Hi,
My apologies for not having followed instructions correctly (My face is red with embarrassment.)
ComboFix 08-05-12.1 - Owner 2008-05-15 16:25:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\eultc.exe
C:\tdvkc.exe
C:\WINDOWS\BM575e3e6c.xml
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\system32\gh.l
C:\WINDOWS\system32\gujbyfeo.exe
C:\WINDOWS\system32\hdrihqxm.dll
C:\WINDOWS\system32\ighoqrae.exe
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\wqdkigbj.exe
C:\WINDOWS\system32\xkicjxnd.exe
C:\WINDOWS\system32\yhdjqwqy.exe
C:\WINDOWS\system32\yl.po
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\eultc.exe
C:\tdvkc.exe
C:\WINDOWS\BM575e3e6c.xml
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\system32\gh.l
C:\WINDOWS\system32\gujbyfeo.exe
C:\WINDOWS\system32\hdrihqxm.dll
C:\WINDOWS\system32\ighoqrae.exe
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\wqdkigbj.exe
C:\WINDOWS\system32\xkicjxnd.exe
C:\WINDOWS\system32\yhdjqwqy.exe
C:\WINDOWS\system32\yl.po
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-15 13:19 . 2008-05-15 16:17 <DIR> d-------- C:\fixwareout
2008-05-14 05:57 . 2008-05-14 05:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-14 05:44 . 2008-05-14 06:27 <DIR> d-------- C:\SDFix
2008-05-01 10:18 . 2008-05-01 10:18 <DIR> d--h----- C:\BJPrinter
2008-04-29 21:27 . 2008-04-29 21:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-04-29 21:24 . 2008-04-29 21:24 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:24 . 2007-09-04 08:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-27 16:20 . 2008-04-27 16:20 <DIR> d-------- C:\Program Files\uTorrent
2008-04-27 16:19 . 2008-05-10 15:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-25 09:48 . 2008-04-25 09:48 <DIR> d-------- C:\Program Files\FriendFinder
2008-04-23 18:09 . 2008-04-23 18:09 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-04-23 13:24 . 2008-04-23 13:24 <DIR> d-------- C:\Program Files\iPod
2008-04-23 13:24 . 2008-05-10 05:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-23 13:24 . 2008-04-23 13:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 13:23 . 2008-04-23 13:24 <DIR> d-------- C:\Program Files\iTunes
2008-04-23 13:22 . 2008-04-23 13:22 <DIR> d-------- C:\Program Files\QuickTime
2008-04-23 13:18 . 2008-04-23 13:18 <DIR> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 23:17 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2008-05-10 13:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-08 04:07 --------- d-----w C:\Program Files\Blubster
2008-05-01 12:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-21 23:26 --------- d-----w C:\Program Files\McAfee
2008-04-07 05:30 --------- d-----w C:\Program Files\isoHunt
2008-04-07 05:30 --------- d-----w C:\Program Files\Conduit
2008-03-31 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 23:29 --------- d-----w C:\Program Files\Java
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 19:57 812,344 ----a-w C:\Program Files\seek.exe.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-09-03 01:13 6,860,424 ------w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-09-02 01:51 1,416,944 ------w C:\Program Files\WM9Codecs.exe
2005-08-07 21:40 2,245,630 ------w C:\Program Files\GOF_boyfriend.wav
2005-08-07 01:00 10,958,640 ------w C:\Program Files\GoogleEarth.exe
2005-01-01 04:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_15.27.54.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 23:22:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 00:16:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Comcast Video Mail\\Comcast_Video_Mail.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Blubster\\Blubster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 21:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 09:46:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-01 09:00:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-09 23:13:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-15 16:28:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-15 16:29:37
ComboFix-quarantined-files.txt 2008-05-16 00:29:22
ComboFix2.txt 2008-05-15 23:28:52
Pre-Run: 179,089,043,456 bytes free
Post-Run: 179,077,029,888 bytes free
151 --- E O F --- 2008-05-02 06:03:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:41 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone:
http://*.mcafee.comO15 - Trusted Zone:
http://www.myfreepaysite.comO16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
http://secure2.comne...login-devel.cabO16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) -
http://bookmarks.yah...m/YbConvFav.CABO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
--
End of file - 4676 bytes
File size: 812344 bytes
MD5...: ab1c4deab684b0d883cfaa82c7bc6d19
SHA1..: 2cff1effdd174e7e2dcc24f93a17f782d40380e3
SHA256: 132280692b44037d2205281a490525ac1ecba5499087dec2506d5eca07851b35
SHA512: 9f96a10e199c618da16ddd2215649a13a5256505e54b6cd90de8d8c583341d78
c432aca4a264e9c10f326fa32153ee9ab394a21c5c5d268d9b3350c0518d8bc5
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x41fac9
timedatestamp.....: 0x46683992 (Thu Jun 07 17:00:02 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x33b9c 0x34000 6.65 934f033e2f25f169d5149fe6dd4be1dc
.rdata 0x35000 0xc702 0xd000 4.89 a685f91ae70d9934e9dcea4f91e45e2f
.data 0x42000 0x64bc 0x3000 3.81 b26ce04da6ae22e8abe8f3a281d18dc2
.rsrc 0x49000 0x7f6b8 0x80000 6.88 431c5e8ecf9e0bb29fd2780b22a5b01b
( 12 imports )
> KERNEL32.dll: GetFileAttributesA, GetFileTime, GetTickCount, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, GetStartupInfoA, ExitProcess, RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, GetACP, GetConsoleCP, GetConsoleMode, HeapDestroy, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToLocalFileTime, SetErrorMode, FileTimeToSystemTime, GetOEMCP, GetCPInfo, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, WritePrivateProfileStringA, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, FormatMessageA, LocalFree, MulDiv, GlobalUnlock, GlobalFree, FreeResource, GetCurrentProcessId, SetLastError, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, GlobalLock, lstrcmpA, GlobalAlloc, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, lstrlenA, CompareStringW, CompareStringA, GetVersion, GetLastError, InterlockedExchange, lstrcatA, MultiByteToWideChar, LoadLibraryA, CreateDirectoryA, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, VirtualFree, SizeofResource
> USER32.dll: RegisterClipboardFormatA, PostThreadMessageA, CharNextA, GetSysColorBrush, ReleaseCapture, LoadCursorA, SetCapture, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, EqualRect, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, UnhookWindowsHookEx, GetMenuItemID, DrawIcon, SendMessageA, IsIconic, GetClientRect, EnableWindow, LoadIconA, GetMenuItemCount, GetSubMenu, GetWindow, SetWindowContextHelpId, MapDialogRect, SetWindowPos, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, DestroyMenu, UnregisterClassA, MessageBeep, GetNextDlgGroupItem, GetNextDlgTabItem, EndDialog, InvalidateRgn, InvalidateRect, SetRect, IsRectEmpty, CopyAcceleratorTableA, GetSystemMetrics, CharUpperA, PostQuitMessage, PostMessageA, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, GetParent, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, GetActiveWindow, DispatchMessageA, TranslateMessage, GetMessageA, CallNextHookEx, SetWindowsHookExA, SetCursor, MessageBoxA, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetWindowThreadProcessId, IsChild
> GDI32.dll: ExtSelectClipRgn, DeleteDC, GetStockObject, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, GetMapMode, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, CreateBitmap, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, GetDeviceCaps, RectVisible
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: RegQueryValueA, RegSetValueExA, RegCreateKeyExA, RegCloseKey, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetMalloc, SHBrowseForFolderA, ShellExecuteA, SHGetPathFromIDListA
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
> oledlg.dll: -
> ole32.dll: OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoTaskMemAlloc, CoRevokeClassObject, CoTaskMemFree, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoCreateInstance, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
( 0 exports )
packers (F-Prot): UPX