Tech Support Forum - View Single Post

cadriemir · 11-15-2008, 08:50 PM

Ok, here are the results.

c:\windows\system32\mkrnl.exe

Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.3 2008.11.15 -
AntiVir 7.9.0.31 2008.11.14 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.15 -
BitDefender 7.2 2008.11.16 -
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.15 -
F-Prot 4.4.4.56 2008.11.15 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.16 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 -
NOD32 3615 2008.11.15 a variant of Win32/Adware.XPAntivirus.AD
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.15 -
PCTools 4.4.2.0 2008.11.15 -
Prevx1 V2 2008.11.16 Cloaked Malware
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 Trojan.Crypt.XPACK.Gen
Sophos 4.35.0 2008.11.15 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.16 AntiVirus2009
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.15 -
Additional information
File size: 144896 bytes
MD5...: 6b15838d185a7eca5ecfa2e7ebac3c6b
SHA1..: fb6b02bbdafdd1a842856b63c4a4fe1fbfb14eb7
SHA256: 94806b58b17a062b1ef8e8aa809a8b5d51dd9910482e37cdaab7a26fc76aeaa6
SHA512: efffab86325952adf704aea0417d5c7e4e56880a605e7a0e1d38d17099268da7
33def54612312aa70195e09f605163e7360dde70c1ad34fd89aa424360bc9f2a
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4010dc
timedatestamp.....: 0x45f64af1 (Tue Mar 13 06:55:45 2007)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5002 0x5200 0.51 7e19fe3e4dce5f2e868366255492c746
.rdata 0x7000 0x6e5 0x800 0.00 c99a74c555371a433d121f551d6c6398
.data 0x8000 0x3ce851 0x1aa00 6.46 d8d91c2ee16350ad5edbd11ae519a4e9
.tls 0x3d7000 0x6e 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x3d8000 0x18 0x200 0.23 78d5e22a168cf6ed9c526f0b6b67633d
.idata 0x3d9000 0x1375 0x1400 4.36 8e0eb260407d3b14f6de7273b16bc2b1
.reloc 0x3db000 0x337 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x3dc000 0xff4 0x1000 5.97 5a12f3eb2c83b8849a17cd40bfe58bc6

( 10 imports )
> GDI32.DLL: BeginPath, CopyMetaFileA, CloseMetaFile, CreateSolidBrush, GetBrushOrgEx, BitBlt, GetPixel, AddFontMemResourceEx, ClearBrushAttributes, GetClipBox, GetBitmapBits
> COMCTL32.DLL: ImageList_LoadImageA, ImageList_Remove, ImageList_Read, ImageList_ReplaceIcon, ImageList_Replace, ImageList_AddMasked, ImageList_DragShowNolock, ImageList_GetIcon, ImageList_GetImageRect, ImageList_Destroy, ImageList_LoadImage, ImageList_GetImageCount, ImageList_DragLeave, ImageList_Create, ImageList_GetImageInfo
> COMCTL32.DLL: ImageList_LoadImage, ImageList_GetImageInfo, ImageList_BeginDrag, ImageList_LoadImageW, ImageList_DrawIndirect, ImageList_EndDrag, ImageList_DragLeave, ImageList_Copy, ImageList_AddMasked, ImageList_DragMove, ImageList_Merge, ImageList_AddIcon, ImageList_Destroy, InitCommonControls, ImageList_Remove
> USER32.DLL: CopyImage, IsMenu, EndDialog, CreateIcon, CalcMenuBar, GetDlgItem, GetWindowTextLengthA, InsertMenuA, BlockInput, CopyRect, AlignRects
> GDI32.DLL: CopyMetaFileA, DeleteDC, ClearBitmapAttributes, RestoreDC, GetDCOrgEx, AddFontResourceTracking, BitBlt, CreateSolidBrush, ExtTextOutA, AbortPath, GetPixel, ExcludeClipRect, GetBitmapBits, AddFontResourceExW, AddFontResourceExA, AddFontResourceA
> ADVAPI32.DLL: RegCreateKeyExA, RegEnumValueA, RegCreateKeyExW, RegQueryValueW, RegReplaceKeyA, RegGetKeySecurity, RegDeleteValueA, RegEnumKeyExW, RegFlushKey, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, RegLoadKeyA, RegOpenKeyW, RegCreateKeyW, RegEnumKeyExA, RegQueryValueExW, RegEnumValueW
> COMCTL32.DLL: ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, ImageList_LoadImageA, ImageList_Remove, ImageList_GetIcon, ImageList_Destroy, InitCommonControls, ImageList_AddIcon, ImageList_GetImageCount, ImageList_Create, ImageList_Replace, ImageList_BeginDrag
> USER32.DLL: GetWindowTextLengthA, CopyImage, CopyIcon, AppendMenuA, InsertMenuA, CreateIcon, GetWindowTextA, GetDC, EndDialog, AppendMenuW, CalcMenuBar, AlignRects, LoadCursorA, DialogBoxParamW, DrawTextA, LoadMenuA, DrawIconEx, DialogBoxParamA
> ADVAPI32.DLL: RegQueryValueA, RegFlushKey, RegQueryValueExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegQueryValueExA, RegGetKeySecurity, RegEnumValueA, RegOpenKeyExA
> USER32.DLL: IsMenu, CopyIcon, DrawIconEx, CreateIcon, DialogBoxParamW, LoadCursorA, CopyImage, DialogBoxParamA, DrawTextA, AppendMenuW, GetDC, CloseWindow, CopyRect, CalcMenuBar

( 0 exports )

c:\windows\Qzifijolo.dll

File Qzifijolo.dll received on 11.16.2008 04:46:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/36 (11.12%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.3 2008.11.15 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 -
AVG 8.0.0.199 2008.11.15 -
BitDefender 7.2 2008.11.16 -
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.15 -
F-Prot 4.4.4.56 2008.11.15 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 -
Ikarus T3.1.1.45.0 2008.11.16 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 -
NOD32 3615 2008.11.15 -
Norman 5.80.02 2008.11.14 W32/DLoader.KSWL
Panda 9.0.0.4 2008.11.15 Generic Trojan
PCTools 4.4.2.0 2008.11.15 -
Prevx1 V2 2008.11.16 Malware Downloader
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.15 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.16 Downloader
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.15 -
Additional information
File size: 24576 bytes
MD5...: 99378be4b316a485550f4cc9e1fd4052
SHA1..: a5fa120a4e285d1e9aa717f476d643c50c92c6da
SHA256: 7f4e9701061b5cb8b06f434fc0c11573246f440c71e8e5c2739907583339e5ae
SHA512: 06b16f1cb20d540921659009de0c9a20eec18438c2fb0d68848b02b64c5b15a0
664af639b8b07ec29c1d2b6c037064ea3bbd41beb4b168465e7215cd21f21438
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000255b
timedatestamp.....: 0x490f0096 (Mon Nov 03 13:45:58 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38bd 0x4000 5.71 466dba97f880dc5e06991778084bc20c
.data 0x5000 0xe18 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.reloc 0x6000 0x404 0x1000 2.13 ea9d41c571270840f67129b0994c231f

( 6 imports )
> SHLWAPI.dll: StrRStrIW, StrStrIW
> KERNEL32.dll: lstrlenW, lstrcatW, GetProcAddress, LoadLibraryW, WaitForSingleObject, CreateThread, lstrcpyW, GetVolumeInformationW, GetSystemWindowsDirectoryW, lstrcpynW, CreateProcessW, Sleep, VirtualAlloc, CreateFileW, GetTickCount, CreateEventW, CreateMutexW, DisableThreadLibraryCalls, GetModuleFileNameW, ResetEvent, SetEvent, GetLastError, FreeLibraryAndExitThread, SetFilePointer, CreateWaitableTimerW, WaitForMultipleObjects, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetVersionExW, WriteFile, SetEndOfFile, FreeLibrary, CloseHandle, VirtualFree, SetWaitableTimer
> USER32.dll: SetWindowsHookExW, PostMessageW, CallNextHookEx, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, wsprintfW
> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW, RegDeleteValueW, RegFlushKey, RegSetValueExW, RegNotifyChangeKeyValue, RegCloseKey, RegCreateKeyExW
> SHELL32.dll: SHGetFolderPathW, -
> ole32.dll: StringFromCLSID, CoCreateGuid, CoTaskMemFree

( 2 exports )
e, r

11-15-2008, 08:50 PM	#8 (permalink)
cadriemir Registered User Join Date: Nov 2008 Posts: 11 OS: XP	Re: Computer Running Slow and Glitchy Ok, here are the results. c:\windows\system32\mkrnl.exe Antivirus Version Last Update Result AhnLab-V3 2008.11.14.3 2008.11.15 - AntiVir 7.9.0.31 2008.11.14 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.11.15 - Avast 4.8.1281.0 2008.11.16 Win32:Trojan-gen {Other} AVG 8.0.0.199 2008.11.15 - BitDefender 7.2 2008.11.16 - CAT-QuickHeal 10.00 2008.11.15 - ClamAV 0.94.1 2008.11.15 - DrWeb 4.44.0.09170 2008.11.16 - eSafe 7.0.17.0 2008.11.13 - eTrust-Vet 31.6.6210 2008.11.14 - Ewido 4.0 2008.11.15 - F-Prot 4.4.4.56 2008.11.15 - F-Secure 8.0.14332.0 2008.11.16 - Fortinet 3.117.0.0 2008.11.15 - GData 19 2008.11.16 Win32:Trojan-gen {Other} Ikarus T3.1.1.45.0 2008.11.16 - K7AntiVirus 7.10.526 2008.11.15 - Kaspersky 7.0.0.125 2008.11.16 - McAfee 5435 2008.11.15 - Microsoft 1.4104 2008.11.16 - NOD32 3615 2008.11.15 a variant of Win32/Adware.XPAntivirus.AD Norman 5.80.02 2008.11.14 - Panda 9.0.0.4 2008.11.15 - PCTools 4.4.2.0 2008.11.15 - Prevx1 V2 2008.11.16 Cloaked Malware Rising 21.03.42.00 2008.11.14 - SecureWeb-Gateway 6.7.6 2008.11.14 Trojan.Crypt.XPACK.Gen Sophos 4.35.0 2008.11.15 - Sunbelt 3.1.1801.2 2008.11.14 - Symantec 10 2008.11.16 AntiVirus2009 TheHacker 6.3.1.1.155 2008.11.15 - TrendMicro 8.700.0.1004 2008.11.14 - VBA32 3.12.8.9 2008.11.15 - ViRobot 2008.11.15.1470 2008.11.15 - VirusBuster 4.5.11.0 2008.11.15 - Additional information File size: 144896 bytes MD5...: 6b15838d185a7eca5ecfa2e7ebac3c6b SHA1..: fb6b02bbdafdd1a842856b63c4a4fe1fbfb14eb7 SHA256: 94806b58b17a062b1ef8e8aa809a8b5d51dd9910482e37cdaab7a26fc76aeaa6 SHA512: efffab86325952adf704aea0417d5c7e4e56880a605e7a0e1d38d17099268da7 33def54612312aa70195e09f605163e7360dde70c1ad34fd89aa424360bc9f2a PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4010dc timedatestamp.....: 0x45f64af1 (Tue Mar 13 06:55:45 2007) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5002 0x5200 0.51 7e19fe3e4dce5f2e868366255492c746 .rdata 0x7000 0x6e5 0x800 0.00 c99a74c555371a433d121f551d6c6398 .data 0x8000 0x3ce851 0x1aa00 6.46 d8d91c2ee16350ad5edbd11ae519a4e9 .tls 0x3d7000 0x6e 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rdata 0x3d8000 0x18 0x200 0.23 78d5e22a168cf6ed9c526f0b6b67633d .idata 0x3d9000 0x1375 0x1400 4.36 8e0eb260407d3b14f6de7273b16bc2b1 .reloc 0x3db000 0x337 0x400 0.00 0f343b0931126a20f133d67c2b018a3b .rsrc 0x3dc000 0xff4 0x1000 5.97 5a12f3eb2c83b8849a17cd40bfe58bc6 ( 10 imports ) > GDI32.DLL: BeginPath, CopyMetaFileA, CloseMetaFile, CreateSolidBrush, GetBrushOrgEx, BitBlt, GetPixel, AddFontMemResourceEx, ClearBrushAttributes, GetClipBox, GetBitmapBits > COMCTL32.DLL: ImageList_LoadImageA, ImageList_Remove, ImageList_Read, ImageList_ReplaceIcon, ImageList_Replace, ImageList_AddMasked, ImageList_DragShowNolock, ImageList_GetIcon, ImageList_GetImageRect, ImageList_Destroy, ImageList_LoadImage, ImageList_GetImageCount, ImageList_DragLeave, ImageList_Create, ImageList_GetImageInfo > COMCTL32.DLL: ImageList_LoadImage, ImageList_GetImageInfo, ImageList_BeginDrag, ImageList_LoadImageW, ImageList_DrawIndirect, ImageList_EndDrag, ImageList_DragLeave, ImageList_Copy, ImageList_AddMasked, ImageList_DragMove, ImageList_Merge, ImageList_AddIcon, ImageList_Destroy, InitCommonControls, ImageList_Remove > USER32.DLL: CopyImage, IsMenu, EndDialog, CreateIcon, CalcMenuBar, GetDlgItem, GetWindowTextLengthA, InsertMenuA, BlockInput, CopyRect, AlignRects > GDI32.DLL: CopyMetaFileA, DeleteDC, ClearBitmapAttributes, RestoreDC, GetDCOrgEx, AddFontResourceTracking, BitBlt, CreateSolidBrush, ExtTextOutA, AbortPath, GetPixel, ExcludeClipRect, GetBitmapBits, AddFontResourceExW, AddFontResourceExA, AddFontResourceA > ADVAPI32.DLL: RegCreateKeyExA, RegEnumValueA, RegCreateKeyExW, RegQueryValueW, RegReplaceKeyA, RegGetKeySecurity, RegDeleteValueA, RegEnumKeyExW, RegFlushKey, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, RegLoadKeyA, RegOpenKeyW, RegCreateKeyW, RegEnumKeyExA, RegQueryValueExW, RegEnumValueW > COMCTL32.DLL: ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, ImageList_LoadImageA, ImageList_Remove, ImageList_GetIcon, ImageList_Destroy, InitCommonControls, ImageList_AddIcon, ImageList_GetImageCount, ImageList_Create, ImageList_Replace, ImageList_BeginDrag > USER32.DLL: GetWindowTextLengthA, CopyImage, CopyIcon, AppendMenuA, InsertMenuA, CreateIcon, GetWindowTextA, GetDC, EndDialog, AppendMenuW, CalcMenuBar, AlignRects, LoadCursorA, DialogBoxParamW, DrawTextA, LoadMenuA, DrawIconEx, DialogBoxParamA > ADVAPI32.DLL: RegQueryValueA, RegFlushKey, RegQueryValueExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegQueryValueExA, RegGetKeySecurity, RegEnumValueA, RegOpenKeyExA > USER32.DLL: IsMenu, CopyIcon, DrawIconEx, CreateIcon, DialogBoxParamW, LoadCursorA, CopyImage, DialogBoxParamA, DrawTextA, AppendMenuW, GetDC, CloseWindow, CopyRect, CalcMenuBar ( 0 exports ) c:\windows\Qzifijolo.dll File Qzifijolo.dll received on 11.16.2008 04:46:53 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 4/36 (11.12%) Loading server information... Your file is queued in position: 1. Estimated start time is between 38 and 55 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.11.14.3 2008.11.15 - AntiVir 7.9.0.31 2008.11.14 - Authentium 5.1.0.4 2008.11.15 - Avast 4.8.1281.0 2008.11.16 - AVG 8.0.0.199 2008.11.15 - BitDefender 7.2 2008.11.16 - CAT-QuickHeal 10.00 2008.11.15 - ClamAV 0.94.1 2008.11.15 - DrWeb 4.44.0.09170 2008.11.16 - eSafe 7.0.17.0 2008.11.13 - eTrust-Vet 31.6.6210 2008.11.14 - Ewido 4.0 2008.11.15 - F-Prot 4.4.4.56 2008.11.15 - F-Secure 8.0.14332.0 2008.11.16 - Fortinet 3.117.0.0 2008.11.15 - GData 19 2008.11.16 - Ikarus T3.1.1.45.0 2008.11.16 - K7AntiVirus 7.10.526 2008.11.15 - Kaspersky 7.0.0.125 2008.11.16 - McAfee 5435 2008.11.15 - Microsoft 1.4104 2008.11.16 - NOD32 3615 2008.11.15 - Norman 5.80.02 2008.11.14 W32/DLoader.KSWL Panda 9.0.0.4 2008.11.15 Generic Trojan PCTools 4.4.2.0 2008.11.15 - Prevx1 V2 2008.11.16 Malware Downloader Rising 21.03.42.00 2008.11.14 - SecureWeb-Gateway 6.7.6 2008.11.14 - Sophos 4.35.0 2008.11.15 - Sunbelt 3.1.1801.2 2008.11.14 - Symantec 10 2008.11.16 Downloader TheHacker 6.3.1.1.155 2008.11.15 - TrendMicro 8.700.0.1004 2008.11.14 - VBA32 3.12.8.9 2008.11.15 - ViRobot 2008.11.15.1470 2008.11.15 - VirusBuster 4.5.11.0 2008.11.15 - Additional information File size: 24576 bytes MD5...: 99378be4b316a485550f4cc9e1fd4052 SHA1..: a5fa120a4e285d1e9aa717f476d643c50c92c6da SHA256: 7f4e9701061b5cb8b06f434fc0c11573246f440c71e8e5c2739907583339e5ae SHA512: 06b16f1cb20d540921659009de0c9a20eec18438c2fb0d68848b02b64c5b15a0 664af639b8b07ec29c1d2b6c037064ea3bbd41beb4b168465e7215cd21f21438 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000255b timedatestamp.....: 0x490f0096 (Mon Nov 03 13:45:58 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x38bd 0x4000 5.71 466dba97f880dc5e06991778084bc20c .data 0x5000 0xe18 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .reloc 0x6000 0x404 0x1000 2.13 ea9d41c571270840f67129b0994c231f ( 6 imports ) > SHLWAPI.dll: StrRStrIW, StrStrIW > KERNEL32.dll: lstrlenW, lstrcatW, GetProcAddress, LoadLibraryW, WaitForSingleObject, CreateThread, lstrcpyW, GetVolumeInformationW, GetSystemWindowsDirectoryW, lstrcpynW, CreateProcessW, Sleep, VirtualAlloc, CreateFileW, GetTickCount, CreateEventW, CreateMutexW, DisableThreadLibraryCalls, GetModuleFileNameW, ResetEvent, SetEvent, GetLastError, FreeLibraryAndExitThread, SetFilePointer, CreateWaitableTimerW, WaitForMultipleObjects, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetVersionExW, WriteFile, SetEndOfFile, FreeLibrary, CloseHandle, VirtualFree, SetWaitableTimer > USER32.dll: SetWindowsHookExW, PostMessageW, CallNextHookEx, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, wsprintfW > ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW, RegDeleteValueW, RegFlushKey, RegSetValueExW, RegNotifyChangeKeyValue, RegCloseKey, RegCreateKeyExW > SHELL32.dll: SHGetFolderPathW, - > ole32.dll: StringFromCLSID, CoCreateGuid, CoTaskMemFree ( 2 exports ) e, r