Trojan.Win32.Swrort.3_cfe722f0fd – Adaware

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: cfe722f0fd36bdd66e357797e1bf65ee

SHA1: 5e2f0215f72b82d173d0c0c133176544d4128087

SHA256: c8ca1c64ddfe3d6e81010a593379081a78911b34c0b4ce754bdcd8d44bd927f6

SSDeep: 98304:GWh1WtXg08vzQSGEAxX OTjExesS3ZmnRTwPqaFwOK:TWtXys26X OTjSex3Zmn1wP4

Size: 5304336 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: BorlandDelphiv60v70_v2, UPolyXv05_v6, BorlandDelphi30, BorlandDelphiv30, ACProtect141

Company: Premium Installer

Created at: 2014-04-30 10:42:58

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

OptimizerPro.exe:1992
LiveSupport_setup.tmp:304
regsvr32.exe:1472
regsvr32.exe:264
LiveSupport.exe:216
LiveSupport.exe:280
setup.exe:1032
OptProStart.exe:1632
OptProStart.exe:1236
LiveSupport_setup.exe:804
setup.tmp:972
%original file name%.exe:396

The Trojan injects its code into the following process(es):

OptimizerPro.exe:1500

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process LiveSupport_setup.tmp:304 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
%Program Files%\LiveSupport\unins000.msg (646 bytes)
%Program Files%\LiveSupport\unins000.dat (8096 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-EK1RK.tmp (1281 bytes)
%Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-OEPDU.tmp (34256 bytes)
%Program Files%\LiveSupport\is-00EFG.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\LiveSupport\is-B6B0A.tmp (7385 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup (0 bytes)

The process regsvr32.exe:264 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)

The process LiveSupport.exe:216 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (619 bytes)

The process LiveSupport.exe:280 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)

The process setup.exe:1032 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp (0 bytes)

The process LiveSupport_setup.exe:804 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (0 bytes)

The process setup.tmp:972 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\Optimizer Pro\is-STU2U.tmp (2321 bytes)
%Program Files%\Optimizer Pro\is-84RF6.tmp (7345 bytes)
%Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (737 bytes)
%Program Files%\Optimizer Pro\is-4KFFK.tmp (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (11493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Optimizer Pro\is-3NJUQ.tmp (898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (1281 bytes)
%Program Files%\Optimizer Pro\is-K6LQG.tmp (54 bytes)
%Program Files%\Optimizer Pro\is-EAMK6.tmp (31891 bytes)
%Program Files%\Optimizer Pro\is-G293J.tmp (185630 bytes)
%Program Files%\Optimizer Pro\is-JCCJC.tmp (7433 bytes)
%Program Files%\Optimizer Pro\is-0INCO.tmp (3073 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (729 bytes)
%Program Files%\Optimizer Pro\is-75DBS.tmp (673 bytes)
%Program Files%\Optimizer Pro\is-UCD9U.tmp (1425 bytes)
%Program Files%\Optimizer Pro\unins000.dat (13793 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (749 bytes)
%Program Files%\Optimizer Pro\is-70QFT.tmp (1281 bytes)
%Program Files%\Optimizer Pro\is-M0S1B.tmp (712 bytes)
%Program Files%\Optimizer Pro\is-PQJ3U.tmp (601 bytes)
%Program Files%\Optimizer Pro\is-U21JR.tmp (3073 bytes)
%Program Files%\Optimizer Pro\is-HLFVD.tmp (22 bytes)
%Program Files%\Optimizer Pro\unins000.msg (646 bytes)
%Program Files%\Optimizer Pro\is-MCA0O.tmp (2321 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (777 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Optimizer Pro\is-3EAEB.tmp (48 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (673 bytes)
%Program Files%\Optimizer Pro\is-5023A.tmp (7547 bytes)
%Program Files%\Optimizer Pro\is-HTGLC.tmp (56 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (0 bytes)

The process %original file name%.exe:396 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (34007 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (0 bytes)

Registry activity

The process OptimizerPro.exe:1500 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Optimizer Pro]
"SpeedGuard" = "0"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\Version]
"(Default)" = "3.0"

[HKCU\Software\Optimizer Pro]
"ShowRebootMessage" = "1"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\ProgID]
"(Default)" = "Msxml2.XSLTemplate"

[HKCU\Software\Optimizer Pro]
"Stat1a" = "185"
"UseExceptionList" = "1"
"s_Enable" = "0"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\TypeLib]
"(Default)" = "{F5078F18-C551-11D3-89B9-0000F81FE221}"

[HKCU\Software\Optimizer Pro]
"UndoDir" = "%Documents and Settings%\%current user%\Application Data\Optimizer Pro\Undo"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Optimizer Pro]
"AppStart" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Optimizer Pro]
"UpgradeID" = "BZDV_PCSM_ML_PCUP_OPTIMIZERPRO_RED"
"RunDate" = "63 7A E9 C8 46 6B E4 40"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InProcServer32]
"(Default)" = "%System%\msxml3.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Optimizer Pro]
"s_Time" = "7A E3 2E C6 46 6B E4 40"
"LOGDIR" = "%Documents and Settings%\%current user%\Application Data\Optimizer Pro\Log"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Optimizer Pro]
"Version" = "3.2"
"LastVersionChecking" = "7A E3 2E C6 46 6B E4 40"
"BuyNowURL" = ""

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\VersionIndependentProgID]
"(Default)" = "Msxml2.XSLTemplate"

[HKCU\Software\Optimizer Pro]
"ItemsCleaned" = "0"

[HKLM\SOFTWARE\Licenses]
"{I41F6CE2B13539129}" = "01 00 00 00"

[HKCU\Software\Optimizer Pro]
"ItemsToFix" = "185"
"Reminder" = "1"

[HKLM\SOFTWARE\Licenses]
"{041F6CE2B13539129}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 22 A5 44 A3"

[HKCU\Software\Optimizer Pro]
"LastScanFound" = "216"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
"(Default)" = "XSL Template"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 94 FD C6 6E 50 51 64 AC D5 8C 63 63 17 F8 39"

[HKLM\SOFTWARE\Licenses]
"{K7C0DB872A3F777C0}" = "DF 3A 2A E5 19 16 1F 05 48 6E 02 90 27 91 BF BE"

[HKCU\Software\Optimizer Pro]
"DisplayName" = "Optimizer Pro"
"s_SmartScan" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Optimizer Pro]
"ResidualFilesCleaned" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Optimizer Pro]
"LastScanChecked" = "1110010"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Optimizer Pro]
"ItemsToScan" = "1111111111"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Optimizer Pro]
"s_SmartMode" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"InstallStat" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Licenses]
"{R7C0DB872A3F777C0}" = "4A 8D 7D 4C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"ItemsToClean" = "31"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Optimizer Pro]
"ProblemsFixed" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKCR\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}]
"0"

The process OptimizerPro.exe:1992 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 84 DD 41 8F A4 74 A6 B0 2F B9 9D 31 AD CF C2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Licenses]
"{041F6CE2B13539129}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 22 A5 44 A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Licenses]
"{I41F6CE2B13539129}" = "03 00 00 00"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The process LiveSupport_setup.tmp:304 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Language" = "en"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"MajorVersion" = "1"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl1" = "http://dl.softservers.net/121000530/DriverPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayVersion" = "1.2.8.0"

[HKCU\Software\LiveSupport]
"SupportURL" = "http://support.pcutilitiespro.com"
"AdsLandingPageLink2" = "http://www.pcutilitiespro.com/optimizerpro.php"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"AdsLandingPageLink1" = "http://www.pcutilitiespro.com/driverpro.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\LiveSupport]
"AdsDescription1" = "Driver Updater"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"AdsDescription2" = "System Performance Optimizer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\LiveSupport]
"LiveSupport.exe" = "LiveSupport"

[HKCU\Software\LiveSupport]
"DelayedStart" = "10"
"homepageurl" = "http://www.pcutilitiespro.com/livesupport.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayName" = "LiveSupport"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"QuietUninstallString" = "%Program Files%\LiveSupport\unins000.exe /SILENT"
"Inno Setup: App Path" = "%Program Files%\LiveSupport"
"MinorVersion" = "2"

[HKCU\Software\LiveSupport]
"CallbannerUrl" = "http://ls.callbanner.pcutilitiespro.com/?sid=171000530"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\LiveSupport]
"Query" = "http://bi.softservers.net/t/ls?sid=171000530-UA-038&dt=%dt%&gid=%gid%&tz=%tz%&ln=%ln%&os=%os%&bis=%bis%&bipc=%bipc%&lc1=%lc1%&lc2=%lc2%&lc3=%lc3%&f=2182739400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayIcon" = "%Program Files%\LiveSupport\LiveSupport.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl2" = "http://dl.softservers.net/191000530/OptmizerPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\LiveSupport]
"PhoneNumber" = " 1-855-544-6024"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsCheckName2" = "Optimizer Pro"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 96 5B D1 8F 02 00 A1 2B 43 A9 27 A9 55 D4 A6"

[HKCU\Software\LiveSupport]
"UninstallURL" = "http://www.pcutilitiespro.com/uninstall-livesupport.php?sid=171000530-UA-038"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\LiveSupport]
"AdsCheckName1" = "Driver Pro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"InstallLocation" = "%Program Files%\LiveSupport\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"
"Inno Setup: Icon Group" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"UninstallString" = "%Program Files%\LiveSupport\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"
"Publisher" = "PC Utilities Software Limited"

[HKCU\Software\LiveSupport]
"AdsLicenseKey2" = "LicenseDate"
"AdsLicenseKey1" = "User"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoRepair" = "1"
"InstallDate" = "20140628"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process regsvr32.exe:1472 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 3A 44 36 75 1E 5D A7 B1 7E 99 A4 D3 DF 76 C8"

The process regsvr32.exe:264 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 C3 F9 42 36 1E 5F 7C 87 E8 06 60 31 E7 B1 B8"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}]
"(Default)" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll"

The process LiveSupport.exe:216 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\LiveSupport]
"Assistant" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"BtnCallPressed" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\LiveSupport]
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\LiveSupport]
"OS" = "102"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\LiveSupport]
"RunOnOSRun" = "1"
"QueryDate" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 8D 37 D6 9F FA E8 65 CC 30 CC CA 6C 88 C4 6A"

[HKCU\Software\LiveSupport]
"InstallDate" = "1403921101"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\LiveSupport]
"MachineGuid" = "db91fa06-04ba-44ec-b4ea-8a31ecbb83d2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport.exe:280 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 BF 29 7F 78 85 0A 26 0A 63 03 98 52 9A 7E E7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"LiveSupport_setup.exe" = "LiveSupport Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process setup.exe:1032 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB B4 F0 BA F1 8E 80 64 41 BB 63 75 12 AB 6A 8E"

The process OptProStart.exe:1632 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 89 E4 67 19 2E 2C 7B E9 0E 40 B8 BF 30 4F BC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "20 12 E6 C5 46 6B E4 40"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Optimizer Pro]
"OptimizerPro.exe" = "Optimizer Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"OS" = "102"
"MachineGuid" = "A04EE837-219D-671E-F1D8-674DC92E24B4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process OptProStart.exe:1236 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE E4 CC 5F 9D 4B B0 54 8E B1 7C 66 A0 DE 1B 48"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "4B B0 11 C6 46 6B E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"OS" = "102"
"MachineGuid" = "6D14CE82-EE93-E58B-587A-75157C7D6FF9"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport_setup.exe:804 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 FD 35 7F 76 D8 04 28 DC 71 BC 9E C2 51 B2 AB"

The process setup.tmp:972 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Optimizer Pro]
"OptProStart.exe" = "Optimizer Pro Launcher"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: App Path" = "%Program Files%\Optimizer Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Optimizer Pro]
"cufValue" = "CUF=0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Optimizer Pro]
"culValue" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Icon Group" = "Optimizer Pro v3.2"

[HKCU\Software\Optimizer Pro]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"DisplayIcon" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"
"Inno Setup: Language" = "en"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"DisplayName" = "Optimizer Pro v3.2"

"NoModify" = "1"
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Deselected Tasks" = ""

"InstallDate" = "20140628"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 60 BA FA 54 3F 63 0A 05 FF 81 8C FA 2D 75 C3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"QuietUninstallString" = "%Program Files%\Optimizer Pro\unins000.exe /SILENT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"UninstallString" = "%Program Files%\Optimizer Pro\unins000.exe"
"InstallLocation" = "%Program Files%\Optimizer Pro\"
"Inno Setup: User" = "%CurrentUserName%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\is-JVSMB.tmp]
"LiveSupport.exe" = "LiveSupport Installer"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:396 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 69 C5 9F FF E2 3E 65 7A 87 3C 87 C4 B9 EF 7B"

[HKCU\Software\Optimizer Pro]
"setupname" = "c:\%original file name%.exe"

Dropped PE files

MD5	File path
d2d6341a87cc3995abe80f505b6e112a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\LiveSupport_setup.exe
87217247d99dd350a595399fb11b349a	c:\Program Files\LiveSupport\LiveSupport.exe
a6127535670da8d8d0d338faf81112ec	c:\Program Files\LiveSupport\LiveSupport_deskband_x32.dll
69c715189c3106946c5dc13bb563450a	c:\Program Files\LiveSupport\LiveSupport_deskband_x64.dll
7c1fbcbbe0d2998719bbd6b73783bca5	c:\Program Files\LiveSupport\unins000.exe
f862bbb3c4e757189005b3cf06b28517	c:\Program Files\Optimizer Pro\OptProGuard.exe
4c3826209877b0abb436bf0fd6612fa2	c:\Program Files\Optimizer Pro\OptProHelper.dll
c3580267361a3c78842140e3d0bc9c50	c:\Program Files\Optimizer Pro\OptProLauncher.exe
76a87fc9219f5a5336b4142c93d04641	c:\Program Files\Optimizer Pro\OptProReminder.exe
c2ae62afb3a9b59e23b99cce562fdf5e	c:\Program Files\Optimizer Pro\OptProSchedule.exe
b9c31a86f030a037d7462cfc9f42fcda	c:\Program Files\Optimizer Pro\OptProSmartScan.exe
2e81f64f937da2aa594ba853fe22826a	c:\Program Files\Optimizer Pro\OptProStart.exe
ac5d35dbe60d73a4a71025a4fa8940f2	c:\Program Files\Optimizer Pro\OptProUninstaller.exe
30ecf6ce8fed5729af82e99382e85b2c	c:\Program Files\Optimizer Pro\OptimizerPro.exe
d82a429efd885ca0f324dd92afb6b7b8	c:\Program Files\Optimizer Pro\itdownload.dll
0f66e8e2340569fb17e774dac2010e31	c:\Program Files\Optimizer Pro\sqlite3.dll
3dc6df9fcf968ebc9e4257c090eed6ed	c:\Program Files\Optimizer Pro\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
OptimizerPro.exe:1992
LiveSupport_setup.tmp:304
regsvr32.exe:1472
regsvr32.exe:264
LiveSupport.exe:216
LiveSupport.exe:280
setup.exe:1032
OptProStart.exe:1632
OptProStart.exe:1236
LiveSupport_setup.exe:804
setup.tmp:972
%original file name%.exe:396
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
%Program Files%\LiveSupport\unins000.msg (646 bytes)
%Program Files%\LiveSupport\unins000.dat (8096 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-EK1RK.tmp (1281 bytes)
%Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-OEPDU.tmp (34256 bytes)
%Program Files%\LiveSupport\is-00EFG.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-NRECA.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\LiveSupport\is-B6B0A.tmp (7385 bytes)
%Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-V1740.tmp\setup.tmp (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-7QJP9.tmp\LiveSupport_setup.tmp (7386 bytes)
%Program Files%\Optimizer Pro\is-STU2U.tmp (2321 bytes)
%Program Files%\Optimizer Pro\is-84RF6.tmp (7345 bytes)
%Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (737 bytes)
%Program Files%\Optimizer Pro\is-4KFFK.tmp (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\LiveSupport.exe (11493 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Program Files%\Optimizer Pro\is-3NJUQ.tmp (898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\itdownload.dll (1281 bytes)
%Program Files%\Optimizer Pro\is-K6LQG.tmp (54 bytes)
%Program Files%\Optimizer Pro\is-EAMK6.tmp (31891 bytes)
%Program Files%\Optimizer Pro\is-G293J.tmp (185630 bytes)
%Program Files%\Optimizer Pro\is-JCCJC.tmp (7433 bytes)
%Program Files%\Optimizer Pro\is-0INCO.tmp (3073 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (729 bytes)
%Program Files%\Optimizer Pro\is-75DBS.tmp (673 bytes)
%Program Files%\Optimizer Pro\is-UCD9U.tmp (1425 bytes)
%Program Files%\Optimizer Pro\unins000.dat (13793 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (749 bytes)
%Program Files%\Optimizer Pro\is-70QFT.tmp (1281 bytes)
%Program Files%\Optimizer Pro\is-M0S1B.tmp (712 bytes)
%Program Files%\Optimizer Pro\is-PQJ3U.tmp (601 bytes)
%Program Files%\Optimizer Pro\is-U21JR.tmp (3073 bytes)
%Program Files%\Optimizer Pro\is-HLFVD.tmp (22 bytes)
%Program Files%\Optimizer Pro\unins000.msg (646 bytes)
%Program Files%\Optimizer Pro\is-MCA0O.tmp (2321 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (777 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Optimizer Pro\is-3EAEB.tmp (48 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (749 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-JVSMB.tmp\optpro2.bmp (673 bytes)
%Program Files%\Optimizer Pro\is-5023A.tmp (7547 bytes)
%Program Files%\Optimizer Pro\is-HTGLC.tmp (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{278CA01A-D09F-426F-93DD-ECEB66BF2612}\setup.exe (34007 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro" = "%Program Files%\Optimizer Pro\OptProLauncher.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: Language Neutral

Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: Comments: Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	246800	247296	4.47833	1e152431c482b1e7e0434b1c60153f55
.itext	253952	1904	2048	3.93744	5612fa13646121c358f511168bb2bbc9
.data	258048	4716	5120	2.2429	087b8987ea6450fcda8c70bfbb753fb4
.bss	266240	20468	0	0	d41d8cd98f00b204e9800998ecf8427e
.idata	286720	4370	4608	3.2756	976c04e423fdb1ece3535a0ea8df0f95
.tls	294912	16	0	0	d41d8cd98f00b204e9800998ecf8427e
.rdata	299008	24	512	0.143426	ffa7940a1bd1ad7dc3c8cb63de69c239
.reloc	303104	23344	23552	4.5999	5ae20c70d40ee62ab9a222168055ae52
.rsrc	327680	5013504	5013504	5.53762	6943e9c9164e98c39fd32c10300a5b0c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://dl.softservers.net/171000530/LiveSupport.exe	198.20.70.67

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /171000530/LiveSupport.exe HTTP/1.0

Host: dl.softservers.net

User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sat, 28 Jun 2014 02:04:40 GMT

Content-Type: application/octet-stream

Last-Modified: Tue, 18 Mar 2014 15:25:14 GMT

Connection: close

content-length: 1503528

ETag: "5328655a-16d478"

Content-Disposition: attachment; filename=LiveSupport.exe

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................3.......................2.....................Rich............................PE..L....((S.................(...........g.......@....@.......................... ......(.....@.....................................P.......p...............(............................................q..@............@..P............................text....'.......(.................. ..`.rdata...L...@...N...,..............@..@.data....4...........z..............@....rsrc...p...........................@..@.reloc...'.......(..................@..B........................................................................................................................................................................................................................................................................................................................................................U.........l.A.3..E.V.u.W.}.h..........j.P..;...........Qj.j.j(j...8AA.....j.........#.PWVh.AA.j...<AA.3... ..._^...M.3...;....].U...U....@$R.U.R.U.R..]............AA..:C.......U..V.....AA..$C...E..t.V..:.......^]............U..QV..j..M..:0...F....s.@.F..M..N0..^..].......U..QVW..j..M...0...G...t....s.H.G..w........M.#...0.._..^..].......AA...........U..QW.9..t;j..M.../...G...t....s.H.G.V.w......M...../..#.t.....j.....^_..]......................................U...E....u..y..r....E..U....]....y..r....M.P.

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

OptimizerPro.exe_1500:

.idata

.rdata

P.reloc

P.text

.adata

.data

.reloc1

B.pdata

.rsrc

kernel32.dll

Windows

HKEY

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

Uh.jA

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

comctl32.dll

USER32.DLL

uxtheme.dll

PasswordCharX

OnKeyDownLwD

OnKeyPress

OnKeyUp$vD

ssHorizontal

OnKeyUp

Proportional

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

UhÞ

imm32.dll

OnExecute

AutoHotkeysx

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreviewl

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

%s, ClassID: %s

ole32.dll

TNT Internal Error: TWideComponentHelper.Create should never be encountered.

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas

Uh.aG

!"#$%&*;<=>@[]^_`{|}

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas

Internal Error: SubClassUnicodeControl.Control is not Unicode.

.UnicodeClass

TntUnicodeVcl.DestroyWindow

MAPI32.DLL

vsReport

OnKeyUpxzD

TComboBoxExEnumerator

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas

Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").

SrClient.dll

1111111111

English.ini

French.ini

German.ini

Spanish.ini

Italian.ini

Portuguese.ini

Danish.ini

Dutch.ini

Swedish.ini

Polish.ini

Russian.ini

Brazilian.ini

Finnish.ini

Norwegian.ini

Turkish.ini

Czech.ini

Japanese.ini

Chinese.ini

Arabic.ini

\$RECYCLE.BIN\

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Mozilla\Firefox\

profiles.ini

\cookies.sqlite

\formhistory.sqlite

Google\Chrome\User Data\Default\Cache\

Content.IE5\

regedit.exe

%SYSTEMROOT%\

%Program Files%\

%Program Files% (x86)\

%COMMONPROGRAMFILES%\

%Program Files%\Common Files\

%COMMONPROGRAMFILES(X86)%\

%Program Files% (x86)\Common Files\

%COMMONPROGRAMW6432%\

%USERPROFILE%\

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

\tmp.reg" "

\tmp.reg

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

password

Password

IdHTTPHeaderInfo

ProxyPasswordT

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

ftpTransfer

ftpReady

ftpAborted

ClientPortMinT

ClientPortMax

PortT

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

saUsernamePassword

PasswordT

Port

0.0.0.1

TIdTCPConnection

TIdTCPConnectionx

IdTCPConnection

EIdTCPConnectionError

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFiled

CertFiled

KeyFilep

OnGetPassword

EIdOSSLLoadingRootCertError<</pre><pre>EIdOSSLLoadingCertError</pre><pre>EIdOSSLLoadingKeyError</pre><pre>TIdTCPClient</pre><pre>IdTCPClient</pre><pre>BoundPort</pre><pre>PortU</pre><pre>CommentURL</pre><pre>TIdHTTPMethod</pre><pre>IdHTTP</pre><pre>TIdHTTPOption</pre><pre>TIdHTTPOptions</pre><pre>TIdHTTPProtocolVersion</pre><pre>TIdHTTPOnHeadersAvailable</pre><pre>TIdHTTPOnRedirectEvent</pre><pre>TIdHTTPResponse</pre><pre>TIdHTTPRequest</pre><pre>TIdHTTPProtocol</pre><pre>TIdCustomHTTP</pre><pre>TIdHTTP</pre><pre>HTTPOptions</pre><pre>Port @K</pre><pre>EIdHTTPProtocolException</pre><pre>HTTPS</pre><pre>https</pre><pre>This request method is supported in HTTP 1.1</pre><pre>HTTP/1.0 200 OK</pre><pre>HTTP/</pre><pre>WNNC_NET_FTP_NFS</pre><pre>olepro32.dll</pre><pre>shell32.dll</pre><pre>\\.\vwin32</pre><pre>shlwapi.dll</pre><pre>Mpr.dll</pre><pre>D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas</pre><pre>To show a Context Menu using TNamespace you must pass a valid Owner TWinControl</pre><pre>THKeyArray</pre><pre>Uh%xL</pre><pre>TCommonShellExecuteThreadU</pre><pre>D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas</pre><pre>TCommonKeyState</pre><pre>cksShift</pre><pre>TCommonKeyStates</pre><pre>D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas</pre><pre>user32.dll</pre><pre>gdi32.dll</pre><pre>advapi32.dll</pre><pre>Userenv.dll</pre><pre>ShellExecuteExW</pre><pre>ShellExecuteW</pre><pre>GetWindowsDirectoryW</pre><pre>RegOpenKeyW</pre><pre>RegOpenKeyExW</pre><pre>SHFileOperationW</pre><pre>D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas</pre><pre>TEasyAccessibleManager.Create not a TCustomEasyListview type</pre><pre>TEasyGroupAccessibleManager.Create not a TEasyGroup type</pre><pre>TEasyItemAccessibleManager.Create not a TEasyItem type</pre><pre>TEasyColumnAccessibleManager.Create not a TEasyColumn type</pre><pre>TEasyHeaderAccessibleManager.Create not a TEasyHeader type</pre><pre>elsReport</pre><pre>elsReportThumb</pre><pre>TAutoGroupGetKeyEvent</pre><pre>TColumnGetImageIndexEvent</pre><pre>TColumnSetImageIndexEvent</pre><pre>KeyState</pre><pre>KeyStates</pre><pre>TGroupGetImageIndexEvent</pre><pre>TGroupSetImageIndexEvent</pre><pre>HintWindowShown</pre><pre>TItemGetGroupKeyEvent</pre><pre>GroupKey</pre><pre>TItemGetImageIndexEvent</pre><pre>TItemSetGroupKeyEvent</pre><pre>TItemSetImageIndexEvent</pre><pre>MouseMsg</pre><pre>TEasyKeyActionEvent</pre><pre>EscapeKeyPressed</pre><pre>TEasyViewReportItemp</pre><pre>TEasyViewReportItem</pre><pre>TEasyViewReportThumbItem</pre><pre>TEasyGridReportGroup</pre><pre>TEasyGridReportThumbGroup</pre><pre>TEasyCellSizeReport</pre><pre>TEasyCellSizeReportd</pre><pre>TEasyCellSizeReportThumb</pre><pre>ReportThumbl</pre><pre>Report</pre><pre>AlwaysShow</pre><pre>OnAutoGroupGetKey</pre><pre>OnItemGetGroupKey</pre><pre>OnItemSetGroupKey0</pre><pre>OnKeyAction</pre><pre>D:\SmartPC\Components\EasyListview\Source\EasyListview.pas</pre><pre>FTPf</pre><pre>Can not find TEasyGroups.AdjacentItem of an Invisible Item</pre><pre>EasyListview.Header</pre><pre>TChangesShortForm</pre><pre>TChangesShortForm|</pre><pre>An updated version of %s is now available</pre><pre>FormKeyDown</pre><pre>http\shell\open\command</pre><pre>\chrome.exe</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>http://softupdates.smartpcupdate.com/data/update-versions-%s.txt</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Optimizer Pro</pre><pre>&user_major_version=%s&upgrade_id=%s&user_version=%s</pre><pre>http://softupdates.smartpcupdate.com/scripts/get_link_%s.php?license_key=%s&purchase_date=%s</pre><pre>You are already using the latest version of %s</pre><pre>OnActionExecute</pre><pre>windows-1251</pre><pre>sqlite3.dll</pre><pre>sqlite3_bind_parameter_count</pre><pre>sqlite3_bind_parameter_name</pre><pre>sqlite3_busy_handler</pre><pre>sqlite3_busy_timeout</pre><pre>sqlite3_changes</pre><pre>sqlite3_close</pre><pre>sqlite3_collation_needed</pre><pre>sqlite3_collation_needed16</pre><pre>sqlite3_column_blob</pre><pre>sqlite3_column_bytes</pre><pre>sqlite3_column_bytes16</pre><pre>sqlite3_column_count</pre><pre>sqlite3_column_double</pre><pre>sqlite3_column_int</pre><pre>sqlite3_column_int64</pre><pre>sqlite3_column_text</pre><pre>sqlite3_column_text16</pre><pre>sqlite3_column_type</pre><pre>sqlite3_column_decltype</pre><pre>sqlite3_column_decltype16</pre><pre>sqlite3_column_name</pre><pre>sqlite3_column_name16</pre><pre>sqlite3_complete</pre><pre>sqlite3_complete16</pre><pre>sqlite3_create_collation</pre><pre>sqlite3_create_collation16</pre><pre>sqlite3_data_count</pre><pre>sqlite3_errcode</pre><pre>sqlite3_errmsg</pre><pre>sqlite3_errmsg16</pre><pre>sqlite3_exec</pre><pre>sqlite3_finalize</pre><pre>sqlite3_free</pre><pre>sqlite3_get_table</pre><pre>sqlite3_free_table</pre><pre>sqlite3_interrupt</pre><pre>sqlite3_last_insert_rowid</pre><pre>sqlite3_open</pre><pre>sqlite3_open16</pre><pre>sqlite3_prepare</pre><pre>sqlite3_prepare16</pre><pre>sqlite3_reset</pre><pre>sqlite3_step</pre><pre>sqlite3_total_changes</pre><pre>sqlite3_libversion</pre><pre>Yahoo.Messenger\CLSID</pre><pre>Yahoo.Messenger.1\CLSID</pre><pre>Software\Microsoft\Windows Live\Messenger</pre><pre>Software\Microsoft\MSNMessenger\PerPassportSettings</pre><pre>imApp.im.loggingLogPath</pre><pre>TMonochromeLookup</pre><pre>3333333</pre><pre>Uh.TV</pre><pre>The Windows registry stores settings and options for Microsoft Windows. Over time, the registry becomes cluttered with invalid and obsolete data.</pre><pre>\UserExceptionR.txt</pre><pre>Free up disk space and protect your privacy by removing web pages, images, videos and audio files saved by your browser as you surf the Internet.</pre><pre>Free up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited.</pre><pre>\UserExceptionF.txt</pre><pre>Registry keys</pre><pre>RegistryKeys</pre><pre>\ProgramExceptionR.txt</pre><pre>\ProgramExceptionF.txt</pre><pre>IdHTTP1</pre><pre>HTTP1Work</pre><pre>Thank you for purchasing %s Pro!</pre><pre>We are now replacing your current version of %s with %s Pro which includes these additional features:</pre><pre>ProVersionUrl</pre><pre>http://</pre><pre>pcsmpro.exe</pre><pre>service.smartpcupdate.com</pre><pre>http://service.smartpcupdate.com/rpc/sendspmpurchase</pre><pre>http://service.smartpcupdate.com/rpc/sendpurchase</pre><pre>&key=</pre><pre>http://service.smartpcupdate.com/rpc/sendspminstall</pre><pre>http://service.smartpcupdate.com/rpc/sendspmuninstall</pre><pre>http://service.smartpcupdate.com/rpc/sendinstall</pre><pre>http://service.smartpcupdate.com/rpc/senduninstall</pre><pre>callbanner.png</pre><pre>BannerURL</pre><pre>Do you have a License Key?</pre><pre>If you purchased Optimizer Pro a license key will have been emailed to you. Please enter the license key below and click Activate Now.</pre><pre>License key</pre><pre>Do you need a License Key?</pre><pre>To purchase Optimizer Pro and obtain a license key click</pre><pre>Licensing key has reached its usage limit!</pre><pre>UserKey</pre><pre>HomePageURL</pre><pre>SupportURL</pre><pre>BuyNowURL</pre><pre>AdsBuyNowURL</pre><pre>AdsDownloadURL</pre><pre>Support</pre><pre>Specify registry key</pre><pre>SpecifyKey</pre><pre>KeyExample</pre><pre>Key not found in the registry!</pre><pre>KeyNotFound</pre><pre>Offers direct access to key features</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</pre><pre>\OptProLauncher.exe</pre><pre>\OptProGuard.exe</pre><pre>\OptProReminder.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>s_Exec</pre><pre>\OptProSchedule.exe</pre><pre>\OptProSmartScan.exe</pre><pre>Example: twitter.com</pre><pre>\CookiesException.txt</pre><pre>PSAPI.dll</pre><pre>The startup menu contains programs that are automatically started by Windows every time you start your PC. As more and more programs insert themselves in your startup menu your PCs valuable resources are drained causing it to operate more slowly.</pre><pre>\StartupList.txt</pre><pre>*.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</pre><pre>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run</pre><pre>\*.lnk</pre><pre>http://www.google.com/search?hl=en&q=</pre><pre>hkey</pre><pre>d1.smartpcupdate.com</pre><pre>http://d1.smartpcupdate.com/startup/set_deleted.php?names=</pre><pre>Optimization Report</pre><pre>CleanEmptyKeys</pre><pre>ScanCustomRegKeys</pre><pre>ScanWindowsLogs</pre><pre>http://www.pcutilitiespro.com</pre><pre>http://www.pcutilitiespro.com/support</pre><pre>UninstallURL</pre><pre>Remove invalid and unnecessary items to optimize your Windows registry.</pre><pre>Search histories, cookies, recently viewed web pages, videos, photos, music and more.</pre><pre>Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.</pre><pre>Optimization report</pre><pre>Windows tracking of user actions</pre><pre>Send error reports to Microsoft</pre><pre>Ask password after quitting standby mode</pre><pre>Automatic login to system w/o password entry</pre><pre>Use autofill for URLs</pre><pre>Autofill of login names and passwords in forms</pre><pre>Request for password save</pre><pre>If there are certain registry keys, files or cookies that you do not want to have included in the PC Speed Maximizer scan you can use this feature to create an exclusion list.</pre><pre>\OptimizerPro.reg</pre><pre>\OptimizerPro.chm</pre><pre>\driverpro.exe</pre><pre>Driver Pro\DriverPro.exe</pre><pre>IEXPLORE.EXE</pre><pre>FIREFOX.EXE</pre><pre>CHROME.EXE</pre><pre>SKYPE.EXE</pre><pre>\PendingExceptionR.txt</pre><pre>\PendingExceptionF.txt</pre><pre>\Scan.gif</pre><pre>SOFTWARE\Microsoft\Windows\Help</pre><pre>SOFTWARE\Microsoft\Windows\HTML Help</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Fonts</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\</pre><pre>SOFTWARE\Microsoft\Internet Explorer\TypedURLs\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\</pre><pre>\places.sqlite</pre><pre>visited Web pages and cookies available for removal</pre><pre>\OptimizerPro.reg"</pre><pre>Cleaning visited webpages...</pre><pre>macromedia.com\support\flashplayer\sys\</pre><pre>Visited Web pages removed</pre><pre>System32\reg.exe</pre><pre>File Windows\System32\reg.exe not found!</pre><pre>\HKCR.reg</pre><pre>\HKCU.reg</pre><pre>\HKLM.reg</pre><pre>\HKU.reg</pre><pre>EXPORT HKCR "</pre><pre>\HKCR.reg"</pre><pre>EXPORT HKCU "</pre><pre>\HKCU.reg"</pre><pre>EXPORT HKLM "</pre><pre>\HKLM.reg"</pre><pre>EXPORT HKU "</pre><pre>\HKU.reg"</pre><pre>\*.reg</pre><pre>IMPORT "</pre><pre>dfrg.msc</pre><pre>DFRGUI.EXE</pre><pre>dfrgui.exe</pre><pre>DATA.BAK</pre><pre>CUSTOM.BAK</pre><pre>OPA11.BAK</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer</pre><pre>DoReport</pre><pre>SOFTWARE\Microsoft\PCHealth\ErrorReporting</pre><pre>PromptPasswordOnResume</pre><pre>SOFTWARE\Policies\Microsoft\Windows\System\Power</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete</pre><pre>FormSuggest Passwords</pre><pre>\*.log</pre><pre>OptimizerPro.reg</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\</pre><pre>=HKEY_LOCAL_MACHINE#</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#</pre><pre>=HKEY_CLASSES_ROOT#</pre><pre>[-HKEY_CLASSES_ROOT\Applications\</pre><pre>Empty key</pre><pre>EmptyKey</pre><pre>[-HKEY_CLASSES_ROOT\</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\</pre><pre>=HKEY_CURRENT_USER#</pre><pre>[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\</pre><pre>HKEY_CLASSES_ROOT\</pre><pre>[-HKEY_CLASSES_ROOT\CLSID\</pre><pre>[HKEY_CLASSES_ROOT\CLSID\</pre><pre>HKEY_LOCAL_MACHINE\</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\</pre><pre>HKEY_CLASSES_ROOT\Interface\</pre><pre>[-HKEY_CLASSES_ROOT\Interface\</pre><pre>HKEY_CLASSES_ROOT\Typelib\</pre><pre>[-HKEY_CLASSES_ROOT\Typelib\</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs</pre><pre>Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\</pre><pre>: HKEY_CURRENT_USER\</pre><pre>[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>: HKEY_LOCAL_MACHINE\</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders#</pre><pre>[HKEY_LOCAL_MACHINE\</pre><pre>AppEvents\Schemes\Apps\.Default</pre><pre>AppEvents\Schemes\Apps\.Default\</pre><pre>\.Current</pre><pre>\.Default</pre><pre>[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\</pre><pre>[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\</pre><pre>\.Current]</pre><pre>\.Default]</pre><pre>HKEY_CURRENT_USER\</pre><pre>[HKEY_CURRENT_USER\</pre><pre>=HKEY_CURRENT_USER#SOFTWARE\</pre><pre>HKEY_CURRENT_USER\SOFTWARE\</pre><pre>[-HKEY_CURRENT_USER\SOFTWARE\</pre><pre>=HKEY_LOCAL_MACHINE#SOFTWARE\</pre><pre>HKEY_LOCAL_MACHINE\SOFTWARE\</pre><pre>[-HKEY_LOCAL_MACHINE\SOFTWARE\</pre><pre>=HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\</pre><pre>HKEY_USERS\...\SOFTWARE\</pre><pre>[-HKEY_USERS\S-1-5-21-1060284298-1454471165-725345543-1004\SOFTWARE\</pre><pre>=HKEY_USERS#</pre><pre>HKEY_USERS\</pre><pre>[HKEY_USERS\</pre><pre>*.txt</pre><pre>LOGIN</pre><pre>.EXE.DLL.SYS.CAB.MSI.DAT.INF.TLB.BIN.OCX.INI.XML.LOG</pre><pre>*.lo?</pre><pre>INDEX.DAT</pre><pre>\OptimizerPro.exe</pre><pre>http://www.pcutilitiespro.com/eula.php</pre><pre>http://www.pcutilitiespro.com/privacy.php</pre><pre>OptProStart.exe</pre><pre>1.1.2</pre><pre>?456789:;<=</pre><pre>!"#$%&'()* ,-./0123</pre><pre>%Program Files%\Windows Media Player\wmplayer.exe</pre><pre>wmplayer.exe</pre><pre>version.dll</pre><pre>wininet.dll</pre><pre>comdlg32.dll</pre><pre>shfolder.dll</pre><pre>oleacc.dll</pre><pre>winmm.dll</pre><pre>Shell32.dll</pre><pre>6#6,686?6</pre><pre>7!7,74797_7~7</pre><pre>< <$<(<6<</pre><pre>4"414;4@4</pre><pre>6l6o6</pre><pre>7Â8</pre><pre>5%6)6-646</pre><pre>8$9(90949</pre><pre>:-;5;9;@;</pre><pre>=,>0>4>8></pre><pre>8Œ8i8q8</pre><pre>2/2j2</pre><pre>5-686}6H7</pre><pre>9(:5:^:}:</pre><pre>1 1$1(1,1014181<1`1</pre><pre>3 3$3(3,3034383\3|3</pre><pre>>&?*?.?4?{?</pre><pre>= =$=(=,=0=</pre><pre>5#5'5 5/53575;5?5</pre><pre>2 2$2(2,20242</pre><pre>2!2%2)202</pre><pre>6'7 7/73787</pre><pre>0 1,10141</pre><pre>8,9094989</pre><pre>;!;%;,;~;</pre><pre>3044484@4</pre><pre>4#5'5 5/545</pre><pre>5&6*6.62686</pre><pre>9/:3:7:<:</pre><pre>2 3$3(3,303</pre><pre>8 9$9(9,909</pre><pre>>$?(?0?4?8?</pre><pre>> >$>(>,>0>>></pre><pre><7<;<?<`<</pre><pre>7Œ8</pre><pre>:);-<3=7></pre><pre>1 1$1(1,10141:1</pre><pre>4$41494|7</pre><pre>5 5$5(5,5054585<5@5\5|5</pre><pre>: ;=<`<|<</pre><pre>= >$>(>,>0>4>8></pre><pre>4#4'4 4/434</pre><pre>2#272;2?2</pre><pre>?"?&?*?.?2?6?</pre><pre>< <$<(<,<0<4<8<<<</pre><pre>< <$<(<,<0<</pre><pre>77</pre><pre>9 9$9(9,90949:9</pre><pre>7 7}7I7a8</pre><pre>2%2,212@2`2</pre><pre>? ?%?1?8?=?</pre><pre>0 0080=0</pre><pre>8 8'8,8`8</pre><pre>9$90979<9</pre><pre>1'2-222?2</pre><pre>4L4J4O4_4</pre><pre>=$=0=7=<=</pre><pre>5 5%5U5a5{5</pre><pre>1(1,10141</pre><pre>FTPQ</pre><pre>aSSSh</pre><pre>.VVVVVSRSSj</pre><pre>FTPjK</pre><pre>FtPj;</pre><pre>C.PjRV</pre><pre>zcÁ</pre><pre>1.2.3</pre><pre>EXCEPTION_FLT_INVALID_OPERATION</pre><pre>EXCEPTION_FLT_DENORMAL_OPERAND</pre><pre>Required USB Key not found</pre><pre>Failed to execute target process</pre><pre>Cannot find import; DLL may be missing, corrupt, or wrong version</pre><pre>File "%s", function "%s"</pre><pre>File "%s", ordinal %d</pre><pre>File "%s", error %d</pre><pre>(Error code %d)</pre><pre>%X:DAF</pre><pre>(Location XEB, error code %d)</pre><pre>_PAD%d</pre><pre>RNX</pre><pre>%X::DAX</pre><pre>KERNEL32.DLL</pre><pre>Error: Access violation at 0xX (tried to %s 0xX), program terminated.</pre><pre>SetProcessShutdownParameters</pre><pre>COMCTL32.DLL</pre><pre>Kernel32.dll</pre><pre>ComDlg32.dll</pre><pre>.DbgLog</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>mscoree.dll</pre><pre>.mixcrt</pre><pre>Please contact the application's support team for more information.</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>- floating point support not loaded</pre><pre>portuguese-brazilian</pre><pre>operator</pre><pre>GetProcessWindowStation</pre><pre>Visual C CRT: Not enough memory to complete call to strerror.</pre><pre>Broken pipe</pre><pre>Inappropriate I/O control operation</pre><pre>Operation not permitted</pre><pre>YqM1%X</pre><pre>%Program Files%\Optimizer Pro\OptimizerPro-2.DbgLog</pre><pre>%Program Files%\Optimizer Pro\OptimizerPro.exe</pre><pre>KERNEL32.dll</pre><pre>EnumWindows</pre><pre>CreateDialogIndirectParamA</pre><pre>GetAsyncKeyState</pre><pre>EnumThreadWindows</pre><pre>USER32.dll</pre><pre>GDI32.dll</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>GetConsoleOutputCP</pre><pre>899?9]9}9</pre><pre>11\1</pre><pre>283>3\3}3</pre><pre>293?3]3}3</pre><pre>;9<?<]<|<</pre><pre><'=1=7=<=</pre><pre>>&>.>7>~></pre><pre>=!='=/=9=</pre><pre>3$4(4,40444</pre><pre>? ?$?8?<?@?</pre><pre>4 4$4(4,404</pre><pre>7 7$7(7,707</pre><pre>.Eb>ZR</pre><pre>*3%U2</pre><pre>dJ.vl</pre><pre>%UI6K*</pre><pre>Y{.eo</pre><pre>j.jD}</pre><pre>.UV8Y</pre><pre>BM.hUv</pre><pre>E.Zf:</pre><pre>p.uRzP</pre><pre>T%uX@i</pre><pre>2.iP8</pre><pre>e.RZ7,</pre><pre>"w%fJX</pre><pre>.nJPwf</pre><pre>.ZHZ[</pre><pre>^D.QO</pre><pre>#L.iI</pre><pre>.fPJa)K</pre><pre>#%sq2</pre><pre>c.Yz7</pre><pre>b%8s*b*</pre><pre>:}c.MM</pre><pre>L.yqH</pre><pre>.ZP|%H</pre><pre>.YryIq</pre><pre>s%sYe</pre><pre>=&@4|8~&</pre><pre>sLÌ</pre><pre>.NANb</pre><pre>^%F;p</pre><pre>k.O.%x</pre><pre>4%0U7kX3n</pre><pre>\j.th</pre><pre>8y.mG{</pre><pre>;96"*.*</pre><pre>O.bw'</pre><pre>%S!2e</pre><pre>.ZlOw</pre><pre>{2/|>|9|#</pre><pre>%C!{&</pre><pre>ZT%cIf</pre><pre>`%U{}</pre><pre>`LK%cT</pre><pre>%FuH!<</pre><pre>Lg&%d`6</pre><pre>9|=>>}['</pre><pre>F5D.Nv</pre><pre>,yBX%u</pre><pre>.XJ9'</pre><pre>H F.avr</pre><pre>.gca~>>Z</pre><pre>4V.mF~</pre><pre>CH.Ha</pre><pre>.lk]`,y</pre><pre>m\%XyM7</pre><pre>E%ut;g</pre><pre>9;.jvw</pre><pre>{G%xV;</pre><pre>.Xy: RD81</pre><pre>L%sjT</pre><pre>W.VRnZ</pre><pre>6.jM?!</pre><pre>$yK%f</pre><pre>Lb.cq</pre><pre>.Cspw</pre><pre>o>%U:l30</pre><pre>,e>.juC></pre><pre>'.iKj</pre><pre>.Agl<pre>.jOU7</pre><pre>/.gDM</pre><pre>).QDr"</pre><pre>/h^c%F</pre><pre>Wjs-c.eQ</pre><pre>!.KB </pre><pre>qK.bW</pre><pre>.kQ-6</pre><pre>weBV</pre><pre>62^.;6;"</pre><pre>0QM%U</pre><pre>h$%s$.</pre><pre>.nTf:</pre><pre>vz.mpk</pre><pre>%sp,`</pre><pre>r%d~r?</pre><pre>y.KnRq</pre><pre>je\SSH</pre><pre>%Uj4r</pre><pre>M"F</pre><pre>z>.RW</pre><pre>%n-PZ}</pre><pre>YW.%U</pre><pre>.AFP></pre><pre>.Ns094R</pre><pre>.jt:x</pre><pre>Y.Ivn</pre><pre>9AL.Gf</pre><pre>7.Tjq~</pre><pre>]-B}n</pre><pre>{f.RAQ</pre><pre>f:\YQ</pre><pre>.&%7X</pre><pre>=.GzB</pre><pre>8K2.hZ</pre><pre>.pYT2S</pre><pre>TF-N}</pre><pre>.Bxo6d</pre><pre>Z>.UH</pre><pre>|%FZ;</pre><pre>%FK=y</pre><pre>.PZ,p</pre><pre>x.Loc</pre><pre>%XD|{?|</pre><pre>|d1>%d</pre><pre>.vq)/</pre><pre>.^034/-`</pre><pre>.pq|<PW><pre>B.CM"9(</pre><pre>.CD2aWp</pre><pre>333333333333333333</pre><pre>33333833</pre><pre>3333339</pre><pre>3333333333333338</pre><pre>:*"*"$3338</pre><pre>33333333</pre><pre>33333333333</pre><pre>3333333333338</pre><pre>33338?383</pre><pre>333333333333</pre><pre>:*3:"$3338</pre><pre>333333333333333</pre><pre>33333333330</pre><pre>3333338</pre><pre>3333333330</pre><pre>3333833330</pre><pre>3333330</pre><pre>333333330</pre><pre>3333333333</pre><pre>338333?330</pre><pre>33383?3330</pre><pre>3833830</pre><pre>!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'</pre><pre>!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'</pre><pre>KWindows</pre><pre>UrlMon</pre><pre>TntWindows</pre><pre>0IdHTTPHeaderInfo</pre><pre> IdTCPServer</pre><pre>IdTCPStream</pre><pre>UrlHistory</pre><pre>wlibsqlite3</pre><pre>1-0$ "$ "$ "$ "$ "</pre><pre>3/1%!#%!#%!#%!#%!#</pre><pre>402&"%&"%&"%&"@3</pre><pre>($&($&($&($&524</pre><pre>($&($&($&($&($&</pre><pre>635)%')%')%')%'</pre><pre>_\])%')%')%')%'_\]</pre><pre>*&(*&(*&(*&(*&(</pre><pre>,(*,(*,(*,(*957</pre><pre>`]^-),-),-),-),</pre><pre>?<>.*-.*-.*-.*-</pre><pre>.*-.*-.*-.*-</pre><pre>0,.0,.0,.0,.</pre><pre>1.01.01.01.0</pre><pre>}~1.01.01.01.0</pre><pre>2/12/12/12/1</pre><pre>402402402402</pre><pre>-*,524524524-*,</pre><pre>524524524524</pre><pre>.*,624624624.*,</pre><pre>624624624624</pre><pre>. -735735735. -</pre><pre>735735735735</pre><pre>856856856856</pre><pre>967967967967</pre><pre>:68:68:68:68</pre><pre>;79;79;79;79</pre><pre><9:<9:<9:<9:</pre><pre>=:;=:;=:;=:;</pre><pre>>:<>:<>:<>:<</pre><pre>?<=?<=?<=?<=</pre><pre>@=>@=>@=>@=></pre><pre>kij*'*1.01.0e]S</pre><pre>/ .usu</pre><pre>=9;=9;=9;</pre><pre>=9;=9;=9;=9;</pre><pre>857MJKLIJKHIKHIumatl`tl`sk^sj]rj\qi[qhZpgYofWofWneUndUlcSlbRlbQk`Pj`Ni_Mh^Lh]Kg\Jf\Hf[GeZEeYDcXCcXBcV@aU?aU>`T<`S;_R9_R8^Q7]P6]O4\N2\N0ZM.ZM-YK*YK)XJ'WI&WH$VH"VG UF</pre><pre>MJMMJKLIJKHIKHIJGHJGHIFGHEFHEFGDEFCDFCDDABDABC@AB?@B?@@=>?<=?<=>:<=:;<9:;89;799689688567457355245244023/12/11.01.00,.0,.. --*,-),,( ,(**')*'))%'(%''$&'#&&"%&"$%!#$ ##</pre><pre>636LIJKHIKHIJGHJGHIFGHEFHEFGDEFCDFCDDABDABC@AB?@B?@@=>?<=?<=>:<=:;<9:;89;799689688567457355245244023/12/11.01.00,.0,.. --*,-),,( ,(**')*'))%'(%''$&'#&&"%&"$%!#$ ##</pre><pre>MKM413=:<=:<<9;<9;;8:;8:;89:799688578578567466355245235234033022/12.02.00-00-//,./ -. --*--*,,) (* (**'**'))&()%((%''$''#'&#%&#%%"$%"$$ ## "# ""</pre><pre>'$&($&($&($&($&($&($'(%'(%'(%'</pre><pre>;;;***:::;;;~~~</pre><pre>.dv/j~</pre><pre>ChangesShortForm</pre><pre>Font.Charset</pre><pre>Font.Color</pre><pre>Font.Height</pre><pre>Font.Name</pre><pre>Font.Style</pre><pre>Picture.Data</pre><pre>;A new version of %s (version %s) is available for download.</pre><pre>OnKeyDown</pre><pre>>I=GWMSg]Sg]Sg]M_U=I=21</pre><pre>OP.kO</pre><pre>All windows</pre><pre>.Autofill of login names and passwords in forms</pre><pre>Windows tracking of user actions</pre><pre>(Ask password after quitting standby mode</pre><pre>,Automatic login to system w/o password entry</pre><pre>IconOptions.Arrangement</pre><pre>Windows .....</pre><pre>%Scan selected areas for privacy risks</pre><pre>USearch histories, cookies, recently viewed web pages, videos, photos, music and more.</pre><pre>93.f\Lf\Le[Ke[Je[JeZHeZGeYGeYFeYEeYDeYCdXBdXAdW@dW?dW>dV>dV=dV;dV:dU9dU8cT6cT5cT4cT3cS1cS1cR/cR.bR-bQ,bQ)bQ(bQ&bP#bP"bP bO</pre><pre>,--)**)**)**989{</pre><pre>[\^* /-.1-.1-.1*,/</pre><pre>//3;;=>=?>=?>=?77:$%)</pre><pre>"#'-.1-.1-.1-.1</pre><pre>}|{}|{}|{}|{</pre><pre>Optimize your settings to improve your computer's speed, security and efficiency. Run an optimization report to check the current condition of your PC.</pre><pre>#%"&%#&%"&%"&&#&&#&%#&%#'&#&&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&$'&$'&#'&#''$''$'&$'&$'&$'&$'&#'&$'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#'&#&&#&%#'&#&&#&%"&%"&%"&#!$`_`</pre><pre><50^UG]SF\RE\RD\RC\RB\QA\Q@\Q?\Q?\Q>[P=[P<[O;[O:[O9[N8[N7[N6[M5[M3ZM2ZM1ZL0ZL/ZK.ZK-ZK ZK*ZJ)ZJ'YJ%YI#YI!YI</pre><pre>FDFDACGDEFCEEBDEBDEBCDACB?AB?AB?@A>@?<??<=?<=>:==:<<9;<9;;8;;8::689688588576356355255244033022/22.11.01-/0-/0,./,.,),MJL</pre><pre>G. '%X</pre><pre>* * * * * ) * * *</pre><pre>".#$,##.$#)</pre><pre>72-93.82.82-82-82,81,81 81 81*81 81*81*81)81)81(80(80&70'70&70&70%8/$8/$8/"8/#8/"8."8.!8. 8. 8.</pre><pre>3/ ,(#'#</pre><pre>62.'$ ;94</pre><pre>}30,62.63.52.62.63.41,41,861:7286041,51-63.63.63.2/ YVT</pre><pre>B@=DCA?=:;85;8552.URN</pre><pre>30 (#-*% '!</pre><pre>#1.)2/*2/*/,(1.)2.)0-(1.)1.)1.)1.)1-). &*&! '"0-(2/*($</pre><pre>ebdB?ANJKECFIFGPMLOKJNJINJIKHGLHFKGEIEDHDCHDCFBAEA@EA?D?>B?<A>;@<:?;:>:9=97=87;76;6494384273171061.51.3/-3-,2-*1,)0,)/*'.*&-)%-(%,'# &!)$!(#</A></pre><pre>KIL@>@DABB?BA>@@=@?<??<?>;>=:<<8;:8;9798696476466465253032/21.10.1/-0. ..*.,)-,(,*&*)&*(%)($('#'&#'$!%$</pre><pre>92*1 #&!</pre><pre>D@B;8:;8<:7:97:86:7585364264253141/20.1/,1-,/,*.*).(','&*'%*%$)$"'" &! %</pre><pre>Lines.Strings</pre><pre>3visited Web pages and cookies available for removal</pre><pre>GRemove invalid and unnecessary items to optimize your Windows registry.</pre><pre>$'$')&))%)(%)(%))&))&))&))&))&))&))&))&))&))&))&)*&**&**&*)&*)'))')*&)*&)*'**')*')*'))')*')*&))&))&))&))%))%()%()&()&()%()%()%()%()%((%')%')%((%')%("</pre><pre>t.Uza</pre><pre>l3!m<,nA1rH1rH1rH1rH.pE$m=</pre><pre>5yv.zw/</pre><pre>7yv.zw/</pre><pre>I.uB`</pre><pre>O.xCj</pre><pre>w/.hA</pre><pre>m(Éu</pre><pre>f.DrT</pre><pre>0-.JJHPPJ()</pre><pre>!6%xytqph=:;- </pre><pre>, 4220--</pre><pre>:::"""644/--</pre><pre>,,,:::333</pre><pre>_^]211###...ggg</pre><pre>=3!735746;3$?2</pre><pre>c`a0,.WSU</pre><pre>%!#0,.^[]</pre><pre> '). ,`]^</pre><pre>]Z\.*,/,./ ./,.sqs</pre><pre>'#%'#%'$&</pre><pre>'#%'#%'#&%!#</pre><pre>If there are certain registry keys or files that you do not want to have included in the Optimizer Pro scan you can use this feature to create an exclusion list.</pre><pre>Log files|*.log|All files|*.*</pre><pre>*.tmp</pre><pre>*.bak</pre><pre>*.old</pre><pre>ProxyParams.BasicAuthentication</pre><pre>ProxyParams.ProxyPort</pre><pre>Request.ContentLength</pre><pre>Request.ContentRangeEnd</pre><pre>Request.ContentRangeStart</pre><pre>Request.ContentType</pre><pre>Request.Accept</pre><pre>Request.BasicAuthentication</pre><pre>Request.UserAgent</pre><pre>&Mozilla/3.0 (compatible; Indy Library)</pre><pre>The Windows registry stores settings and options for Microsoft Windows. Overtime, the registry becomes cluttered with invalid and obsolete data.</pre><pre>EditManager.Font.Charset</pre><pre>EditManager.Font.Color</pre><pre>EditManager.Font.Height</pre><pre>EditManager.Font.Name</pre><pre>EditManager.Font.Style</pre><pre>GroupFont.Charset</pre><pre>GroupFont.Color</pre><pre>GroupFont.Height</pre><pre>GroupFont.Name</pre><pre>GroupFont.Style</pre><pre>Header.Columns.Items</pre><pre>Header.Font.Charset</pre><pre>Header.Font.Color</pre><pre>Header.Font.Height</pre><pre>Header.Font.Name</pre><pre>Header.Font.Style</pre><pre>Header.Height</pre><pre>)PaintInfoGroup.MarginBottom.CaptionIndent</pre><pre>Selection.FullItemPaint</pre><pre>oFree up valuable disk space and protect your privacy by removing cookies and the list of web pages you visited</pre><pre>%http://www.pcutilitiespro.com/support</pre><pre>Support:</pre><pre>)))222666===</pre><pre>"""***333000</pre><pre>$$$"""^^^</pre><pre>ÝgKKPcL</pre><pre>!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'</pre><pre>!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'!!'</pre><pre>9To purchase Optimizer Pro and obtain a license key click</pre><pre>YCheck the email you received after you purchased the product for the correct license key.</pre><pre>&Your license key will look like this:</pre><pre>Thank you for purchasing PC %s!</pre><pre>eWe are now replacing your current version of %s with %s Pro which includes these additional features:</pre><pre>Items.Strings</pre><pre>All files|*.*</pre><pre>&* Offers direct access to key features</pre><pre>pchelpsoft.com</pre><pre>;8;5366385273051/2/-1- / ).*&,'%,&$)%"(#</pre><pre>)*,$$'$$'$$'##& )*1Ro.Ux(-4$$&(.58h</pre><pre>9:=%&) ,/* / ,/'( #</pre><pre>$$(77:==?<<><<>>=?679!!%</pre><pre>sstnnpddf?>AIILTTW /**.nnpggj##(-.1UUXFEHEEHhhj_^_{</pre><pre>}{}~}}|{||||</pre><pre>}}}~}}~}|}||}|{}{{~}{</pre><pre>/ ).)(.)'.)&.(%.)%0*&0*&0*%0*$0*#0)".'</pre><pre>1 (623.'</pre><pre>.Sa=RN</pre><pre><assemblyIdentity version="1.0.0.0"><pre>name="OptimizerPro.exe"</pre><pre><requestedExecutionLevel><pre><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" /></pre><pre><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" /></pre><pre><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" /></pre><pre>name="Microsoft.Windows.Common-Controls"</pre><pre>version="6.0.0.0"</pre><pre>publicKeyToken="6595b64144ccf1df"</pre><pre>Unspecified error (%d) from %s.</pre><pre>miranda32.exe</pre><pre>PIDLs to operate on are not siblings of the Namespace doing the operation.</pre><pre>Unable to find RegSvr32.exe executable.</pre><pre>RegSvr32.exe</pre><pre>*.dat</pre><pre>\msnmsgr.exe</pre><pre>\msgslang.dll</pre><pre>\msgslang.</pre><pre>Software\Microsoft\MSNMessenger\PerPassportSettings\</pre><pre>*.xml</pre><pre>*.html</pre><pre>\settings.xml</pre><pre>\config.xml</pre><pre>\main.db</pre><pre>Windows Registry Editor Version 5.00</pre><pre>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]</pre><pre>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]</pre><pre>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting]</pre><pre>"DoReport"=dword:00000001</pre><pre>"DoReport"=dword:00000000</pre><pre>[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\Power]</pre><pre>"PromptPasswordOnResume"=dword:00000001</pre><pre>"PromptPasswordOnResume"=dword:00000000</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]</pre><pre>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]</pre><pre>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]</pre><pre>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]</pre><pre>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]</pre><pre>[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]</pre><pre>[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]</pre><pre>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</pre><pre>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]</pre><pre>"FormSuggest Passwords"="YES"</pre><pre>"FormSuggest Passwords"="NO"</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]</pre><pre>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</pre><pre>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]</pre><pre>les\Optimizer Pro\OptimizerPro.exe</pre><pre>TCHANGESSHORTFORM</pre><pre>PLicense information for %s not found. You cannot use this control in design mode</pre><pre>Bogus JPEG tables field.%Fractional JPEG scanline unsupported.</pre><pre>OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalid</pre><pre>9Cannot load image. Invalid or unexpected %s image format. Invalid color format in %s file.</pre><pre>Stream read error in %s file.1Cannot load image. %s not supported for %s files..Cannot load image. CRC error found in %s file.6Cannot load image. Compression error found in %s file.:Cannot load image. Extra compressed data found in %s file.1Cannot load image. Palette in %s file is invalid.>Cannot load PNG image. Unexpected but critical chunk detected.</pre><pre>The compression scheme isJConversion between indexed and non-indexed pixel formats is not supported.8Color conversion failed. Could not find a proper method.AColor depth is invalid. Bits per sample must be 1, 2, 4, 8 or 16.ESample count per pixel does not correspond to the given color scheme.5Subsampling value is invalid. Allowed are 1, 2 and 4.CVertical subsampling value must be <= horizontal subsampling value.</pre><pre>Portable map images</pre><pre>Portable pixel map images</pre><pre>Portable gray map images</pre><pre>Portable bitmap images</pre><pre>Portable network graphic images</pre><pre>"Run length encoded Windows bitmaps"Device independant Windows bitmaps</pre><pre>Windows icons</pre><pre>Windows metafiles</pre><pre>Windows enhanced meta files</pre><pre>Attempt to register %s twice.</pre><pre>Windows bitmaps</pre><pre>JPEG error #%d</pre><pre>Unsupported PixelFormat</pre><pre>Invalid stream operation</pre><pre>Invalid extension introducerúiled to allocate memory for GIF DIB</pre><pre>Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size</pre><pre>Unknown GIF block type'Object type not supported for operation</pre><pre>"%s"8</pre><pre>Unsupported GIF version</pre><pre>"%s".</pre><pre>"%s".%</pre><pre>Command not supported.</pre><pre>Address type not supported.$Error accepting connection with SSL.</pre><pre>Error creating SSL context. Could not load root certificate.</pre><pre>Could not load certificate.#Could not load key, check password.</pre><pre>SSL status: "%s"</pre><pre>Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.</pre><pre>Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.</pre><pre>Operation would block.</pre><pre>Operation now in progress.</pre><pre>Operation already in progress.</pre><pre>Socket operation on non-socket.</pre><pre>Protocol not supported.</pre><pre>Socket type not supported."Operation not supported on socket.</pre><pre>Protocol family not supported.0Address family not supported by protocol family.</pre><pre>&Error on loading Winsock2 library (%s)</pre><pre>Resolving hostname %s.</pre><pre>Connecting to %s.</pre><pre>Chunk StartedDThis authentication method is already registered with class name %s.</pre><pre>%s is not a valid service.</pre><pre>Socket Error # %d</pre><pre>%s is not a valid IP address.</pre><pre>;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.</pre><pre>File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed</pre><pre>No data to read.$Can not bind in port range (%d - %d)</pre><pre>Invalid Port Range (%d - %d)</pre><pre>Max line length exceeded.*Error on call Winsock2 library function %s</pre><pre>RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL</pre><pre>Date exceeds maximum of %s</pre><pre>Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range</pre><pre>No help keyword specified.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents</pre><pre>No help found for %s#No context-sensitive help installed$No topic-based help system installed</pre><pre>Value must be between %d and %d</pre><pre>Unable to insert a line Clipboard does not support Icons</pre><pre>Text exceeds memo capacity/Menu '%s' is already being used by another form</pre><pre>Invalid operation on TOleGraphic$Unknown picture file extension (.%s)</pre><pre>Unsupported clipboard format</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>?#''%s'' is not a valid date and time</pre><pre>Unable to write to %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Operation not supported</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation</pre><pre>Invalid NULL variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Operation aborted(Exception %s in module %s at %p.</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value</pre><pre>'%s' is not a valid date</pre><pre>'%s' is not a valid time!'%s' is not a valid date and time</pre><pre>I/O error %d</pre><pre>3.2.0.0</pre>OptimizerPro.exe_1500_rwx_02441000_000B9000:<pre>%f<jb><pre>aSSSh</pre><pre>.VVVVVSRSSj</pre><pre>FTPjK</pre><pre>FtPj;</pre><pre>C.PjRV</pre><pre>tGHt.Ht&</pre>LiveSupport.exe_216:<pre>.text</pre><pre>`.rdata</pre><pre>@.data</pre><pre>.rsrc</pre><pre>@.reloc</pre><pre>8%u:j</pre><pre>xSSSh</pre><pre>FTPjKS</pre><pre>FtPj;S</pre><pre>C.PjRV</pre><pre>RegOpenKeyTransactedW</pre><pre>RegCreateKeyTransactedW</pre><pre>RegDeleteKeyTransactedW</pre><pre>FRegDeleteKeyExW</pre><pre>Visual C CRT: Not enough memory to complete call to strerror.</pre><pre>portuguese-brazilian</pre><pre>Broken pipe</pre><pre>Inappropriate I/O control operation</pre><pre>Operation not permitted</pre><pre>operator</pre><pre>GetProcessWindowStation</pre><pre>RPCRT4.dll</pre><pre>InternetOpenUrlW</pre><pre>HttpQueryInfoW</pre><pre>WININET.dll</pre><pre>GdiplusShutdown</pre><pre>gdiplus.dll</pre><pre>SHLWAPI.dll</pre><pre>VERSION.dll</pre><pre>GetProcessHeap</pre><pre>KERNEL32.dll</pre><pre>USER32.dll</pre><pre>RegOpenKeyExW</pre><pre>RegCreateKeyExW</pre><pre>RegDeleteKeyW</pre><pre>RegCloseKey</pre><pre>RegQueryInfoKeyW</pre><pre>RegEnumKeyExW</pre><pre>RegFlushKey</pre><pre>ADVAPI32.dll</pre><pre>ole32.dll</pre><pre>ShellExecuteW</pre><pre>ShellExecuteExW</pre><pre>SHELL32.dll</pre><pre>OLEAUT32.dll</pre><pre>COMCTL32.dll</pre><pre>GDI32.dll</pre><pre>GetCPInfo</pre><pre>.?AV?$CFlagStateDlg@VCSupportContainerDlg@@@@</pre><pre>.?AV?$CDialogImpl@VCSupportContainerDlg@@VCWindow@ATL@@@ATL@@</pre><pre>.?AVCCmdLineOptions@@</pre><pre>.?AVCHttpHelper@@</pre><pre>.?AVCSupportContainerDlg@@</pre><pre>.?AVIHttpObserver@@</pre><pre>zcÁ</pre><pre>%c:^"</pre><pre>`%c:*</pre><pre>a).Wc@</pre><pre>50!`A.egu</pre><pre>%SDDB</pre><pre>A.eu~</pre><pre>.Ny_>`_</pre><pre>vF%D@D</pre><pre>.bm' O</pre><pre>L:.KeBf</pre><pre>.Hj(^</pre><pre>-.uwl</pre><pre>f%s$o</pre><pre>V.LGm</pre><pre>.Dt!n\</pre><pre> K.eOpmd</pre><pre>RI.lvy</pre><pre>.ZKl/ Z,</pre><pre>\iTXtXML:com.adobe.xmp</pre><pre>" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:D55BB01090EFE211ACDE8560C64C7E45" xmpMM:DocumentID="xmp.did:EA5144FCF05511E2B7E798039BD56FBF" xmpMM:InstanceID="xmp.iid:EA5144FBF05511E2B7E798039BD56FBF" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D55BB01090EFE211ACDE8560C64C7E45" stRef:documentID="xmp.did:D55BB01090EFE211ACDE8560C64C7E45" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?></pre><pre>iTXtXML:com.adobe.xmp</pre><pre>" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:ABDDC127FAB511E2AF40EC6881A4C2FD" xmpMM:DocumentID="xmp.did:ABDDC128FAB511E2AF40EC6881A4C2FD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ABDDC125FAB511E2AF40EC6881A4C2FD" stRef:documentID="xmp.did:ABDDC126FAB511E2AF40EC6881A4C2FD" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?></pre><pre>" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:B65DA3C4FDF9E211A6FF95665BD7D125" xmpMM:DocumentID="xmp.did:12D33543FAB411E282A6DA328A34807F" xmpMM:InstanceID="xmp.iid:12D33542FAB411E282A6DA328A34807F" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B65DA3C4FDF9E211A6FF95665BD7D125" stRef:documentID="xmp.did:B65DA3C4FDF9E211A6FF95665BD7D125" /> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>></pre><pre><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"></compatibility></assembly></pre><pre><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS></pre><pre><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS></pre><pre><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS></pre><pre>6f6C6T6b6s6</pre><pre>: :$:(:,:0:4:8:</pre><pre>4 4$4(4,404|:</pre><pre>:(:4:<:\:</pre><pre>2 2<2@2`2</pre><pre>3 3@3\3`3</pre><pre>(0@0`0|0</pre><pre>Advapi32.dll</pre><pre>HKEY_CLASSES_ROOT</pre><pre>HKEY_CURRENT_USER</pre><pre>HKEY_LOCAL_MACHINE</pre><pre>HKEY_USERS</pre><pre>HKEY_PERFORMANCE_DATA</pre><pre>HKEY_DYN_DATA</pre><pre>HKEY_CURRENT_CONFIG</pre><pre>cmdonly</pre><pre>LiveSupport_MainDlg</pre><pre>LiveSupport</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>unins000.exe</pre><pre>_log.txt</pre><pre>AdsLicenseKey</pre><pre>AdsRunKey</pre><pre>CallbannerUrl</pre><pre>Cmd params:</pre><pre>24x7 Tech Support</pre><pre>Live Support</pre><pre>UrlTerms</pre><pre>UrlPrivacy</pre><pre>UrlAbout</pre><pre>UrlFAQ</pre><pre>Uninstall LiveSupport</pre><pre>New update package is available for LiveSupport.</pre><pre>Support</pre><pre>AdsDownloadUrl</pre><pre>http://www.pcutilitiespro.com/terms-and-conditions.aspx</pre><pre>http://www.pcutilitiespro.com/privacy.aspx</pre><pre>http://www.pcutilitiespro.com/livesupport.aspx</pre><pre>http://www.pcutilitiespro.com/faq.aspx</pre><pre>SoftUpdateUrl</pre><pre>http://updates.livesupport.pcutilitiespro.com</pre><pre>Software\LiveSupport</pre><pre>Display icon on all windows</pre><pre>@_update.exe</pre><pre>/LiveSupport_setup_%ver%.exe</pre><pre>Call us now for instant Technical Support and Assistance for PC issues such as network, printer, software installation and much more</pre><pre>Certified Trained Technicians</pre><pre>LiveSupport-</pre><pre>mscoree.dll</pre><pre>- Attempt to initialize the CRT more than once.</pre><pre>- CRT not initialized</pre><pre>- floating point support not loaded</pre><pre>nKERNEL32.DLL</pre><pre>WUSER32.DLL</pre><pre>%Program Files%\LiveSupport\LiveSupport.exe</pre><pre>"GENERAL_CALL","24x7 Tech Support",</pre><pre>"MDLG_MAIN_PAGE","< Support","< Startseite"</pre><pre>"MDLG_TSKBAR_TOOLTIP","Click here for instant access to technical support from the %APP_BRAND%","Klicken Sie hier f</pre><pre>r sofortigen Zugriff auf technischen Support von der %APP_BRAND%"</pre><pre>"SPDLG_TITLE_2","Support","-Support"</pre><pre>"SPDLG_TITLE_3","Your Certified PC Expert","Certified geschulte Techniker"</pre><pre>r den sofortigen technischen Support und Unterst</pre><pre>"SPDLG_TABTITLE","Support","Support"</pre><pre>"SCDLG_NETERROR","Error occurred while downloading %UPSELL_BRAND%. ","Internet Fehler beim Herunterladen% UPSELL_BRAND%."</pre><pre>"FDLG_LINK_UNINSTALL","Uninstall LiveSupport","Deinstallieren Live Support"</pre><pre><a>Uninstall LiveSupport</a></pre><pre>1234567</pre><pre>Replace%Select the entire document</pre><pre>Arrange Icons/Arrange windows so they overlap</pre><pre>Cascade Windows5Arrange windows as non-overlapping tiles</pre><pre>Tile Windows5Arrange windows as non-overlapping tiles</pre><pre>Tile Windows(Split the active window into panes</pre><pre>1.2.8.0</pre><pre>LiveSupport.exe</pre></jb></pre></requestedExecutionLevel></pre></assemblyIdentity></pre></pre></PW></pre></pre></pre></pre></pre></pre></pre></pre></pre>