MD5: cff54d0d1373c080573a133eb5d29b35
SHA1: a4b05b6448af950e615ef96c16fc0ea5a3ea59b6
SHA256: 2ce84da0112792fef57e72a251a495791ae7545f2df2498c6feb4c6782166c37
SSDeep: 98304:C3YobVRxj94j/JpY6A7PFLiWg5RxjUZzs:QYeujnY6aIrYZQ
Size: 3455992 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-10-11 21:48:11
Analyzed on: Windows7 SP1 32-bit

Summary:

Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Payload

Process activity

The Trojan-Banker creates the following process(es):

DriverPro.exe:3704
drvprosetup.exe:2216
drvprosetup.tmp:3600
%original file name%.exe:1828
DPStartScan.exe:1612

The Trojan-Banker injects its code into the following process(es):

DriverPro.exe:2064
DPTray.exe:3248

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process DriverPro.exe:2064 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers32.db (1849549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Devices.ini (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\program.log (1130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\PCInfo.ini (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\current_7_32_zxw.7z (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Scan.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers32.db-journal (1090 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers.db (2721 bytes)

The Trojan-Banker deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DriverPro.madExcept (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\current_7_32_zxw.7z (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers32.db-journal (0 bytes)

The process DriverPro.exe:3704 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\program.log (129 bytes)
%Program Files%\Driver Pro\sqlite3.dll (524 bytes)

The Trojan-Banker deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DriverPro.madExcept (0 bytes)

The process drvprosetup.exe:2216 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-DJAT7.tmp\drvprosetup.tmp (50 bytes)

The Trojan-Banker deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-DJAT7.tmp\drvprosetup.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-DJAT7.tmp (0 bytes)

The process drvprosetup.tmp:3600 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

%Program Files%\Driver Pro\is-N64UU.tmp (3073 bytes)
%Program Files%\Driver Pro\is-V2NU5.tmp (54 bytes)
%Program Files%\Driver Pro\is-OC5U5.tmp (26 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-GU4M9.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files%\Driver Pro\is-LM9JT.tmp (6841 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Driver Pro.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Driver Pro.lnk (984 bytes)
%Program Files%\Driver Pro\DPStartScan.exe (843 bytes)
%Program Files%\Driver Pro\is-1UU0J.tmp (6841 bytes)
%Program Files%\Driver Pro\unins000.msg (646 bytes)
%Program Files%\Driver Pro\is-VLKRR.tmp (12 bytes)
%Program Files%\Driver Pro\unins000.exe (49 bytes)
%Program Files%\Driver Pro\unins000.dat (9532 bytes)
%Program Files%\Driver Pro\is-9S5CR.tmp (31891 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\is-S8EJV.tmp (61 bytes)
%Program Files%\Driver Pro\is-TFLU1.tmp (23811 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Help.lnk (1 bytes)
%Program Files%\Driver Pro\is-KPA66.tmp (56 bytes)
%Program Files%\Driver Pro\DPTray.exe (831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\is-N1HDO.tmp (4 bytes)
%Program Files%\Driver Pro\is-PRJ2L.tmp (5873 bytes)
%Program Files%\Driver Pro\is-6QT3G.tmp (5873 bytes)
%Program Files%\Driver Pro\is-TAM0O.tmp (547 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Uninstall Driver Pro.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Driver Pro on the Web.lnk (997 bytes)
%Program Files%\Driver Pro\DriverPro.exe (291 bytes)

The Trojan-Banker deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-GU4M9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-GU4M9.tmp\_isetup\_shfoldr.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-GU4M9.tmp\_isetup (0 bytes)

The process %original file name%.exe:1828 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (5272 bytes)
C:\$Directory (768 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (4960 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\drvprosetup.exe (388390 bytes)

Registry activity

The process DriverPro.exe:2064 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Driver Pro]
"s_Enable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Driver Pro]
"UpdateWindowShown" = "0"
"LastUpdate" = "4A 5C 29 90 9F 11 E5 40"
"s_SmartExec" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Driver Pro]
"InstallStat" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Driver Pro]
"ShowAlertMessages" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Driver Pro]
"s_SmartMode" = "0"
"ShowUpdateWindow" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Driver Pro]
"TotalDrivers" = "81"
"ProxyPassword" = ""

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Driver Pro]
"s_Time" = "4A 5C 29 90 9F 11 E5 40"
"LastScan" = "35 55 BB 8F 9F 11 E5 40"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Driver Pro]
"DownloadPath" = "C:\Users\"%CurrentUserName%"\Documents\Driver Pro\Drivers\"
"TrayNotification" = "1"

"ShowRebootMessage" = "1"
"UseProxy" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Driver Pro]
"ForceUpdate" = "0"
"OutdatedDrivers" = "2"
"nDownloads" = "3"
"LastDatabaseCheck" = "4A 5C 29 90 9F 11 E5 40"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Driver Pro]
"s_SmartDate" = "4A 5C 29 90 7F 11 E5 40"
"DatabaseDate" = "4A 5C 29 90 9F 11 E5 40"
"ShowSRPMessage" = "1"
"ScanExecuted" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Driver Pro]
"s_SmartScan" = "1"
"StartWithWindows" = "0"
"s_Mode" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\DriverPro_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Driver Pro]
"AppStart" = "1"
"InstallationDate" = "02-17-2018"
"QuerryDate" = "A0 B8 BB 8F 9F 11 E5 40"
"ProxyPort" = ""
"ProxyAddress" = ""
"ProxyLogin" = ""
"BackupPath" = "C:\Users\"%CurrentUserName%"\Documents\Driver Pro\Backup\"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process DriverPro.exe:3704 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 6B 94 4F E7 37 A8 D3 01"
"{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 8A AD 43 E7 37 A8 D3 01"
"{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 6B 94 4F E7 37 A8 D3 01"
"{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 6B 94 4F E7 37 A8 D3 01"
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 6B 94 4F E7 37 A8 D3 01"

The process drvprosetup.tmp:3600 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "6F 02 50 56 60 95 2C 27 22 7A D7 7A 31 9E 2D 91"
"RegFiles0000" = "%Program Files%\Driver Pro\DriverPro.chm, %Program Files%\Driver Pro\DriverPro.exe, %Program Files%\Driver Pro\DPTray.exe, %Program Files%\Driver Pro\sqlite3.dll, %Program Files%\Driver Pro\7z.dll, %Program Files%\Driver Pro\DrvProHelper.dll, %Program Files%\Driver Pro\DPStartScan.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"NoRepair" = "1"
"Inno Setup: Language" = "en"
"Inno Setup: Deselected Tasks" = ""
"URLUpdateInfo" = "http://www.pcutilitiespro.com"
"DisplayVersion" = "3.2.0.2"
"Inno Setup: User" = "%CurrentUserName%"
"Inno Setup: Icon Group" = "Driver Pro"
"Inno Setup: Setup Version" = "5.5.3 (u)"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "89 8D 26 75 28 B9 98 A4 27 6B F0 78 EA AF 0E 43"
"Owner" = "10 0E 00 00 8E 42 53 E6 37 A8 D3 01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"MajorVersion" = "3"
"UninstallString" = "%Program Files%\Driver Pro\unins000.exe"
"DisplayName" = "Driver Pro v3.2.0.2"
"Inno Setup: App Path" = "%Program Files%\Driver Pro"
"InstallLocation" = "%Program Files%\Driver Pro\"

[HKCU\Software\Driver Pro]
"CBM" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"URLInfoAbout" = "http://www.pcutilitiespro.com"

[HKCU\Software\Driver Pro]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"HelpLink" = "http://www.pcutilitiespro.com"
"InstallDate" = "20180217"
"Publisher" = "PC Utilities Software Limited"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

"QuietUninstallString" = "%Program Files%\Driver Pro\unins000.exe /SILENT"
"NoModify" = "1"
"MinorVersion" = "2"
"EstimatedSize" = "8567"

To automatically run itself each time Windows is booted, the Trojan-Banker adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Pro" = "%Program Files%\Driver Pro\DPLauncher.exe"

The Trojan-Banker deletes the following registry key(s):

[HKCU\Software\Microsoft\RestartManager\Session0000]

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"
"Sequence"
"RegFiles0000"
"SessionHash"
"Owner"

The process %original file name%.exe:1828 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Driver Pro]
"setupname" = "c:\%original file name%.exe"

The process DPTray.exe:3248 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Driver Pro]
"s_Enable" = "0"
"s_Exec" = "0"
"s_SmartMode" = "0"
"s_SmartScan" = "1"
"s_SmartDate" = "5C AB EE 8F 7F 11 E5 40"
"TrayNotification" = "1"
"StartWithWindows" = "0"
"s_Mode" = "0"

The process DPStartScan.exe:1612 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Driver Pro]
"SupportURL" = "http://support.pcutilitiespro.com/"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Driver Pro]
"MachineGuid" = "795007DB-A757-216B-A80E-F2ECFB2EC252"
"UninstallURL" = "https://safecart.com/pcutilitiespro/.dp-xsell-special/purchase?sid=121000530-BA-003"
"DelayedStart" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASMANCS]
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Driver Pro]
"UseAds" = "0"
"OS" = "106"
"BuyNowURL" = "http://conversion.pcutilitiespro.revenuewire.net/driverpro/xsell?121000530-BA-003_795007DB-A757-216B-A80E-F2ECFB2EC252"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASAPI32]
"FileDirectory" = "%windir%\tracing"

"EnableConsoleTracing" = "0"

[HKCU\Software\Driver Pro]
"Querry" = "http://bi.softservers.net/t/dp?sid=121000530-BA-003&dt=%dt%&gid=%GID%&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=2280830529"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Driver Pro]
"homepageurl" = "http://www.pcutilitiespro.com/"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Driver Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Driver Pro]
"InstallDate" = "4B 81 06 90 9F 11 E5 40"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Driver Pro]
"QuerryDate" = "30 A4 12 90 9F 11 E5 40"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\DPStartScan_RASMANCS]
"FileDirectory" = "%windir%\tracing"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: PC Utilities Software Limited
Product Name: Driver Pro v3.2
Product Version: 3.2.0.2
Legal Copyright: PC Utilities Software Limited
Legal Trademarks:
Original Filename: Driver Pro
Internal Name: Driver Pro
File Version: 3.2.0.2
File Description: Keep your PC drivers up to date
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 105
17df9b252cbbdc407b323ccdb5796bff
0ce4bf2afce24b6bbf4528dc2886789f
a189570b3a637b1f30d2f5414569139d
fd07372c188a0fba50f8bb33d69fd459
5cf5d44d6b75fa24ded76d561ed26a03
146c90a0ded31bc55fd41dbb78d25acd
87b85e6c5e5d816c7e3e1837c4622b48
131ffe66cbef2a96ee8524f41e912842
99034e8b66bcb98f2a3ff60900c0e244
b62ca58d8d75868f7dab8a425246b937
997f5ec6cc8e0c66c86391c90920af8d
cd406d51581cbfec5d7fe46db4138bcf
b0b112d1cfb8a45abff860504ecc1a76
74473fe566a0696aa4c2e8b0178ad1b9
fb2e89a39e269f977656c169b3efe569
c37d609cf0dff83389313a7a7dd7f36d
1a4b08fa615228f2b6b8ef75e9eeee30
ed7f1101e9fc013d3b445c3155ce7790
8c24d380e6e10a414291284099d4e79f
1e9acd92b4b2c1731095f74f0be36e87
5ce0a96453dfef1d63bc997ad823ba4f
72d8c3e540a8d2fe3992f5eb00f864e1
34fc3a6e52a7e2ab581179886765f1ae
ceeca445f91b606d63c37f283483ff0d
972328cba735ac22cae4e3b23a668e13

URLs

URL	IP
hxxp://bi.softservers.net/t/dp?sid=121000530-BA-003&dt=1518910819&gid=795007DB-A757-216B-A80E-F2ECFB2EC252&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=106&f=2280830529	104.24.107.203
hxxp://service.smartpcupdate.com/rpc/sendinstall?partner=PCUtilitiesPro&build=3.2	176.9.2.105
hxxp://service.smartpcupdate.com/rpc/getdatabasezxw?arch=32&os=7	176.9.2.105
hxxp://d2.smartpcupdate.com/dbs/current_7_32_zxw.7z	94.130.13.99
hxxp://bi.softservers.net/t/dp?sid=121000530-BA-003&dt=1518910816&gid=795007DB-A757-216B-A80E-F2ECFB2EC252&tz=2&ln=1&lc=0&bis=1&bief=2&biefx=0&bif=0&os=106&f=2280830529	104.24.107.203

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /rpc/getdatabasezxw?arch=32&os=7 HTTP/1.1

Content-Type: text/html

Host: service.smartpcupdate.com

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Sat, 17 Feb 2018 21:45:24 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/7.0.13
81..{"ok":1,"error":0,"url":"http:\/\/d2.smartpcupdate.com\/dbs\/curre
nt_7_32_zxw.7z","file_hash":"3d69bbeec228d17e4199be3420e6360b"}..0..

HEAD /dbs/current_7_32_zxw.7z HTTP/1.1

Content-Type: text/html

Host: d2.smartpcupdate.com

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.12.0

Date: Sat, 17 Feb 2018 21:40:09 GMT

Content-Type: application/x-7z-compressed

Content-Length: 1091619

Last-Modified: Sun, 17 Jul 2016 17:42:36 GMT

Connection: keep-alive

ETag: "578bc38c-10a823"

Accept-Ranges: bytes
....


GET /dbs/current_7_32_zxw.7z HTTP/1.1

Content-Type: text/html

Host: d2.smartpcupdate.com

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.12.0

Date: Sat, 17 Feb 2018 21:40:09 GMT

Content-Type: application/x-7z-compressed

Content-Length: 1091619

Last-Modified: Sun, 17 Jul 2016 17:42:36 GMT

Connection: keep-alive

ETag: "578bc38c-10a823"

Accept-Ranges: bytes
7z..'...=...........Y.......5.R..).E.`...&d..&.1...!..m...H|..Z.=...t.
..{........=.lp.......O.X.....@&....$r~....G^..#E..#....d..L....S....9
.;}..k.........z.!.?c.#Lfke.z.Q.2...qw..b..H87,>W..T.z.....9....p.e
>.#H{.....Q>.../.$...96..us...x.U.!........1.....\......RW.b.t."
j.>Dpd.]..W.m@I..X.,CT.....Y....|2.f.>.a,.d4\......W....W......#
.N..A;..0..LW..8.....8... aL..,9..[cw0`..Ts..3J..8.y.|..l.zx..a.9....L
..3V....(.#..(.....'b.]..s/...]Fb.......v$...8...<......*'......go.
.S.o.;@ P.r..._....$x.......*..."........w....w....O. .@nIr...^3.R4..[
........\%. ..w......^..5...Z4)[.`>'...$.s.r=..;.W,.....b.S.`...g.&
gt;KN../...A.q.M..............[..8...C......793%X...=.T....,l4!,U.k.!.
~.-....[zqI...'..t..OW...bC6s.....#IS<.5V!Y|.....c5....Q.4 ..j...|.
E.........Q..F..bv".Z...g.vL.............$m2g.....w.....|=.2R.].i...Y@
.3...M...~qt...:.....~.,9a{..W.T[...o.}..........dp....=..............
...!^|._..H........|P.v...5.F....$@.....=..z...DQ...7...13.x<..J..~
..b.......UX...=......yW.*50.Kn..WT...pe..Qq.......wYo1bZ.!..s.QE...Z.
7CI.....V.S .@..9?.,'z....5&.1.3...k;.n.>..}........`...8X...\..1..
..G......i...9&..8.E2p'... .....D..G.6....S8..(1..L..(.[A.......j|]|..
...c..8...w..&.*|p..{P2.g..I...LT.....Gm...Q ......L....*.oT.`..N.5.qd
I@..ELBw>.<".....(. 9."Q..@py.D(....P..0..7...... uGP.......j=..
0|.... O........).U.....R=...v....;K.L[.....: ...>y..W2.}$.Lz.C n`?
.${..o?.i..a......%...Q.=....?..'L....*.f.q.$..%.f..nX*..E.A`/:Y..50.~
OI...Fy..$&b.!....S..\%..=....hc.5R"....T...\u...9v.1..N...|..E...
<<< skipped >>>

GET /t/dp?sid=121000530-BA-003&dt=1518910816&gid=795007DB-A757-216B-A80E-F2ECFB2EC252&tz=2&ln=1&lc=0&bis=1&bief=2&biefx=0&bif=0&os=106&f=2280830529 HTTP/1.1

Content-Type: text/html

Host: bi.softservers.net

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 403 Forbidden

Date: Sat, 17 Feb 2018 21:40:15 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d363ca9836e7ab6520df218e70e9479951518903615; expires=Sun, 17-Feb-19 21:40:15 GMT; path=/; domain=.softservers.net; HttpOnly

Cache-Control: max-age=10

Expires: Sat, 17 Feb 2018 21:40:25 GMT

X-Frame-Options: SAMEORIGIN

Server: cloudflare

CF-RAY: 3eebe76fa1eb8b28-KBP
ce1..<!DOCTYPE html>.<!--[if lt IE 7]> <html class="no-
js ie6 oldie" lang="en-US"> <![endif]-->.<!--[if IE 7]>
    <html class="no-js ie7 oldie" lang="en-US"> <![endif]--&g
t;.<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-U
S"> <![endif]-->.<!--[if gt IE 8]><!--> <html 
class="no-js" lang="en-US"> <!--<![endif]-->.<head>.
<title>Access denied | bi.softservers.net used Cloudflare to res
trict access</title>.<meta charset="UTF-8" />.<meta htt
p-equiv="Content-Type" content="text/html; charset=UTF-8" />.<me
ta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<m
eta name="robots" content="noindex, nofollow" />.<meta name="vie
wport" content="width=device-width,initial-scale=1,maximum-scale=1" /&
gt;.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles
/cf.errors.css" type="text/css" media="screen,projection" />.<!-
-[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href=
"/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,proje
ction" /><![endif]-->.<style type="text/css">body{margi
n:0;padding:0}</style>.<!--[if lte IE 9]><script type="
text/javascript" src="/cdn-cgi/scripts/jquery.min.js"></script&g
t;<![endif]-->.<!--[if gte IE 10]><!--><script ty
pe="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></scrip
t><!--<![endif]-->.<script type="text/javascript" s
<<< skipped >>>

GET /rpc/sendinstall?partner=PCUtilitiesPro&build=3.2 HTTP/1.1

Host: service.smartpcupdate.com

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.10.2

Date: Sat, 17 Feb 2018 21:45:24 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/7.0.13
12..{"ok":1,"error":0}..0..

GET /t/dp?sid=121000530-BA-003&dt=1518910819&gid=795007DB-A757-216B-A80E-F2ECFB2EC252&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=106&f=2280830529 HTTP/1.1

Host: bi.softservers.net

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 403 Forbidden

Date: Sat, 17 Feb 2018 21:40:07 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d1edc3ab7f18e820accae9f8bc51cc3661518903607; expires=Sun, 17-Feb-19 21:40:07 GMT; path=/; domain=.softservers.net; HttpOnly

Cache-Control: max-age=10

Expires: Sat, 17 Feb 2018 21:40:17 GMT

X-Frame-Options: SAMEORIGIN

Server: cloudflare

CF-RAY: 3eebe739e3bf8406-KBP
ce1..<!DOCTYPE html>.<!--[if lt IE 7]> <html class="no-
js ie6 oldie" lang="en-US"> <![endif]-->.<!--[if IE 7]>
    <html class="no-js ie7 oldie" lang="en-US"> <![endif]--&g
t;.<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-U
S"> <![endif]-->.<!--[if gt IE 8]><!--> <html 
class="no-js" lang="en-US"> <!--<![endif]-->.<head>.
<title>Access denied | bi.softservers.net used Cloudflare to res
trict access</title>.<meta charset="UTF-8" />.<meta htt
p-equiv="Content-Type" content="text/html; charset=UTF-8" />.<me
ta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<m
eta name="robots" content="noindex, nofollow" />.<meta name="vie
wport" content="width=device-width,initial-scale=1,maximum-scale=1" /&
gt;.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles
/cf.errors.css" type="text/css" media="screen,projection" />.<!-
-[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href=
"/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,proje
ction" /><![endif]-->.<style type="text/css">body{margi
n:0;padding:0}</style>.<!--[if lte IE 9]><script type="
text/javascript" src="/cdn-cgi/scripts/jquery.min.js"></script&g
t;<![endif]-->.<!--[if gte IE 10]><!--><script ty
pe="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></scrip
t><!--<![endif]-->.<script type="text/javascript" s
<<< skipped >>>

The Trojan-Banker connects to the servers at the folowing location(s):

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s_%d

EInvalidGraphicOperation

USER32.DLL

UhÛ

comctl32.dll

uxtheme.dll

OnKeyDown

OnKeyPress@

OnKeyUpd

Proportional

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys

Uh.ED

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreviewx

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

OnActionExecute

1.2.3

Portable Network Graphics

hXXp://VVV.pcutilitiespro.com

pcspeedmaximizer.exe

PC Speed Maximizer\PCSpeedMaximizer.exe

PC Speed Maximizer Pro\PCSpeedMaximizerPro.exe

HomePageURL

AfterInstallURL

SupportURL

BuyNowURL

AdsDownloadURL

AdsBuyNowURL

AdsDownloadURL2

AdsBuyNowURL2

hXXps://safecart.com/pcutilitiespro/.driverpro

hXXp://support.pcutilitiespro.com

hXXp://dejebel.pcutilitiespro.revenuewire.net/optimizerpro/xsell

hXXp://filecdn.avanquest.com/rw/xsell/pcutilitiespro/dejebel/OptimizerPro.exe

optimizerpro.exe

Optimizer Pro\OptimizerPro.exe

*.status

MAPI32.DLL

%s detected a new device attached to your PC.

English.ini

French.ini

German.ini

Spanish.ini

Italian.ini

Portuguese.ini

Danish.ini

Dutch.ini

Swedish.ini

Polish.ini

Russian.ini

Brazilian.ini

Finnish.ini

Norwegian.ini

Japanese.ini

Chinese.ini

Czech.ini

Arabic.ini

StartWithWindows

s_Exec

Backup\*.*

Drivers\*.*

\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

UninstallURL

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

TBv}.Bv

user32.dll

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegCreateKeyExA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

shell32.dll

ShellExecuteA

shfolder.dll

0 0$0(0,000

?"?&?*?.?2?6?:?>?

?"?,?4?@?

:3: ;.<=<

5-6165696@6

0$1(1,101

? ?$?(?,?

9 989@9\9

9-95999L9u9}9

7‰8d8

7 7$7(7,70767

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

3333333

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

@000///1111*$&

Paint.NET v3.5.100

paint.net 4.0;

KWindows

UrlMon

%sTray

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

(%s found NN outdated drivers on your PC.

-%s detected a new device attached to your PC.

<assemblyIdentity version="1.0.0.0"

name="SmartDriverUpdater.exe"

<requestedExecutionLevel

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.7The png image could not be loaded from the resource ID.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.

No help keyword specified.jThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Property %s does not exist

Unsupported clipboard format

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Invalid stream format$''%s'' is not a valid component name

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

3.1.0.5

DriverPro.exe_2064:

.idata

.edata

P.tls

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

HKEY

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

comctl32.dll

USER32.DLL

uxtheme.dll

PasswordChar

OnKeyDownh

OnKeyPress

OnKeyUp@

ssHorizontal

OnKeyUp

Proportional

%s%s%s%s%s%s%s%s%s%s

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeywordP

crSQLWait

%s (%s)

imm32.dll

OnExecute

HelpKeywordl

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

1.2.3

Portable Network Graphics

Uh.QH

Uh%sH

MAPI32.DLL

vsReport

TComboBoxExEnumerator

ole32.dll

OnActionExecute

%s, ClassID: %s

%s, ProgID: "%s"

WNNC_NET_FTP_NFS

olepro32.dll

shell32.dll

\\.\vwin32

shlwapi.dll

Mpr.dll

Uh.LJ

D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas

To show a Context Menu using TNamespace you must pass a valid Owner TWinControl

THKeyArray

TCommonShellExecuteThreadU

D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas

TCommonKeyState

cksShift

TCommonKeyStates

D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas

user32.dll

gdi32.dll

advapi32.dll

Userenv.dll

ShellExecuteExW

ShellExecuteW

GetWindowsDirectoryW

RegOpenKeyW

RegOpenKeyExW

SHFileOperationW

D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas

TEasyAccessibleManager.Create not a TCustomEasyListview type

TEasyGroupAccessibleManager.Create not a TEasyGroup type

TEasyItemAccessibleManager.Create not a TEasyItem type

TEasyColumnAccessibleManager.Create not a TEasyColumn type

TEasyHeaderAccessibleManager.Create not a TEasyHeader type

elsReport

elsReportThumb

TAutoGroupGetKeyEvent

TColumnGetImageIndexEvent

TColumnSetImageIndexEvent

KeyState

KeyStates

TGroupGetImageIndexEvent

TGroupSetImageIndexEvent

HintWindowShown

TItemGetGroupKeyEvent

GroupKey

TItemGetImageIndexEvent

TItemSetGroupKeyEvent

TItemSetImageIndexEvent

MouseMsg

TEasyKeyActionEvent

EscapeKeyPressed

TEasyViewReportItem

TEasyViewReportThumbItem

TEasyGridReportGroup

TEasyGridReportThumbGroup

TEasyCellSizeReport

TEasyCellSizeReportt

TEasyCellSizeReportThumb

ReportThumb|

Report

AlwaysShow

OnAutoGroupGetKey|

OnItemGetGroupKey

OnItemSetGroupKeyD)L

OnKeyAction

D:\SmartPC\Smart Driver Updater\Version 3_1\EasyListview.pas

Can not find TEasyGroups.AdjacentItem of an Invisible Item

EasyListview.Header

TNT Internal Error: TWideComponentHelper.Create should never be encountered.

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas

!"#$%&*;<=>@[]^_`{|}

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas

Internal Error: SubClassUnicodeControl.Control is not Unicode.

.UnicodeClass

TntUnicodeVcl.DestroyWindow

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas

D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas

Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").

ESQLiteException

TSQLiteDatabase

TSQLiteTable

Failed to open database "%s" : %s

Failed to open database "%s" : unknown error

"%s" : %s

Error executing SQL

Could not prepare SQL statement

Error executing SQL statement

select [sql] from sqlite_master where [type] = 'table' and lower(name) = '

SQLite is Busy

<%s> invalid zipfile

Shell.Application

<%s> invalid source

<%s> invalid target folder

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

.aiff=audio/x-aiff

.au=audio/basic

.mid=midi/mid

.mp3=audio/x-mpg

.m3u=audio/x-mpegurl

.qcp=audio/vnd.qcelp

.ra=audio/x-realaudio

.wav=audio/x-wav

.gsm=audio/x-gsm

.wax=audio/x-ms-wax

.wma=audio/x-ms-wma

.ram=audio/x-pn-realaudio

.mjf=audio/x-vnd.AudioExplosion.MjuiceMediaFile

.bmp=image/bmp

.gif=image/gif

.jpg=image/jpeg

.jpeg=image/jpeg

.jpe=image/jpeg

.pict=image/x-pict

.png=image/x-png

.svg=image/svg-xml

.tif=image/x-tiff

.rf=image/vnd.rn-realflash

.rp=image/vnd.rn-realpix

.ico=image/x-icon

.art=image/x-jg

.pntg=image/x-macpaint

.qtif=image/x-quicktime

.sgi=image/x-sgi

.targa=image/x-targa

.xbm=image/xbm

.psd=image/x-psd

.pnm=image/x-portable-anymap

.pbm=image/x-portable-bitmap

.pgm=image/x-portable-graymap

.ppm=image/x-portable-pixmap

.rgb=image/x-rgb

.xbm=image/x-xbitmap

.xpm=image/x-xpixmap

.xwd=image/x-xwindowdump

.xml=text/xml

.uls=text/iuls

.txt=text/plain

.rtx=text/richtext

.wsc=text/scriptlet

.rt=text/vnd.rn-realtext

.htt=text/webviewhtml

.htc=text/x-component

.vcf=text/x-vcard

.avi=video/x-msvideo

.flc=video/flc

.mpeg=video/x-mpeg2a

.mov=video/quicktime

.rv=video/vnd.rn-realvideo

.ivf=video/x-ivf

.wm=video/x-ms-wm

.wmp=video/x-ms-wmp

.wmv=video/x-ms-wmv

.wmx=video/x-ms-wmx

.wvx=video/x-ms-wvx

.rms=video/vnd.rn-realvideo-secure

.asx=video/x-ms-asf-plugin

.movie=video/x-sgi-movie

.wmd=application/x-ms-wmd

.wms=application/x-ms-wms

.wmz=application/x-ms-wmz

.p7b=application/x-pkcs7-certificates

.p7r=application/x-pkcs7-certreqresp

.qtl=application/x-quicktimeplayer

.rtsp=application/x-rtsp

.swf=application/x-shockwave-flash

.sit=application/x-stuffit

.tar=application/x-tar

.man=application/x-troff-man

.urls=application/x-url-list

.zip=application/x-zip-compressed

.cdf=application/x-cdf

.fml=application/x-file-mirror-list

.fif=application/fractals

.spl=application/futuresplash

.hta=application/hta

.hqx=application/mac-binhex40

.doc=application/msword

.pdf=application/pdf

.cer=application/x-x509-ca-cert

.crl=application/pkix-crl

.ps=application/postscript

.sdp=application/x-sdp

.setpay=application/set-payment-initiation

.setreg=application/set-registration-initiation

.smil=application/smil

.ssm=application/streamingmedia

.xfdf=application/vnd.adobe.xfdf

.fdf=application/vnd.fdf

.xls=application/x-msexcel

.sst=application/vnd.ms-pki.certstore

.pko=application/vnd.ms-pki.pko

.cat=application/vnd.ms-pki.seccat

.stl=application/vnd.ms-pki.stl

.rmf=application/vnd.rmf

.rm=application/vnd.rn-realmedia

.rnx=application/vnd.rn-realplayer

.rjs=application/vnd.rn-realsystem-rjs

.rmx=application/vnd.rn-realsystem-rmx

.rmp=application/vnd.rn-rn_music_package

.rsml=application/vnd.rn-rsml

.vsl=application/x-cnet-vsl

.tgz=application/x-compressed

.dir=application/x-director

.gz=application/x-gzip

.uin=application/x-icq

.hpf=application/x-icq-hpf

.pnq=application/x-icq-pnq

.scm=application/x-icq-scm

.ins=application/x-internet-signup

.iii=application/x-iphone

.latex=application/x-latex

.nix=application/x-mix-transfer

.wbmp=image/vnd.wap.wbmp

.wml=text/vnd.wap.wml

.wmlc=application/vnd.wap.wmlc

.wmls=text/vnd.wap.wmlscript

.wmlsc=application/vnd.wap.wmlscriptc

.css=text/css

.htm=text/html

.html=text/html

.shtml=server-parsed-html

.sgm=text/sgml

.sgml=text/sgml

ftpTransfer

ftpReady

ftpAborted

ClientPortMinl

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

Passwordl

Uh%FR

0.0.0.1

TIdTCPStream

End of stream: %s at %d

TIdTCPConnection

TIdTCPConnection<[R

IdTCPConnection

EIdTCPConnectionError

EIdObjectTypeNotSupported

password

Password

IdHTTPHeaderInfo

ProxyPasswordl

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile

OnGetPassword

EIdOSSLLoadingRootCertErrorP

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

TIdTCPClient

TIdTCPClient$

IdTCPClient

BoundPort

PortU

CommentURL

UhH%S

Unsupported operation.

Content-Disposition: form-data; name="%s"; filename="%s"

Content-Type: %s

Content-Disposition: form-data; name="%s"

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPResponseH1S

TIdHTTPRequest

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTP

TIdHTTPD4S

HTTPOptions

Port4

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

TMonochromeLookup

SetupApi.dll

SetupDiOpenClassRegKey

SetupDiOpenClassRegKeyExA

SetupDiOpenClassRegKeyExW

SetupDiCreateDeviceInterfaceRegKeyA

SetupDiCreateDeviceInterfaceRegKeyW

SetupDiOpenDeviceInterfaceRegKey

SetupDiDeleteDeviceInterfaceRegKey

SetupDiCreateDevRegKeyA

SetupDiCreateDevRegKeyW

SetupDiOpenDevRegKey

SetupDiDeleteDevRegKey

cfgmgr32.dll

CM_Delete_Class_Key

CM_Delete_Class_Key_Ex

CM_Delete_DevNode_Key

CM_Delete_DevNode_Key_Ex

CM_Get_Class_Key_NameA

CM_Get_Class_Key_NameW

CM_Get_Class_Key_Name_ExA

CM_Get_Class_Key_Name_ExW

CM_Open_Class_KeyA

CM_Open_Class_KeyW

CM_Open_Class_Key_ExA

CM_Open_Class_Key_ExW

CM_Open_DevNode_Key

CM_Open_DevNode_Key_Ex

7z.dll

Error loading library %s

%s is not a 7z library

%s is not a Format library

PSAPI.dll

Common.LoggerWindow

_prev.log

DriverUpdater.dpr

Common.Logger

c:\debug.log.pc

ERROR (%s): %s

MESS: %s

PARAMS: %s

LAST_ERR (%d -> %s): %s

LAST_ERR (%d, %s): %s

%s%s%s%s

%s: %s

%s: %s PARAMS: %s

program.log

program_error.log

Multiple errors: %s Count: %d

Multiple logs: %s Count: %d

%s %s

XLog.Execute

XSettings.GetDebugPrivilege

XProcess.IsWow64Process

XFile.LogicalDriveStringsInit

XFile.ExpandRawPath

Psapi.dll

XProcess.GetProcessStartTime

XFile.DeleteFolder

SHFileOperation fail:

c:\debug.pc

CERTANCE

%d.%d.%d.%d

Setupapi.dll

CM_PROB_DRIVER_SERVICE_KEY_INVALID

CM_DEVCAP_LOCKSUPPORTED

CM_DEVCAP_EJECTSUPPORTED

FILE_CHARACTERISTIC_WEBDAV_DEVICE

DNF_INDEXED_DRIVER

SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSettings\

DriverKey=

OpenKey fail

Snapshot.ini

d2.smartpcupdate.com

hXXp://d2.smartpcupdate.com/rpc/sendsnapshot

*.status

Scan.ini

DevicesPlus.ini

.status

5.2.3790.

5.1.2600.

6.0.6000.

6.0.6001.

6.0.6002.

6.1.6002.

6.1.7100.

6.1.7600.

6.1.7601.

6.2.8400.

6.2.9200.

6.3.9600.

6.3.9431.

EnumKey=

SetupDiEnumDriverInfoW fail, EnumKey=

SELECT * FROM hardids JOIN drivers ON hardids.id = drivers.hardid_full_index JOIN files ON files.id = drivers.file_id JOIN vendors ON vendors.id = drivers.vendor_id JOIN versions ON versions.id = drivers.version_id LEFT JOIN installers ON installers.id = drivers.installer_id JOIN devices_descriptions ON devices_descriptions.id = drivers.device_id WHERE hardids.hardid = "%s"

SELECT * FROM hardids JOIN drivers ON hardids.id = drivers.hardid_index JOIN files ON files.id = drivers.file_id JOIN vendors ON vendors.id = drivers.vendor_id JOIN versions ON versions.id = drivers.version_id LEFT JOIN installers ON installers.id = drivers.installer_id JOIN devices_descriptions ON devices_descriptions.id = drivers.device_id WHERE hardids.hardid = "%s"

AND os=%s

Drivers64.db

Drivers32.db

Devices.ini

Cannot delete and rename DevicesPlus.ini file

Cannot delete and rename Scan.ini file

EnumKey

0.0.0.0

ClassKey

SOFTWARE\Microsoft\Windows\CurrentVersion

DevWebSite

OpenKeyReadOnly 3 fail

OpenKeyReadOnly 3 fail

OpenKeyReadOnly 2 fail

OpenKeyReadOnly 2 fail

{8ECC055D-047F-11D1-A537-0000F8753ED1}

D:\SmartPC\#Core\WbemScripting_TLB.pas

DefaultInterface is NULL. Component is not connected to Server. You must call 'Connect' or 'ConnectTo' before this operation

Common.RestorePoint

TSWbemLocator.Create fail

EOleException %s %x

wmiLocator.ConnectServer fail

wmiLocator.ConnectServer 2 fail

%s%s%s%s%s%s

%s%s%s

%s%s%s%s%s%s%s%s

TSchedulerStartupRegularItem.ItemRead

SrClient.dll

service.smartpcupdate.com

hXXp://service.smartpcupdate.com/rpc/senddriverstats

TUploadThread.Execute

*.dul

DriverKey empty

GetCurrentSnapshot.OnFail

EnumKey empty

GetCurrentSnapshot.FindDevice fail:

Temp.ini

GetCurrentSnapshot.GetDriverParameters fail:

Device.Scan empty

SaveInstallLogs.AddSetupAPIlogs

Windows=

Devices.Count = 0

setupapi.log

Inf\setupapi.app.log

Inf\setupapi.dev.log

C:\Intel\Logs\IntelChipset.log

explorer.exe

firefox.exe

chrome.exe

iexplore.exe

opera.exe

msiexec.exe

drvinst.exe

rundll32.exe

setup.exe

IsThereVisibleWindows.EnumWindowsProc

IsThereVisibleWindows

No visible windows for 30 seconds

No visible windows

There are visible windows:

ShellExecuteAndWait: begin: Path=

ShellExecuteAndWait: GetProcessId fail:

ShellExecuteAndWait: lpExecInfo.hProcess = 0:

ShellExecuteAndWait: ShellExecuteEx fail:

readme.txt

installmanagerapp.exe

InstallExeOrMsiDriver: begin: FName=

InstallExeOrMsiDriver: File not found:

InstallExeOrMsiDriver: Install disabled:

autorun.exe

InstallExeOrMsiDriver: CreateProcessAndWait failed

InstallExeOrMsiDriver: ShellExecuteAndWait failed

stub64.exe

newdev.dll

advpack.dll

IncompatibleWindowsLogoError

NonSupportedMethod

advpack.dll,LaunchINFSectionEx "

InstallInfDriver: Direct install advpack.dll,LaunchINFSectionEx success, for

InstallInfDriver: Direct install advpack.dll,LaunchINFSectionEx success but nothing changed, for

InfDefaultInstall.exe

CoreInstall.UnzipCallback

isInstalling exe/msi from zip: Cancelled

isInstalling exe/msi: Cancelled

empty EnumKey field

.restart

Restart of Windows detected

*.pre

CreateBaseIndexes

PCInfo.ini

program_prev.log

program_error_prev.log

TGenerateThread.Execute

TInstallThread.Execute

hXXp://VVV.pcutilitiespro.com

pcspeedmaximizer.exe

PC Speed Maximizer\PCSpeedMaximizer.exe

PC Speed Maximizer Pro\PCSpeedMaximizerPro.exe

HomePageURL

AfterInstallURL

SupportURL

BuyNowURL

AdsDownloadURL

AdsBuyNowURL

AdsDownloadURL2

AdsBuyNowURL2

hXXps://safecart.com/pcutilitiespro/.driverpro

hXXp://support.pcutilitiespro.com

hXXp://dejebel.pcutilitiespro.revenuewire.net/optimizerpro/xsell

hXXp://filecdn.avanquest.com/rw/xsell/pcutilitiespro/dejebel/OptimizerPro.exe

optimizerpro.exe

Optimizer Pro\OptimizerPro.exe

EInvalidGridOperation

goAlwaysShowEditor

doKeyColFixed

TKeyOption

keyEdit

keyAdd

keyDelete

keyUnique

TKeyOptions

KeyName

KeyValue

KeyOptions,uX

KeyDesc\

%s=%s

;!199{199

;0!8&2{199

"<;=!!%{199

Windows 95

Windows 95 OSR-2

Windows 98

Windows 98 SE

Windows ME

Windows 9x New

Windows NT 3

Windows NT 4

Windows 2000

Windows XP

Windows 2003

Windows Vista

Windows 2008

Windows 7

Windows 2008 R2

Windows 8

Windows Server 8

Windows NT New

user.exe

TMsgHandlers

madToolsMsgHandlerWindow

>0';0974&0{199

msvcrt.dll

VVV.madshi.net

dbghelp.dll

4.0.10

ntdll.dll

The import table is invalid.

WindowsLogo

ReportLeaks

UploadViaHttp

HttpServer

HttpSsl

HttpPort

HttpAccount

HttpPassword

BugTrPassword

MailAsSmtpServer

MailAsSmtpClient

SmtpServer

SmtpSsl

SmtpTls

SmtpPort

SmtpAccount

SmtpPassword

bugreport.mbr

screenshot.png

ExceptMsg

FrozenMsg

BitFaultMsg

send bug report

save bug report

print bug report

show bug report

%appname%, %exceptMsg%

bug report

please find the bug report attached

Sending bug report...

PrepAttMsg

MxLookMsg

ConnMsg

SendMailMsg

FieldMsg

SendAttMsg

SendFinalMsg

SendFailMsg

Sorry, sending the bug report didn't work.

TDABugReportCallback

TDABugReportCallbackOO

madExceptIde_.bpl

wininet.dll

VVV.google.com

SMTP:

mapi32.dll

IpHlpApi.dll

A.ROOT-SERVERS.NET

K.ROOT-SERVERS.NET

VVV.madshi.net_multipart_boundary

TSmtpU

LOGIN

AUTH LOGIN

security.dll

secur32.dll

TWinHttp

winhttp.dll

WinHttpOpen

WinHttpConnect

WinHttpOpenRequest

WinHttpAddRequestHeaders

WinHttpSendRequest

WinHttpGetIEProxyConfigForCurrentUser

WinHttpGetProxyForUrl

WinHttpSetOption

WinHttpWriteData

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpQueryAuthSchemes

WinHttpSetCredentials

WinHttpQueryDataAvailable

WinHttpReadData

WinHttpCloseHandle

/api.xml

<url>

?cmd=

/xmlrpc.cgi

Bugzilla.version

Product.get_enterable_products

Product.get

Bug.fields

Bugzilla_login

Bugzilla_password

Bug.create

Bug.add_attachment

/api/soap/mantisconnect.php

<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="hXXp://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns1:

</username><password xsi:type="xsd:string">

</password>

*.txt

TSendBugReportExRec

wtsapi32.dll

idapi32.dll

kernelbase.dll

madExcept32.dll

c:\sources\madshi\madExcept32.dll

ReportLeaksNow

GetLeakReport

ShowLeakReport

madExcept32.dll has the wrong version.

coreide70.bpl

ReportFault

FaultRep.dll

internal error. please notify bug@madshi.net

@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule

%Program Files% (x86)\Mozilla Firefox\firefox.exe

%Program Files%\Mozilla Firefox\firefox.exe

SOFTWARE\Mozilla\Mozilla Firefox

SOFTWARE\Mozilla\Mozilla Firefox\

PathToExe

%Program Files% (x86)\Google\Chrome\Application\chrome.exe

%Program Files%\Google\Chrome\Application\chrome.exe

C:\Users\

\AppData\Local\Google\Chrome\Application\chrome.exe

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

%Program Files% (x86)\Internet Explorer\iexplore.exe

%Program Files%\Internet Explorer\iexplore.exe

Software\Opera Software

\opera.exe

\launcher.exe

%Program Files% (x86)\Opera\Opera.exe

%Program Files%\Opera\Opera.exe

%Program Files% (x86)\Opera\launcher.exe

%Program Files%\Opera\launcher.exe

BrowserExe

%Program Files% (x86)\Safari\Safari.exe

%Program Files%\Safari\Safari.exe

http\shell\open\command

SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Driver Pro

Tray.exe

\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

FormKeyDown

SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation

\oeminfo.ini

Check the email you received after you purchased the product for the correct license key.

Your license key will look like this:

hXXp://service.smartpcupdate.com/rpc/sendspmpurchase

hXXp://service.smartpcupdate.com/rpc/sendpurchase

&key=

hXXp://service.smartpcupdate.com/rpc/sendspminstall

hXXp://service.smartpcupdate.com/rpc/sendspmuninstall

hXXp://service.smartpcupdate.com/rpc/sendinstall

hXXp://service.smartpcupdate.com/rpc/senduninstall

%s is a separate product and requires a different license key.

to purchase %s.

IdHTTP10

Enter License Key

Please enter your %s license key below.

Do you have a License Key?

If you already have a License Key, please enter it in the form below and click "Activate Now".

License key

Do you need a License Key?

We recommend that you upgrade to the full version of %s

To purchase %s and obtain a license key click

The license key you entered is for %s.

Licensing key has reached its usage limit!

LicenseKey

Thank you for registering %s!

Register %s now to download and install new drivers.

Would you like to register %s?

Current Windows version

Backuped driver Windows version

We NOT reccomend your use this driver for current Windows version.

5 (Windows XP)

6 (Windows Vista)

7 (Windows 7)

8 (Windows 8)

IdHTTP18

HTTPWorkBegin

HTTPWork

HTTPWorkEnd

CreateBaseIndexesOld

ProxyLogin

ProxyPassword

hXXp://service.smartpcupdate.com/rpc/getdatabasecxw?arch=%d&os=%d

hXXp://service.smartpcupdate.com/rpc/getdatabasezxw?arch=%d&os=%d

hXXp://service.smartpcupdate.com/rpc/getdatabasex%d_wd

IdHTTP1.Get 1 fail

IdHTTP1.Head fail

IdHTTP1.Get 2 fail

Drivers32prev.db

Drivers64prev.db

Drivers.db

CreateBaseIndexes success

SetupFiles.txt

%s <%s>

=?WINDOWS

atLogin

IdSMTPL>`

TIdSMTP

TIdSMTPL>`

IdSMTP

LOGIN

IdSMTP1<

Report a problem with a new driver!

mail.smartpctools.com

apps@smartpctools.com

support@smartpctools.com

support@pcutilitiespro.com

report.zip

IdHTTP1

Thank you for trying %s!

Your feedback is very valuable and will help us create better products. Please let us know why you did not register %s:

%s did not find the driver I was looking for

hXXp://service.smartpcupdate.com/rpc/feedback?reason=

Keyboard

Ports

MultiPortSerial

IdHTTP0

IdHTTP11

HTTP0Work

HTTP0Work2

HTTP1Start

HTTP2Start

HTTP3Start

HTTP4Start

HTTP5Start

HTTP1Work

HTTP2Work

HTTP3Work

HTTP4Work

HTTP5Work

InstallExeDriver

actDebugExecute

Windows 8.1

update1.smartpcupdate.com

hXXp://service.smartpcupdate.com/rpc/candownloadfiles?partner=

English.ini

French.ini

German.ini

Spanish.ini

Italian.ini

Portuguese.ini

Danish.ini

Dutch.ini

Swedish.ini

Polish.ini

Russian.ini

Brazilian.ini

Finnish.ini

Norwegian.ini

Japanese.ini

Chinese.ini

Czech.ini

Arabic.ini

UninstallURL

Welcome to %s

%s found

Login

Product information and support link

Support

InstallLog.ini

UpdateWindowShown

StartWithWindows

s_SmartExec

Software\Microsoft\Windows\CurrentVersion\Settings\

UserKey

TForm1a.WMQueryEndSession

Vendors.txt

ScanExecuted

hXXp://

Scan.gif

TForm1a.Callback: incorrect Status

drivers.db

Exclusions.txt

1.0.0.0

%d new drivers in %d driver packages found for your computer

hXXp://update1.smartpcupdate.com/rpc/getlastupdate

hXXp://service.smartpcupdate.com/rpc/getstatus?exedate=

hXXp://update1.smartpcupdate.com/rpc/sendinstall?partner=

hXXp://update1.smartpcupdate.com/rpc/sendreport?filename=

hXXp://update1.smartpcupdate.com/rpc/sendstats?partner=

This version is no longer supported!

UpdateList.txt

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

hXXp://VVV.google.com/search?hl=en&q=

.SYS.DLL.INF.CAT.NFO.EXE.REG.AX.DRV.CPL

RUNDLL32.EXE

LAYOUT.INF

regedit.exe

Backups.ini

\Enum.reg" "HKEY_LOCAL_MACHINE\

\Classes.reg" "HKEY_LOCAL_MACHINE\

\*.inf

\Log.txt

backups.ini

/s zipfldr.dll

regsvr32.exe

\.zip\CompressedFolder\ShellNew

\Classes.reg

\Classes.reg"

\Enum.reg

\Enum.reg"

*.exe

AUTORUN.EXE

32.EXE

64.EXE

*.inf

01-01-2012

TForm1a.InstallCallback

RunExe

TForm1a.HTTP1Start

hXXp://service.smartpcupdate.com/downloads/

Form1a.HTTP1Start

TForm1a.HTTP2Start

Form1a.HTTP2Start

TForm1a.HTTP3Start

Form1a.HTTP3Start

TForm1a.HTTP4Start

Form1a.HTTP4Start

TForm1a.HTTP5Start

Form1a.HTTP5Start

TForm1a.HTTP1Work

TForm1a.HTTP2Work

TForm1a.HTTP3Work

TForm1a.HTTP4Work

TForm1a.HTTP5Work

s_Exec

Register %s

hXXp://service.smartpcupdate.com/rpc/senduninstall?partner=

Backup\*.*

Drivers\*.*

\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

CreateBaseIndexes fail

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

%cvL@CvN

6666666666666666

#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*% %-%/%1%3%5%7%9%;$=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!

P%S%V%Y%\%

?456789:;<=

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123456789:;<=>?

&'()* ,-./0123456789:;<=>?

CEw.AEw

DBv}.Bv

GetKeyboardType

RegOpenKeyExA

RegCloseKey

RegQueryInfoKeyA

RegFlushKey

RegEnumKeyExA

RegCreateKeyExW

RegCreateKeyExA

GetWindowsDirectoryA

GetCPInfo

CreatePipe

version.dll

SetViewportOrgEx

SetViewportExtEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExA

SetKeyboardState

MsgWaitForMultipleObjects

MapVirtualKeyW

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextW

GetKeyNameTextA

GetAsyncKeyState

ExitWindowsEx

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

ShellExecuteExA

ShellExecuteA

SHFileOperationA

comdlg32.dll

oleacc.dll

sqlite3.dll

sqlite3_finalize

sqlite3_column_type

sqlite3_column_text

sqlite3_column_int

sqlite3_column_double

sqlite3_column_bytes

sqlite3_column_blob

sqlite3_step

sqlite3_column_decltype

sqlite3_column_name

sqlite3_column_count

sqlite3_prepare

sqlite3_free

sqlite3_errcode

sqlite3_errmsg

sqlite3_close

sqlite3_open

shfolder.dll

winmm.dll

wsock32.dll

MainProgram.exe

6#6'6 6/63676;6?6

4%7`7~8"9

3 4$4(4,404

3(4,44484

6573849

1S1a1y1

7"7&7*7.72767

< <$<(<@<_<

> >$>(>,>

2"2&2*2.22282

6#6'6/646

=%>)>->4>

>$?(?,?0?4?

5*6/63676<6

<#<'< <0<

5#5'5 5/545

5.62666:6@6

6/73777;7@7

2034383<3

: :$:(:,:0:4:8:\:

>">9>[>}>

?#?'? ?/?

?(?,?0?4?8?<?@?

1"2&2*2.22262:2>2

9 9$9(9,9

> >$>(>,>0>4>8><>`>

5!5*535<5

> >^>'?`?}?

;,<0<4<8<<<@<

: :$:(:,:4:

6|7H7f7

;!<&< <=<

4&4 4=4}5

353:3?3\3

55y5

0%1-1W1}1

?#? ?3?;?

55H5P5|5

:":):.:3:

203S3

9#9'9 9/9

89

3H4c4

8-8M8b8˜9u9

00C0P0a0n0

9-9B9h9}9

2 2/2O2V2[2g2y2

333D3I3j3o3

>$>5>:>[>`>{>

= =$=(=,=0=

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

3333333

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

@000///1111*$&

paint.net 4.0;

!.WE/4

.IDAThC

.pIDI

Paint.NET v3.5.100

.DFFr

Paint.NET v3.5.11G

xyT%U

5F.VR

=UN.EN.

Wj.zY

}0(*.pw

pm%C\rlR

t%DMM

Pegg.UjF|jFbZzbj

%cPn:

7:5221>8=

gOÝe

%XzVSoMx

 h.FG

t.ESZH'p

K.kf]Q

.Xpeg

r%SKI

H.uuu

.nl#]cS-

4IP%u

5;1% >)#6!-*6%<*14

{&#:%9.;

Q.tHJJ\

nmr.M2.Mb6

7-'7-&5.$5,&

|^}<^}\^

eeA%u

4/%7.&5,%

w.WMl

WG,.gr

@70".0*>2)#&9;6)'1

30,*<,>6>52-)"'>4#

2)!%1&%)1.!!

$KU%uM5

2214652

x~~avv.tU

.vqI18

k...ii)

#IdSMTP

KWindows

IdTCPStream

UrlMon

Driver.CoreInstall

}Common.Params

eCommon.LoggerWindow

CCommon.Utils

oDriver.Utils

Driver.Core

Driver.CoreResult

bDriver.CoreSnapshot

]Driver.CoreDevices

Driver.CoreDevicesHelpers

SQLiteTable3

SQLite3

0IdHTTPHeaderInfo

 IdTCPServer

TntWindows

?1)19%)%%

d;%%%C

cg.Br

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

All windows

%Select name, location and backup type

Items.Strings

%Select the drivers you wish to backup

EditManager.Font.Charset

EditManager.Font.Color

EditManager.Font.Height

EditManager.Font.Name

EditManager.Font.Style

GroupFont.Charset

GroupFont.Color

GroupFont.Height

GroupFont.Name

GroupFont.Style

Header.Columns.Items

Header.Font.Charset

Header.Font.Color

Header.Font.Height

Header.Font.Name

Header.Font.Style

Header.Height

ImageList1)PaintInfoGroup.MarginBottom.CaptionIndent

Selection.FullRowSelect

Groups.Items

%Driver backup successfully completed!

$Product information and support link

Support:

Version: %s

Header.ShowInAllViews

Header.Visible

PaintInfoGroup.Expandable

)PaintInfoGroup.MarginBottom.CaptionIndent

%Save downloded drivers to this folder

Picture.Data

Webcam drivers

Windows system drivers

Keyboard drivers

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

&Mozilla/3.0 (compatible; Indy Library)

OnKeyDown

.NN outdated drivers have been found on your PC

"Would you like to register %s now?

FTo immediately download and fix these drivers you need to register %s.

]If you already have a License Key, please enter it in the form below and click "Activate Now"

.To purchase %s and obtain a license key click

YCheck the email you received after you purchased the product for the correct license key.

&Your license key will look like this:

'The license key you entered is for %s.

>%s is a separate product and requires a different license key.

BWe NOT reccomend your use this driver for current Windows version.

Current Windows version:

Backuped driver Windows version:

"Report a problem with a new driver

IdSMTP1

xYour feedback is very valuable and will help us create better products. Please let us know why you did not register %s:

,%s did not find the driver I was looking for

<assemblyIdentity version="1.0.0.0"

name="program.exe"

<requestedExecutionLevel

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

PIDLs to operate on are not siblings of the Namespace doing the operation.

Unable to find RegSvr32.exe executable.

RegSvr32.exe

Unspecified error (%d) from %s.

miranda32.exe

.jdbg

madExcept.HandleContactForm

madExcept.HandleScreenshotForm

.madExcept

%exceptMsg%

%bugReport%

Úte%

Útetime%

%computerName%

Þsktop%

%userappdata%

%commonappdata%

screenShot.bmp

Tcpip\Parameters

VxD\MSTCP

.jpeg

hXXps://

%userappdata%\

BugReport

screenShot.png

operating system

<tr><td><button onClick="history.back();" style="height:19.5pt;"> 

<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 

<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;

Software\Microsoft\Windows

GetThreadReport

GetCpuRegisters

\madExcept\Dlls\madExcept32.dll

66006666

AInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size

Unknown GIF block type'Object type not supported for operation

Unsupported PixelFormat

Invalid stream operation

Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor

Invalid extension introducerúiled to allocate memory for GIF DIB

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

@ Outside address*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

PLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

Object type not supported.

Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalid

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.7The png image could not be loaded from the resource ID.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.

RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL

Date exceeds maximum of %s

No help keyword specified.jThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

%goColMoving is not a supported option%Key may not contain equals sign ("=")

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Value must be between %d and %d

Invalid clipboard format Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

Value*A key with the name of "%s" already exists

Key "%s" not found

Invalid input value7Invalid input value. Use escape key to abandon changes

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list Too many rows or columns deleted$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

?#''%s'' is not a valid date and time

Cannot open file "%s". %s

Grid too large for operation

Unable to write to %s

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s1Fixed column count must be less than column count

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation

Invalid NULL variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

'%s' is not a valid GUID value

I/O error %d

3.1.0.5

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   DriverPro.exe:3704
   drvprosetup.exe:2216
   drvprosetup.tmp:3600
   %original file name%.exe:1828
   DPStartScan.exe:1612

2. Delete the original Trojan-Banker file.
   
3. Delete or disinfect the following files created/modified by the Trojan-Banker:
   

   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers32.db (1849549 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Devices.ini (34 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\program.log (1130 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\PCInfo.ini (151 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\current_7_32_zxw.7z (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Scan.ini (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers32.db-journal (1090 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\Drivers.db (2721 bytes)
   %Program Files%\Driver Pro\sqlite3.dll (524 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-DJAT7.tmp\drvprosetup.tmp (50 bytes)
   %Program Files%\Driver Pro\is-N64UU.tmp (3073 bytes)
   %Program Files%\Driver Pro\is-V2NU5.tmp (54 bytes)
   %Program Files%\Driver Pro\is-OC5U5.tmp (26 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-GU4M9.tmp\_isetup\_shfoldr.dll (47 bytes)
   %Program Files%\Driver Pro\is-LM9JT.tmp (6841 bytes)
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Driver Pro.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\Desktop\Driver Pro.lnk (984 bytes)
   %Program Files%\Driver Pro\DPStartScan.exe (843 bytes)
   %Program Files%\Driver Pro\is-1UU0J.tmp (6841 bytes)
   %Program Files%\Driver Pro\unins000.msg (646 bytes)
   %Program Files%\Driver Pro\is-VLKRR.tmp (12 bytes)
   %Program Files%\Driver Pro\unins000.exe (49 bytes)
   %Program Files%\Driver Pro\unins000.dat (9532 bytes)
   %Program Files%\Driver Pro\is-9S5CR.tmp (31891 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\is-S8EJV.tmp (61 bytes)
   %Program Files%\Driver Pro\is-TFLU1.tmp (23811 bytes)
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Help.lnk (1 bytes)
   %Program Files%\Driver Pro\is-KPA66.tmp (56 bytes)
   %Program Files%\Driver Pro\DPTray.exe (831 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Driver Pro\is-N1HDO.tmp (4 bytes)
   %Program Files%\Driver Pro\is-PRJ2L.tmp (5873 bytes)
   %Program Files%\Driver Pro\is-6QT3G.tmp (5873 bytes)
   %Program Files%\Driver Pro\is-TAM0O.tmp (547 bytes)
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Uninstall Driver Pro.lnk (1 bytes)
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro\Driver Pro on the Web.lnk (997 bytes)
   %Program Files%\Driver Pro\DriverPro.exe (291 bytes)
   C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (5272 bytes)
   C:\$Directory (768 bytes)
   C:\Users\"%CurrentUserName%"\NTUSER.DAT (4960 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\drvprosetup.exe (388390 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "Driver Pro" = "%Program Files%\Driver Pro\DPLauncher.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.