ThreatExpert Report: Spyware.PCSpy!sd5, Spyware.PowerSpy, not-a-virus:Monitor.Win32.KeyLogger.w..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 24 May 2009, 05:28:24
Processing time: 6 min 49 sec
Submitted sample:

File MD5: 0xAE9ED04D1DE4B24020AAAFFA6D435DEC
File SHA-1: 0xAD725A99CD6B8F2F3591076EB2C6BB642D4AB020
Filesize: 2,123,121 bytes
Alias:

Spyware.PCSpy!sd5 [PCTools]
Spyware.PowerSpy [Symantec]
not-a-virus:Monitor.Win32.KeyLogger.w [Kaspersky Lab]
not-a-virus:Monitor.Win32.PCSpy.c [Ikarus]

Summary of the findings:

What's been found	Severity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Registers a 32-bit in-process server DLL.
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! Characteristics of the following security risks were identified in the system:

Security Risk	Description
Application.Power_Spy	Power Spy is a monitoring software from eMatrixSoft, Inc. It can run in stealth mode and capture all keystrokes, emails sent and received, applications used, instant messages, websites visited etc. It also has the ability to take snapshots of the system at regular intervals. All the information captured is stored by this software in log files and it has the ability to send these log files to a specified email address. Removal of this software is advisable if it is not installed for a purpose.
Spyware.PCSpy!sd5	Spyware.PCSpy!sd5 is a spyware program that monitors internet activity and users browsing habits.

Attention! The following threat category was identified:

Threat Category	Description
	A spyware program that represents security risk for a local system

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%ProgramFiles%\PSCS\data\emxfile.emx	270,336 bytes	MD5: 0x84A22243A2402E6EAC18708B3D3DB424 SHA-1: 0x9EBCD1A0F3DF08939339A549143D7684AAFD7DF9	(not available)
2	%ProgramFiles%\PSCS\data\eventwin.exe	131,072 bytes	MD5: 0x4473A6DCFB87DED5897B41B1BC9521EE SHA-1: 0x7705BC68E525F3E0A9D925A37737BFDC41CA7A94	Spyware.PowerSpy [Symantec] not-a-virus:Monitor.Win32.PCSpy.ad [Kaspersky Lab] Generic PWS.y [McAfee] Mal/VB-G [Sophos] not-a-virus:Monitor.Win32.PowerSpy [Ikarus]
3	%ProgramFiles%\PSCS\data\psini.ini	1,035 bytes	MD5: 0xEA3299F46B01D6DD149AE13DAD15E83B SHA-1: 0x12DC531169B69A6173A5A3557A7FB244422973C5	(not available)
4	%ProgramFiles%\PSCS\data\symserv.exe	102,912 bytes	MD5: 0x307BDABD4D316921C156A2AE7B5274FE SHA-1: 0xBF2741B6047F87CA7BB33AE10C71E85E011199C0	Spyware.PowerSpy [Symantec]
5	%ProgramFiles%\PSCS\data\testftpok.html	37 bytes	MD5: 0x93FC071070D7D4E293C0DC90CE187B00 SHA-1: 0x0D4621A35D676F7DFA284A09D6D2DF1CE69BBB5D	(not available)
6	%ProgramFiles%\PSCS\help.chm	31,731 bytes	MD5: 0xF3B20CF283B43703B847CCFDFC6A20D0 SHA-1: 0xCB2884802B841D669307F3837D7F6172BF76973A	(not available)
7	%ProgramFiles%\PSCS\License.txt	2,434 bytes	MD5: 0x35BC5AD4E0079732372214A7AB17DF45 SHA-1: 0x1E317CDA7D8F0AFBE1E0972DD7E66300D1617C88	(not available)
8	%ProgramFiles%\PSCS\pssrv.exe	302,592 bytes	MD5: 0x28F48C9645EBCFECBD9D56802AC69B30 SHA-1: 0xE05A5D95BC7F9F4ECA9DB741E6ADFBB82F8C6552	Spyware.PowerSpy [Symantec] Generic.dx [McAfee] Backdoor.Win32.Rbot [Ikarus]
9	%ProgramFiles%\PSCS\readme.txt	1,141 bytes	MD5: 0x26784FFD9661DE62437E061FF39E9BDA SHA-1: 0x152C64B33F8A3152C02C5D1B25A8738E72904B9D	(not available)
10	%ProgramFiles%\PSCS\unins000.dat	1,808 bytes	MD5: 0x72B6592119029F8C9A2320FFB31AA1DC SHA-1: 0x14EB5D5CD000CB6C96DF022F761F9119D22AA4D4	(not available)
11	%ProgramFiles%\PSCS\unins000.exe	682,308 bytes	MD5: 0x4267213C3BABFE7AD749F8FA9BE3174D SHA-1: 0x39017875F7D42A861EE5324E0DD47E7DF4DAD206	(not available)
12	%System%\bdmreg.exe	24,576 bytes	MD5: 0xC65FD2AF43DFD1DA3C6941A4422FAFD7 SHA-1: 0xEED03710B045E400DBBE0CCFF23AF675426FEB14	Spyware.PowerSpy [Symantec] not-a-virus:Monitor.Win32.PowerSpy [Ikarus]
13	%System%\ctfmondll.dll	209,014 bytes	MD5: 0xCC284613AB9E73C9B4236BE4E63A7553 SHA-1: 0xE19E6EC71CC083615B52728454ACE0BE02AD604C	Spyware.PowerSpy [Symantec] not-a-virus:Monitor.Win32.KeyLogger.w [Kaspersky Lab] Generic PWS.y [McAfee] not-a-virus:Monitor.Win32.Keylogger [Ikarus] Win-Trojan/Keylogger.209014 [AhnLab]
14	%System%\p20.dat	308,224 bytes	MD5: 0x49A0F54636D9BB904B1EAACCC2B70CE1 SHA-1: 0xEA656E9E8474C90436DB441CAE4826C0631386FF	Trojan-Downloader.Win32.Delf [Ikarus]
15	%System%\p22.dat	117,507 bytes	MD5: 0xD20AB7124FA2294496857385566C55C1 SHA-1: 0xBFD4C0D56391B0ECDB8BD048D08EFE7372852F45	(not available)
16	%System%\psappini.ini	85 bytes	MD5: 0xECE19D78A81B2AD6DD9CF2CFE36C3EED SHA-1: 0xF100030EA119758D7CBBA2CECA9673E561311C77	(not available)
17	[file and pathname of the sample #1]	2,123,121 bytes	MD5: 0xAE9ED04D1DE4B24020AAAFFA6D435DEC SHA-1: 0xAD725A99CD6B8F2F3591076EB2C6BB642D4AB020	Spyware.PCSpy!sd5 [PCTools] Spyware.PowerSpy [Symantec] not-a-virus:Monitor.Win32.PCSpy.ad, not-a-virus:Monitor.Win32.PCSpy.c, not-a-virus:Monitor.Win32.KeyLogger.w [Kaspersky Lab] not-a-virus:Monitor.Win32.PCSpy.c [Ikarus]
18	%System%\Vic32.dll	151,552 bytes	MD5: 0x52CAD7039513A28DFE9FD3CE5350C11A SHA-1: 0xC31A548AC2EF6FB6683AFC89F2EB21472D057EE0	Spyware.PCSpy!sd5 [PCTools] not-a-virus:Monitor.Win32.PCSpy.c [Kaspersky Lab] not-a-virus:Monitor.Win32.PCSpy.c [Ikarus]

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directories were created:

%ProgramFiles%\PSCS
%ProgramFiles%\PSCS\data
%ProgramFiles%\PSCS\logs
%ProgramFiles%\PSCS\scrshot

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
_RegDLL.tmp	%Temp%\is-NDUMS.tmp\_isetup\_RegDLL.tmp	16,384 bytes
eventwin.exe	%ProgramFiles%\PSCS\data\eventwin.exe	131,072 bytes
bdmreg.exe	%System%\bdmreg.exe	24,576 bytes
is-JBPC0.tmp	%Temp%\is-D6E48.tmp\is-JBPC0.tmp	733,184 bytes
pssrv.exe	%ProgramFiles%\PSCS\pssrv.exe	991,232 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	77,824 bytes
symserv.exe	%ProgramFiles%\pscs\data\symserv.exe	458,752 bytes

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following module was loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
p22.dat	%System%\p22.dat	Process name: eventwin.exe Process filename: %ProgramFiles%\pscs\data\eventwin.exe Address space: 0x234C0000 - 0x234E3000

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65C53BE7-ED21-4C25-B189-DA0E8FAD5231}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65C53BE7-ED21-4C25-B189-DA0E8FAD5231}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65C53BE7-ED21-4C25-B189-DA0E8FAD5231}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65C53BE7-ED21-4C25-B189-DA0E8FAD5231}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{684130B2-2B8A-4E8D-BE71-8F4052882076}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{684130B2-2B8A-4E8D-BE71-8F4052882076}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{684130B2-2B8A-4E8D-BE71-8F4052882076}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{684130B2-2B8A-4E8D-BE71-8F4052882076}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821AAFE5-2F19-47EB-ACA9-3B4C1D64AC27}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821AAFE5-2F19-47EB-ACA9-3B4C1D64AC27}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821AAFE5-2F19-47EB-ACA9-3B4C1D64AC27}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{821AAFE5-2F19-47EB-ACA9-3B4C1D64AC27}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{952F0B99-50B6-44B3-AE0D-700D5B98B416}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{952F0B99-50B6-44B3-AE0D-700D5B98B416}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{952F0B99-50B6-44B3-AE0D-700D5B98B416}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{952F0B99-50B6-44B3-AE0D-700D5B98B416}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AED3A6B1-2171-11D2-B77C-0008C73ACA8F}

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\ProgID]

(Default) = "jmail.MailMerge"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D821067-FCF9-4704-9287-0D8F76FE6513}]

(Default) = "MailMerge Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\ProgID]

(Default) = "jmail.Attachment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53DECA78-C334-4235-9165-1FE7D8912A76}]

(Default) = "Attachment Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\ProgID]

(Default) = "jmail.SpeedMailer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90D0A753-AD45-40FD-8C6E-555600EE5EB4}]

(Default) = "SpeedMailer Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\ProgID]

(Default) = "jmail.Messages"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A62C8BDB-D1FC-4FDD-A2A2-EEFF73262A41}]

(Default) = "Messages Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\ProgID]

(Default) = "jmail.SMTPMail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AED3A6B3-2171-11D2-B77C-0008C73ACA8F}]

(Default) = "SMTPMail Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\ProgID]

(Default) = "jmail.Recipients"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B10BF17C-F7EC-4EE2-AD7A-6F42816AEC0F}]

(Default) = "Recipients Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\ProgID]

(Default) = "jmail.Headers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1CC9084-0177-4136-9B1B-C06C061F1E1D}]

(Default) = "Headers Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\ProgID]

(Default) = "jmail.Attachments"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A0ACB9-3D8C-4999-9E6B-3E44372E11DD}]

(Default) = "Attachments Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\ProgID]

(Default) = "jmail.Recipient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBAAEA4B-AD29-47BD-8776-C787D5BE28AA}]

(Default) = "Recipient Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\ProgID]

(Default) = "jmail.Message"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5FF9F62-0E7C-4372-8AD5-DA7D2418070C}]

(Default) = "Message Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\Version]

(Default) = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\ProgID]

(Default) = "jmail.POP3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}\InprocServer32]

(Default) = "%System%\p20.dat"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F812B147-0E26-4222-8EE4-9F753CD2B39C}]

(Default) = "JMail POP3 Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C21B3B1-2B11-45F2-8A9E-DCC5032DE98A}]

(Default) = "IMailMerge"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14E61A41-8846-11D2-B7E4-0008C73ACA8F}]

(Default) = "IPOP3Mail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E6D8684-755D-4847-BF40-68EC5E4BC1E9}]

(Default) = "IAttachments"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}]

(Default) = "IPGPKeys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A037057-57F0-4904-A1E0-AD0EA2FB564E}]

(Default) = "IMessage"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56930358-AD72-408F-83C4-A2B0DC8037B2}]

(Default) = "IRecipients"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\TypeLib]

(Default) = "{AED3A6B0-2171-11D2-B77C-0008C73ACA8F}"
Version = "4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607A06FE-2FDA-4ADC-854D-D016D98D83DB}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) = "%System%\mscomct2.ocx, 8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) = "%System%\mscomct2.ocx, 5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}]

(Default) = "Microsoft Internet Transfer Control 6.0 (SP4)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) = "%System%\p22.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32]

(Default) = "%System%\p22.dat, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) = "%System%\p22.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32]

(Default) = "%System%\p22.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) = "%System%\mscomct2.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\ToolboxBitmap32]

(Default) = "%System%\mscomct2.ocx, 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\ToolboxBitmap32]

(Default) = "%System%\mscomct2.ocx, 10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet]

(Default) = "Microsoft Internet Transfer Control 6.0 (SP4)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet.1]

(Default) = "Microsoft Internet Transfer Control 6.0 (SP4)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib]

(Default) = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3EE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0]

(Default) = "Microsoft Internet Transfer Control 6.0 (SP4)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32]

(Default) = "%System%\p22.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\0\win32]

(Default) = "%System%\mscomct2.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0\HELPDIR]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

C:\WINDOWS\system32\MSCOMCT2.OCX = 0x00000002
C:\WINDOWS\system32\MSCOMCTL.OCX = 0x00000002
C:\WINDOWS\system32\msvbvm60.dll = 0x00000004

Other details

Analysis of the file resources indicate the following possible countries of origin:

	Sweden
	Netherlands

To mark the presence in the system, the following Mutex objects were created:

SDProtector78662BB7F09A1EDB
SDProtector8008950AB8E813EB

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.