ThreatExpert Report: Keylog-WinDetective

Submission Summary:

Submission details:

Submission received: 19 August 2012, 06:57:25
Processing time: 8 min 57 sec
Submitted sample:

File MD5: 0x7ABEB1825D56C532E42D0B1E7BBA46A8
File SHA-1: 0x838444B4BE3950795E966E0D473AD8D3B2791793
Filesize: 4,193,357 bytes
Alias: Keylog-WinDetective [McAfee]

Summary of the findings:

What's been found	Severity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\699c4b9cdebca7aaea5193cae8a50098_a7bcc1a4-f7a4-4502-8650-8579e607f7f7	50 bytes	MD5: 0x5B63D4DD8C04C88C0E30E494EC6A609A SHA-1: 0x884D5A8BDC25FE794DC22EF9518009DCF0069D09	(not available)
2	%System%\9838476563\bootstr.tlb	26,484 bytes	MD5: 0x9D724043756DBB4338EDF14A38DFF78A SHA-1: 0x4EC9B527C8A75CF4603F6750A6222D6D4C33D4BE	(not available)
3	%System%\9838476563\OutlookAddin.dll	536,645 bytes	MD5: 0xF40123483DEAB12A899D0F6E6EB4235B SHA-1: 0x40E62D230B1A969BFFD1B4714E9DAD1F98329FC4	(not available)
4	%System%\9838476563\OutlookMail.exe	540,761 bytes	MD5: 0x11787EE36A619B2EE8EB9C222DB8AA13 SHA-1: 0xCF26194E25FFF2767919C872A08B3477FAFBC3D8	(not available)
5	%System%\9838476563\WDBack.exe	978,944 bytes	MD5: 0x114A1DFF822454207B833C7A57A504ED SHA-1: 0x49556D98567B3B2C20599E2D3786385C140EF573	Keylog-WinDetective [McAfee]
6	%System%\9838476563\WDViewer.exe	1,982,464 bytes	MD5: 0xF97B0C17E6D5AA55A38FEE3B0DE9FDE3 SHA-1: 0x77C7B1EF7C3C1BDE53766C7B390A41E2E2FF8235	Keylog-WinDetective [McAfee]
7	%System%\9838476563\WinDetactiveOverlay.dll	36,864 bytes	MD5: 0xBE4B4B822F19B72FFB54FDA06490E598 SHA-1: 0x4222B97522433F00B0F32F66F1D94C5060FCA5DB	Keylog-WinDetective [McAfee]
8	%System%\DEELX.dll	81,920 bytes	MD5: 0xEDA029DB396F175AE1B0FA4105B14EB7 SHA-1: 0xD49DB0CB32BDE1E01CED767AD83D8EB77C49BBF6	(not available)
9	%System%\NtLaunch.exe	655,360 bytes	MD5: 0x7F1A78BF35E0A346629B328B2EFD3667 SHA-1: 0x33768910D39006991ED6A1DF1EA8BB6AC66D12F7	(not available)
10	[file and pathname of the sample #1]	4,193,357 bytes	MD5: 0x7ABEB1825D56C532E42D0B1E7BBA46A8 SHA-1: 0x838444B4BE3950795E966E0D473AD8D3B2791793	Keylog-WinDetective [McAfee]

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following file was deleted:

%System%\TABCTL32.OCX

The following files were modified:

%System%\MSCOMCT2.OCX
%System%\MSCOMCTL.OCX

The following directories were created:

%Windir%\5AH66H35H3DHD7H
%Windir%\5AH66H35H3DHD7H\5DH66H22H34H
%System%\9838476563

Notes:

%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
WDViewer.exe	%System%\9838476563\WDViewer.exe	6,569,984 bytes
_RegDLL.tmp	%Temp%\is-0VA92.tmp\_isetup\_RegDLL.tmp	16,384 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	77,824 bytes
is-HSKQF.tmp	%Temp%\is-MNPMF.tmp\is-HSKQF.tmp	733,184 bytes
wdback.exe	%System%\9838476563\wdback.exe	2,019,328 bytes
ntlaunch.exe	%System%\ntlaunch.exe	835,584 bytes

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E622645-1F2D-1519-83AF-ED988D5521A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E622645-1F2D-1519-83AF-ED988D5521A2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegExLab.RegExp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegExLab.RegExp\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegExLab.RegExp\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegExLab.RegExp.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegExLab.RegExp.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E622645-1F2D-1519-83AF-ED988D5521A2}\InprocServer32]

(Default) = "%System%\wbem\wbemcore.dll"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E622645-1F2D-1519-83AF-ED988D5521A2}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\VersionIndependentProgID]

(Default) = "OutlookAddin.Addin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\TypeLib]

(Default) = "{231DD519-32E5-4442-87B3-C8B7B3B0E545}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\ProgID]

(Default) = "OutlookAddin.Addin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}\InprocServer32]

(Default) = "%System%\9838476563\OutlookAddin.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}]

(Default) = "Addin Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\VersionIndependentProgID]

(Default) = "RegExLab.RegExp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\TypeLib]

(Default) = "{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\ProgID]

(Default) = "RegExLab.RegExp.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}\InprocServer32]

(Default) = "%System%\DEELX.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE44D89D-EEBE-40C0-8920-D336457B1C10}]

(Default) = "DEELX RegExp Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01FE33C6-8FE4-4361-B32F-1F31AEA790E5}]

(Default) = "IMSNMessenger3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03DFA498-BD30-467B-9E41-B69F8DD252AF}]

(Default) = "IMSNMessengerContacts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\TypeLib]

(Default) = "{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}"
Version = "1.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14BC99FD-878D-4978-980B-AC0BBE463AA1}]

(Default) = "IDeelx2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{249E2D41-44DD-4D64-9B6B-D5FD76BD85B1}]

(Default) = "IMSNMessenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\ProxyStubClsid32]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}\ProxyStubClsid]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3824755B-F0AB-409A-A30D-14B8107DE0EA}]

(Default) = "DMSNMessengerEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74FE476D-BFE8-45C2-9035-D15E330A246D}]

(Default) = "IMSNMessengerWindow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9EE13F-A982-4FEB-B166-AE510E30F501}]

(Default) = "IMSNMessenger2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E2C9115-7BCE-4D46-8CCE-654907BF190D}]

(Default) = "IMSNMessengerGroup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7B6E54-9417-4CF1-9B6A-A469EFC20A56}]

(Default) = "IMSNMessengerContact"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\TypeLib]

(Default) = "{231DD519-32E5-4442-87B3-C8B7B3B0E545}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BB5A1B9-65C9-4C43-961B-1F95F1CE64F5}]

(Default) = "IAddin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC07C00E-E228-4453-A89C-D95FAB2DB780}]

(Default) = "IMSNMessengerServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE8354E5-C007-48E3-96ED-BDC1FDC72456}]

(Default) = "IMSNMessengerConversationWnd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF95979-1A97-4CEE-92B1-93040E8E08C0}]

(Default) = "IMSNMessengerGroups"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\TypeLib]

(Default) = "{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67C6BC4-FEA9-480D-85FA-173F1A18D399}]

(Default) = "IMSNMessengerService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\0\win32]

(Default) = "%System%\9838476563\OutlookAddin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\HELPDIR]

(Default) = "%System%\9838476563\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231DD519-32E5-4442-87B3-C8B7B3B0E545}\1.0]

(Default) = "OutlookAddin 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\0\win32]

(Default) = "%System%\9838476563\bootstr.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\HELPDIR]

(Default) = "%System%\9838476563"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5BE198F8-B4AC-4A87-9AB9-A7C83D9283A0}\1.0]

(Default) = "MSN Messenger API Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\0\win32]

(Default) = "%System%\DEELX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\HELPDIR]

(Default) = "%System%\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D40CEFCF-C62F-4E03-B0EA-017377BEE5C3}\1.2]

(Default) = "RegExLab DEELX 1.2 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin\CurVer]

(Default) = "OutlookAddin.Addin.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin\CLSID]

(Default) = "{B1657EA4-A4DE-4D36-9B0B-FBF3A0F5458D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OutlookAddin.Addin]

(Default) = "Addin Class"

The following Registry Value was deleted:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

InprocServer32 = "IW[F9`$@Q?NcrI3z%N[,>`NTP6lYuf(laaqF-Q9q."

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\InProcServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\InProcServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\InProcServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) =
Version =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) =
Version =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Slider]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TabDlg.SSTab]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TabDlg.SSTab.1]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}\1.1]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}\1.1\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}\1.1\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

C:\WINDOWS\system32\comcat.dll =
C:\WINDOWS\system32\olepro32.dll =
C:\WINDOWS\system32\stdole2.tlb =
C:\WINDOWS\system32\oleaut32.dll =
C:\WINDOWS\system32\asycfilt.dll =
C:\WINDOWS\system32\MSCOMCT2.OCX =
C:\WINDOWS\system32\TABCTL32.OCX =
C:\WINDOWS\system32\MSWINSCK.OCX =
C:\WINDOWS\system32\MSCOMCTL.OCX =
C:\WINDOWS\system32\msvbvm60.dll =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Userinit =

Other details

Analysis of the file resources indicate the following possible countries of origin:

	China
	Netherlands

To mark the presence in the system, the following Mutex objects were created:

RALC8908395
C8908395::WK
COverlayIconHandlerCComModule
WinDetective_989B9D23-4E38-4734-B772-801E93BCF5DF

There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:

%System%\MSVBVM60.DLL

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.