Trojan-Banker.Win32.Brasil_cd047c070f

by malwarelabrobot on August 13th, 2014 in Malware Descriptions.

Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, Worm, EmailWorm, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: cd047c070fd6d4e0ebcb011b248a168c
SHA1: 326da07ef444297e6a4d6fc1dea7a1821ac87453
SHA256: 0bc3a03d54c3627791a8430311b74fe0bcdb21c498f6538be359723bc98cb1ea
SSDeep: 196608:HZhe5lVDbc/iPRuwK vfSjKJACwq1HhCp KxhbQKBzeA7dlyFhU:iVtRuwKQsKJA01BCQYhbQKBZhliS
Size: 10615200 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphiv60v70_v2, BorlandDelphi30, BorlandDelphiv30, UPolyXv05_v6
Company: PC Utilities Software Limited
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit


Summary:

Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan-Banker creates the following process(es):

Driver_Pro.exe:1704
DriverPro.exe:628
Driver_Pro.tmp:200
%original file name%.exe:1012
DPStartScan.exe:632

The Trojan-Banker injects its code into the following process(es):

DPSchedule.exe:1220
DriverPro.exe:808

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process Driver_Pro.exe:1704 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-F6JFN.tmp\Driver_Pro.tmp (7386 bytes)

The Trojan-Banker deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-F6JFN.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-F6JFN.tmp\Driver_Pro.tmp (0 bytes)

The process DPSchedule.exe:1220 makes changes in the file system.
The Trojan-Banker deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DPSchedule.madExcept (0 bytes)

The process DriverPro.exe:628 makes changes in the file system.
The Trojan-Banker deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DriverPro.madExcept (0 bytes)

The process DriverPro.exe:808 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Driver Pro\Scan.ini (599 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\Devices.ini (25 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\PCInfo.ini (175 bytes)

The Trojan-Banker deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DriverPro.madExcept (0 bytes)

The process Driver_Pro.tmp:200 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

%Program Files%\Driver Pro\is-ISH0I.tmp (26 bytes)
%Program Files%\Driver Pro\is-V9CPP.tmp (3361 bytes)
%Program Files%\Driver Pro\is-0FK8B.tmp (31891 bytes)
%Documents and Settings%\%current user%\Desktop\Driver Pro.lnk (701 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Help.lnk (713 bytes)
%Program Files%\Driver Pro\is-JS82I.tmp (3073 bytes)
%Program Files%\Driver Pro\is-KGA65.tmp (547 bytes)
%Program Files%\Driver Pro\is-SGT6I.tmp (7433 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\is-ERK89.tmp (558848 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\is-7SE3V.tmp (4 bytes)
%Program Files%\Driver Pro\is-KB3TM.tmp (12 bytes)
%Program Files%\Driver Pro\unins000.msg (646 bytes)
%Program Files%\Driver Pro\is-1FNSA.tmp (30427 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\is-T7RSN.tmp (61 bytes)
%Program Files%\Driver Pro\unins000.dat (5536 bytes)
%Program Files%\Driver Pro\is-PNHS0.tmp (5873 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Uninstall Driver Pro.lnk (708 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Driver Pro.lnk (713 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Driver Pro on the Web.lnk (708 bytes)
%Program Files%\Driver Pro\is-S2JVC.tmp (7433 bytes)
%Documents and Settings%\%current user%\Application Data\Driver Pro\is-Q0LD2.tmp (526038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-QC7PH.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Driver Pro\is-UQBUO.tmp (56 bytes)
%Program Files%\Driver Pro\is-9I9QR.tmp (5873 bytes)
%Program Files%\Driver Pro\is-35I17.tmp (54 bytes)

The Trojan-Banker deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-QC7PH.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-QC7PH.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-QC7PH.tmp\_isetup\_shfoldr.dll (0 bytes)

The process %original file name%.exe:1012 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Driver_Pro.exe (75554 bytes)

Registry activity

The process Driver_Pro.exe:1704 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 10 B5 25 0D 2F 27 39 97 16 12 BF A6 D4 A8 A7"

The process DPSchedule.exe:1220 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 03 46 2E 00 A1 3B 84 67 B3 18 1E 62 82 86 D2"

The process DriverPro.exe:628 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 F3 4B 0C F8 E6 5B 62 A9 4B 2D 0D BE AC 2E 02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The process DriverPro.exe:808 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Driver Pro]
"s_Enable" = "1"
"CloseToTray" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Driver Pro]
"UpdateWindowShown" = "0"
"InstallStat" = "1"
"BackupPath" = "%Documents and Settings%\%current user%\My Documents\Driver Pro\Backup\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Driver Pro]
"s_SmartScan" = "1"
"Feedback1" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Driver Pro]
"ShowAlertMessages" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Driver Pro]
"ShowUpdateWindow" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Driver Pro]
"QuerryDate" = "32 4B 77 CE E1 70 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Driver Pro]
"ProxyPassword" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Driver Pro]
"s_SmartMode" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Driver Pro]
"LastScan" = "BF 39 71 CE E1 70 E4 40"
"TotalDrivers" = "63"
"DownloadPath" = "%Documents and Settings%\%current user%\My Documents\Driver Pro\Drivers\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Driver Pro]
"ProxyPort" = ""
"LastUpdate" = "B0 F4 16 CE E1 70 E4 40"
"ScanAtStartup" = "0"
"ForceUpdate" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Driver Pro]
"ProxyAddress" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Driver Pro]
"OutdatedDrivers" = "1"
"nDownloads" = "3"
"LastDatabaseCheck" = "B0 F4 16 CE E1 70 E4 40"

"DatabaseDate" = "00 00 00 00 80 52 E4 40"
"ShowSRPMessage" = "1"
"ScanExecuted" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Driver Pro]
"s_Mode" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 4B 6A 23 EB 48 C0 35 7E 20 71 72 15 63 2C 0A"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Driver Pro]
"DPSchedule.exe" = "Driver Pro Schedule"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Driver Pro]
"AppStart" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Driver Pro]
"UseProxy" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Driver Pro]
"ShowRebootMessage" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Driver Pro]
"ProxyLogin" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The Trojan-Banker modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Banker modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Driver_Pro.tmp:200 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"DisplayVersion" = "3.1"
"NoRepair" = "1"
"Inno Setup: Language" = "en"
"MajorVersion" = "3"
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"URLUpdateInfo" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"Inno Setup: Icon Group" = "Driver Pro"
"Inno Setup: Setup Version" = "5.5.3 (u)"
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"UninstallString" = "%Program Files%\Driver Pro\unins000.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"DisplayName" = "Driver Pro v3.1"
"Inno Setup: App Path" = "%Program Files%\Driver Pro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"InstallLocation" = "%Program Files%\Driver Pro\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"URLInfoAbout" = "http://www.pcutilitiespro.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Driver Pro]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"HelpLink" = "http://www.pcutilitiespro.com"
"InstallDate" = "20140812"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"Publisher" = "PC Utilities Software Limited"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 89 0E 7B F2 8B 6E 66 0A D6 9F 8A 86 8E 39 49"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1]
"QuietUninstallString" = "%Program Files%\Driver Pro\unins000.exe /SILENT"
"NoModify" = "1"
"MinorVersion" = "1"

To automatically run itself each time Windows is booted, the Trojan-Banker adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Pro" = "%Program Files%\Driver Pro\DPLauncher.exe"

The process %original file name%.exe:1012 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 8C 86 33 99 C4 01 20 7F ED 72 68 90 5A F8 18"

[HKCU\Software\Driver Pro]
"setupname" = "c:\%original file name%.exe"

The process DPStartScan.exe:632 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Driver Pro]
"SupportURL" = "http://support.pcutilitiespro.com/"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Driver Pro]
"MachineGuid" = "FD7AEA7D-2D01-95A4-469B-2F74844AF94C"
"UninstallURL" = "https://safecart.com/pcutilitiespro/.dp-xsell-special/purchase?sid=121001190-US-003"
"DelayedStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Driver Pro]
"UseAds" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Driver Pro]
"QuerryDate" = "96 F0 E7 CD E1 70 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Driver Pro]
"OS" = "102"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Driver Pro]
"BuyNowURL" = "http://pcup151.pcutilitiespro.revenuewire.net/driverpro/xsell?121001190-US-003_FD7AEA7D-2D01-95A4-469B-2F74844AF94C"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Driver Pro]
"Querry" = "http://bi.softservers.net/t/dp?sid=121001190-US-003&dt=%dt%&gid=%GID%&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=1510085629"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Driver Pro]
"homepageurl" = "http://www.pcutilitiespro.com/"
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 30 00 24 7E 93 90 2B E7 A4 61 42 63 D0 9B A4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Driver Pro]
"DriverPro.exe" = "Driver Pro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Driver Pro]
"InstallDate" = "53 8E DC CD E1 70 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

The Trojan-Banker modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Banker modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
5d7ce41c6610bbbc3c8269f12a4d4be9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Driver_Pro.exe
84ceb93407bd2df6e758d57cc8e6da47 c:\Program Files\Driver Pro\DPLauncher.exe
b9dcf8ec0fcb6c9acae61c4bca3675ac c:\Program Files\Driver Pro\DPSchedule.exe
060ba8f552e6d9502d0a73ab9f1d4025 c:\Program Files\Driver Pro\DPSmartScan.exe
aa4789ba11e54360f6ee26fc8d79cbb8 c:\Program Files\Driver Pro\DPStartScan.exe
4a1ae76d0634c7b8f575a446d9b7bdf3 c:\Program Files\Driver Pro\DPUninstaller.exe
25d29176ebb0e5f54b75cadd3ec225a6 c:\Program Files\Driver Pro\DriverPro.exe
0f66e8e2340569fb17e774dac2010e31 c:\Program Files\Driver Pro\sqlite3.dll
fe547eb408703b1f8e98643180b48f55 c:\Program Files\Driver Pro\unins000.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: PC Utilities Software Limited
Product Name: DriverPro
Product Version: 3.1.0.0
Legal Copyright: PC Utilities Software Limited
Legal Trademarks:
Original Filename:
Internal Name: DriverPro
File Version:
File Description: DriverPro
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE 4096 75644 75776 4.45296 341f60451089865a24c3c84ec3821c82
DATA 81920 1428 1536 2.76929 f76f4515a2e2b60cda146361ff2e6e44
BSS 86016 2185 0 0 d41d8cd98f00b204e9800998ecf8427e
.idata 90112 2862 3072 3.11744 3a510b9194a87490600faea96f544b5a
.tls 94208 12 0 0 d41d8cd98f00b204e9800998ecf8427e
.rdata 98304 24 512 0.14174 6b2b783af3ecd764905292c9b75d8ea4
.reloc 102400 6084 6144 4.57315 5b58562521fe8470d3ba9da0f91e605b
.rsrc 110592 10520576 10520576 5.52698 545e100ee294189abc22493808e3a4a6

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 12
6a47bb51997f1bae446c3bafb640ab74
32005a3456cc3cd5f76132d5f33605ca
90e6dd424339502f023ab0769a066ff6
0277a8488e21336ba6837ddb8667cc4c
10c046644095f6559e2ddd2cfe70fd03
d0e6a7164e04419cffc764c3c2bbe3cb
b71de35f0ce797d8de50891f11003cbd
fb23f3836be89d88085a9713c903d5b3
88669a0972341a0bdeadb024e0d5e5a9
b3c3159e99ba1a65607247f496503cf2
0231df9ee0b3fdb9f14672d9490c5bf6
16fd87484867798b7e64984fbabd1077

URLs

URL IP
hxxp://bi.softservers.net/t/dp?sid=121001190-US-003&dt=1407806471&gid=FD7AEA7D-2D01-95A4-469B-2F74844AF94C&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=102&f=1510085629 107.6.170.117
hxxp://service.smartpcupdate.com/rpc/sendinstall?partner=PCUtilitiesPro&build=3.1 176.9.2.105


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

<font color="red">GET /t/dp?sid=121001190-US-003&dt=1407806471&gid=FD7AEA7D-2D01-95A4-469B-2F74844AF94C&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=102&f=1510085629 HTTP/1.1<br>
Host: bi.softservers.net<br>
Accept: text/html, */*<br>
User-Agent: Mozilla/3.0 (compatible; Indy Library)<br>
<br>
</font><br><font color="blue">HTTP/1.1 200 OK<br>
Server: nginx/1.4.1<br>
Date: Mon, 11 Aug 2014 22:20:50 GMT<br>
Content-Type: application/octet-stream<br>
Content-Length: 0<br>
Connection: keep-alive<br>
content-type: text/html<br><pre></pre></font><br><br
<font color="red">GET /rpc/sendinstall?partner=PCUtilitiesPro&build=3.1 HTTP/1.1<br>
Host: service.smartpcupdate.com<br>
Accept: text/html, */*<br>
User-Agent: Mozilla/3.0 (compatible; Indy Library)<br>
<br>
</font><br><font color="blue">HTTP/1.1 200 OK<br>
Server: nginx/1.0.4<br>
Date: Mon, 11 Aug 2014 22:20:53 GMT<br>
Content-Type: text/html; charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: keep-alive<br>
X-Powered-By: PHP/5.3.14<br><pre>12..{"ok":1,"error":0}..0..</pre></font><br><br

The Trojan-Banker connects to the servers at the folowing location(s):

DriverPro.exe_808:

.idata
.edata
P.tls
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
HKEY
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
;!199{199
;0!8&2{199
"<;=!!%{199
Windows 95
Windows 95 OSR-2
Windows 98
Windows 98 SE
Windows ME
Windows 9x New
Windows NT 3
Windows NT 4
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 2008
Windows 7
Windows 2008 R2
Windows 8
Windows Server 8
Windows NT New
user.exe
TMsgHandlers
madToolsMsgHandlerWindow
user32.dll
>0';0974&0{199
cmovÌ
setÌ
pop %seg
push %seg
msvcrt.dll
VVV.madshi.net
dbghelp.dll
comctl32.dll
4.0.9
ntdll.dll
The import table is invalid.
shell32.dll
WindowsLogo
ReportLeaks
UploadViaHttp
HttpServer
HttpSsl
HttpPort
HttpAccount
HttpPassword
BugTrPassword
MailAsSmtpServer
MailAsSmtpClient
SmtpServer
SmtpSsl
SmtpTls
SmtpPort
SmtpAccount
SmtpPassword
bugreport.mbr
screenshot.png
ExceptMsg
FrozenMsg
BitFaultMsg
send bug report
save bug report
print bug report
show bug report
%appname%, %exceptMsg%
bug report
please find the bug report attached
Sending bug report...
PrepAttMsg
MxLookMsg
ConnMsg
SendMailMsg
FieldMsg
SendAttMsg
SendFinalMsg
SendFailMsg
Sorry, sending the bug report didn't work.
TDABugReportCallback
TDABugReportCallbackOO
ShellExecuteExW
madExceptIde_.bpl
wininet.dll
VVV.google.com
SMTP:
mapi32.dll
IpHlpApi.dll
A.ROOT-SERVERS.NET
K.ROOT-SERVERS.NET
VVV.madshi.net_multipart_boundary
TSmtpU
LOGIN
AUTH LOGIN
security.dll
secur32.dll
TWinHttp
winhttp.dll
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
/api.xml
<url>
password
?cmd=
/xmlrpc.cgi
Bugzilla.version
Product.get_enterable_products
Product.get
Bug.fields
Bugzilla_login
Bugzilla_password
Bug.create
Bug.add_attachment
/api/soap/mantisconnect.php
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="hXXp://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns1:
</username><password xsi:type="xsd:string">
</password>
*.txt
TSendBugReportExRec
advapi32.dll
wtsapi32.dll
idapi32.dll
kernelbase.dll
madExcept32.dll
c:\sources\madshi\madExcept32.dll
ReportLeaksNow
GetLeakReport
ShowLeakReport
madExcept32.dll has the wrong version.
coreide70.bpl
ReportFault
FaultRep.dll
internal error. please notify [email protected]
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
HardWareKey
setupapi.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
EInvalidGraphicOperation
USER32.DLL
uxtheme.dll
PasswordChar
OnKeyDown
OnKeyPressPbJ
OnKeyUptaJ
ssHorizontal
OnKeyUp
Proportional
%s%s%s%s%s%s%s%s%s%s
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword`
crSQLWait
%s (%s)
imm32.dll
HelpKeyword|
OnExecute
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
MAPI32.DLL
vsReport
TComboBoxExEnumerator
ole32.dll
OnActionExecute
%s, ClassID: %s
%s, ProgID: "%s"
WNNC_NET_FTP_NFS
olepro32.dll
\\.\vwin32
shlwapi.dll
Mpr.dll
D:\SmartPC\Components\EasyListview\Common Library\Source\MPShellUtilities.pas
To show a Context Menu using TNamespace you must pass a valid Owner TWinControl
THKeyArray
TCommonShellExecuteThreadU
D:\SmartPC\Components\EasyListview\Common Library\Source\MPThreadManager.pas
TCommonKeyState
cksShift
TCommonKeyStates
D:\SmartPC\Components\EasyListview\Common Library\Source\MPCommonUtilities.pas
gdi32.dll
Userenv.dll
ShellExecuteW
GetWindowsDirectoryW
RegOpenKeyW
RegOpenKeyExW
SHFileOperationW
D:\SmartPC\Components\EasyListview\Source\EasyListviewAccessible.pas
TEasyAccessibleManager.Create not a TCustomEasyListview type
TEasyGroupAccessibleManager.Create not a TEasyGroup type
TEasyItemAccessibleManager.Create not a TEasyItem type
TEasyColumnAccessibleManager.Create not a TEasyColumn type
TEasyHeaderAccessibleManager.Create not a TEasyHeader type
elsReport
elsReportThumb
TAutoGroupGetKeyEvent
TColumnGetImageIndexEvent
TColumnSetImageIndexEvent
KeyState
KeyStates
TGroupGetImageIndexEvent
TGroupSetImageIndexEvent
HintWindowShown
TItemGetGroupKeyEvent
GroupKey
TItemGetImageIndexEvent
TItemSetGroupKeyEvent
TItemSetImageIndexEvent
MouseMsg
TEasyKeyActionEvent
EscapeKeyPressed
TEasyViewReportItem
TEasyViewReportItem0
TEasyViewReportThumbItem
TEasyViewReportThumbItemh
TEasyGridReportGroup
TEasyGridReportThumbGroup
TEasyGridReportThumbGroup`
TEasyCellSizeReport
TEasyCellSizeReportThumb
ReportThumb
Reportd)Q
AlwaysShow
OnAutoGroupGetKeyP
OnItemGetGroupKey<
OnItemSetGroupKey
OnKeyActionD
Uh.dR
D:\SmartPC\Components\EasyListview\Source\EasyListview.pas
Can not find TEasyGroups.AdjacentItem of an Invisible Item
EasyListview.Header
LeftPopup
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntClasses.pas
!"#$%&*;<=>@[]^_`{|}
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntActnList.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntStdCtrls.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntForms.pas
D:\SmartPC\Components\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
ESQLiteException
TSQLiteDatabase
TSQLiteTable
Failed to open database "%s" : %s
Failed to open database "%s" : unknown error
"%s" : %s
Error executing SQL
Could not prepare SQL statement
Error executing SQL statement
SQLite is Busy
<%s> invalid zipfile
Shell.Application
<%s> invalid source
<%s> invalid target folder
3333333
hKeY
getservbyport
WSAAsyncGetServByPort
WSAJoinLeaf
WS2_32.DLL
127.0.0.1
TIdSocketListWindows
TIdStackWindowsU
IdStackWindows
%s, %.2d %s %.4d %s %s
%s, %d %s %d %s %s
.aiff=audio/x-aiff
.au=audio/basic
.mid=midi/mid
.mp3=audio/x-mpg
.m3u=audio/x-mpegurl
.qcp=audio/vnd.qcelp
.ra=audio/x-realaudio
.wav=audio/x-wav
.gsm=audio/x-gsm
.wax=audio/x-ms-wax
.wma=audio/x-ms-wma
.ram=audio/x-pn-realaudio
.mjf=audio/x-vnd.AudioExplosion.MjuiceMediaFile
.bmp=image/bmp
.gif=image/gif
.jpg=image/jpeg
.jpeg=image/jpeg
.jpe=image/jpeg
.pict=image/x-pict
.png=image/x-png
.svg=image/svg-xml
.tif=image/x-tiff
.rf=image/vnd.rn-realflash
.rp=image/vnd.rn-realpix
.ico=image/x-icon
.art=image/x-jg
.pntg=image/x-macpaint
.qtif=image/x-quicktime
.sgi=image/x-sgi
.targa=image/x-targa
.xbm=image/xbm
.psd=image/x-psd
.pnm=image/x-portable-anymap
.pbm=image/x-portable-bitmap
.pgm=image/x-portable-graymap
.ppm=image/x-portable-pixmap
.rgb=image/x-rgb
.xbm=image/x-xbitmap
.xpm=image/x-xpixmap
.xwd=image/x-xwindowdump
.xml=text/xml
.uls=text/iuls
.txt=text/plain
.rtx=text/richtext
.wsc=text/scriptlet
.rt=text/vnd.rn-realtext
.htt=text/webviewhtml
.htc=text/x-component
.vcf=text/x-vcard
.avi=video/x-msvideo
.flc=video/flc
.mpeg=video/x-mpeg2a
.mov=video/quicktime
.rv=video/vnd.rn-realvideo
.ivf=video/x-ivf
.wm=video/x-ms-wm
.wmp=video/x-ms-wmp
.wmv=video/x-ms-wmv
.wmx=video/x-ms-wmx
.wvx=video/x-ms-wvx
.rms=video/vnd.rn-realvideo-secure
.asx=video/x-ms-asf-plugin
.movie=video/x-sgi-movie
.wmd=application/x-ms-wmd
.wms=application/x-ms-wms
.wmz=application/x-ms-wmz
.p7b=application/x-pkcs7-certificates
.p7r=application/x-pkcs7-certreqresp
.qtl=application/x-quicktimeplayer
.rtsp=application/x-rtsp
.swf=application/x-shockwave-flash
.sit=application/x-stuffit
.tar=application/x-tar
.man=application/x-troff-man
.urls=application/x-url-list
.zip=application/x-zip-compressed
.cdf=application/x-cdf
.fml=application/x-file-mirror-list
.fif=application/fractals
.spl=application/futuresplash
.hta=application/hta
.hqx=application/mac-binhex40
.doc=application/msword
.pdf=application/pdf
.cer=application/x-x509-ca-cert
.crl=application/pkix-crl
.ps=application/postscript
.sdp=application/x-sdp
.setpay=application/set-payment-initiation
.setreg=application/set-registration-initiation
.smil=application/smil
.ssm=application/streamingmedia
.xfdf=application/vnd.adobe.xfdf
.fdf=application/vnd.fdf
.xls=application/x-msexcel
.sst=application/vnd.ms-pki.certstore
.pko=application/vnd.ms-pki.pko
.cat=application/vnd.ms-pki.seccat
.stl=application/vnd.ms-pki.stl
.rmf=application/vnd.rmf
.rm=application/vnd.rn-realmedia
.rnx=application/vnd.rn-realplayer
.rjs=application/vnd.rn-realsystem-rjs
.rmx=application/vnd.rn-realsystem-rmx
.rmp=application/vnd.rn-rn_music_package
.rsml=application/vnd.rn-rsml
.vsl=application/x-cnet-vsl
.tgz=application/x-compressed
.dir=application/x-director
.gz=application/x-gzip
.uin=application/x-icq
.hpf=application/x-icq-hpf
.pnq=application/x-icq-pnq
.scm=application/x-icq-scm
.ins=application/x-internet-signup
.iii=application/x-iphone
.latex=application/x-latex
.nix=application/x-mix-transfer
.wbmp=image/vnd.wap.wbmp
.wml=text/vnd.wap.wml
.wmlc=application/vnd.wap.wmlc
.wmls=text/vnd.wap.wmlscript
.wmlsc=application/vnd.wap.wmlscriptc
.css=text/css
.htm=text/html
.html=text/html
.shtml=server-parsed-html
.sgm=text/sgml
.sgml=text/sgml
ftpTransfer
ftpReady
ftpAborted
ClientPortMinl
ClientPortMax
Port
EIdCanNotBindPortInRange
EIdInvalidPortRangeSVW
saUsernamePassword
Passwordl
0.0.0.1
TIdTCPStream
End of stream: %s at %d
TIdTCPConnection
TIdTCPConnection`
IdTCPConnection
EIdTCPConnectionError
EIdObjectTypeNotSupported
Password
IdHTTPHeaderInfo
ProxyPasswordl
ProxyPort
Mozilla/3.0 (compatible; Indy Library)
libeay32.dll
ssleay32.dll
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_get_peer_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
X509_STORE_CTX_get_current_cert
des_set_key
sslvrfFailIfNoPeerCert
TPasswordEvent
Certificate
RootCertFile
CertFile
KeyFile
OnGetPassword0b[
EIdOSSLLoadingRootCertErrortl[
EIdOSSLLoadingCertError
EIdOSSLLoadingKeyError
TIdTCPClient
TIdTCPClientH
IdTCPClient
BoundPort
PortU
CommentURL
Unsupported operation.
Content-Disposition: form-data; name="%s"; filename="%s"
Content-Type: %s
Content-Disposition: form-data; name="%s"
TIdHTTPMethod
IdHTTP
TIdHTTPOption
TIdHTTPOptions
TIdHTTPProtocolVersion
IdHTTP|
TIdHTTPOnHeadersAvailable
TIdHTTPOnRedirectEvent
TIdHTTPResponse
TIdHTTPRequest
TIdHTTPRequesth
TIdHTTPProtocol|
TIdCustomHTTP
TIdCustomHTTP|
TIdHTTPd
TIdHTTP
HTTPOptionsx
PortX
EIdHTTPProtocolException
HTTPS
https
This request method is supported in HTTP 1.1
HTTP/1.0 200 OK
HTTP/
TMonochromeLookup
SetupApi.dll
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiDeleteDeviceInterfaceRegKey
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiDeleteDevRegKey
cfgmgr32.dll
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
7z.dll
Error loading library %s
%s is not a 7z library
%s is not a Format library
PSAPI.dll
Common.LoggerWindow
_prev.log
DriverUpdater.dpr
Common.Logger
c:\debug.pc
ERROR (%s): %s
MESS: %s
PARAMS: %s
LAST_ERR (%d -> %s): %s
LAST_ERR (%d, %s): %s
%s%s%s%s
%s: %s
%s: %s PARAMS: %s
program.log
program_error.log
Multiple errors: %s Count: %d
Multiple logs: %s Count: %d
%s %s
XLog.Execute
IsThereVisibleWindows
XSettings.GetDebugPrivilege
XProcess.IsWow64Process
XFile.LogicalDriveStringsInit
XFile.ExpandRawPath
Psapi.dll
XProcess.GetProcessStartTime
XFile.DeleteFolder
SHFileOperation fail:
CERTANCE
%d.%d.%d.%d
Setupapi.dll
CM_PROB_DRIVER_SERVICE_KEY_INVALID
CM_DEVCAP_LOCKSUPPORTED
CM_DEVCAP_EJECTSUPPORTED
FILE_CHARACTERISTIC_WEBDAV_DEVICE
DNF_INDEXED_DRIVER
SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSettings\
DriverKey=
OpenKey fail
SOFTWARE\Microsoft\Windows\CurrentVersion
EnumKey
ClassKey
0.0.0.0
DevWebSite
OpenKeyReadOnly 3 fail
OpenKeyReadOnly 3 fail
OpenKeyReadOnly 2 fail
OpenKeyReadOnly 2 fail
{8ECC055D-047F-11D1-A537-0000F8753ED1}
5.2.3790.
5.1.2600.
6.0.6000.
6.0.6001.
6.0.6002.
6.1.6002.
6.1.7100.
6.1.7600.
6.1.7601.
6.2.8400.
6.2.9200.
6.3.9600.
6.3.9431.
EnumKey=
SELECT * FROM hardids JOIN drivers ON hardids.id = drivers.hardid_full_index JOIN files ON files.id = drivers.file_id JOIN vendors ON vendors.id = drivers.vendor_id JOIN versions ON versions.id = drivers.version_id LEFT JOIN installers ON installers.id = drivers.installer_id JOIN devices_descriptions ON devices_descriptions.id = drivers.device_id WHERE hardids.hardid = "%s"
SELECT * FROM hardids JOIN drivers ON hardids.id = drivers.hardid_index JOIN files ON files.id = drivers.file_id JOIN vendors ON vendors.id = drivers.vendor_id JOIN versions ON versions.id = drivers.version_id LEFT JOIN installers ON installers.id = drivers.installer_id JOIN devices_descriptions ON devices_descriptions.id = drivers.device_id WHERE hardids.hardid = "%s"
AND os=%s
Drivers64.db
Drivers32.db
Devices.ini
DevicesPlus.ini
Cannot delete and rename DevicesPlus.ini file
Scan.ini
Cannot delete and rename Scan.ini file
D:\SmartPC\#Core\WbemScripting_TLB.pas
DefaultInterface is NULL. Component is not connected to Server. You must call 'Connect' or 'ConnectTo' before this operation
Common.RestorePointLz_
Common.RestorePoint
TSWbemLocator.Create fail
EOleException %s %x
wmiLocator.ConnectServer fail
wmiLocator.ConnectServer 2 fail
%s%s%s%s%s%s
%s%s%s
%s%s%s%s%s%s%s%s
TSchedulerStartupRegularItem.ItemRead
SrClient.dll
service.smartpcupdate.com
hXXp://service.smartpcupdate.com/rpc/senddriverstats
TUploadThread.Execute
GetCurrentSnapshot.FindDevice fail:
Temp.ini
GetCurrentSnapshot.GetDriverParameters fail:
Windows=
Devices.Count = 0
setupapi.log
Inf\setupapi.app.log
Inf\setupapi.dev.log
C:\Intel\Logs\IntelChipset.log
explorer.exe
firefox.exe
chrome.exe
iexplore.exe
opera.exe
WaitForChildProcessesEx.IsThereAnyChild
No visible windows
There are visible windows:
ShellExecuteAndWait: begin: Path=
ShellExecuteAndWait: GetProcessId fail:
ShellExecuteAndWait: lpExecInfo.hProcess = 0:
ShellExecuteAndWait: ShellExecuteEx fail:
readme.txt
installmanagerapp.exe
InstallExeOrMsiDriver: begin: FName=
InstallExeOrMsiDriver: File not found:
InstallExeOrMsiDriver: Install disabled:
msiexec.exe
autorun.exe
InstallExeOrMsiDriver: CreateProcessAndWait failed
InstallExeOrMsiDriver: ShellExecuteAndWait failed
stub64.exe
newdev.dll
advpack.dll
IncompatibleWindowsLogoError
NonSupportedMethod
rundll32.exe
advpack.dll,LaunchINFSectionEx "
InstallInfDriver: Direct install advpack.dll,LaunchINFSectionEx success, for
InstallInfDriver: Direct install advpack.dll,LaunchINFSectionEx success but nothing changed, for
InfDefaultInstall.exe
.status
isInstalling exe/msi from zip: Cancelled
isInstalling exe/msi: Cancelled
empty EnumKey field
Restart of Windows detected
CreateBaseIndexes
*.dul
report.zip
TGenerateThread.Execute
TInstallThread.Execute
hXXp://VVV.pcutilitiespro.com
pcspeedmaximizer.exe
PC Speed Maximizer\PCSpeedMaximizer.exe
PC Speed Maximizer Pro\PCSpeedMaximizerPro.exe
HomePageURL
AfterInstallURL
SupportURL
BuyNowURL
AdsDownloadURL
AdsBuyNowURL
hXXps://safecart.com/pcutilitiespro/.driverpro
hXXp://support.pcutilitiespro.com
hXXp://dejebel.pcutilitiespro.revenuewire.net/optimizerpro/xsell
hXXp://filecdn.avanquest.com/rw/xsell/pcutilitiespro/dejebel/OptimizerPro.exe
optimizerpro.exe
Optimizer Pro\OptimizerPro.exe
EInvalidGridOperation
goAlwaysShowEditor
doKeyColFixed
TKeyOption
keyEdit
keyAdd
keyDelete
keyUnique
TKeyOptions
KeyName
KeyValue
KeyOptions
KeyDescl
%s=%s
SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\Driver Pro
PCInfo.ini
FormKeyDown
hXXp://service.smartpcupdate.com/rpc/sendspmpurchase
hXXp://service.smartpcupdate.com/rpc/sendpurchase
&key=
hXXp://service.smartpcupdate.com/rpc/sendspminstall
hXXp://service.smartpcupdate.com/rpc/sendspmuninstall
hXXp://service.smartpcupdate.com/rpc/sendinstall
hXXp://service.smartpcupdate.com/rpc/senduninstall
IdHTTP10
Do you have a License Key?
If you already have a License Key, please enter it in the form below and click "Activate Now".
License key
Do you need a License Key?
We recommend that you upgrade to the full version of %s
To purchase %s and obtain a license key click
Licensing key has reached its usage limit!
LicenseKey
Thank you for registering %s!
Register %s now to download and install new drivers.
Would you like to register %s?
Current Windows version
Backuped driver Windows version
We NOT reccomend your use this driver for current Windows version.
5 (Windows XP)
6 (Windows Vista)
7 (Windows 7)
8 (Windows 8)
IdHTTP18
HTTPWorkBegin
HTTPWork
HTTPWorkEnd
ProxyLogin
ProxyPassword
hXXp://service.smartpcupdate.com/rpc/getdatabasecxw?arch=%d&os=%d
hXXp://service.smartpcupdate.com/rpc/getdatabasex%d_wd
Drivers32prev.db
Drivers64prev.db
Drivers.db
SetupFiles.txt
%s <%s>
=?WINDOWS
atLogin
IdSMTP
TIdSMTP
LOGIN
IdSMTP1<
Report a problem with a new driver!
mail.smartpctools.com
[email protected]
[email protected]
IdHTTP1
Thank you for trying %s!
Your feedback is very valuable and will help us create better products. Please let us know why you did not register %s:
%s did not find the driver I was looking for
hXXp://service.smartpcupdate.com/rpc/feedback?reason=
Keyboard
Ports
MultiPortSerial
SELECT * FROM drivers WHERE hardid="%s"
Devices-ng.ini
d2.smartpcupdate.com
hXXp://d2.smartpcupdate.com/rpc/send_ini
Snapshot.ini
hXXp://d2.smartpcupdate.com/rpc/sendsnapshot
IdHTTP0
IdHTTP11
HTTP0Work
HTTP1Start
HTTP2Start
HTTP3Start
HTTP4Start
HTTP5Start
HTTP1Work
HTTP2Work
HTTP3Work
HTTP4Work
HTTP5Work
InstallExeDriver
update1.smartpcupdate.com
hXXp://service.smartpcupdate.com/rpc/candownloadfiles?partner=
Windows
English.ini
French.ini
German.ini
Spanish.ini
Italian.ini
Portuguese.ini
Danish.ini
Dutch.ini
Swedish.ini
Polish.ini
Russian.ini
Brazilian.ini
Finnish.ini
Norwegian.ini
Japanese.ini
Chinese.ini
Czech.ini
Arabic.ini
UninstallURL
Welcome to %s
%s found
On Exit send %s to the system tray
Login
Product information and support link
Support
InstallLog.ini
UpdateWindowShown
Backups.ini
Schedule.exe
Software\Microsoft\Windows\CurrentVersion\Settings\
UserKey
TForm1a.WMQueryEndSession
Vendors.txt
ScanExecuted
hXXp://
\Scan.gif
TForm1a.Callback: incorrect Status
Exclusions.txt
1.0.0.0
%d new drivers in %d driver packages found for your computer
hXXp://update1.smartpcupdate.com/rpc/getlastupdate
hXXp://service.smartpcupdate.com/rpc/getstatus?exedate=
hXXp://update1.smartpcupdate.com/rpc/sendinstall?partner=
hXXp://update1.smartpcupdate.com/rpc/sendreport?filename=
hXXp://update1.smartpcupdate.com/rpc/sendstats?partner=
This version is no longer supported!
UpdateList.txt
SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
hXXp://VVV.google.com/search?hl=en&q=
.SYS.DLL.INF.CAT.NFO.EXE.REG.AX.DRV.CPL
RUNDLL32.EXE
LAYOUT.INF
regedit.exe
\Enum.reg" "HKEY_LOCAL_MACHINE\
\Classes.reg" "HKEY_LOCAL_MACHINE\
\*.inf
\Log.txt
backups.ini
/s zipfldr.dll
regsvr32.exe
\.zip\CompressedFolder\ShellNew
\Classes.reg
\Classes.reg"
\Enum.reg
\Enum.reg"
*.exe
AUTORUN.EXE
32.EXE
64.EXE
*.inf
*.status
01-01-2012
TForm1a.InstallCallback
RunExe
TForm1a.HTTP1Start
hXXp://service.smartpcupdate.com/downloads/
Form1a.HTTP1Start
TForm1a.HTTP2Start
Form1a.HTTP2Start
TForm1a.HTTP3Start
Form1a.HTTP3Start
TForm1a.HTTP4Start
Form1a.HTTP4Start
TForm1a.HTTP5Start
Form1a.HTTP5Start
s_Exec
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Launcher.exe
SmartScan.exe
Register %s
CreateBaseIndexes fail
6666666666666666
1.1.2
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*% %-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!
P%S%V%Y%\%
?456789:;<=
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123456789:;<=>?
&'()* ,-./0123456789:;<=>?
GetKeyboardType
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyA
RegEnumKeyExA
RegCreateKeyExW
RegCreateKeyExA
GetWindowsDirectoryA
GetCPInfo
CreatePipe
version.dll
SetViewportOrgEx
SetViewportExtEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
SetKeyboardState
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetAsyncKeyState
ExitWindowsEx
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
ShellExecuteExA
ShellExecuteA
SHFileOperationA
comdlg32.dll
wsock32.dll
oleacc.dll
sqlite3.dll
sqlite3_finalize
sqlite3_column_type
sqlite3_column_text
sqlite3_column_int
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_count
sqlite3_prepare
sqlite3_free
sqlite3_errcode
sqlite3_errmsg
sqlite3_close
sqlite3_open
shfolder.dll
winmm.dll
MainProgram.exe
7,7<7\7{7
:);/;7;`;
2&2.262>2`2
=(=>=`=$>
=$=,=8=@=
8 828:8`8
?!?*?/?7?
7 8=8_8|8
1$1,181@1
?#?6?>?}?
/090_0{0
>!>%>)>->1>=>
5T6i6:o:
5 5$5(5,505
4!4%4)4-41454o4}4
1-1I1S1c1i1}1
2$3/3=3}3
1"161[1~1
?#?'? ?/?3?
0u0
5S5S5p5
2 2$2(2,2
3D4d4
<6=#>1>>>
01
6 6$6(6,606
;-<1<9<@<
.02060<0
2#3'3 303
3%4)4-41484
=0>4>8>@>
6"6&6*606
#0'0 000
0%1)1-11181
43575;5@5
6,7074787<7
= =$=(=,=
>!?%?)?-?4?
5&6*6.646
< <$<(<,<:<`<
1(1,1014181<1@1
7 7$7(7,7074787<7
5l6
607-8=8/9
< <$<(<,<0<4<8<<<@<\<|<
7 7$7(7,7074787<7@7
2.2.3j3
:!:?:]:{:
< <$<(<6<@<
0 0$0(0,020
8 8$8(8,80848:8
= =-=5=<=
11s1
> >%><>]>
666>6[6~6
0%1S1b1
2 2%2,2\2
:):2:9:>:
4 4$4(4,4044484<4
7-7B7h7}7
>#><>_>~>
5_5Q5[5j5{5
2)3.3[3`3
:!:,:4:9:|:
: :$:(:,:0:4:
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
@000///1111*$&
Paint.NET v3.5.100
Paint.NET v3.5.11G
xyT%U
5F.VR
=UN.EN.
Wj.zY
}0(*.pw
pm%C\rlR
t%DMM
Pegg.UjF|jFbZzbj
%cPn:
7:5221>8=
gOÝe
%XzVSoMx
 h.FG
t.ESZH'p
K.kf]Q
.Xpeg
r%SKI
H.uuu
.nl#]cS-
4IP%u
5;1% >)#6!-*6%<*14
{&#:%9.;
Q.tHJJ\
nmr.M2.Mb6
7-'7-&5.$5,&
|^}<^}\^
eeA%u
4/%7.&5,%
w.WMl
WG,.gr
@70".0*>2)#&9;6)'1
30,*<,>6>52-)"'>4#
2)!%1&%)1.!!
$KU%uM5
2214652
x~~avv.tU
.vqI18
k...ii)
KWindows
#IdSMTP
IdTCPStream
UrlMon
Driver.CoreInstall
}Common.Params
CCommon.Utils
eCommon.LoggerWindow
oDriver.Utils
Driver.CoreDevicesHelpers
SQLiteTable3
SQLite3
Driver.CoreResult
Driver.Core
]Driver.CoreDevices
0IdHTTPHeaderInfo
 IdTCPServer
TntWindows
bDriver.CoreSnapshot
geacmd
.cCSmM]
d;%%%C
cg.Br
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
All windows
%Select name, location and backup type
Items.Strings
%Driver backup successfully completed!
%Select the drivers you wish to backup
EditManager.Font.Charset
EditManager.Font.Color
EditManager.Font.Height
EditManager.Font.Name
EditManager.Font.Style
GroupFont.Charset
GroupFont.Color
GroupFont.Height
GroupFont.Name
GroupFont.Style
Header.Columns.Items
Header.Font.Charset
Header.Font.Color
Header.Font.Height
Header.Font.Name
Header.Font.Style
Header.Height
ImageList1)PaintInfoGroup.MarginBottom.CaptionIndent
Selection.FullRowSelect
$Product information and support link
Support:
Version: %s
%Save downloded drivers to this folder
"On Exit send %s to the system tray
Webcam drivers
Windows system drivers
Keyboard drivers
Picture.Data
Header.ShowInAllViews
Header.Visible
PaintInfoGroup.Expandable
)PaintInfoGroup.MarginBottom.CaptionIndent
Icon.Data
ProxyParams.BasicAuthentication
ProxyParams.ProxyPort
Request.ContentLength
Request.ContentRangeEnd
Request.ContentRangeStart
Request.ContentType
Request.Accept
Request.BasicAuthentication
Request.UserAgent
&Mozilla/3.0 (compatible; Indy Library)
HTTPOptions
.NN outdated drivers have been found on your PC
"Would you like to register %s now?
FTo immediately download and fix these drivers you need to register %s.
]If you already have a License Key, please enter it in the form below and click "Activate Now"
.To purchase %s and obtain a license key click
YCheck the email you received after you purchased the product for the correct license key.
&Your license key will look like this:
BWe NOT reccomend your use this driver for current Windows version.
Current Windows version:
Backuped driver Windows version:
"Report a problem with a new driver
IdSMTP1
xYour feedback is very valuable and will help us create better products. Please let us know why you did not register %s:
,%s did not find the driver I was looking for
<assemblyIdentity version="1.0.0.0"
name="program.exe"
<requestedExecutionLevel
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
.jdbg
madExcept.HandleContactForm
madExcept.HandleScreenshotForm
.madExcept
%exceptMsg%
%bugReport%
Úte%
Útetime%
%computerName%
Þsktop%
%userappdata%
%commonappdata%
screenShot.bmp
Tcpip\Parameters
VxD\MSTCP
.jpeg
hXXps://
%userappdata%\
BugReport
screenShot.png
operating system
<tr><td><button onClick="history.back();" style="height:19.5pt;"> 
<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 
<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;
Software\Microsoft\Windows
GetThreadReport
GetCpuRegisters
\madExcept\Dlls\madExcept32.dll
psapi.dll
suser32.dll
PIDLs to operate on are not siblings of the Namespace doing the operation.
Unable to find RegSvr32.exe executable.
RegSvr32.exe
Unspecified error (%d) from %s.
miranda32.exe
66006666
Unsupported PixelFormat
Invalid stream operation
Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
Could not load certificate.#Could not load key, check password.
SSL status: "%s"
Command not supported.
Address type not supported.$Error accepting connection with SSL.
Error creating SSL context. Could not load root certificate.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
DThis authentication method is already registered with class name %s.
%s is not a valid service.
Socket Error # %d
%s is not a valid IP address.
Operation would block.
Operation now in progress.
Operation already in progress.
Socket operation on non-socket.
&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Connecting to %s.
File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed
Object type not supported.
No data to read.$Can not bind in port range (%d - %d)
Invalid Port Range (%d - %d)
@ Outside address*Error on call Winsock2 library function %s
Bogus JPEG tables field.%Fractional JPEG scanline unsupported.
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.
Stream read error in %s file.1Cannot load image. %s not supported for %s files..Cannot load image. CRC error found in %s file.6Cannot load image. Compression error found in %s file.:Cannot load image. Extra compressed data found in %s file.1Cannot load image. Palette in %s file is invalid.>Cannot load PNG image. Unexpected but critical chunk detected.
The compression scheme isJConversion between indexed and non-indexed pixel formats is not supported.8Color conversion failed. Could not find a proper method.AColor depth is invalid. Bits per sample must be 1, 2, 4, 8 or 16.ESample count per pixel does not correspond to the given color scheme.5Subsampling value is invalid. Allowed are 1, 2 and 4.CVertical subsampling value must be <= horizontal subsampling value.
Portable map images
Portable pixel map images
Portable gray map images
Portable bitmap images
Portable network graphic images9Cannot load image. Invalid or unexpected %s image format. Invalid color format in %s file.
Windows icons
Windows metafiles
Windows enhanced meta files
Attempt to register %s twice.
Windows bitmaps"Run length encoded Windows bitmaps"Device independant Windows bitmaps
JPEG error #%d
#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
No help keyword specified.
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
Date exceeds maximum of %s
Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date
Key "%s" not found%goColMoving is not a supported option%Key may not contain equals sign ("=")
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Value must be between %d and %d
Invalid clipboard format Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
Value*A key with the name of "%s" already exists
Invalid input value7Invalid input value. Use escape key to abandon changes
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic
Unsupported clipboard format
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list Too many rows or columns deleted$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
?#''%s'' is not a valid date and time
Cannot open file "%s". %s
Grid too large for operation
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
3.1.0.5

DPSchedule.exe_1220:

.idata
.edata
P.tls
.rdata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
;!199{199
;0!8&2{199
"<;=!!%{199
Windows 95
Windows 95 OSR-2
Windows 98
Windows 98 SE
Windows ME
Windows 9x New
Windows NT 3
Windows NT 4
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 2008
Windows 7
Windows 2008 R2
Windows 8
Windows Server 8
Windows NT New
user.exe
TMsgHandlers
madToolsMsgHandlerWindow
user32.dll
>0';0974&0{199
cmovÌ
setÌ
pop %seg
push %seg
msvcrt.dll
VVV.madshi.net
dbghelp.dll
4.0.9
ntdll.dll
The import table is invalid.
shell32.dll
WindowsLogo
ReportLeaks
UploadViaHttp
HttpServer
HttpSsl
HttpPort
HttpAccount
HttpPassword
BugTrPassword
MailAsSmtpServer
MailAsSmtpClient
SmtpServer
SmtpSsl
SmtpTls
SmtpPort
SmtpAccount
SmtpPassword
bugreport.mbr
screenshot.png
ExceptMsg
FrozenMsg
BitFaultMsg
send bug report
save bug report
print bug report
show bug report
%appname%, %exceptMsg%
bug report
please find the bug report attached
Sending bug report...
PrepAttMsg
MxLookMsg
ConnMsg
SendMailMsg
FieldMsg
SendAttMsg
SendFinalMsg
SendFailMsg
Sorry, sending the bug report didn't work.
TDABugReportCallback
TDABugReportCallbackOO
ShellExecuteExW
madExceptIde_.bpl
wininet.dll
VVV.google.com
SMTP:
mapi32.dll
IpHlpApi.dll
A.ROOT-SERVERS.NET
K.ROOT-SERVERS.NET
VVV.madshi.net_multipart_boundary
TSmtpU
LOGIN
AUTH LOGIN
security.dll
secur32.dll
TWinHttp
winhttp.dll
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
/api.xml
<url>
password
?cmd=
/xmlrpc.cgi
Bugzilla.version
Product.get_enterable_products
Product.get
Bug.fields
Bugzilla_login
Bugzilla_password
Bug.create
Bug.add_attachment
/api/soap/mantisconnect.php
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="hXXp://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns1:
</username><password xsi:type="xsd:string">
</password>
*.txt
TSendBugReportExRec
advapi32.dll
wtsapi32.dll
idapi32.dll
kernelbase.dll
madExcept32.dll
c:\sources\madshi\madExcept32.dll
ReportLeaksNow
GetLeakReport
ShowLeakReport
madExcept32.dll has the wrong version.
coreide70.bpl
ReportFault
FaultRep.dll
internal error. please notify [email protected]
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
HardWareKey
setupapi.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s_%d
EInvalidGraphicOperation
USER32.DLL
comctl32.dll
uxtheme.dll
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
imm32.dll
AutoHotkeysLlI
AutoHotkeys
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview@sI
WindowStatexnI
OnKeyDown
OnKeyPress
OnKeyUp
tagMSG
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
OnActionExecuteHAI
hXXp://VVV.pcutilitiespro.com
pcspeedmaximizer.exe
PC Speed Maximizer\PCSpeedMaximizer.exe
PC Speed Maximizer Pro\PCSpeedMaximizerPro.exe
HomePageURL
AfterInstallURL
SupportURL
BuyNowURL
AdsDownloadURL
AdsBuyNowURL
hXXps://safecart.com/pcutilitiespro/.driverpro
hXXp://support.pcutilitiespro.com
hXXp://dejebel.pcutilitiespro.revenuewire.net/optimizerpro/xsell
hXXp://filecdn.avanquest.com/rw/xsell/pcutilitiespro/dejebel/OptimizerPro.exe
optimizerpro.exe
Optimizer Pro\OptimizerPro.exe
s_Exec
6666666666666666
GetKeyboardType
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegCreateKeyExW
RegCreateKeyExA
GetWindowsDirectoryA
GetCPInfo
CreatePipe
version.dll
gdi32.dll
SetViewportOrgEx
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
ShellExecuteExA
ShellExecuteA
comdlg32.dll
wsock32.dll
Schedule.exe
8 8&8,898?8
171<1[1`1
8'8/878?8
0 0$0(0,0004080
5R5C5g5t5
00e0v0
4%5U5d5
0 0 080_0
4"4&4*4.444
89u9
5 5$5(5,505
@000///1111*$&
KWindows
UrlMon
%sSchedule
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
<assemblyIdentity version="1.0.0.0"
name="program.exe"
<requestedExecutionLevel
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
.jdbg
madExcept.HandleContactForm
madExcept.HandleScreenshotForm
.madExcept
%exceptMsg%
%bugReport%
Úte%
Útetime%
%computerName%
Þsktop%
%userappdata%
%commonappdata%
screenShot.bmp
Tcpip\Parameters
VxD\MSTCP
.jpeg
hXXps://
hXXp://
%userappdata%\
BugReport
screenShot.png
operating system
<tr><td><button onClick="history.back();" style="height:19.5pt;"> 
<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 
<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;
Software\Microsoft\Windows
GetThreadReport
GetCpuRegisters
\madExcept\Dlls\madExcept32.dll
psapi.dll
suser32.dll
66006666
No help keyword specified.
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
No help found for %s
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
Ancestor for '%s' not found
Cannot assign a %s to a %s
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation
3.1.0.5


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    Driver_Pro.exe:1704
    DriverPro.exe:628
    Driver_Pro.tmp:200
    %original file name%.exe:1012
    DPStartScan.exe:632

  2. Delete the original Trojan-Banker file.
  3. Delete or disinfect the following files created/modified by the Trojan-Banker:

    %Documents and Settings%\%current user%\Local Settings\Temp\is-F6JFN.tmp\Driver_Pro.tmp (7386 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\Scan.ini (599 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\Devices.ini (25 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\PCInfo.ini (175 bytes)
    %Program Files%\Driver Pro\is-ISH0I.tmp (26 bytes)
    %Program Files%\Driver Pro\is-V9CPP.tmp (3361 bytes)
    %Program Files%\Driver Pro\is-0FK8B.tmp (31891 bytes)
    %Documents and Settings%\%current user%\Desktop\Driver Pro.lnk (701 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Help.lnk (713 bytes)
    %Program Files%\Driver Pro\is-JS82I.tmp (3073 bytes)
    %Program Files%\Driver Pro\is-KGA65.tmp (547 bytes)
    %Program Files%\Driver Pro\is-SGT6I.tmp (7433 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\is-ERK89.tmp (558848 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\is-7SE3V.tmp (4 bytes)
    %Program Files%\Driver Pro\is-KB3TM.tmp (12 bytes)
    %Program Files%\Driver Pro\unins000.msg (646 bytes)
    %Program Files%\Driver Pro\is-1FNSA.tmp (30427 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\is-T7RSN.tmp (61 bytes)
    %Program Files%\Driver Pro\unins000.dat (5536 bytes)
    %Program Files%\Driver Pro\is-PNHS0.tmp (5873 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Uninstall Driver Pro.lnk (708 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Driver Pro.lnk (713 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Driver Pro\Driver Pro on the Web.lnk (708 bytes)
    %Program Files%\Driver Pro\is-S2JVC.tmp (7433 bytes)
    %Documents and Settings%\%current user%\Application Data\Driver Pro\is-Q0LD2.tmp (526038 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-QC7PH.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Program Files%\Driver Pro\is-UQBUO.tmp (56 bytes)
    %Program Files%\Driver Pro\is-9I9QR.tmp (5873 bytes)
    %Program Files%\Driver Pro\is-35I17.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Driver_Pro.exe (75554 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Driver Pro" = "%Program Files%\Driver Pro\DPLauncher.exe"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now