0215f72b82d173d0c0c133176544d4128087
SHA256: c8ca1c64ddfe3d6e81010a593379081a78911b34c0b4ce754bdcd8d44bd927f6
SSDeep: 98304:GWh1WtXg08vzQSGEAxX OTjExesS3ZmnRTwPqaFwOK:TWtXys26X OTjSex3Zmn1wP4
Size: 5304336 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphiv60v70_v2, UPolyXv05_v6, BorlandDelphi30, BorlandDelphiv30, ACProtect141
Company: Premium Installer
Created at: 2014-04-30 10:42:58
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

OptimizerPro.exe:1992
LiveSupport_setup.tmp:304
regsvr32.exe:1472
regsvr32.exe:264
LiveSupport.exe:216
LiveSupport.exe:280
setup.exe:1032
OptProStart.exe:1632
OptProStart.exe:1236
LiveSupport_setup.exe:804
setup.tmp:972
%original file name%.exe:396

The Trojan injects its code into the following process(es):

OptimizerPro.exe:1500

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process LiveSupport_setup.tmp:304 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
%Program Files%\LiveSupport\unins000.msg (646 bytes)
%Program Files%\LiveSupport\unins000.dat (8096 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-EK1RK.tmp (1281 bytes)
%Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-OEPDU.tmp (34256 bytes)
%Program Files%\LiveSupport\is-00EFG.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\LiveSupport\is-B6B0A.tmp (7385 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup (0 bytes)

The process regsvr32.exe:264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)

The process LiveSupport.exe:216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (619 bytes)

The process LiveSupport.exe:280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)

The process setup.exe:1032 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp (0 bytes)

The process LiveSupport_setup.exe:804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (0 bytes)

The process setup.tmp:972 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Optimizer Pro\is-STU2U.tmp (2321 bytes)
%Program Files%\Optimizer Pro\is-84RF6.tmp (7345 bytes)
%Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (737 bytes)
%Program Files%\Optimizer Pro\is-4KFFK.tmp (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (11493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Optimizer Pro\is-3NJUQ.tmp (898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (1281 bytes)
%Program Files%\Optimizer Pro\is-K6LQG.tmp (54 bytes)
%Program Files%\Optimizer Pro\is-EAMK6.tmp (31891 bytes)
%Program Files%\Optimizer Pro\is-G293J.tmp (185630 bytes)
%Program Files%\Optimizer Pro\is-JCCJC.tmp (7433 bytes)
%Program Files%\Optimizer Pro\is-0INCO.tmp (3073 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (729 bytes)
%Program Files%\Optimizer Pro\is-75DBS.tmp (673 bytes)
%Program Files%\Optimizer Pro\is-UCD9U.tmp (1425 bytes)
%Program Files%\Optimizer Pro\unins000.dat (13793 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (749 bytes)
%Program Files%\Optimizer Pro\is-70QFT.tmp (1281 bytes)
%Program Files%\Optimizer Pro\is-M0S1B.tmp (712 bytes)
%Program Files%\Optimizer Pro\is-PQJ3U.tmp (601 bytes)
%Program Files%\Optimizer Pro\is-U21JR.tmp (3073 bytes)
%Program Files%\Optimizer Pro\is-HLFVD.tmp (22 bytes)
%Program Files%\Optimizer Pro\unins000.msg (646 bytes)
%Program Files%\Optimizer Pro\is-MCA0O.tmp (2321 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (777 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Optimizer Pro\is-3EAEB.tmp (48 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (673 bytes)
%Program Files%\Optimizer Pro\is-5023A.tmp (7547 bytes)
%Program Files%\Optimizer Pro\is-HTGLC.tmp (56 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (0 bytes)

The process %original file name%.exe:396 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (34007 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (0 bytes)

Registry activity

The process OptimizerPro.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Optimizer Pro]
"SpeedGuard" = "0"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\Version]
"(Default)" = "3.0"

[HKCU\Software\Optimizer Pro]
"ShowRebootMessage" = "1"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\ProgID]
"(Default)" = "Msxml2.XSLTemplate"

[HKCU\Software\Optimizer Pro]
"Stat1a" = "185"
"UseExceptionList" = "1"
"s_Enable" = "0"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\TypeLib]
"(Default)" = "{F5078F18-C551-11D3-89B9-0000F81FE221}"

[HKCU\Software\Optimizer Pro]
"UndoDir" = "%Documents and Settings%\%current user%\Application Data\Optimizer Pro\Undo"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Optimizer Pro]
"AppStart" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Optimizer Pro]
"UpgradeID" = "BZDV_PCSM_ML_PCUP_OPTIMIZERPRO_RED"
"RunDate" = "63 7A E9 C8 46 6B E4 40"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InProcServer32]
"(Default)" = "%System%\msxml3.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Optimizer Pro]
"s_Time" = "7A E3 2E C6 46 6B E4 40"
"LOGDIR" = "%Documents and Settings%\%current user%\Application Data\Optimizer Pro\Log"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Optimizer Pro]
"Version" = "3.2"
"LastVersionChecking" = "7A E3 2E C6 46 6B E4 40"
"BuyNowURL" = ""

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\VersionIndependentProgID]
"(Default)" = "Msxml2.XSLTemplate"

[HKCU\Software\Optimizer Pro]
"ItemsCleaned" = "0"

[HKLM\SOFTWARE\Licenses]
"{I41F6CE2B13539129}" = "01 00 00 00"

[HKCU\Software\Optimizer Pro]
"ItemsToFix" = "185"
"Reminder" = "1"

[HKLM\SOFTWARE\Licenses]
"{041F6CE2B13539129}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 22 A5 44 A3"

[HKCU\Software\Optimizer Pro]
"LastScanFound" = "216"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
"(Default)" = "XSL Template"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 94 FD C6 6E 50 51 64 AC D5 8C 63 63 17 F8 39"

[HKLM\SOFTWARE\Licenses]
"{K7C0DB872A3F777C0}" = "DF 3A 2A E5 19 16 1F 05 48 6E 02 90 27 91 BF BE"

[HKCU\Software\Optimizer Pro]
"DisplayName" = "Optimizer Pro"
"s_SmartScan" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Optimizer Pro]
"ResidualFilesCleaned" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Optimizer Pro]
"LastScanChecked" = "1110010"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Optimizer Pro]
"ItemsToScan" = "1111111111"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Optimizer Pro]
"s_SmartMode" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"InstallStat" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Licenses]
"{R7C0DB872A3F777C0}" = "4A 8D 7D 4C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"ItemsToClean" = "31"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Optimizer Pro]
"ProblemsFixed" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
"0"

The process OptimizerPro.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 84 DD 41 8F A4 74 A6 B0 2F B9 9D 31 AD CF C2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Licenses]
"{041F6CE2B13539129}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 22 A5 44 A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Licenses]
"{I41F6CE2B13539129}" = "03 00 00 00"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The process LiveSupport_setup.tmp:304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Language" = "en"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"MajorVersion" = "1"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl1" = "http://dl.softservers.net/121000530/DriverPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayVersion" = "1.2.8.0"

[HKCU\Software\LiveSupport]
"SupportURL" = "http://support.pcutilitiespro.com"
"AdsLandingPageLink2" = "http://www.pcutilitiespro.com/optimizerpro.php"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"AdsLandingPageLink1" = "http://www.pcutilitiespro.com/driverpro.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\LiveSupport]
"AdsDescription1" = "Driver Updater"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"AdsDescription2" = "System Performance Optimizer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\LiveSupport]
"LiveSupport.exe" = "LiveSupport"

[HKCU\Software\LiveSupport]
"DelayedStart" = "10"
"homepageurl" = "http://www.pcutilitiespro.com/livesupport.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayName" = "LiveSupport"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"QuietUninstallString" = "%Program Files%\LiveSupport\unins000.exe /SILENT"
"Inno Setup: App Path" = "%Program Files%\LiveSupport"
"MinorVersion" = "2"

[HKCU\Software\LiveSupport]
"CallbannerUrl" = "http://ls.callbanner.pcutilitiespro.com/?sid=171000530"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\LiveSupport]
"Query" = "http://bi.softservers.net/t/ls?sid=171000530-UA-038&dt=%dt%&gid=%gid%&tz=%tz%&ln=%ln%&os=%os%&bis=%bis%&bipc=%bipc%&lc1=%lc1%&lc2=%lc2%&lc3=%lc3%&f=2182739400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayIcon" = "%Program Files%\LiveSupport\LiveSupport.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl2" = "http://dl.softservers.net/191000530/OptmizerPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\LiveSupport]
"PhoneNumber" = " 1-855-544-6024"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsCheckName2" = "Optimizer Pro"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 96 5B D1 8F 02 00 A1 2B 43 A9 27 A9 55 D4 A6"

[HKCU\Software\LiveSupport]
"UninstallURL" = "http://www.pcutilitiespro.com/uninstall-livesupport.php?sid=171000530-UA-038"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\LiveSupport]
"AdsCheckName1" = "Driver Pro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"InstallLocation" = "%Program Files%\LiveSupport\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"
"Inno Setup: Icon Group" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"UninstallString" = "%Program Files%\LiveSupport\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"
"Publisher" = "PC Utilities Software Limited"

[HKCU\Software\LiveSupport]
"AdsLicenseKey2" = "LicenseDate"
"AdsLicenseKey1" = "User"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoRepair" = "1"
"InstallDate" = "20140628"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process regsvr32.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 3A 44 36 75 1E 5D A7 B1 7E 99 A4 D3 DF 76 C8"

The process regsvr32.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 C3 F9 42 36 1E 5F 7C 87 E8 06 60 31 E7 B1 B8"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}]
"(Default)" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll"

The process LiveSupport.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\LiveSupport]
"Assistant" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"BtnCallPressed" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\LiveSupport]
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\LiveSupport]
"OS" = "102"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\LiveSupport]
"RunOnOSRun" = "1"
"QueryDate" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 8D 37 D6 9F FA E8 65 CC 30 CC CA 6C 88 C4 6A"

[HKCU\Software\LiveSupport]
"InstallDate" = "1403921101"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\LiveSupport]
"MachineGuid" = "db91fa06-04ba-44ec-b4ea-8a31ecbb83d2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport.exe:280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 BF 29 7F 78 85 0A 26 0A 63 03 98 52 9A 7E E7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"LiveSupport_setup.exe" = "LiveSupport Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process setup.exe:1032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB B4 F0 BA F1 8E 80 64 41 BB 63 75 12 AB 6A 8E"

The process OptProStart.exe:1632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 89 E4 67 19 2E 2C 7B E9 0E 40 B8 BF 30 4F BC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "20 12 E6 C5 46 6B E4 40"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Optimizer Pro]
"OptimizerPro.exe" = "Optimizer Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"OS" = "102"
"MachineGuid" = "A04EE837-219D-671E-F1D8-674DC92E24B4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process OptProStart.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE E4 CC 5F 9D 4B B0 54 8E B1 7C 66 A0 DE 1B 48"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "4B B0 11 C6 46 6B E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"OS" = "102"
"MachineGuid" = "6D14CE82-EE93-E58B-587A-75157C7D6FF9"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport_setup.exe:804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 FD 35 7F 76 D8 04 28 DC 71 BC 9E C2 51 B2 AB"

The process setup.tmp:972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Optimizer Pro]
"OptProStart.exe" = "Optimizer Pro Launcher"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: App Path" = "%Program Files%\Optimizer Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Optimizer Pro]
"cufValue" = "CUF=0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Optimizer Pro]
"culValue" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Icon Group" = "Optimizer Pro v3.2"

[HKCU\Software\Optimizer Pro]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"DisplayIcon" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"
"Inno Setup: Language" = "en"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"DisplayName" = "Optimizer Pro v3.2"

"NoModify" = "1"
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Deselected Tasks" = ""

"InstallDate" = "20140628"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 60 BA FA 54 3F 63 0A 05 FF 81 8C FA 2D 75 C3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"QuietUninstallString" = "%Program Files%\Optimizer Pro\unins000.exe /SILENT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"UninstallString" = "%Program Files%\Optimizer Pro\unins000.exe"
"InstallLocation" = "%Program Files%\Optimizer Pro\"
"Inno Setup: User" = "%CurrentUserName%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\is-JVSMB.tmp]
"LiveSupport.exe" = "LiveSupport Installer"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 69 C5 9F FF E2 3E 65 7A 87 3C 87 C4 B9 EF 7B"

[HKCU\Software\Optimizer Pro]
"setupname" = "c:\%original file name%.exe"

Dropped PE files

MD5 File path
d2d6341a87cc3995abe80f505b6e112a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\LiveSupport_setup.exe
87217247d99dd350a595399fb11b349a c:\Program Files\LiveSupport\LiveSupport.exe
a6127535670da8d8d0d338faf81112ec c:\Program Files\LiveSupport\LiveSupport_deskband_x32.dll
69c715189c3106946c5dc13bb563450a c:\Program Files\LiveSupport\LiveSupport_deskband_x64.dll
7c1fbcbbe0d2998719bbd6b73783bca5 c:\Program Files\LiveSupport\unins000.exe
f862bbb3c4e757189005b3cf06b28517 c:\Program Files\Optimizer Pro\OptProGuard.exe
4c3826209877b0abb436bf0fd6612fa2 c:\Program Files\Optimizer Pro\OptProHelper.dll
c3580267361a3c78842140e3d0bc9c50 c:\Program Files\Optimizer Pro\OptProLauncher.exe
76a87fc9219f5a5336b4142c93d04641 c:\Program Files\Optimizer Pro\OptProReminder.exe
c2ae62afb3a9b59e23b99cce562fdf5e c:\Program Files\Optimizer Pro\OptProSchedule.exe
b9c31a86f030a037d7462cfc9f42fcda c:\Program Files\Optimizer Pro\OptProSmartScan.exe
2e81f64f937da2aa594ba853fe22826a c:\Program Files\Optimizer Pro\OptProStart.exe
ac5d35dbe60d73a4a71025a4fa8940f2 c:\Program Files\Optimizer Pro\OptProUninstaller.exe
30ecf6ce8fed5729af82e99382e85b2c c:\Program Files\Optimizer Pro\OptimizerPro.exe
d82a429efd885ca0f324dd92afb6b7b8 c:\Program Files\Optimizer Pro\itdownload.dll
0f66e8e2340569fb17e774dac2010e31 c:\Program Files\Optimizer Pro\sqlite3.dll
3dc6df9fcf968ebc9e4257c090eed6ed c:\Program Files\Optimizer Pro\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 246800 247296 4.47833 1e152431c482b1e7e0434b1c60153f55
.itext 253952 1904 2048 3.93744 5612fa13646121c358f511168bb2bbc9
.data 258048 4716 5120 2.2429 087b8987ea6450fcda8c70bfbb753fb4
.bss 266240 20468 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 286720 4370 4608 3.2756 976c04e423fdb1ece3535a0ea8df0f95
.tls 294912 16 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 299008 24 512 0.143426 ffa7940a1bd1ad7dc3c8cb63de69c239
.reloc 303104 23344 23552 4.5999 5ae20c70d40ee62ab9a222168055ae52
.rsrc 327680 5013504 5013504 5.53762 6943e9c9164e98c39fd32c10300a5b0c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://dl.softservers.net/171000530/LiveSupport.exe 198.20.70.67


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET DROP Dshield Block Listed Source group 1
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /171000530/LiveSupport.exe HTTP/1.0
Host: dl.softservers.net
User-Agent: InnoTools_Downloader


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 28 Jun 2014 02:04:40 GMT
Content-Type: application/octet-stream
Last-Modified: Tue, 18 Mar 2014 15:25:14 GMT
Connection: close
content-length: 1503528
ETag: "5328655a-16d478"
Content-Disposition: attachment; filename=LiveSupport.exe
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...................
..............3.......................2.....................Rich......
......................PE..L....((S.................(...........g......
.@....@.......................... ......(.....@.......................
..............P.......p...............(...............................
.............q..@[email protected]....'
.......(.................. ..`[email protected]...,..............@..@
[email protected].....................
......@[email protected]...'.......([email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U.........l.A.3..E.V.u.W.}
.h..........j.P..;...........Qj.j.j(j...8AA.....j.........#.PWVh.AA.j.
..<AA.3... ..._^...M.3...;....].U...U....@$R.U.R.U.R..]............
AA..:C.......U..V.....AA..$C...E..t.V..:.......^]............U..QV..j.
.M..:[email protected]..^..].......U..QVW..j..M...0...G...t....s.H
.G..w........M.#...0.._..^..].......AA...........U..QW.9..t;j..M.../..
.G...t....s.H.G.V.w......M...../..#.t.....j.....^_..].................
.....................U...E....u..y..r....E..U....]....y..r....M.P.
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

OptimizerPro.exe_1500:

.idata
.rdata
P.reloc
P.text
.adata
.data
.reloc1
B.pdata
.rsrc
kernel32.dll
Windows
HKEY
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
Uh.jA
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
comctl32.dll
USER32.DLL
uxtheme.dll
PasswordCharX
OnKeyDownLwD
OnKeyPress
OnKeyUp$vD
ssHorizontal
OnKeyUp
Proportional
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
UhÞ
imm32.dll
OnExecute
AutoHotkeysx
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreviewl
WindowState
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
%s, ClassID: %s
ole32.dll
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas
Uh.aG
!"#$%&*;<=>@[]^_`{|}
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
MAPI32.DLL
vsReport
OnKeyUpxzD
TComboBoxExEnumerator
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
SrClient.dll
1111111111
English.ini
French.ini
German.ini
Spanish.ini
Italian.ini
Portuguese.ini
Danish.ini
Dutch.ini
Swedish.ini
Polish.ini
Russian.ini
Brazilian.ini
Finnish.ini
Norwegian.ini
Turkish.ini
Czech.ini
Japanese.ini
Chinese.ini
Arabic.ini
\$RECYCLE.BIN\
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Mozilla\Firefox\
profiles.ini
\cookies.sqlite
\formhistory.sqlite
Google\Chrome\User Data\Default\Cache\
Content.IE5\
regedit.exe
%SYSTEMROOT%\
%Program Files%\
%Program Files% (x86)\
%COMMONPROGRAMFILES%\
%Program Files%\Common Files\
%COMMONPROGRAMFILES(X86)%\
%Program Files% (x86)\Common Files\
%COMMONPROGRAMW6432%\
%USERPROFILE%\
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
\tmp.reg" "
\tmp.reg
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
%s, %.2d %s %.4d %s %s
%s, %d %s %d %s %s
password
Password
IdHTTPHeaderInfo
ProxyPasswordT
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
ftpTransfer
ftpReady
ftpAborted
ClientPortMinT
ClientPortMax
PortT
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
saUsernamePassword
PasswordT
Port
0.0.0.1
TIdTCPConnection
TIdTCPConnectionx
IdTCPConnection
EIdTCPConnectionError
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFiled
CertFiled
KeyFilep
OnGetPassword
EIdOSSLLoadingRootCertError<
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
TIdTCPClient
IdTCPClient
BoundPort
PortU
CommentURL
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
TIdHTTPOnHeadersAvailable
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPProtocol
TIdCustomHTTP
TIdHTTP
HTTPOptions
Port @K
EIdHTTPProtocolException
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
WNNC_NET_FTP_NFS
olepro32.dll
shell32.dll
\\.\vwin32
shlwapi.dll
Mpr.dll
D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas
To show a Context Menu using TNamespace you must pass a valid Owner TWinControl
THKeyArray
Uh%xL
TCommonShellExecuteThreadU
D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas
TCommonKeyState
cksShift
TCommonKeyStates
D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas
user32.dll
gdi32.dll
advapi32.dll
Userenv.dll
ShellExecuteExW
ShellExecuteW
GetWindowsDirectoryW
RegOpenKeyW
RegOpenKeyExW
SHFileOperationW
D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas
TEasyAccessibleManager.Create not a TCustomEasyListview type
TEasyGroupAccessibleManager.Create not a TEasyGroup type
TEasyItemAccessibleManager.Create not a TEasyItem type
TEasyColumnAccessibleManager.Create not a TEasyColumn type
TEasyHeaderAccessibleManager.Create not a TEasyHeader type
elsReport
elsReportThumb
TAutoGroupGetKeyEvent
TColumnGetImageIndexEvent
TColumnSetImageIndexEvent
KeyState
KeyStates
TGroupGetImageIndexEvent
TGroupSetImageIndexEvent
HintWindowShown
TItemGetGroupKeyEvent
GroupKey
TItemGetImageIndexEvent
TItemSetGroupKeyEvent
TItemSetImageIndexEvent
MouseMsg
TEasyKeyActionEvent
EscapeKeyPressed
TEasyViewReportItemp
TEasyViewReportItem
TEasyViewReportThumbItem
TEasyGridReportGroup
TEasyGridReportThumbGroup
TEasyCellSizeReport
TEasyCellSizeReportd
TEasyCellSizeReportThumb
ReportThumbl
Report
AlwaysShow
OnAutoGroupGetKey
OnItemGetGroupKey
OnItemSetGroupKey0
OnKeyAction
D:\SmartPC\Components\EasyListview\Source\EasyListview.pas
FTPf
Can not find TEasyGroups.AdjacentItem of an Invisible Item
EasyListview.Header
TChangesShortForm
TChangesShortForm|
An updated version of %s is now available
FormKeyDown
http\shell\open\command
\chrome.exe
\Internet Explorer\iexplore.exe
http://softupdates.smartpcupdate.com/data/update-versions-%s.txt
SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Optimizer Pro
&user_major_version=%s&upgrade_id=%s&user_version=%s
http://softupdates.smartpcupdate.com/scripts/get_link_%s.php?license_key=%s&purchase_date=%s
You are already using the latest version of %s
OnActionExecute
windows-1251
sqlite3.dll
sqlite3_bind_parameter_count
sqlite3_bind_parameter_name
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_name
sqlite3_column_name16
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_data_count
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_get_table
sqlite3_free_table
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_reset
sqlite3_step
sqlite3_total_changes
sqlite3_libversion
Yahoo.Messenger\CLSID
Yahoo.Messenger.1\CLSID
Software\Microsoft\Windows Live\Messenger
Software\Microsoft\MSNMessenger\PerPassportSettings
imApp.im.loggingLogPath
TMonochromeLookup
3333333
Uh.TV
The Windows registry stores settings and options for Microsoft Windows. Over time, the registry becomes cluttered with invalid and obsolete data.
\UserExceptionR.txt
Free up disk space and protect your privacy by removing web pages, images, videos and audio files saved by your browser as you surf the Internet.
Free up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited.
\UserExceptionF.txt
Registry keys
RegistryKeys
\ProgramExceptionR.txt
\ProgramExceptionF.txt
IdHTTP1
HTTP1Work
Thank you for purchasing %s Pro!
We are now replacing your current version of %s with %s Pro which includes these additional features:
ProVersionUrl
http://
pcsmpro.exe
service.smartpcupdate.com
http://service.smartpcupdate.com/rpc/sendspmpurchase
http://service.smartpcupdate.com/rpc/sendpurchase
&key=
http://service.smartpcupdate.com/rpc/sendspminstall
http://service.smartpcupdate.com/rpc/sendspmuninstall
http://service.smartpcupdate.com/rpc/sendinstall
http://service.smartpcupdate.com/rpc/senduninstall
callbanner.png
BannerURL
Do you have a License Key?
If you purchased Optimizer Pro a license key will have been emailed to you. Please enter the license key below and click Activate Now.
License key
Do you need a License Key?
To purchase Optimizer Pro and obtain a license key click
Licensing key has reached its usage limit!
UserKey
HomePageURL
SupportURL
BuyNowURL
AdsBuyNowURL
AdsDownloadURL
Support
Specify registry key
SpecifyKey
KeyExample
Key not found in the registry!
KeyNotFound
Offers direct access to key features
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
\OptProLauncher.exe
\OptProGuard.exe
\OptProReminder.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
s_Exec
\OptProSchedule.exe
\OptProSmartScan.exe
Example: twitter.com
\CookiesException.txt
PSAPI.dll
The startup menu contains programs that are automatically started by Windows every time you start your PC. As more and more programs insert themselves in your startup menu your PCs valuable resources are drained causing it to operate more slowly.
\StartupList.txt
*.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
\*.lnk
http://www.google.com/search?hl=en&q=
hkey
d1.smartpcupdate.com
http://d1.smartpcupdate.com/startup/set_deleted.php?names=
Optimization Report
CleanEmptyKeys
ScanCustomRegKeys
ScanWindowsLogs
http://www.pcutilitiespro.com
http://www.pcutilitiespro.com/support
UninstallURL
Remove invalid and unnecessary items to optimize your Windows registry.
Search histories, cookies, recently viewed web pages, videos, photos, music and more.
Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.
Optimization report
Windows tracking of user actions
Send error reports to Microsoft
Ask password after quitting standby mode
Automatic login to system w/o password entry
Use autofill for URLs
Autofill of login names and passwords in forms
Request for password save
If there are certain registry keys, files or cookies that you do not want to have included in the PC Speed Maximizer scan you can use this feature to create an exclusion list.
\OptimizerPro.reg
\OptimizerPro.chm
\driverpro.exe
Driver Pro\DriverPro.exe
IEXPLORE.EXE
FIREFOX.EXE
CHROME.EXE
SKYPE.EXE
\PendingExceptionR.txt
\PendingExceptionF.txt
\Scan.gif
SOFTWARE\Microsoft\Windows\Help
SOFTWARE\Microsoft\Windows\HTML Help
SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\
SOFTWARE\Microsoft\Internet Explorer\TypedURLs\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\
\places.sqlite
visited Web pages and cookies available for removal
\OptimizerPro.reg"
Cleaning visited webpages...
macromedia.com\support\flashplayer\sys\
Visited Web pages removed
System32\reg.exe
File Windows\System32\reg.exe not found!
\HKCR.reg
\HKCU.reg
\HKLM.reg
\HKU.reg
EXPORT HKCR "
\HKCR.reg"
EXPORT HKCU "
\HKCU.reg"
EXPORT HKLM "
\HKLM.reg"
EXPORT HKU "
\HKU.reg"
\*.reg
IMPORT "
dfrg.msc
DFRGUI.EXE
dfrgui.exe
DATA.BAK
CUSTOM.BAK
OPA11.BAK
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
DoReport
SOFTWARE\Microsoft\PCHealth\ErrorReporting
PromptPasswordOnResume
SOFTWARE\Policies\Microsoft\Windows\System\Power
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
FormSuggest Passwords
\*.log
OptimizerPro.reg
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
=HKEY_LOCAL_MACHINE#
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#
=HKEY_CLASSES_ROOT#
[-HKEY_CLASSES_ROOT\Applications\
Empty key
EmptyKey
[-HKEY_CLASSES_ROOT\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
=HKEY_CURRENT_USER#
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
HKEY_CLASSES_ROOT\
[-HKEY_CLASSES_ROOT\CLSID\
[HKEY_CLASSES_ROOT\CLSID\
HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
HKEY_CLASSES_ROOT\Interface\
[-HKEY_CLASSES_ROOT\Interface\
HKEY_CLASSES_ROOT\Typelib\
[-HKEY_CLASSES_ROOT\Typelib\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
: HKEY_CURRENT_USER\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
: HKEY_LOCAL_MACHINE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders#
[HKEY_LOCAL_MACHINE\
AppEvents\Schemes\Apps\.Default
AppEvents\Schemes\Apps\.Default\
\.Current
\.Default
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\
\.Current]
\.Default]
HKEY_CURRENT_USER\
[HKEY_CURRENT_USER\
=HKEY_CURRENT_USER#SOFTWARE\
HKEY_CURRENT_USER\SOFTWARE\
[-HKEY_CURRENT_USER\SOFTWARE\
=HKEY_LOCAL_MACHINE#SOFTWARE\
HKEY_LOCAL_MACHINE\SOFTWARE\
[-HKEY_LOCAL_MACHINE\SOFTWARE\
=HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\
HKEY_USERS\...\SOFTWARE\
[-HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\
=HKEY_USERS#
HKEY_USERS\
[HKEY_USERS\
*.txt
LOGIN
.EXE.DLL.SYS.CAB.MSI.DAT.INF.TLB.BIN.OCX.INI.XML.LOG
*.lo?
INDEX.DAT
\OptimizerPro.exe
http://www.pcutilitiespro.com/eula.php
http://www.pcutilitiespro.com/privacy.php
OptProStart.exe
1.1.2
?456789:;<=
!"#$%&'()* ,-./0123
%Program Files%\Windows Media Player\wmplayer.exe
wmplayer.exe
version.dll
wininet.dll
comdlg32.dll
shfolder.dll
oleacc.dll
winmm.dll
Shell32.dll
6#6,686?6
7!7,74797_7~7
< <$<(<6<
4"414;4@4
6l6o6
78
5%6)6-646
8$9(90949
:-;5;9;@;
=,>0>4>8>
8Œ8i8q8
2/2j2
5-686}6H7
9(:5:^:}:
1 1$1(1,1014181<1`1
3 3$3(3,3034383\3|3
>&?*?.?4?{?
= =$=(=,=0=
5#5'5 5/53575;5?5
2 2$2(2,20242
2!2%2)202
6'7 7/73787
0 1,10141
8,9094989
;!;%;,;~;
3044484@4
4#5'5 5/545
5&6*6.62686
9/:3:7:<:
2 3$3(3,303
8 9$9(9,909
>$?(?0?4?8?
> >$>(>,>0>>>
<7<;
7Œ8
:);-<3=7>
1 1$1(1,10141:1
4$41494|7
5 5$5(5,5054585<5@5\5|5
: ;=<`<|<
= >$>(>,>0>4>8>
4#4'4 4/434
2#272;2?2
?"?&?*?.?2?6?
< <$<(<,<0<4<8<<<
< <$<(<,<0<
77
9 9$9(9,90949:9
7 7}7I7a8
2%2,212@2`2
? ?%?1?8?=?
0 0080=0
8 8'8,8`8
9$90979<9
1'2-222?2
4L4J4O4_4
=$=0=7=<=
5 5%5U5a5{5
1(1,10141
FTPQ
aSSSh
.VVVVVSRSSj
FTPjK
FtPj;
C.PjRV
zcÁ
1.2.3
EXCEPTION_FLT_INVALID_OPERATION
EXCEPTION_FLT_DENORMAL_OPERAND
Required USB Key not found
Failed to execute target process
Cannot find import; DLL may be missing, corrupt, or wrong version
File "%s", function "%s"
File "%s", ordinal %d
File "%s", error %d
(Error code %d)
%X:DAF
(Location XEB, error code %d)
_PAD%d
RNX
%X::DAX
KERNEL32.DLL
Error: Access violation at 0xX (tried to %s 0xX), program terminated.
SetProcessShutdownParameters
COMCTL32.DLL
Kernel32.dll
ComDlg32.dll
.DbgLog
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
mscoree.dll
.mixcrt
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
portuguese-brazilian
operator
GetProcessWindowStation
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
YqM1%X
%Program Files%\Optimizer Pro\OptimizerPro-2.DbgLog
%Program Files%\Optimizer Pro\OptimizerPro.exe
KERNEL32.dll
EnumWindows
CreateDialogIndirectParamA
GetAsyncKeyState
EnumThreadWindows
USER32.dll
GDI32.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
899?9]9}9
11\1
283>3\3}3
293?3]3}3
;9
<'=1=7=<=
>&>.>7>~>
=!='=/=9=
3$4(4,40444
? ?$?8?
4 4$4(4,404
7 7$7(7,707
.Eb>ZR
*3%U2
dJ.vl
%UI6K*
Y{.eo
j.jD}
.UV8Y
BM.hUv
E.Zf:
p.uRzP
T%uX@i
2.iP8
e.RZ7,
"w%fJX
.nJPwf
.ZHZ[
^D.QO
#L.iI
.fPJa)K
#%sq2
c.Yz7
b%8s*b*
:}c.MM
L.yqH
.ZP|%H
.YryIq
s%sYe
=&@4|8~&
sLÌ
.NANb
^%F;p
k.O.%x
4%0U7kX3n
\j.th
8y.mG{
;96"*.*
O.bw'
%S!2e
.ZlOw
{2/|>|9|#
%C!{&
ZT%cIf
`%U{}
`LK%cT
%FuH!<
Lg&%d`6
9|=>>}['
F5D.Nv
,yBX%u
.XJ9'
H F.avr
.gca~>>Z
4V.mF~
CH.Ha
.lk]`,y
m\%XyM7
E%ut;g
9;.jvw
{G%xV;
.Xy: RD81
L%sjT
W.VRnZ
6.jM?!
$yK%f
Lb.cq
.Cspw
o>%U:l30
,e>.juC>
'.iKj
.Agl
.jOU7
/.gDM
).QDr"
/h^c%F
Wjs-c.eQ
!.KB 
qK.bW
.kQ-6
weBV
62^.;6;"
0QM%U
h$%s$.
.nTf:
vz.mpk
%sp,`
r%d~r?
y.KnRq
je\SSH
%Uj4r
M"F
z>.RW
%n-PZ}
YW.%U
.AFP>
.Ns094R
.jt:x
Y.Ivn
9AL.Gf
7.Tjq~
]-B}n
{f.RAQ
f:\YQ
.&%7X
=.GzB
8K2.hZ
.pYT2S
TF-N}
.Bxo6d
Z>.UH
|%FZ;
%FK=y
.PZ,p
x.Loc
%XD|{?|
|d1>%d
.vq)/
.^034/-`
.pq|
B.CM"9(
.CD2aWp
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
33333333330
3333338
3333333330
3333833330
3333330
333333330
3333333333
338333?330
33383?3330
3833830
!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'
!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'
KWindows
UrlMon
TntWindows
0IdHTTPHeaderInfo
 IdTCPServer
IdTCPStream
UrlHistory
wlibsqlite3
1-0$ "$ "$ "$ "$ "
3/1%!#%!#%!#%!#%!#
402&"%&"%&"%&"@3
($&($&($&($&524
($&($&($&($&($&
635)%')%')%')%'
_\])%')%')%')%'_\]
*&(*&(*&(*&(*&(
,(*,(*,(*,(*957
`]^-),-),-),-),
?<>.*-.*-.*-.*-
.*-.*-.*-.*-
0,.0,.0,.0,.
1.01.01.01.0
}~1.01.01.01.0
2/12/12/12/1
402402402402
-*,524524524-*,
524524524524
.*,624624624.*,
624624624624
. -735735735. -
735735735735
856856856856
967967967967
:68:68:68:68
;79;79;79;79
<9:<9:<9:<9:
=:;=:;=:;=:;
>:<>:<>:<>:<
?<=?<=?<=?<=
@=>@=>@=>@=>
kij*'*1.01.0e]S
/ .usu
=9;=9;=9;
=9;=9;=9;=9;
857MJKLIJKHIKHIumatl`tl`sk^sj]rj\qi[qhZpgYofWofWneUndUlcSlbRlbQk`Pj`Ni_Mh^Lh]Kg\Jf\Hf[GeZEeYDcXCcXBcV@aU?aU>`T<`S;_R9_R8^Q7]P6]O4\N2\N0ZM.ZM-YK*YK)XJ'WI&WH$VH"VG UF
MJMMJKLIJKHIKHIJGHJGHIFGHEFHEFGDEFCDFCDDABDABC@AB?@B?@@=>?<=?<=>:<=:;<9:;89;799689688567457355245244023/12/11.01.00,.0,.. --*,-),,( ,(**')*'))%'(%''$&'#&&"%&"$%!#$ ##
636LIJKHIKHIJGHJGHIFGHEFHEFGDEFCDFCDDABDABC@AB?@B?@@=>?<=?<=>:<=:;<9:;89;799689688567457355245244023/12/11.01.00,.0,.. --*,-),,( ,(**')*'))%'(%''$&'#&&"%&"$%!#$ ##
MKM413=:<=:<<9;<9;;8:;8:;89:799688578578567466355245235234033022/12.02.00-00-//,./ -. --*--*,,)  (* (**'**'))&()%((%''$''#'&#%&#%%"$%"$$ ## "# ""
'$&($&($&($&($&($&($'(%'(%'(%'
;;;***:::;;;~~~
.dv/j~
ChangesShortForm
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Picture.Data
;A new version of %s (version %s) is available for download.
OnKeyDown
>I=GWMSg]Sg]Sg]M_U=I=21
OP.kO
All windows
.Autofill of login names and passwords in forms
Windows tracking of user actions
(Ask password after quitting standby mode
,Automatic login to system w/o password entry
IconOptions.Arrangement
Windows .....
%Scan selected areas for privacy risks
USearch histories, cookies, recently viewed web pages, videos, photos, music and more.
93.f\Lf\Le[Ke[Je[JeZHeZGeYGeYFeYEeYDeYCdXBdXAdW@dW?dW>dV>dV=dV;dV:dU9dU8cT6cT5cT4cT3cS1cS1cR/cR.bR-bQ,bQ)bQ(bQ&bP#bP"bP bO
,--)**)**)**989{
[\^* /-.1-.1-.1*,/
//3;;=>=?>=?>=?77:$%)
"#'-.1-.1-.1-.1
}|{}|{}|{}|{
Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.
#%"&%#&%"&%"&&#&&#&%#&%#'&#&&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&$'&$'&#'&#''$''$'&$'&$'&$'&$'&#'&$'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#&&#&%#'&#&&#&%"&%"&%"&#!$`_`
<50^UG]SF\RE\RD\RC\RB\QA\Q@\Q?\Q?\Q>[P=[P<[O;[O:[O9[N8[N7[N6[M5[M3ZM2ZM1ZL0ZL/ZK.ZK-ZK ZK*ZJ)ZJ'YJ%YI#YI!YI
FDFDACGDEFCEEBDEBDEBCDACB?AB?AB?@A>@?:==:<<9;<9;;8;;8::689688588576356355255244033022/22.11.01-/0-/0,./,.,),MJL
G. '%X
* * * * * ) * * *
".#$,##.$#)
72-93.82.82-82-82,81,81 81 81*81 81*81*81)81)81(80(80&70'70&70&70%8/$8/$8/"8/#8/"8."8.!8. 8. 8.
3/ ,(#'#
62.'$ ;94
}30,62.63.52.62.63.41,41,861:7286041,51-63.63.63.2/ YVT
B@=DCA?=:;85;8552.URN
30  (#-*% '!
#1.)2/*2/*/,(1.)2.)0-(1.)1.)1.)1.)1-). &*&! '"0-(2/*($
ebdB?ANJKECFIFGPMLOKJNJINJIKHGLHFKGEIEDHDCHDCFBAEA@EA?D?>B?;@<:?;:>:9=97=87;76;6494384273171061.51.3/-3-,2-*1,)0,)/*'.*&-)%-(%,'# &!)$!(#
KIL@>@DABB?BA>@@=@?;>=:<<8;:8;9798696476466465253032/21.10.1/-0. ..*.,)-,(,*&*)&*(%)($('#'&#'$!%$
92*1 #&!
D@B;8:;8<:7:97:86:7585364264253141/20.1/,1-,/,*.*).(','&*'%*%$)$"'" &! %
Lines.Strings
3visited Web pages and cookies available for removal
GRemove invalid and unnecessary items to optimize your Windows registry.
$'$')&))%)(%)(%))&))&))&))&))&))&))&))&))&))&))&)*&**&**&*)&*)'))')*&)*&)*'**')*')*'))')*')*&))&))&))&))%))%()%()&()&()%()%()%()%()%((%')%')%((%')%("
t.Uza
l3!m<,nA1rH1rH1rH1rH.pE$m=
5yv.zw/
7yv.zw/
I.uB`
O.xCj
w/.hA
m(Éu
f.DrT
0-.JJHPPJ()
!6%xytqph=:;-  
,  4220--
:::"""644/--
,,,:::333
_^]211###...ggg
=3!735746;3$?2
c`a0,.WSU
%!#0,.^[]
 '). ,`]^
]Z\.*,/,./ ./,.sqs
'#%'#%'$&
'#%'#%'#&%!#
If there are certain registry keys or files that you do not want to have included in the Optimizer Pro scan you can use this feature to create an exclusion list.
Log files|*.log|All files|*.*
*.tmp
*.bak
*.old
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.ContentRangeEnd
Request.ContentRangeStart
Request.ContentType
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
The Windows registry stores settings and options for Microsoft Windows. Overtime, the registry becomes cluttered with invalid and obsolete data.
EditManager.Font.Charset
EditManager.Font.Color
EditManager.Font.Height
EditManager.Font.Name
EditManager.Font.Style
GroupFont.Charset
GroupFont.Color
GroupFont.Height
GroupFont.Name
GroupFont.Style
Header.Columns.Items
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
Header.Height
)PaintInfoGroup.MarginBottom.CaptionIndent
Selection.FullItemPaint
oFree up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited
%http://www.pcutilitiespro.com/support
Support:
)))222666===
"""***333000
$$$"""^^^
ÝgKKPcL
!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'
!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'
9To purchase Optimizer Pro and obtain a license key click
YCheck the email you received after you purchased the product for the correct license key.
&Your license key will look like this:
Thank you for purchasing PC %s!
eWe are now replacing your current version of %s with %s Pro which includes these additional features:
Items.Strings
All files|*.*
&* Offers direct access to key features
pchelpsoft.com
;8;5366385273051/2/-1- / ).*&,'%,&$)%"(#
)*,$$'$$'$$'##& )*1Ro.Ux(-4$$&(.58h
9:=%&) ,/* / ,/'(  #
$$(77:==?<<><<>>=?679!!%
sstnnpddf?>AIILTTW  /**.nnpggj##(-.1UUXFEHEEHhhj_^_{
}{}~}}|{||||
}}}~}}~}|}||}|{}{{~}{
/ ).)(.)'.)&.(%.)%0*&0*&0*%0*$0*#0)".'
1 (623.'
.Sa=RN
name="OptimizerPro.exe"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
Unspecified error (%d) from %s.
miranda32.exe
PIDLs to operate on are not siblings of the Namespace doing the operation.
Unable to find RegSvr32.exe executable.
RegSvr32.exe
*.dat
\msnmsgr.exe
\msgslang.dll
\msgslang.
Software\Microsoft\MSNMessenger\PerPassportSettings\
*.xml
*.html
\settings.xml
\config.xml
\main.db
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]
"DoReport"=dword:00000001
"DoReport"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Power]
"PromptPasswordOnResume"=dword:00000001
"PromptPasswordOnResume"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
"FormSuggest Passwords"="YES"
"FormSuggest Passwords"="NO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
les\Optimizer Pro\OptimizerPro.exe
TCHANGESSHORTFORM
PLicense information for %s not found. You cannot use this control in design mode
Bogus JPEG tables field.%Fractional JPEG scanline unsupported.
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalid
9Cannot load image. Invalid or unexpected %s image format. Invalid color format in %s file.
Stream read error in %s file.1Cannot load image. %s not supported for %s files..Cannot load image. CRC error found in %s file.6Cannot load image. Compression error found in %s file.:Cannot load image. Extra compressed data found in %s file.1Cannot load image. Palette in %s file is invalid.>Cannot load PNG image. Unexpected but critical chunk detected.
The compression scheme isJConversion between indexed and non-indexed pixel formats is not supported.8Color conversion failed. Could not find a proper method.AColor depth is invalid. Bits per sample must be 1, 2, 4, 8 or 16.ESample count per pixel does not correspond to the given color scheme.5Subsampling value is invalid. Allowed are 1, 2 and 4.CVertical subsampling value must be <= horizontal subsampling value.
Portable map images
Portable pixel map images
Portable gray map images
Portable bitmap images
Portable network graphic images
"Run length encoded Windows bitmaps"Device independant Windows bitmaps
Windows icons
Windows metafiles
Windows enhanced meta files
Attempt to register %s twice.
Windows bitmaps
JPEG error #%d
Unsupported PixelFormat
Invalid stream operation
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
"%s"8
Unsupported GIF version
"%s".
"%s".%
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
Chunk StartedDThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
%s is not a valid IP address.
;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
Max line length exceeded.*Error on call Winsock2 library function %s
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range
No help keyword specified.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Value must be between %d and %d
Unable to insert a line Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
?#''%s'' is not a valid date and time
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
I/O error %d
3.2.0.0

OptimizerPro.exe_1500_rwx_02441000_000B9000:




%f
aSSSh
.VVVVVSRSSj
FTPjK
FtPj;
C.PjRV
tGHt.Ht&

LiveSupport.exe_216:




.text
`.rdata
@.data
.rsrc
@.reloc
8%u:j
xSSSh
FTPjKS
FtPj;S
C.PjRV
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
RPCRT4.dll
InternetOpenUrlW
HttpQueryInfoW
WININET.dll
GdiplusShutdown
gdiplus.dll
SHLWAPI.dll
VERSION.dll
GetProcessHeap
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegFlushKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
ShellExecuteExW
SHELL32.dll
OLEAUT32.dll
COMCTL32.dll
GDI32.dll
GetCPInfo
.?AV?$CFlagStateDlg@VCSupportContainerDlg@@@@
.?AV?$CDialogImpl@VCSupportContainerDlg@@VCWindow@ATL@@@ATL@@
.?AVCCmdLineOptions@@
.?AVCHttpHelper@@
.?AVCSupportContainerDlg@@
.?AVIHttpObserver@@
zcÁ
%c:^"
`%c:*
a).Wc@
50!`A.egu
%SDDB
A.eu~
.Ny_>`_
vF%D@D
.bm' O
L:.KeBf
.Hj(^
-.uwl
f%s$o
V.LGm
.Dt!n\
 K.eOpmd
RI.lvy
.ZKl/ Z,
\iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
" id="W5M0MpCehiHzreSzNTczkc9d"?>        >
6f6C6T6b6s6
: :$:(:,:0:4:8:
4 4$4(4,404|:
:(:4:<:\:
2 2<2@2`2
3 3@3\3`3
(0@0`0|0
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
cmdonly
LiveSupport_MainDlg
LiveSupport
Software\Microsoft\Windows\CurrentVersion\Run
unins000.exe
_log.txt
AdsLicenseKey
AdsRunKey
CallbannerUrl
Cmd params:
24x7 Tech Support
Live Support
UrlTerms
UrlPrivacy
UrlAbout
UrlFAQ
Uninstall LiveSupport
New update package is available for LiveSupport.
Support
AdsDownloadUrl
http://www.pcutilitiespro.com/terms-and-conditions.aspx
http://www.pcutilitiespro.com/privacy.aspx
http://www.pcutilitiespro.com/livesupport.aspx
http://www.pcutilitiespro.com/faq.aspx
SoftUpdateUrl
http://updates.livesupport.pcutilitiespro.com
Software\LiveSupport
Display icon on all windows
@_update.exe
/LiveSupport_setup_%ver%.exe
Call us now for instant Technical Support and Assistance for PC issues such as network, printer, software installation and much more
Certified Trained Technicians
LiveSupport-
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
nKERNEL32.DLL
WUSER32.DLL
%Program Files%\LiveSupport\LiveSupport.exe
"GENERAL_CALL","24x7 Tech Support",
"MDLG_MAIN_PAGE","< Support","< Startseite"
"MDLG_TSKBAR_TOOLTIP","Click here for instant access to technical support from the %APP_BRAND%","Klicken Sie hier f
r sofortigen Zugriff auf technischen Support von der %APP_BRAND%"
"SPDLG_TITLE_2","Support","-Support"
"SPDLG_TITLE_3","Your Certified PC Expert","Certified geschulte Techniker"
r den sofortigen technischen Support und Unterst
"SPDLG_TABTITLE","Support","Support"
"SCDLG_NETERROR","Error occurred while downloading %UPSELL_BRAND%. ","Internet Fehler beim Herunterladen% UPSELL_BRAND%."
"FDLG_LINK_UNINSTALL","Uninstall LiveSupport","Deinstallieren Live Support"
Uninstall LiveSupport
1234567
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1.2.8.0
LiveSupport.exe


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    OptimizerPro.exe:1992
    LiveSupport_setup.tmp:304
    regsvr32.exe:1472
    regsvr32.exe:264
    LiveSupport.exe:216
    LiveSupport.exe:280
    setup.exe:1032
    OptProStart.exe:1632
    OptProStart.exe:1236
    LiveSupport_setup.exe:804
    setup.tmp:972
    %original file name%.exe:396

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
    %Program Files%\LiveSupport\unins000.msg (646 bytes)
    %Program Files%\LiveSupport\unins000.dat (8096 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
    %Program Files%\LiveSupport\is-EK1RK.tmp (1281 bytes)
    %Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
    %Program Files%\LiveSupport\is-OEPDU.tmp (34256 bytes)
    %Program Files%\LiveSupport\is-00EFG.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Program Files%\LiveSupport\is-B6B0A.tmp (7385 bytes)
    %Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (619 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (7386 bytes)
    %Program Files%\Optimizer Pro\is-STU2U.tmp (2321 bytes)
    %Program Files%\Optimizer Pro\is-84RF6.tmp (7345 bytes)
    %Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (737 bytes)
    %Program Files%\Optimizer Pro\is-4KFFK.tmp (4545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (11493 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Program Files%\Optimizer Pro\is-3NJUQ.tmp (898 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (1281 bytes)
    %Program Files%\Optimizer Pro\is-K6LQG.tmp (54 bytes)
    %Program Files%\Optimizer Pro\is-EAMK6.tmp (31891 bytes)
    %Program Files%\Optimizer Pro\is-G293J.tmp (185630 bytes)
    %Program Files%\Optimizer Pro\is-JCCJC.tmp (7433 bytes)
    %Program Files%\Optimizer Pro\is-0INCO.tmp (3073 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (729 bytes)
    %Program Files%\Optimizer Pro\is-75DBS.tmp (673 bytes)
    %Program Files%\Optimizer Pro\is-UCD9U.tmp (1425 bytes)
    %Program Files%\Optimizer Pro\unins000.dat (13793 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (749 bytes)
    %Program Files%\Optimizer Pro\is-70QFT.tmp (1281 bytes)
    %Program Files%\Optimizer Pro\is-M0S1B.tmp (712 bytes)
    %Program Files%\Optimizer Pro\is-PQJ3U.tmp (601 bytes)
    %Program Files%\Optimizer Pro\is-U21JR.tmp (3073 bytes)
    %Program Files%\Optimizer Pro\is-HLFVD.tmp (22 bytes)
    %Program Files%\Optimizer Pro\unins000.msg (646 bytes)
    %Program Files%\Optimizer Pro\is-MCA0O.tmp (2321 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (777 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (729 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Program Files%\Optimizer Pro\is-3EAEB.tmp (48 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (749 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (673 bytes)
    %Program Files%\Optimizer Pro\is-5023A.tmp (7547 bytes)
    %Program Files%\Optimizer Pro\is-HTGLC.tmp (56 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (34007 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now