ThreatExpert Report: W32.Rahack.W, W32/RAHack, WORM_ALLAPLE.IK, W32/Allaple-F, Worm:Win32/Allaple.A..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 3 October 2012, 12:07:48
Processing time: 10 min 13 sec
Submitted sample:

File MD5: 0x5EB0A7211AF0D0B76500F18B73417123
File SHA-1: 0x72BAD472CBF5680106F82C12C5291B59273C8E52
Filesize: 65,024 bytes
Alias:

W32.Rahack.W [Symantec]
W32/RAHack [McAfee]
WORM_ALLAPLE.IK [Trend Micro]
W32/Allaple-F [Sophos]
Worm:Win32/Allaple.A [Microsoft]
Net-Worm.Win32.Allaple [Ikarus]
Win-Trojan/Starman.Gen [AhnLab]

Summary of the findings:

What's been found	Severity Level
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
MS04-012: DCOM RPC Overflow exploit - replication across TCP 135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC Bots).
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A network-aware worm that attempts to replicate across the existing network(s)

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	[pathname with a string SHARE]\bcwvzwbh.exe	65,024 bytes	MD5: 0xA5A4784A97947BA967AA0D4DDF92D400 SHA-1: 0xA506804F312D9024ED9230FCA947C75EDB27DC64	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
2	[pathname with a string SHARE]\bhrhnkht.exe	65,024 bytes	MD5: 0x730F04D2A8DDADC41D18B4E2AF158F5C SHA-1: 0x39301D9ACAEA869C749466ECA9827C183562F05A	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
3	[pathname with a string SHARE]\bnbtzwxt.exe	65,024 bytes	MD5: 0xA712ED97B97EE46E47F80B8AB720275F SHA-1: 0xD8E2559F799013E3AFD8D482CC92AE1617CCA41F	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
4	[pathname with a string SHARE]\brvrjrke.exe	65,024 bytes	MD5: 0xBE1E3EBD51968040E979899DF8FB2CF2 SHA-1: 0x56D44ED88AAEADE32775C72F1B6D2AA6AF90CC8B	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
5	[pathname with a string SHARE]\bzqlkhrh.exe	65,024 bytes	MD5: 0x8A6846F908CEFD29CE9769CA9F3AA80C SHA-1: 0xF6A0FB85197FB26100A026E60E3ECCE989B44A30	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
6	[pathname with a string SHARE]\czjevcet.exe	65,024 bytes	MD5: 0x3308D25BEA22457FA6DBB6ACC326990C SHA-1: 0xC851EAC29DC0F547FACFE9055C833B1C287A068B	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
7	[pathname with a string SHARE]\ehbebsrn.exe	65,024 bytes	MD5: 0xBBF4551E3B5C18F25F635FA83D0E52D2 SHA-1: 0x617315FF90182B4BC92759DD3B71BB8F534CDEDA	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
8	[pathname with a string SHARE]\elwtjnbj.exe	65,024 bytes	MD5: 0x073671E083E742FBD5A6EFC1FCD3D622 SHA-1: 0x527A76332693618314F27F3720AC8F2AE85F6F3B	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
9	[pathname with a string SHARE]\njbsvtll.exe	65,024 bytes	MD5: 0xDECB6372FF426D3B15640EA213164A64 SHA-1: 0x006682F02B63EA84F3A0588164F7B1603F6559CC	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
10	[pathname with a string SHARE]\nsqjttkv.exe	65,024 bytes	MD5: 0xAFE56D7A1F5FD9002BFCD9FCD3CECC1D SHA-1: 0x1ECE6DF734B95923300CCCC0DFC4493622F4E5B8	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
11	[pathname with a string SHARE]\qjllsjhl.exe	65,024 bytes	MD5: 0x75804C68CDF14A586F53A7E3E63A2B72 SHA-1: 0x20FA4BA07A45E20BB3E1F06374221E9FD31F5BE8	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
12	[pathname with a string SHARE]\tlcwjrwt.exe	65,024 bytes	MD5: 0x895581C303C8B9E4264D06FB8A55FA2A SHA-1: 0x6F3186AE36E57DE98A420E55FFF500863A759C34	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
13	[pathname with a string SHARE]\vkjljzrn.exe	65,024 bytes	MD5: 0x0F0490AC375F30E932689B2839FC23E5 SHA-1: 0xA429902DCD6728AAE29481C87A5F5ED14BCEF942	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
14	[pathname with a string SHARE]\xrljqjzn.exe	65,024 bytes	MD5: 0xEB1A4FC15B891FB8B622E91A2E2D2BFB SHA-1: 0x34DE7CB489DC895F7E1ECD8FCC1C0005C19A647C	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
15	%ProgramFiles%\Common Files\System\ado\tsektjkj.exe	65,024 bytes	MD5: 0x130F5AD811292718E592F57FFA5020B4 SHA-1: 0x0F8A8A588F5F633F8360CC5182F3627F85213584	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
16	%ProgramFiles%\NetMeeting\rsewzjqn.exe	65,024 bytes	MD5: 0xD4B9C87AD1EB3940AF7E3D531CC6DB9C SHA-1: 0x0C5395BEA16E9A87DEA87901C21F4D0E2EBD2B82	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
17	c:\tvsknrse.exe	65,024 bytes	MD5: 0x8E8503777F632A6358356135DDF3A9A7 SHA-1: 0xB8F899AE60FB4C809DE64EB30309FC2B395FDA4C	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
18	%Windir%\pchealth\helpctr\System\CompatCtr\hrtbebze.exe	65,024 bytes	MD5: 0xF3302A107D89B05B9E3A1418C7E826DB SHA-1: 0x7D354196485E2E779AC744DEE6ADB54B0967CA69	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
19	%Windir%\pchealth\helpctr\System\CompatCtr\jbnxjtkn.exe	65,024 bytes	MD5: 0x1672A6720436B125725255F1C40C85E8 SHA-1: 0xAD35D61B980A297D674DE66F5A77C5A02B5D8606	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
20	%Windir%\pchealth\helpctr\System\CompatCtr\tnslrrhk.exe	65,024 bytes	MD5: 0xA9CFC2D57DF978436C0AFA0E9750AC2F SHA-1: 0x973F20986F2E0E25EDFC4FBBB661AB33C59316D4	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
21	%Windir%\pchealth\helpctr\System\CompatCtr\zlhqrlbx.exe	65,024 bytes	MD5: 0x24F0936E7CA5D67472AB5348B8692B25 SHA-1: 0x00800A8B442274D1E8CB33A0B278B558862DD57D	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
22	%Windir%\pchealth\helpctr\System\DVDUpgrd\shrrtjet.exe	65,024 bytes	MD5: 0x6A39F4F5A7B4751ED698D7B2E4216827 SHA-1: 0xC14DC0F255282ED65F938C9E5DC72DE5EDE39AFE	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
23	%Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe	65,024 bytes	MD5: 0xA3E0F1244784A62172A2DFF9FE6532AD SHA-1: 0xEB5C9810AD5552E378C176089EDBE08135403F3E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
24	%Windir%\pchealth\helpctr\System\errors\jcjjlqnq.exe	65,024 bytes	MD5: 0x8E3A26BC168F3E2B498C151864D5C0AB SHA-1: 0xDE90C7FA1D4B139B39798273D27D94329FC051D6	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
25	%Windir%\pchealth\helpctr\System\NetDiag\hsjqschn.exe	65,024 bytes	MD5: 0x2AF51DD893712A8A1400948DBC13D778 SHA-1: 0x7A2ECD9F820CDE3DE6DCD65F14D5D3209F12E355	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
26	%Windir%\pchealth\helpctr\System\NetDiag\xrvxszvs.exe	65,024 bytes	MD5: 0x574B2C154BB2C385EBC11A8DDF42554F SHA-1: 0xFBA56425540D56EF44E251DFDEC7C763496DC5B5	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
27	%Windir%\pchealth\helpctr\System\panels\nntlskwn.exe	65,024 bytes	MD5: 0x7B6EABF58678E100F836A82C845F11D0 SHA-1: 0x41699FCD742E6010FAC4A3C61949EAE06D528453	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
28	%Windir%\pchealth\helpctr\System\panels\sncncweb.exe	65,024 bytes	MD5: 0xE5532F43B2D8964EECDFE12FF859561C SHA-1: 0xF5DFFD1ECF9DC8D75A94F4260C227FF5DDA05E5E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
29	%Windir%\pchealth\helpctr\System\rc\qbrblthb.exe	65,024 bytes	MD5: 0x7547DA53D3F6DD95FD3B1C60C01F159A SHA-1: 0xFFB8878D8E69927BD3BFAC8817CEC83EC9A67E69	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
30	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\hxrshqsj.exe	65,024 bytes	MD5: 0x39D11F11C05B1704D283DF09F7AF678D SHA-1: 0x338C15C0260181BAE192304FEF8FE53CC65B24F6	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
31	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\rwcjrqhw.exe	65,024 bytes	MD5: 0x31A3AC1353B002A5A2FBCB12C732369C SHA-1: 0x12266C9B247DFB42E385B2AACAF4FBE8DF562973	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
32	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\seshhtth.exe	65,024 bytes	MD5: 0x59BEABDF82224B86DC421CC6E29B8ED9 SHA-1: 0x05A4BBD637E7A990BCCF67C2B293B6EEEB286773	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
33	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ekjvhbcn.exe	65,024 bytes	MD5: 0xCF657821EC8D420633BD1240879AE746 SHA-1: 0x11B3CA6740093ABCE28DA8FA36493E16B1899773	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
34	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\jjennetl.exe	65,024 bytes	MD5: 0x8676F2F1CD65DC598542FE87C478A8F9 SHA-1: 0xDE7B9CAF8CAEED9B9F524E81CC465BB56B82B490	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
35	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\knenvxlj.exe	65,024 bytes	MD5: 0x68BE2947838065DBAA2B0908BDECCF0A SHA-1: 0x2F622F66B42030DA6F9CFB2456FD9D8D4D72ACAA	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
36	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ttzvrbzr.exe	65,024 bytes	MD5: 0x84640C64FC8461114259DB9C662DF949 SHA-1: 0x8782DA9D8F8C1944DA0094C98D3603D72271BB52	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
37	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\wbjbjelb.exe	65,024 bytes	MD5: 0x2C3D8A6E14F982F883E4835A0EBA592D SHA-1: 0x6F01F6F792349E500592617F6AAE42B6045FF028	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
38	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\zqwkjbbt.exe	65,024 bytes	MD5: 0x54D9FA062880F81D1CEBBD8837A10EA5 SHA-1: 0x4C460DBB4F3EE6FD955BCB294C461A213BA63230	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
39	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\bbsbrlee.exe	65,024 bytes	MD5: 0x5A729FFCC5F361CE64F7EDC34A74F668 SHA-1: 0x0C7FC9143F6E40280F3B1CC93027FE23D1DC5088	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
40	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\kbzzlwlr.exe	65,024 bytes	MD5: 0x6E85BA6054CCFF09EE2E6A7776E679D6 SHA-1: 0x11B084D72DBFA1757C1E7039A375797C533A2CEA	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
41	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\rbntkevt.exe	65,024 bytes	MD5: 0x759513B1E3639CEFA965942EEF8D9337 SHA-1: 0x9C26EA4AEC74DAE1EC54F20287BBEB7E610C5566	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
42	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\shnkjjbh.exe	65,024 bytes	MD5: 0xB9D850B753FE3384DFFB63568192E3AD SHA-1: 0x1FC927466EB6CF9E55AA4F80E1C74449DA913F1A	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
43	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ccthwjlr.exe	65,024 bytes	MD5: 0xAE321141B16EA3528F2C030F209326CF SHA-1: 0xADDA6FF86470B8D6C8ABFC551A1956B7E0BFBC55	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
44	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ctjxljxh.exe	65,024 bytes	MD5: 0xE49E65397A816E5DF28861D1ACDC7A32 SHA-1: 0xF420392DAD7C0C45BCB3330AB60B17A0B7E31296	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
45	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ezslqrbz.exe	65,024 bytes	MD5: 0x1B2D73ED1A67D5CD6EB43B7E0B4E177A SHA-1: 0x053EBE45C3B41F29EA4019E8D0F9254EEC73FF9C	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
46	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\neqvzkeh.exe	65,024 bytes	MD5: 0x58E3FBE041B91755B6BFEDBCFEB245F8 SHA-1: 0x7B828FF17822AE34AEDCB1B96B43D101A87B381E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
47	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\shrnxshq.exe	65,024 bytes	MD5: 0x6D9989D5769D4F46C904ED58CC98698D SHA-1: 0xAD8F2E143C115E6820A8016496295C6FF2B341E2	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
48	%Windir%\pchealth\helpctr\System\Remote Assistance\rqxjhbsl.exe	65,024 bytes	MD5: 0x421C123505AD2F2786FEDD82311F2721 SHA-1: 0x28FC1AEB8407F2638C3E21E828423B13C6B9A24E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
49	%Windir%\pchealth\helpctr\System\Remote Assistance\rzqstbqq.exe	65,024 bytes	MD5: 0xC0C1FD915CF68653136C10672A983B02 SHA-1: 0xF20FD55AECB98F63F6FA23D340D8ED9229AB393C	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
50	%Windir%\pchealth\helpctr\System\Remote Assistance\wesnhzec.exe	65,024 bytes	MD5: 0x8A2792EDB7FB42D6B7A74913334EC552 SHA-1: 0xC517B29D069A20726064B1EABD482F5E61FF00A0	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
51	%Windir%\pchealth\helpctr\System\sysinfo\bjlkjrls.exe	65,024 bytes	MD5: 0xFCD2388E6276B0850F1E3BB1334867F7 SHA-1: 0x8F353F798A05CAE495FAE69D1DB0CA0A56AFDB77	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
52	%Windir%\pchealth\helpctr\System\sysinfo\cntbrbzr.exe	65,024 bytes	MD5: 0xB21578268478176DC39ED32C3DC3F490 SHA-1: 0xDBA28F5EBFEA77F970C98D4459C57FBEECDFCD0B	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
53	%Windir%\pchealth\helpctr\System\sysinfo\jbrhbztz.exe	65,024 bytes	MD5: 0xB1A4766E0E9E60BBCD00E9AB367837BA SHA-1: 0x5B253AA64319E6C8C41DA9279329093CCEE7AA45	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
54	%Windir%\pchealth\helpctr\System\sysinfo\jrtqcssx.exe	65,024 bytes	MD5: 0xC5983943795A10CC464BE62A4C3B7370 SHA-1: 0x458A42B977F51772D3F9DB326B30F558E20206A3	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
55	%Windir%\pchealth\helpctr\System\sysinfo\rbcjjwqr.exe	65,024 bytes	MD5: 0x57694DD908AA270E49C0D17E65B2E293 SHA-1: 0x63B6A8B79DA485BB892A09B157A05B89A9E7FAAE	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
56	%Windir%\pchealth\helpctr\System\sysinfo\rercrnhh.exe	65,024 bytes	MD5: 0xFA0DD3AE9AF3A3C27C015D3EF2E0A3F1 SHA-1: 0x02347E248A92312D47C3819530FFA37C69F8100A	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.b [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
57	%Windir%\pchealth\helpctr\System\sysinfo\rnbrkrlv.exe	65,024 bytes	MD5: 0x8BFCBF650B497F397F871D8BB07742B5 SHA-1: 0x2C7F2A3A18036AAB2A7A80E555C726C36A2323EF	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
58	%Windir%\pchealth\helpctr\System\sysinfo\vkchbbxh.exe	65,024 bytes	MD5: 0xA1426AABEE52E2DAA9E9B64293E8BFE4 SHA-1: 0x08BEAF33547666DEA19B9D6FCD0716497662D5AB	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
59	%Windir%\pchealth\helpctr\System\UpdateCtr\lwklbvze.exe	65,024 bytes	MD5: 0xE30A0054DF2F8E2BCE8156F1E27B87EE SHA-1: 0x3078CEC4E3E790D0D0173774B9856868140EE78E	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
60	%Windir%\pchealth\helpctr\System\UpdateCtr\qxshkkqn.exe	65,024 bytes	MD5: 0x581F6C9C3DD1BA4FD5152E707B0E3942 SHA-1: 0x74935140CE73AE5A895FE0587B4691DCA2E4F061	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
61	%Windir%\pchealth\helpctr\System\UpdateCtr\rrbvcsbb.exe	65,024 bytes	MD5: 0xC97BAC2E85B4E5E540589DB3C1A5C4D8 SHA-1: 0xA1697D59A1370A59EFD2B9C6A75F8F897971D2E8	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
62	%Windir%\pchealth\helpctr\System\UpdateCtr\snqesjrk.exe	65,024 bytes	MD5: 0x743117E8F9DB07CF7BC3D37B725AFE47 SHA-1: 0xE3A17248707AEDD3F0C892657EC8D91F4C541C38	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
63	%Windir%\pchealth\helpctr\System\UpdateCtr\trkhkjxz.exe	65,024 bytes	MD5: 0x38291F2464EA7D1328B32EC06778ED97 SHA-1: 0x573713E95E60E9B04CD120397F231EC7A85321AA	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
64	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\erwskeqr.exe	65,024 bytes	MD5: 0x48AFAA5CA80C7EDC97DB76734D2AAFBC SHA-1: 0xF8A69459FDE30137667B53417BB5343593B7544E	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
65	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\kkrtrbns.exe	65,024 bytes	MD5: 0x0F1B1981E5B290EE6EE6DE006826DBC2 SHA-1: 0xED85466FCF4C5D0A0927E1D72CA43DA2084E963A	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
66	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\vxwqhwzs.exe	65,024 bytes	MD5: 0xE2936C73B3D93260CEC6470EE1EA45E5 SHA-1: 0x5F9D6BD78AE2FA5E2E219BEF0B830DBEEF92F8F9	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
67	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\vxwqhwzs.exe	65,024 bytes	MD5: 0xCB12D3EC798F2BF8BDF5AEBA7A697350 SHA-1: 0xDDE27C574A9AE7EFD8F546B1620BB9AFD6CC23DE	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
68	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\vxwqhwzs.exe	65,024 bytes	MD5: 0x5425CDEBFA03993489DA754B6480262E SHA-1: 0x02FE4023A5B86B3C80B766DFEC79FB0C9B58056C	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
69	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\vxwqhwzs.exe	65,024 bytes	MD5: 0x669C0F236063C83E1FF876F476C7C126 SHA-1: 0xDF9C1116D766085C0C58BE54F583676E86C06560	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
70	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\vsekkehe.exe	65,024 bytes	MD5: 0x814146698162F10764BBC7A466289701 SHA-1: 0x2F11D19455D07C15E4D582B40F158A2F01CD6D61	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
71	[file and pathname of the sample #1]	65,024 bytes	MD5: 0x5EB0A7211AF0D0B76500F18B73417123 SHA-1: 0x72BAD472CBF5680106F82C12C5291B59273C8E52	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
72	%System%\urdvxc.exe	65,024 bytes	MD5: 0xA7FBA1217B4A442DD0948C84639EC379 SHA-1: 0xA68384EC2F433A32436737014D41C2DA8E9D75A3	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following files were modified:

c:\contacts.html
c:\Inetpub\wwwroot\index.html
[pathname with a string SHARE]\Blank.htm
[pathname with a string SHARE]\Citrus Punch.htm
[pathname with a string SHARE]\Clear Day.htm
[pathname with a string SHARE]\Fiesta.htm
[pathname with a string SHARE]\Glacier.htm
[pathname with a string SHARE]\Ivy.htm
[pathname with a string SHARE]\Leaves.htm
[pathname with a string SHARE]\Maize.htm
[pathname with a string SHARE]\Nature.htm
[pathname with a string SHARE]\Network Blitz.htm
[pathname with a string SHARE]\Pie Charts.htm
[pathname with a string SHARE]\Sunflower.htm
[pathname with a string SHARE]\Sweets.htm
[pathname with a string SHARE]\Technical.htm
%ProgramFiles%\Common Files\System\ado\MDACReadme.htm
%ProgramFiles%\NetMeeting\netmeet.htm
%Windir%\pchealth\helpctr\System\CompatCtr\AboutCompat.htm
%Windir%\pchealth\helpctr\System\CompatCtr\CompatMode.htm
%Windir%\pchealth\helpctr\System\CompatCtr\CompatOffline.htm
%Windir%\pchealth\helpctr\System\CompatCtr\LearnCompat.htm
%Windir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.htm
%Windir%\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm
%Windir%\pchealth\helpctr\System\errors\connection.htm
%Windir%\pchealth\helpctr\System\NetDiag\dglogs.htm
%Windir%\pchealth\helpctr\System\NetDiag\dglogshelp.htm
%Windir%\pchealth\helpctr\System\panels\blank.htm
%Windir%\pchealth\helpctr\System\panels\NavBar.htm
%Windir%\pchealth\helpctr\System\rc\rcRequest.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\ConnIssue.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\LearnInternet.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\RCMoreInfo.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAChatClient.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\setting.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar1.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar2.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAChatServer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\SettingServer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\RAStartPage.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\rcBuddy.htm
%Windir%\pchealth\helpctr\System\sysinfo\msinfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysinfosum.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\AboutWU.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\Learn.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\learnWU.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\updatecenter.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	159,744 bytes

There was a new service created in the system:

Service Name	Display Name	Status	Service Filename
MSWindows	Network Windows Service	"Stopped"	"%System%\urdvxc.exe" /service

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}\LocalServer32

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32]

(Default) = "%Windir%\Web\wcxnjhhj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}]

(Default) = "shccrrvjlqkljvck"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\qkezbwtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}]

(Default) = "shkzkcbwrlnrblbn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\rvwwbqje.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}]

(Default) = "whvkjejbrtlhkrtw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\jrtqcssx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}]

(Default) = "ztzeczjzlhhebnke"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\jbnxjtkn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}]

(Default) = "httnzkjrevzcsjle"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\kkrtrbns.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}]

(Default) = "vtbwsnwtnjbcsejv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\howto\enu\cwelqkks.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}]

(Default) = "rrhnhrwljnetlhjw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}\LocalServer32]

(Default) = [pathname with a string SHARE]\czjevcet.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}]

(Default) = "lwjhntelskbqjenb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\xjshnvvh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}]

(Default) = "cwtqjhtcjhhxsqsk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\bjlkjrls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}]

(Default) = "rjnkkkbhjrrbxnsn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\cntbrbzr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}]

(Default) = "qnblxsnvhrrrhbjr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\rrbvcsbb.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}]

(Default) = "jhtejtrlneljnsek"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jhtkcrqk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}]

(Default) = "rshschlclrecjkhr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}\LocalServer32]

(Default) = "%ProgramFiles%\NetMeeting\rsewzjqn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}]

(Default) = "nxjtnqsnknsjkerr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\zxtlktls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}]

(Default) = "svwjlhlwheenrlbs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\jehkxqtn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}]

(Default) = "lvtvxzxxxjkwthhl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}\LocalServer32]

(Default) = "C:\Inetpub\wwwroot\kkvwbsrw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}]

(Default) = "lwvzjnbjlherlktn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\rbcjjwqr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}]

(Default) = "ssjjkbwnzbtjlnxb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32]

(Default) = "[file and pathname of the sample #1]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}]

(Default) = "sbbtrsjweeqvtrke"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}\LocalServer32]

(Default) = "%System%\urdvxc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}]

(Default) = "rlcjsqnjvkstcvhs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\vxwqhwzs.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}]

(Default) = "stesjzkzheknwvcr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jcjcvqtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}]

(Default) = "cthevlhnkjwnszkj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\wbjbjelb.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}]

(Default) = "tjczqjereqjeejlz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ccthwjlr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}]

(Default) = "ebreskkrqhkbqjts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\tnslrrhk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}]

(Default) = "blzqztkslsnzlset"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ttzvrbzr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}]

(Default) = "rnellstltjswhxew"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}\LocalServer32]

(Default) = [pathname with a string SHARE]\qjllsjhl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}]

(Default) = "ejczjtxhswtbblvt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\tjqlrkhx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}]

(Default) = "bvqzxxecjvznnjkt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\ehlbrqvs.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}]

(Default) = "kjjltrzjxecqkzwz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\hrtbebze.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}]

(Default) = "jtwrhhqkzbhnbbhc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\plug_ins\PictureTasks\Howto\tbzrsrxv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}]

(Default) = "hntlslksttnhwvlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}\LocalServer32]

(Default) = "%ProgramFiles%\Common Files\System\ado\tsektjkj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}]

(Default) = "jjwlkhhrwqjhebnr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\nxhtnbrt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}]

(Default) = "lqceblrserkrzsjh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\trkhkjxz.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}]

(Default) = "svjjjrlbbqzektje"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}\LocalServer32]

(Default) = "C:\tvsknrse.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}]

(Default) = "rqrnvnttssktqkee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\srzectxw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}]

(Default) = "neetehjezsbhtlbr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}\LocalServer32]

(Default) = [pathname with a string SHARE]\bhrhnkht.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}]

(Default) = "vsqkvhlklbelxscj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}]

(Default) = "lectrnnhjhhhqxtn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\lwklbvze.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}]

(Default) = "thnjcqhekwsxshss"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\wesnhzec.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}]

(Default) = "qxjlcrehkshqvecb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\ktensxxh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}]

(Default) = "znetztkkjljrbrcc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\nxxhexkh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}]

(Default) = "tnrkqljcselnjszk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}\LocalServer32]

(Default) = [pathname with a string SHARE]\bcwvzwbh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}]

(Default) = "hsbxbejqvqhwrbhs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\snrlrkcn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}]

(Default) = "slrcnckknbzbhthx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\panels\nntlskwn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}]

(Default) = "tkrnqeqbjtsvrbwz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\howto\enu\elrkexns.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}]

(Default) = "khzlxhbjtnzcqlrs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jclbnjhk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}]

(Default) = "qtjjhvjtnlrstbtv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}\LocalServer32]

(Default) = [pathname with a string SHARE]\bnbtzwxt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}]

(Default) = "esvrerberwqnnblx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\elbkcznj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}]

(Default) = "keklrerbjcrwsxhn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Common\seshhtth.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}]

(Default) = "zbrlelhhnnnhcswk"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

Other details

To mark the presence in the system, the following Mutex object was created:

jhdheddfffffhjk5trh

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.