Adware.OptimizerEliteMax

Short bio

Adware.OptimizerEliteMax is Malwarebytes’ detection name for installers of One System Care Sp. Zo.o., which are known for their potentially unwanted  Windows system optimizers.

Symptoms

Adware.OptimizerEliteMax reminds the user to buy or register the system optimizer it installed.

Protection

Malwarebytes protects users from Adware.OptimizerEliteMax by using real-time protection.

block Adware.OptimizerEliteMax

Malwarebytes blocks Adware.OptimizerEliteMax

Remediation

Malwarebytes can detect and remove Adware.OptimizerEliteMax without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Malwarebytes removal log

A Malwarebytes removal log of a system affected by a member of the Adware.OptimizerEliteMax family:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/14/17
Scan Time: 9:28 AM
Logfile: mbamOneSystemCare.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1257
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360070
Time Elapsed: 3 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 3
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\SYSTEMCONSOLE.EXE, Quarantined, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE, Quarantined, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Quarantined, [537], [311034],1.0.1257

Module: 1
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Quarantined, [537], [311034],1.0.1257

Registry Key: 12
Adware.OptimizerEliteMax, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OneSystemCare, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, HKCU\SOFTWARE\One System Care, Delete-on-Reboot, [578], [311038],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11FD0FCC-787D-4FF1-B466-D5659CEA6633}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D89F1C3-36A8-4429-8FC1-0B263DA7E332}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668D20B7-A868-4B90-AF03-489B802C5E0A}, Delete-on-Reboot, [578], [258294],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04F6E92-DB17-4ED4-8BB7-2F698ABDAD9E}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Monitor, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Run Delay, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Task, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, Delete-on-Reboot, [578], [241385],1.0.1257

Registry Value: 10
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11FD0FCC-787D-4FF1-B466-D5659CEA6633}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D89F1C3-36A8-4429-8FC1-0B263DA7E332}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668D20B7-A868-4B90-AF03-489B802C5E0A}|PATH, Delete-on-Reboot, [578], [258294],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04F6E92-DB17-4ED4-8BB7-2F698ABDAD9E}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Delete-on-Reboot, [578], [336950],1.0.1257

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\2a2276f9-0b93-0, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\2a2276f9-20a1-1, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\WL, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\USERS\{username}\APPDATA\ROAMING\One System Care, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAM FILES (X86)\ONESYSTEMCARE, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE, Delete-on-Reboot, [578], [241379],1.0.1257

File: 35
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\2a2276f9-0b93-0\BITA281.tmp, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{057E7947-780B-0E0B-7D11-0E0D0B0C110F}, Delete-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\2a2276f9-20a1-1\BITA119.tmp, Delete-on-Reboot, [46], [182288],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\SYSTEMCONSOLE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Danish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Dutch.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\English.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\French.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\German.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Italian.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Norwegian.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Parameters.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Portuguese.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Spanish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Swedish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\tmpLang.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\CallBanner.png, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\FinishedScan.png, Delete-on-Reboot, [578], [178764],1.0.1257
Adware.OptimizerEliteMax, C:\USERS\{username}\DESKTOP\ONESYSTEMCARE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\USERS\PUBLIC\DESKTOP\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [578], [241377],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\UNINSTALLER.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.INI, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\cancel.bmp, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\osc.ico, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\uninstall.bmp, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\TASKS\ONE SYSTEM CAREPERIOD.JOB, Delete-on-Reboot, [578], [241382],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Monitor, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Run Delay, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System CarePeriod, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [578], [241379],1.0.1257
PUP.Optional.OneSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care\One System Care on the Web.url, Delete-on-Reboot, [578], [241379],1.0.1257

Physical Sector: 0
(No malicious items detected)


(end)

Related blog content

Registry cleaners: digital snake oil
How to remove adware from your PC

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language