Adware.OptimizerEliteMax

Short bio

Adware.OptimizerEliteMax is Malwarebytes’ detection name for installers of One System Care Sp. Zo.o., which are known for their potentially unwanted Windows system optimizers.

Symptoms

Adware.OptimizerEliteMax reminds the user to buy or register the system optimizer it installed.

Protection

Malwarebytes protects users from Adware.OptimizerEliteMax by using real-time protection.

block Adware.OptimizerEliteMax

Malwarebytes blocks Adware.OptimizerEliteMax

Remediation

Malwarebytes can detect and remove Adware.OptimizerEliteMax without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes removal log of a system affected by a member of the Adware.OptimizerEliteMax family:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/14/17
Scan Time: 9:28 AM
Logfile: mbamOneSystemCare.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1257
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360070
Time Elapsed: 3 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 3
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\SYSTEMCONSOLE.EXE, Quarantined, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE, Quarantined, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Quarantined, [537], [311034],1.0.1257

Module: 1
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Quarantined, [537], [311034],1.0.1257

Registry Key: 12
Adware.OptimizerEliteMax, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OneSystemCare, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, HKCU\SOFTWARE\One System Care, Delete-on-Reboot, [578], [311038],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11FD0FCC-787D-4FF1-B466-D5659CEA6633}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D89F1C3-36A8-4429-8FC1-0B263DA7E332}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668D20B7-A868-4B90-AF03-489B802C5E0A}, Delete-on-Reboot, [578], [258294],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04F6E92-DB17-4ED4-8BB7-2F698ABDAD9E}, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Monitor, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Run Delay, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Task, Delete-on-Reboot, [578], [241385],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, Delete-on-Reboot, [578], [241385],1.0.1257

Registry Value: 10
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|DhcpNameServer, Replace-on-Reboot, [46], [-1],0.0.0
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{11FD0FCC-787D-4FF1-B466-D5659CEA6633}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D89F1C3-36A8-4429-8FC1-0B263DA7E332}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{668D20B7-A868-4B90-AF03-489B802C5E0A}|PATH, Delete-on-Reboot, [578], [258294],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04F6E92-DB17-4ED4-8BB7-2F698ABDAD9E}|PATH, Delete-on-Reboot, [578], [258705],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Delete-on-Reboot, [578], [336950],1.0.1257
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Delete-on-Reboot, [578], [336950],1.0.1257

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\2a2276f9-0b93-0, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\2a2276f9-20a1-1, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\WL, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\USERS\{username}\APPDATA\ROAMING\One System Care, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAM FILES (X86)\ONESYSTEMCARE, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE, Delete-on-Reboot, [578], [241379],1.0.1257

File: 35
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\2a2276f9-0b93-0\BITA281.tmp, Delete-on-Reboot, [46], [182288],1.0.1257
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{057E7947-780B-0E0B-7D11-0E0D0B0C110F}, Delete-on-Reboot, [46], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\2a2276f9-20a1-1\BITA119.tmp, Delete-on-Reboot, [46], [182288],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\SYSTEMCONSOLE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Danish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Dutch.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\English.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\French.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\German.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Italian.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Norwegian.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Parameters.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Portuguese.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Spanish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\Swedish.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\Languages\tmpLang.json, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\CallBanner.png, Delete-on-Reboot, [578], [178764],1.0.1257
PUP.Optional.OneSystemCare, C:\Users\{username}\AppData\Roaming\One System Care\FinishedScan.png, Delete-on-Reboot, [578], [178764],1.0.1257
Adware.OptimizerEliteMax, C:\USERS\{username}\DESKTOP\ONESYSTEMCARE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\USERS\PUBLIC\DESKTOP\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [578], [241377],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\UNINSTALLER.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
Adware.OptimizerEliteMax, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, Delete-on-Reboot, [537], [311034],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.INI, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\cancel.bmp, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\osc.ico, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\Program Files (x86)\OneSystemCare\uninstall.bmp, Delete-on-Reboot, [578], [241378],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\TASKS\ONE SYSTEM CAREPERIOD.JOB, Delete-on-Reboot, [578], [241382],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Monitor, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Run Delay, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System CarePeriod, Delete-on-Reboot, [578], [241381],1.0.1257
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE\LAUNCH ONE SYSTEM CARE.LNK, Delete-on-Reboot, [578], [241379],1.0.1257
PUP.Optional.OneSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care\One System Care on the Web.url, Delete-on-Reboot, [578], [241379],1.0.1257

Physical Sector: 0
(No malicious items detected)


(end)

Related blog content

Registry cleaners: digital snake oil
How to remove adware from your PC

Select your language