ThreatExpert Report: Possible_Virus, Adware-BDSearch.dldr, Adware-BDSearch.dr, Trojan.Cinmeng..

Submission Summary:

Submission details:

Submission received: 7 June 2008, 02:56:07
Processing time: 4 min 44 sec
Submitted sample:

File MD5: 0xAFBB6057193BAF6640656F97F21FA64E
File SHA-1: 0xEEAC90BEDEF858814A61AC463FBF7830DE2B5473
Filesize: 241,033 bytes
Alias: Possible_Virus [Trend Micro]

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Packed with a packer that is known to be used by malware (e.g. to complicate threat analysis or detection).
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! Characteristics of the following security risk was identified in the system:

Security Risk	Description
Trojan-Downloader.Ejik	Trojan-Downloader.Ejik disguises itself as an intaller for Skype and downloads and installs other malware on the affected system.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	[file and pathname of the sample #1]	241,033 bytes	MD5: 0xAFBB6057193BAF6640656F97F21FA64E SHA-1: 0xEEAC90BEDEF858814A61AC463FBF7830DE2B5473	Possible_Virus [Trend Micro]
2	%System%\SkypeClient.EXE	81,920 bytes	MD5: 0x4F96A943DD01FA3E8D943EDCE9FBBD4E SHA-1: 0x796A69F6471C6E98BA8F3C8A1D76BB9B92FF5258	Adware-BDSearch.dldr [McAfee]

Note:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directory was created:

%ProgramFiles%\Skype

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	806,912 bytes
SkypeClient.EXE	%System%\skypeclient.exe	81,920 bytes

Other details

Analysis of the file resources indicate the following possible country of origin:

China

To mark the presence in the system, the following Mutex objects were created:

SkypeClientMutex
_!SHMSFTHISTORY!_

The following port was open in the system:

Port	Protocol	Process
1038	UDP	[file and pathname of the sample #1]

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
pc112233.cn	80	(null)	(null)

The data identified by the following URLs was then requested from the remote web server:

http://alliance.skype.tom.com/Sk ypeInstallerReport.php?r=WVFkNWNteG9hSFo0K0pSU3hQa yt1a29ldytucCtBTEV6bkRsdmpiVVE4c1ljL0pVbnRjejNEc1p pR1d5S2VGZEJObkRUK2xiNUEvWGMvcjNDSTFkbFE3R29NRnZjK 1JzcGlvSEJNUld5S2VzeVI4aTVwNlh2TjFVc2FyWnpydkdQdml..
http://alliance.skype.tom.com/Sk ypeInstallerReport.php?r=WVFkNWNteG9hSFo0K0pSU3hQa yt1a29ldytucCtBTEV6bkRsdmpiVVE4c1ljL3BVbnRjejNEc1p pR1d5S2VGZEJObkRUK2xiNUEvWGMvcjNDSTFkbFE3R29NRnZjK 1JzcGlvSEJNUld5S2VzeVI4aTVwNlh2TjFVc2FyWnpydkdQdml..
http://alliance.skype.tom.com/Sk ypeInstallerReport.php?r=WVFoNGQzRm9hR2hoYXdCc1NKQ 3ZPSEM1NzRPZ3hhbUIxMEVwYTVzNmJickVhL3k2V0pkV0hXMlF 3cWpCOCtlekYyeEwvZDBKSjZpcWVaNDc0Y3grTVhaSm9TYVIwU G5yQlpkWHRocFpGSG15TTFhMUdteTZLV0VjWjFiaXJFRHVpa3V..
http://alliance.skype.tom.com/Sk ypeInstallerReport.php?r=WVFoNGQzRm9hR2hoYXdCc1NKQ 3ZPSEM1NzRPZ3hhbUIxMEVwYTVzNmJickVhL3l5V0pkV0hXMlF 3cWpCOCtlekYyeEwvZDBKSjZpcWVaNDc0Y3grTVhaSm9TYVIwU G5yQlpkWHRocFpGSG15TTFhMUdteTZLV0VjWjFiaXJFRHVpa3V..

The following Internet downloads were started (the retrieved bits are saved into the local file):

URL to be downloaded	Filename for the downloaded bits
http://download.skype.tom.com/Tom-SkypeSetup.exe	%ProgramFiles%\Skype\~Te3.tmp
http://skype.tom.com/download/install/sobar.exe	%ProgramFiles%\Skype\~Te4.tmp
http://skypetools3.tom.com/download/promote/promote.dll	%System%\promote.dll
http://www.pc112233.cn/soft/my8848.exe	%System%\my8848.exe
http://www.pc112233.cn/soft/yoyo1048.exe	%System%\yoyo1048.exe
http://www.pc112233.cn/soft/e21.exe	%System%\e21.exe
http://www.pc112233.cn/soft/msn.exe	%System%\msn.exe
http://www.pc112233.cn/soft/ggcg.exe	%System%\ggcg.exe
http://www.pc112233.cn/soft/winxp3.exe	%System%\winxp3.exe
http://www.pc112233.cn/soft/winxp4.exe	%System%\winxp4.exe
http://www.PC112233.cn/soft/UUSee_heima_Setup_110253.exe	%System%\UUSee_heima_Setup_110253.exe
http://download.skype.tom.com/Tom-SkypeSetup.exe	%ProgramFiles%\Skype\~Te1.tmp
http://skype.tom.com/download/install/sobar.exe	%ProgramFiles%\Skype\~Te2.tmp

Downloaded File Summary:

Download details:

Download retrieved: 7 June 2008 03:02:49
Processing time: 7 min 39 sec
Downloaded sample #1:

File MD5: 0x76B7E0C0201531BD1739F27EA3720CF0
File SHA-1: 0xEA60EBA6957863ED0C76F764134102D046029E65
Filesize: 22,265,128 bytes

Downloaded sample #2:

File MD5: 0xBCBE13F4AAEDEE54981F7819A465923D
File SHA-1: 0x7ABF4272123928B97E24EE0F25B7CAF84A4FC2B6
Filesize: 514,816 bytes
Alias: Adware-BDSearch.dr [McAfee]

Downloaded sample #3:

File MD5: 0x4171788F6363AE24CCC769CAC8DB0963
File SHA-1: 0x180086562302A9C551E8BAA5C04129493D23D26D
Filesize: 32,768 bytes

Downloaded sample #4:

File MD5: 0x08A58FCA2F6F1227802DA1C93637DE22
File SHA-1: 0x803BEEEE53F42110605EE675FF3376091198F117
Filesize: 24,576 bytes

Downloaded sample #5:

File MD5: 0x09478F5420933B26C4D2CD2B9B94299C
File SHA-1: 0x5A6E88E2CB4E2021C1D0CFBF5820676866FE9BCC
Filesize: 172,711 bytes
Alias: Trojan.Cinmeng [Symantec]

Downloaded sample #6:

File MD5: 0x263169900AC247F1E7B4D531445246AB
File SHA-1: 0x4915CBB5022B86D63067029A1E8245FB94624FB9
Filesize: 215,264 bytes
Alias:

Trojan.Dropper [Symantec]
not-a-virus:AdWare.Win32.BHO.bgf [Kaspersky Lab]
AdClicker-BJ.dr [McAfee]

Downloaded sample #7:

File MD5: 0x77626DF02480F3085F3663CC4A5BDFE5
File SHA-1: 0x9535AF784CB2AC3323B24F5CCB7DAB0DB6E0C39C
Filesize: 275,887 bytes
Alias:

Trojan.Cinmeng [Symantec]
Generic.dx [McAfee]

Downloaded sample #8:

File MD5: 0x1F6C00A0E1EC915CE1F39A0E0A12F17D
File SHA-1: 0xD6B457AE9D79873F7CDE8125DCC903B311E6638E
Filesize: 208,513 bytes
Alias: Trojan.Adclicker [Symantec]

Downloaded sample #9:

File MD5: 0xB6A1D4830B73825B6EFE9CE64D4CA02A
File SHA-1: 0x4AC4BE0396CE87FFB640E75CE13BA667617DACAF
Filesize: 6,141,568 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Packed with a packer that is known to be used by malware (e.g. to complicate threat analysis or detection).
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! Characteristics of the following security risks were identified in the system:

Security Risk	Description
Adware.Agent	Adware.Agent will display advertisements on an infected system.
Adware.Sogou	Adware.Sogou comes bundled with various trojans and is secretly installed onto the unsuspecting users computer. It produces pop-up and pop-under advertisements.
Trojan-Downloader.QQHelper	Trojan.Downloader.QQHelper contacts a remote server in order to download and execute additional malware onto a users computer without their knowledge.

Attention! The following threat categories were identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
	A potentially unwanted adware program designed to deliver various advertisements to the users' systems

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonAppData%\Skype\DefaultFlashs\Skype A_W___1743ZHXJTOSC.pkg	29,724 bytes	MD5: 0x7A8F84E8B1A2883294D8EF7EBEE8BB22 SHA-1: 0xFED152F8ED8F270BBC86AD72A83A28A3D5C383AB
2	%CommonAppData%\Skype\DefaultFlashs\Skype B_W___3379ZHLDTOSC.pkg	39,537 bytes	MD5: 0xF9FF7A87330EB8F36E4D6EA63BC94E3A SHA-1: 0xAA83F3AE32A276DBA5860D25A41B4E4E7B55F8B2
3	%CommonAppData%\Skype\DefaultFlashs\Skype C_W___3515ZHWGTOSC.pkg	66,710 bytes	MD5: 0x3806A74278398CE36EA13DD302225E54 SHA-1: 0xDC23001B31FAFE0B8688D2C3FA8C31A00CC3DA44
4	%CommonAppData%\Skype\DefaultFlashs\Skype D_W___5443ZHMGTOSC.pkg	16,877 bytes	MD5: 0x7ED8E6FD30CDB34311C737FFD02742A6 SHA-1: 0x2A4CD70F8FA34672D23D7E3B7D98E22BE3B1951A
5	%CommonAppData%\Skype\DefaultFlashs\Skype E_W___3331ZHWGTOSC.pkg	99,537 bytes	MD5: 0x760B2F892CCB94F7394F88344745BB27 SHA-1: 0x5AAAD7E793EA1D81E4CB113D526BB03A6E3DF4E5
6	%CommonAppData%\Skype\DefaultFlashs\Skype F_W___3154ZHLDTOSC.pkg	103,812 bytes	MD5: 0x4BC00C69DBF1F0D441A59559B012A002 SHA-1: 0x7E1A3661F7155873CBA7C31749CD030CC1A6DF73
7	%CommonAppData%\Skype\DefaultFlashs\Skype G_W___2304ZHLDTOSC.pkg	73,657 bytes	MD5: 0x5313829D9B82C9A1D1B5C2EB15B6D621 SHA-1: 0x67E5A537AB206EF5C2F7D8AF0D54F28EB3995316
8	%CommonAppData%\Skype\DefaultFlashs\Skype H_W___3115ZHLDTOSC.pkg	41,650 bytes	MD5: 0xD16BB9C45265007444FC158FED209A76 SHA-1: 0x629E334376E26EDC7503FFCE175145346D70BB38
9	%CommonAppData%\Skype\DefaultFlashs\Skype I_W___3544ZHLDTOSC.pkg	39,967 bytes	MD5: 0x273D6145DAD9B47CCD51C65F658FF7E0 SHA-1: 0x93F4F5261BA8944E6FB583A772012ACF7AB87D86
10	%CommonAppData%\Skype\DefaultFlashs\Skype J_W___2404ZHLDTOSC.pkg	95,371 bytes	MD5: 0x6E1C6D135E653D78F46D3459318EEEA5 SHA-1: 0xA9E491070B434217DB5332332A6C9C5016361005
11	%CommonAppData%\Skype\Defaultpics\Skype berry.gif	17,211 bytes	MD5: 0x1237A8DC51A80F74DC5B666C51692530 SHA-1: 0xF1EAB4BCA9DB20A37F453ABF63E42930FC820280
12	%CommonAppData%\Skype\Defaultpics\Skype Byebye.gif	13,128 bytes	MD5: 0x124BAC8DFCA8CF94DA2883671401235E SHA-1: 0xF27A5C93D727537592D01EE017C298E3FDD3A8B8
13	%CommonAppData%\Skype\Defaultpics\Skype Call.gif	17,121 bytes	MD5: 0x6AD4C831FA092B02AD3FBE71D7327F07 SHA-1: 0x4A9BB58A31F87515F327369653C8036319D0E2E8
14	%CommonAppData%\Skype\Defaultpics\Skype clap.gif	16,349 bytes	MD5: 0xF5C3F17C2B0135EE90A713DC6EF009A1 SHA-1: 0x5F6ABFE3CA7CAC05BA04FE231B226E9512BE14C8
15	%CommonAppData%\Skype\Defaultpics\Skype Depressed.gif	26,660 bytes	MD5: 0x5945ABA0C5E0FDDB81E435AA8FD21B79 SHA-1: 0x5E2DBCD2C50EE6E4FADA2F14B5A62059EA2A6CF0
16	%CommonAppData%\Skype\Defaultpics\Skype Faint.gif	25,917 bytes	MD5: 0x5EBAB033D5A5E1B71CD603ED5DF29DCB SHA-1: 0xB3676D9D6CDD3745F489B374E70EDACC39D06E2C
17	%CommonAppData%\Skype\Defaultpics\Skype Hug.gif	7,268 bytes	MD5: 0x4AA25F82351F38662B29874556724F25 SHA-1: 0x28FB5C776F7EEB46FFECB933EAE8F0CE144C0B81
18	%CommonAppData%\Skype\Defaultpics\Skype Icecream.gif	10,569 bytes	MD5: 0x8A970E530B56ACDDE26FE97814D5668B SHA-1: 0x4C58166E484A5213F28BB8E0D717351F0CEB9498
19	%CommonAppData%\Skype\Defaultpics\Skype Love.gif	9,258 bytes	MD5: 0x8F94E0D0158F32B83549E9CD2E7FC557 SHA-1: 0x3A1A5763D7B09702641657273E6C3E2789B31592
20	%CommonAppData%\Skype\Defaultpics\Skype Morning.gif	27,024 bytes	MD5: 0xF01F770CD8E73A4D7641CC58A76D4945 SHA-1: 0x8F456B0D1E9F353E4A7D91AE757AD3ACF0065CD2
21	%CommonAppData%\Skype\Defaultpics\Skype Motobike.gif	30,769 bytes	MD5: 0xDA618FDC6B5D9C0C9CFC13A130885FD0 SHA-1: 0x3ACAF64428D2868EBD39D646C34954C95435FCE2
22	%CommonAppData%\Skype\Defaultpics\Skype Passby.gif	32,532 bytes	MD5: 0x1F089EEBD79CD35491C5099848E1F254 SHA-1: 0x807AB7F46FB8F4754E7BC59833059CA0CD542091
23	%CommonAppData%\Skype\Defaultpics\Skype Salary.gif	9,110 bytes	MD5: 0x70B232D122B4C0EFFDF4F00F06EA96A9 SHA-1: 0x851BF64B05AC6C275167FFD9E023596507D6997F
24	%CommonAppData%\Skype\Defaultpics\Skype Search.gif	9,375 bytes	MD5: 0xA72D4A4C9D96121A5F42AD52A420F6D6 SHA-1: 0x378786502269535913560BD07E175B555C3DC342
25	%CommonAppData%\Skype\Defaultpics\Skype Sleep.gif	26,820 bytes	MD5: 0xE8DD2BA202AA3D5E2C8285D7F8AE1FEB SHA-1: 0xD9B7B92E688FB39F9CD7E6707D61D8ABEAB71973
26	%CommonAppData%\Skype\Defaultpics\Skype Smelly.gif	13,806 bytes	MD5: 0xC163411A8D8BE3EAD314696F3ECC2090 SHA-1: 0xEA1AE1B5EC3DEEBA23B7D925507122D7ED7D4A4D
27	%CommonAppData%\Skype\Defaultpics\Skype Sweat.gif	34,782 bytes	MD5: 0x7C7876215128C87AFBF434FC06D3C9D9 SHA-1: 0xCC671DF034D4E2E57EC00C61651615813985926B
28	%CommonAppData%\Skype\Defaultpics\Skype Tea.gif	26,765 bytes	MD5: 0xC68585AC8EA332A0421F041C2FF235AC SHA-1: 0xED6B9A102B02984FEE29263CECFE295530AED155
29	%CommonAppData%\Skype\Defaultpics\Skype Vacuity.gif	36,436 bytes	MD5: 0x56813866128EC92BF2E90204D54F5E80 SHA-1: 0x5FF38FB15DE70A70555A788675C8F598C87DCC04
30	%CommonAppData%\Skype\Defaultpics\Skype Work.gif	43,626 bytes	MD5: 0xE010A18F99843BADD7B9C7EDEE7619A2 SHA-1: 0x07C89022AD5B32590069F1BC0C852165632E8024
31	%CommonAppData%\Skype\Pictures\Angel Skype.png	8,978 bytes	MD5: 0x2BE1981DB07A180401FC7A5A8CEF5075 SHA-1: 0x92D963CE8F595391E9E98BF635D0F1F13D65DA3C
32	%CommonAppData%\Skype\Pictures\Architect Skype.png	8,424 bytes	MD5: 0x81DD886F6ED943A5222D5D4C8683C56A SHA-1: 0x6E67D5F7FB6FB16D76502BAD86CF4981EDB04701
33	%CommonAppData%\Skype\Pictures\Beach Skype.png	11,437 bytes	MD5: 0x005C88ACFA72F8AE0D6E0C032F97B07B SHA-1: 0x917C65E8429689943185C838F9E3E8796697A826
34	%CommonAppData%\Skype\Pictures\Behind Skype.png	9,348 bytes	MD5: 0xEA4B973BF1AEA29E6D3A465BEEA8D6EC SHA-1: 0xE4156EB3F59C413C93680F7E12C36F94F27DC460
35	%CommonAppData%\Skype\Pictures\Business Skype.png	11,265 bytes	MD5: 0xD3D2CD045E0DABCCBB20C0EFEDA28FEB SHA-1: 0x666AFC113222CEB585F6C1543EC79A45229C4E0B
36	%CommonAppData%\Skype\Pictures\Call Me Sweetheart.png	7,433 bytes	MD5: 0xC8E7B81E5A7D846D9E2116DFE0C14AEA SHA-1: 0x6208250679A6C59F58EC3CEF429D007627FE4336
37	%CommonAppData%\Skype\Pictures\Call Me.png	7,517 bytes	MD5: 0x9B7D45ADDCBD4EBEC98AE6ED18F8B4A7 SHA-1: 0xD5ABE53E3C214A280AB14B94A3602F0679ADF834
38	%CommonAppData%\Skype\Pictures\Carnival Skype.png	18,785 bytes	MD5: 0x689EBD763A9689AA588942EFF3AF16EA SHA-1: 0x67ADB6C897D37A1F578F40C187B2CEAA99515CF9
39	%CommonAppData%\Skype\Pictures\Chic Skype.png	9,043 bytes	MD5: 0x4AEB13CE3D1DFD7F26BBE89796C068CB SHA-1: 0xF90AE092624D9F3D055705F3FFA756CB2C354839
40	%CommonAppData%\Skype\Pictures\Christmas Skype.png	10,028 bytes	MD5: 0xAB057C96DD039206722D76BB907F55B8 SHA-1: 0x5882C59E5A97D64A9F44666B240B99ABD66B9CD2
41	%CommonAppData%\Skype\Pictures\College Skype.png	8,823 bytes	MD5: 0xC2F526CC6924635FFC2D807C58D97E57 SHA-1: 0x01C553A9C808AB49923D722F3CFB9FAA9783B265
42	%CommonAppData%\Skype\Pictures\Desert Skype.png	14,460 bytes	MD5: 0x177DF4575F2980C7894FCEC26FB97527 SHA-1: 0x1901BEC1DD3442673B37C42D1253BC4DDC83DF56
43	%CommonAppData%\Skype\Pictures\Designer Skype.png	4,658 bytes	MD5: 0x0258A33721B5796FD8532BCD2E8D8902 SHA-1: 0x581423222933E60FD71D584A00C1A1B0E66998E2
44	%CommonAppData%\Skype\Pictures\Devil Skype.png	10,626 bytes	MD5: 0xEA92FDB9996751A6C0E469EDAD0B180C SHA-1: 0x3D1A7E041477A71922DAB630EC368787351CEB0E
45	%CommonAppData%\Skype\Pictures\DIY Skype.png	14,658 bytes	MD5: 0xBC21C17137709C8E731D10653174F573 SHA-1: 0x97E37DDEA788516399DBA2F631738DD7D3D53AB3
46	%CommonAppData%\Skype\Pictures\DJ Skype.png	9,392 bytes	MD5: 0xCEBDD50E3EF9F4635593AEE28FD91C39 SHA-1: 0xE18E69325652826ADC4A47ADA3A62480C26EAA02
47	%CommonAppData%\Skype\Pictures\Earbud Skype.png	5,949 bytes	MD5: 0xDD8B8411EB4BF5102B3241A70704B45F SHA-1: 0x0309C98D4D54BB9913E1FE02D59CFB139A017AE0
48	%CommonAppData%\Skype\Pictures\Empire Skype.png	10,411 bytes	MD5: 0xE2DB087448D6432785AC9F70C6C25D1A SHA-1: 0xE5B047D73FD7F29E500ACD50C36DCAF8EC9021CD
49	%CommonAppData%\Skype\Pictures\Fax Skype.png	3,171 bytes	MD5: 0x253F4FF10BD479BE4366D6F7F13FEDF1 SHA-1: 0x99290A9A9BC4C9E71476D55B33C59240561E832C
50	%CommonAppData%\Skype\Pictures\Geisha Skype.png	16,162 bytes	MD5: 0x96C600CABC18CD0FECF38B22C73AE7B6 SHA-1: 0xFA3E33FE0249627257750D8AEEA5EC8E7C1808E5
51	%CommonAppData%\Skype\Pictures\Hula Skype.png	11,994 bytes	MD5: 0x72842D87F0C5D5B05439ECDE2421DBB0 SHA-1: 0x8B37E513BD71117D01887B73C26F48583A9C8AD5
52	%CommonAppData%\Skype\Pictures\Make Skype Not War.png	7,949 bytes	MD5: 0xBE816D7A43C88FD2D1226E8F3B95365B SHA-1: 0xD8AED98B15BF6763C78B38D5E66B61838B670488
53	%CommonAppData%\Skype\Pictures\Metal Skype.png	19,470 bytes	MD5: 0x6DA0DFFFD6AF8067264F1A71068B03B8 SHA-1: 0x376582F1FCBB381DA406F63B9E929AF693120C0F
54	%CommonAppData%\Skype\Pictures\Ninja Skype.png	10,063 bytes	MD5: 0x239A56E1EE9DA25758BE8E0611E1937E SHA-1: 0x178CE60138BC7B256002304711EABFA03738F597
55	%CommonAppData%\Skype\Pictures\Party Skype.png	11,904 bytes	MD5: 0x4236FAADD5FDD3A29D4B1ED8C2E0711C SHA-1: 0x53B0906BC01D72F1F78523A7256E65340A6DECD5
56	%CommonAppData%\Skype\Pictures\Pop Skype.png	10,599 bytes	MD5: 0x6B5A5971E82286FFB738E81D06379505 SHA-1: 0x484D7D43F70EE62DE1DDC965E48935CE89588C64
57	%CommonAppData%\Skype\Pictures\Rice Skype.png	12,155 bytes	MD5: 0x24424D6DDF2B34BA4D0884C566EFFF30 SHA-1: 0xF17F2419C561223AC3C19D9979B12B327501FC33
58	%CommonAppData%\Skype\Pictures\Skypahontas.png	11,726 bytes	MD5: 0xDA10C9D3AD09DE5A6EF48626171FAFAB SHA-1: 0x2BEB3B17A943B3FDD08B7B78927C9378E79FA7BD
59	%CommonAppData%\Skype\Pictures\Skype 502.png	26,055 bytes	MD5: 0x03C4612F1CC54801E5461166AAAE6E16 SHA-1: 0xEB5D937B30BC90EC08F30408F6D56A364E56DB44
60	%CommonAppData%\Skype\Pictures\Skype Aid.png	10,309 bytes	MD5: 0x9BD96D8DF1517B127CEB28DA08C75506 SHA-1: 0x7174BFC78F3380DC03418546F94EB7BB6B951112
61	%CommonAppData%\Skype\Pictures\Skype Artiste.png	23,078 bytes	MD5: 0x8E5EE7A75574178865B8F75A57AC09B3 SHA-1: 0xC6A7302E0DD0D6FBB026248DE7E01843972D31D7
62	%CommonAppData%\Skype\Pictures\Skype Beauty.png	10,560 bytes	MD5: 0x0BF9310938CE6E3435DF567430285AEA SHA-1: 0xD7E1BA3520EEDD2C536F735D6BC2A469688DD138
63	%CommonAppData%\Skype\Pictures\Skype Bling.png	13,299 bytes	MD5: 0x50894A9AE54BB9FCB983BCB60E3CE697 SHA-1: 0xB3122ACBD75C7FC48CEC70D9D914E9A0B28ED664
64	%CommonAppData%\Skype\Pictures\Skype Boarder.png	14,140 bytes	MD5: 0x8E87EEBD9CED5672098FDB89936E027F SHA-1: 0x2B5EBB6088267BC67C891501E0A3A232C32FC4CE
65	%CommonAppData%\Skype\Pictures\Skype Brrr... .png	16,753 bytes	MD5: 0x63C22C6B568D69A6BCF7A4625F2B2297 SHA-1: 0x083FCD444335E8D8E521F6D0C88B16CCAF46FF09
66	%CommonAppData%\Skype\Pictures\Skype Candy.png	10,209 bytes	MD5: 0xA1CD540840AF1FF9D5C4FD75F731A3E9 SHA-1: 0xB1CEE0253B77F3C6C0960C9F05A9FC1E680A95E6
67	%CommonAppData%\Skype\Pictures\Skype Cola.png	8,557 bytes	MD5: 0xBCA2A44C0B589B9F9B53E7D7F04D39C6 SHA-1: 0xC2DF4C4034CF3770931BF732377FFFEC388462B4
68	%CommonAppData%\Skype\Pictures\Skype Cool Shades.png	7,632 bytes	MD5: 0xEAE2CCA87F4EE40C49BF9A02F8F3C43D SHA-1: 0xB6988569AA07304FEC69C7E066AD1DF77693BBF6
69	%CommonAppData%\Skype\Pictures\Skype Extreme.png	9,602 bytes	MD5: 0x3997284EB74FB2D71A9CF57AD408232F SHA-1: 0x59BFEAE81DAAFFB47B5A0B81FB6ADFBA1455AD4D
70	%CommonAppData%\Skype\Pictures\Skype Goaaaaal.png	9,636 bytes	MD5: 0x207C1E1292AF235D7EDF4FA54CE64212 SHA-1: 0xB5BE9D9AAA3ABEE498224F39A9D8E1BE7B5C81E4
71	%CommonAppData%\Skype\Pictures\Skype Headset.png	9,604 bytes	MD5: 0xA3DB03146AE64F45180217906767EC1C SHA-1: 0x5EDE34C47ED26E4E3390F9BF13F157A81EBB2507
72	%CommonAppData%\Skype\Pictures\Skype in a Bag.png	7,339 bytes	MD5: 0xB525F2BD3A410D1523549903D63E9FE5 SHA-1: 0x959A59DD6796973ACE5993044A21164D9459D876
73	%CommonAppData%\Skype\Pictures\Skype Jah.png	12,597 bytes	MD5: 0xB336310F2C76DADC42730CD77515A0B0 SHA-1: 0xFEEC691FD534B55F8B7BB469C9F110A74210012D
74	%CommonAppData%\Skype\Pictures\Skype Jyve.png	9,817 bytes	MD5: 0x8B2B752568FE58F3F5A40D7AA771338B SHA-1: 0x7E8B3815E53047DE70F0B8ADBFD30B78C87E4A04
75	%CommonAppData%\Skype\Pictures\Skype Safety.png	12,674 bytes	MD5: 0x9DF407A009F6C42A8B3EB494E1027CBA SHA-1: 0x67EF513A7FBB3C1F1706294E7CC54B4F3CAEB8EF
76	%CommonAppData%\Skype\Pictures\Skype San.png	11,471 bytes	MD5: 0xD2B60266E57ADFAB15684BEA2CA67498 SHA-1: 0xD99E569F150F6E1E313E85F91BFB0E42052925A9
77	%CommonAppData%\Skype\Pictures\Skype Shorty.png	4,343 bytes	MD5: 0x98E3E5EA7B669419B757D8E7D0AAC5CB SHA-1: 0x7D4160038F3C4E6D15F9DAAE5AF6AF0B6F8988CC
78	%CommonAppData%\Skype\Pictures\Skype Smiley.png	6,663 bytes	MD5: 0xC21C9D102F98A2CE6EF4FD85004FB33D SHA-1: 0x319E209420C19C839E78AC117BED90700F2DCE86
79	%CommonAppData%\Skype\Pictures\Skype Time.png	13,315 bytes	MD5: 0x88BE7012315860E0BAB96CEF4C87955A SHA-1: 0xC125343A1F6990B46A9411DE329AAA2795A73FA2
80	%CommonAppData%\Skype\Pictures\Skype-a-Manger.png	9,077 bytes	MD5: 0x09A1207AF41075404A4E9C2076956C13 SHA-1: 0x431FDAF5753BE0FA470AC106268AD86B533A3A37
81	%CommonAppData%\Skype\Pictures\Skype-ahoy.png	13,057 bytes	MD5: 0x8B1617D9BC11C8D4424AF9B5E1F3FCAF SHA-1: 0x11C8D8BB80D1BE936A43D6724A94462207CE11EF
82	%CommonAppData%\Skype\Pictures\Skype-in-one.png	10,816 bytes	MD5: 0xC7EDCFC021634AE620B02683B54DACF6 SHA-1: 0x5701BB6DF9B5BB4B7694C1B0BA77570BB9ACBF1F
83	%CommonAppData%\Skype\Pictures\Skype.png	7,695 bytes	MD5: 0xCADA508DC4124FFE1E6FA72A4D702108 SHA-1: 0x0F0CE76D84F247E748C5F86BB2E5096F3B50AE7A
84	%CommonAppData%\Skype\Pictures\Skypers of the Caribbean.png	9,786 bytes	MD5: 0xBF0EB1C09A56414D07CD6987EAC94351 SHA-1: 0x74AE75ED40639813FE8FC769F33086037E50B16B
85	%CommonAppData%\Skype\Pictures\Star Skype.png	8,075 bytes	MD5: 0x2E5C7273C2A4D275D00C62D708082AD6 SHA-1: 0x4F313A5A689DF0238D5F0F2087DAECB7CAE714A7
86	%CommonAppData%\Skype\Pictures\Sushi Skype.png	11,588 bytes	MD5: 0x1A7AC5C5478D3484E873DB2C7179ABB3 SHA-1: 0xA66B52B88A051443167406EBE8D88F5D20875641
87	%CommonAppData%\Skype\Pictures\The Skypeness.png	10,252 bytes	MD5: 0x893C7B19426AB820E9F299E86E076520 SHA-1: 0x72213065CD65038BD9F279FDA2470149801EBDBC
88	%CommonAppData%\Skype\Pictures\ThinkPad Skype.png	10,844 bytes	MD5: 0x14A3442E6469E11C09DD6ABABC4DB369 SHA-1: 0x099ACE427265218B7ED5C701F539E2929EF58589
89	%CommonAppData%\Skype\Pictures\Travel Skype.png	8,565 bytes	MD5: 0xF2B3C7E298D7D24245272293DF986320 SHA-1: 0x6BABDDA560F2152CC6F0D60CA930CA46CBDDAB65
90	%CommonAppData%\Skype\Pictures\Wetsuit Skype.png	8,620 bytes	MD5: 0xD3EBBD96729EEC00B36734B3FA57ABDC SHA-1: 0x9AD5ADEF687923E7E5F31C66A6BD6A5C91A0F7C5
91	%CommonAppData%\Skype\Pictures\Yin Yang Skype.png	6,342 bytes	MD5: 0x78A8D511ECF9567698A594313787CDA1 SHA-1: 0x45631E857278F837105CC7D986C6AABBCBB80047
92	%CommonAppData%\Skype\Plugins\collection.ini	354 bytes	MD5: 0x881AA51FAA8B72716AA5CCEBB50F7DD0 SHA-1: 0x25F1844FB714F798062C90EABD4EC655B48E1B50
93	%CommonAppData%\Skype\Plugins\ipxml.xml	19,743 bytes	MD5: 0xB55416D94B8327B80AF9118380321173 SHA-1: 0xE50F1122F6DAE6557634EE2449AB099053BE22E4
94	%CommonAppData%\Skype\Plugins\Local Cache\04B3EC9B2B5945A1B7AFC5FAFC297401_icon48.png	2,229 bytes	MD5: 0x4D2F17C20EE11C12254BEB466108C04B SHA-1: 0x663BDCD08147CB88F85FF10405C91EC007ACE808
95	%CommonAppData%\Skype\Plugins\Local Cache\04B3EC9B2B5945A1B7AFC5FAFC297401_more.jpg	40,605 bytes	MD5: 0x6ACF1241E015022900FE61091F4539CB SHA-1: 0xB6EEB05D8116924E5E0B55F015AA863AD237F854
96	%CommonAppData%\Skype\Plugins\Local Cache\1163D2B46CC742E5A3CC9E4157887751_icon24.png	4,206 bytes	MD5: 0xFC68D83D9CF0729CE1786236AA5FB57B SHA-1: 0xCE0BDF358DF90165641BCD0BB2F694F115329264
97	%CommonAppData%\Skype\Plugins\Local Cache\1163D2B46CC742E5A3CC9E4157887751_icon48.png	3,451 bytes	MD5: 0x407FA30F1CA157100155D7A210DD6744 SHA-1: 0x1391E52B1FB88C6CD27F3F8D73838FB302749DCE
98	%CommonAppData%\Skype\Plugins\Local Cache\1163D2B46CC742E5A3CC9E4157887751_more.jpg	10,555 bytes	MD5: 0x7D19DA6D4FDF2F039868E74CB281DD54 SHA-1: 0x581CB23C25BFA0187F7FD2F71246AF70560585C5
99	%CommonAppData%\Skype\Plugins\Local Cache\1D5BFC86FB85431BA61248FDB2467411_icon24.png	4,533 bytes	MD5: 0x848187BF4814658A125BB938D9E9A84E SHA-1: 0xCE351599134502752C0FE5C751E49473EC82F029
100	%CommonAppData%\Skype\Plugins\Local Cache\1D5BFC86FB85431BA61248FDB2467411_icon48.png	8,279 bytes	MD5: 0xF60AA5C86B95D928333792D0550F8EDD SHA-1: 0x87349D289511D1DA810A1D61DA721F1CFDE47CC9

Note:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The following directories were created:

%CommonPrograms%\Skype
%CommonPrograms%\UUSEE
%AppData%\Skype
%AppData%\Baidu
%ProgramFiles%\Common Files\Skype
%ProgramFiles%\Skype
%Windir%\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
%CommonAppData%\Skype
%CommonAppData%\Skype\DefaultFlashs
%CommonAppData%\Skype\Defaultpics
%CommonAppData%\Skype\Pictures
%CommonAppData%\Skype\Plugins
%CommonAppData%\Skype\Plugins\Local Cache
%CommonAppData%\Skype\Plugins\Local Cache\Categories
%CommonAppData%\Skype\Plugins\Plugins
%CommonAppData%\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8
%CommonAppData%\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache
%CommonAppData%\Skype\Wallpapers
%CommonAppData%\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
%CommonPrograms%\ï¿½Ù¶È³ï¿½ï¿½ï¿½ï¿½Ñ°ï¿½
%AppData%\Baidu\bar
%AppData%\Baidu\bar\Custom Buttons
%ProgramFiles%\baidu
%ProgramFiles%\baidu\bar
%ProgramFiles%\baidu\bar\BDBar_tmp
%ProgramFiles%\baidu\bar\BDBar_tmp\img
%ProgramFiles%\baidu\bar\favicon
%ProgramFiles%\baidu\bar\img
%ProgramFiles%\Common Files\CPUSH
%ProgramFiles%\Common Files\uusee
%ProgramFiles%\Common Files\uusee\UUSEETemp
%ProgramFiles%\Common Files\uusee\UUSEETemp\UUPlayer_update
%ProgramFiles%\Skype\Phone
%ProgramFiles%\Skype\Plugin Manager
%ProgramFiles%\Skype\Plugin Manager\MLS
%ProgramFiles%\uusee
%ProgramFiles%\uusee\skins
%ProgramFiles%\uusee\skins\UUPlayer
%System%\inf

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #8]	[file and pathname of the sample #8]	684,032 bytes
Skype.exe	%ProgramFiles%\skype\phone\skype.exe	25,993,216 bytes
[filename of the sample #4]	[file and pathname of the sample #4]	24,576 bytes
[filename of the sample #5]	[file and pathname of the sample #5]	241,664 bytes
[filename of the sample #6]	[file and pathname of the sample #6]	200,704 bytes
[filename of the sample #9]	[file and pathname of the sample #9]	192,512 bytes
[filename of the sample #7]	[file and pathname of the sample #7]	200,704 bytes
ad.exe	%System%\inf\ad.exe	3,854,336 bytes
bass-plugins.exe	%ProgramFiles%\uusee\bass-plugins.exe	188,416 bytes
msc03.exe	%System%\config\msc03.exe	184,320 bytes
check_cmd.exe	%ProgramFiles%\common files\uusee\check_cmd.exe	147,456 bytes
uuplayer.exe	%ProgramFiles%\common files\uusee\uuplayer.exe	32,768 bytes
uuupgrade.exe	%ProgramFiles%\common files\uusee\uuupgrade.exe	249,856 bytes
msc03.exe	%System%\inf\msc03.exe	184,320 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	22,294,528 bytes
[filename of the sample #2]	[file and pathname of the sample #2]	634,880 bytes

The following modules were loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
[filename of the sample #3]	[file and pathname of the sample #3]	Process name: [generic host process] Process filename: [generic host process filename] Address space: 0x3E0000 - 0x3E8000
skmsg.dll	%ProgramFiles%\Skype\Phone\skmsg.dll	Process name: Skype.exe Process filename: %ProgramFiles%\skype\phone\skype.exe Address space: 0x10000000 - 0x10013000

Notes:

[generic host process filename] is a full path filename of [generic host process].

There was a new service created in the system:

Service Name	Display Name	Status	Service Filename
ProtectedStorager	Protected Storage Manager	"Running"	%System%\svchost.exe -k netsvcs

The following system service was modified:

Service Name	Display Name	New Status	Service Filename
MSIServer	Windows Installer	"Running"	%System%\msiexec.exe /V

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{238D0F23-5DC9-45A6-9BE2-666160C324DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{765035B3-5944-4A94-806B-20EE3415F26F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{82D539C0-1730-4D26-B1DC-B4D5A906606E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{941A4793-A705-4312-8DFC-C11CA05F397E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{BDA4644D-9506-4F80-BC24-74411342F24E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E21BE468-5C18-43EB-B0CC-DB93A847D769}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\TypeLib

The following Registry Keys were deleted:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{238D0F23-5DC9-45A6-9BE2-666160C324DD}]

FriendlyName = "RealVideo Decoder"
CLSID = "{238D0F23-5DC9-45A6-9BE2-666160C324DD}"
FilterData = 02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 90 00 00 00 A0 00 00 00 31 74 79 33 00 00 00 00 90 00 00 00 B0 00 00 00 32 74 79 33 00 00 00 00 90 00 00 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}]

FriendlyName = "UUSEE DeMultiplexer"
CLSID = "{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}"
FilterData = 02 00 00 00 00 00 80 00 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 60 00 00 00 60 00 00 00 31 70 69 33 08 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{765035B3-5944-4A94-806B-20EE3415F26F}]

FriendlyName = "RealMedia Source"
CLSID = "{765035B3-5944-4A94-806B-20EE3415F26F}"
FilterData = 02 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{82D539C0-1730-4D26-B1DC-B4D5A906606E}]

FriendlyName = "UUSEE Audio Decoder"
CLSID = "{82D539C0-1730-4D26-B1DC-B4D5A906606E}"
FilterData = 02 00 00 00 00 00 80 00 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 60 00 00 00 70 00 00 00 31 70 69 33 08 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{941A4793-A705-4312-8DFC-C11CA05F397E}]

FriendlyName = "RealAudio Decoder"
CLSID = "{941A4793-A705-4312-8DFC-C11CA05F397E}"
FilterData = 02 00 00 00 00 00 40 00 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 E0 00 00 00 F0 00 00 00 31 74 79 33 00 00 00 00 E0 00 00 00 00 01 00 00 32 74 79 33 00 00 00 00 E0 00 00 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{BDA4644D-9506-4F80-BC24-74411342F24E}]

FriendlyName = "UUSEE Video Decoder"
CLSID = "{BDA4644D-9506-4F80-BC24-74411342F24E}"
FilterData = 02 00 00 00 02 00 80 FF 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 70 00 00 00 80 00 00 00 31 74 79 33 00 00 00 00 70 00 00 00 90 00 00 00 31 70 69 33 08 00 00 00 00 00 00 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{E21BE468-5C18-43EB-B0CC-DB93A847D769}]

FriendlyName = "RealMedia Splitter"
CLSID = "{E21BE468-5C18-43EB-B0CC-DB93A847D769}"
FilterData = 02 00 00 00 00 00 60 00 02 00 00 00 00 00 00 00 30 70 69 33 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 30 74 79 33 00 00 00 00 50 00 00 00 60 00 00 00 31 70 69 33 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 EB 36 E

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\VersionIndependentProgID]

(Default) = "PromoteDemo.Promote"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\TypeLib]

(Default) = "{24DBFE5E-3A0D-4891-998C-FB99832D46EE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\ProgID]

(Default) = "PromoteDemo.Promote.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\InprocServer32]

(Default) = "[file and pathname of the sample #3]"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}]

(Default) = "Promote Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\VersionIndependentProgID]

(Default) = "Skype4COM.ChatMessageCollection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\ProgID]

(Default) = "Skype4COM.ChatMessageCollection.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}]

(Default) = "ChatMessageCollection Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\VersionIndependentProgID]

(Default) = "NewszPoupopsAd.AQLogc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\TypeLib]

(Default) = "{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgID]

(Default) = "NewszPoupopsAd.AQLogc.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32]

(Default) = "%ProgramFiles%\Common Files\CPUSH\cpush.dll"
ThreadingModel = "apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]

(Default) = "CAdLogic Object"
AppID = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\VersionIndependentProgID]

(Default) = "Skype4COM.ChatCollection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\ProgID]

(Default) = "Skype4COM.ChatCollection.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}]

(Default) = "ChatCollection Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\VersionIndependentProgID]

(Default) = "Skype4COM.SmsMessageCollection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\ProgID]

(Default) = "Skype4COM.SmsMessageCollection.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}]

(Default) = "SmsMessageCollection Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\VersionIndependentProgID]

(Default) = "Skype4COM.Group"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\ProgID]

(Default) = "Skype4COM.Group.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}]

(Default) = "Group Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\InprocServer32]

(Default) = "%ProgramFiles%\Common Files\uusee\rmsp011.ax"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}]

(Default) = "RealVideo Decoder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}\InprocServer32]

(Default) = "C:\PROGRA~1\COMMON~1\uusee\UUPlayer.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}]

(Default) = "UUPlayerOCX Property Page"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\VersionIndependentProgID]

(Default) = "Skype4COM.Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\ProgID]

(Default) = "Skype4COM.Application.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}]

(Default) = "Application Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus\1]

(Default) = "131473"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Version]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\TypeLib]

(Default) = "{BC85539C-48EA-4222-B6EE-8DA6897175DA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ToolboxBitmap32]

(Default) = "C:\PROGRA~1\COMMON~1\uusee\UUUPGR~1.OCX, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ProgID]

(Default) = "UUUPGRADE.UUUpgradeCtrl.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\InprocServer32]

(Default) = "C:\PROGRA~1\COMMON~1\uusee\UUUPGR~1.OCX"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}]

(Default) = "UUUpgrade Control"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\VersionIndependentProgID]

(Default) = "Skype4COM.Command"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\ProgID]

(Default) = "Skype4COM.Command.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}]

(Default) = "Command Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\VersionIndependentProgID]

(Default) = "Skype4COM.Conversion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\ProgID]

(Default) = "Skype4COM.Conversion.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32]

ThreadingModel = "Apartment"
(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}]

(Default) = "Conversion Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\VersionIndependentProgID]

(Default) = "NewAdPopup.ToolbarDetector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\TypeLib]

(Default) = "{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgID]

(Default) = "NewAdPopup.ToolbarDetector.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32]

(Default) = "%ProgramFiles%\Common Files\CPUSH\cpush.dll"
ThreadingModel = "apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]

(Default) = "CToolbarDetector Object"
AppID = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\VersionIndependentProgID]

(Default) = "Skype4COM.ConferenceCollection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\TypeLib]

(Default) = "{03282B5D-B38F-469D-849A-09B0A7F4881B}"

The following Registry Values were deleted:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

C:\Config.Msi\ = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts]

C:\Config.Msi\d062.rbs = 0x38277D43

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

SearchAssistant = "http://bar.baidu.com/sobar/defaultsearch.html"
CustomizeSearch = "http://bar.baidu.com/sobar/defaultsearch.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

netsvcs = "6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) = 0x0000000C

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) = 0x0000000C

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = 21 BF 5C 0E 5F D1 D0 11 83 01 00 AA 00 5B 43 83 22 00 1C 00 08 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C 00 00 00 01 14 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 81 00 00 00 10 00 00 00 CE 10 18 3F 01 CE C6 01 32 A4 AE 5
ITBarLayout = 11 00 00 00 36 00 00 00 00 00 00 00 34 00 00 00 1F 00 01 00 6E 00 00 00 01 00 00 00 20 07 00 00 A0 0F 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 A0 0F 00 00 04 00 00 00 21 01 00 00 A0 0F 00 00 03 00 00 00 20 03 00 00 00 00 00 0

Other details

To mark the presence in the system, the following Mutex objects were created:

_install_dl
52D77ECE7B32424dB93B9A6EFBDDB0DF
oleacc-msaa-loaded
AMResourceMutex2
VideoRenderer
DDrawWindowListMutex
__DDrawExclMode__
{1682C9C3-AF47-4217-BC4D-0263D34D1466}
DirectSound DllMain mutex (0x000008F0)
DBWinMutex
Local\SkypeMutex
DirectSound Administrator shared thread array (lock)
2AC1A572DB6944B0A65C38C4140AF2F48f000C396B4
Local\SkypeSetupMutex
{E0D84F30-6EE7-4748-9E70-6DF9C3D9E38D}

The following ports were open in the system:

Port	Protocol	Process
1048	UDP	Skype.exe (%ProgramFiles%\Skype\Phone\Skype.exe)
1049	UDP	Skype.exe (%ProgramFiles%\Skype\Phone\Skype.exe)
1050	UDP	Skype.exe (%ProgramFiles%\Skype\Phone\Skype.exe)

The following Host Names were requested from a host database:

logserver.uusee.com
log.uusee.com
push.cpushpop.com
140.113.144.222
140.113.179.52
140.113.133.32
137.189.74.178
140.113.131.49
140.113.73.137
140.113.119.200
140.113.212.180
143.89.56.163
140.113.167.82
143.89.111.107
140.113.210.24
140.113.166.152
140.113.242.253
137.189.74.24
143.89.22.249
140.113.56.211
140.113.56.81
143.89.59.24
140.113.215.132
140.113.170.90
210.53.203.200
147.8.109.154
140.113.160.117
140.113.178.87
147.8.151.111
140.113.144.126
137.189.167.16
143.89.59.21
140.113.169.175
140.113.191.99
140.113.212.240
140.113.141.26
140.113.165.217
140.113.247.151
158.182.7.79
140.113.249.117
159.226.124.51
140.113.170.121
140.113.123.9
137.189.20.38
140.113.216.52
140.113.217.43
140.113.127.228
140.113.108.48
140.113.29.47
140.113.211.129
140.113.242.93
140.113.236.18
140.113.139.135
137.189.107.158
147.8.116.3
140.113.215.95
140.113.185.16
143.89.47.151
140.113.56.178
143.89.47.101
147.8.236.175
140.113.193.13
218.242.146.151
147.8.118.206
158.182.7.60
140.113.192.24
140.113.153.21
147.8.101.27
140.113.31.145
140.113.253.80
143.89.43.66
219.237.156.2
147.8.182.8
140.113.241.67
140.113.207.98
211.103.69.226
143.89.91.180
137.189.151.145
211.95.101.86
137.189.50.67
140.113.194.90
222.68.241.102
61.49.187.11
129.27.140.33
66.235.181.62
130.235.74.125
132.199.124.142
80.74.98.115
204.50.152.34
129.64.55.43
130.232.84.231
193.147.161.197
146.6.102.59
130.111.216.83
84.249.223.241
87.96.133.58
194.143.187.119
62.131.221.246
194.165.188.83
194.165.188.82
70.88.106.73

There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host	Port Number
push.cpushpop.com	1044

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
bar.baidu.com	80	(null)	(null)
firefox.cnppaa.cn	80	(null)	(null)

The data identified by the following URLs was then requested from the remote web server:

http://www.yahoo550.com/image/logo.jpg?queryid=80023
http://image.yahoo550.com/image/logo.jpg?queryid=80023
http://sports.yahoo550.com/image/logo.jpg?queryid=80023
http://travel.yahoo550.com/image/logo.jpg?queryid=80023
http://soft.c393c.cn/newup3.txt
http://www.uusee.com/mini3/uusee_client_update/uuplayer/UUPlayer_update.ini?t=227718
http://www.myyiso.com/internet/index.php?srcid=1&op=2&ver=18
http://update.cpushpop.com/cpush/version.txt
http://sobar.baidu.com/sobar/notice/notice_baiducb.txt?tn=ttskype_cb&ss=1212771843
http://sobartop.baidu.com/sobar/sobar_top_total.html?t=1212771843&sr=BDBAREX_D_278C949E0F6BC7C-E34C60C79EB3B406&suc=0
http://sobar.baidu.com/sobar/notice/notice_ttskype_cb.txt?tn=ttskype_cb&ss=1212771843
http://bar.baidu.com/update/barcab/objlist.dat?t=229734
http://ui.skype.com/ui/0/3.6.4.207/en/installed?info=skype-widget:installedPM
localhost
http://www.myyiso.com/internet/log.php?op=1&hr=0&srcid=1&ver=18
http://ui.skype.com/ui/0/3.6.4.207/en/getnewestversion

The following Internet download was started (the retrieved bits are saved into the local file):

URL to be downloaded	Filename for the downloaded bits
http://soft.c393c.cn/newup3.txt	%Windir%\TEMP\~ups.log

Downloaded Files Summary (Generation #2):

Download details:

Download retrieved: 7 June 2008 03:17:06
Processing time: 4 min 5 sec
Downloaded sample #1:

File MD5: 0xD4BD08B05A2EB33566F839AD5EC5BFE3
File SHA-1: 0x767DE3FE9E2B9A552C9D373F8C9F901FD9464B77
Filesize: 188,416 bytes

Downloaded sample #2:

File MD5: 0x6C5F6417C6174C95DE463D7265BDBD33
File SHA-1: 0x6D054FEAA36A9FE5C91600925129154BCC5F0C61
Filesize: 69,632 bytes
Alias:

Trojan.Adclicker!sd6 [PCTools]
Trojan.Adclicker [Symantec]
not-a-virus:AdWare.Win32.Agent.bmt [Kaspersky Lab]

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! Characteristics of the following security risks were identified in the system:

Security Risk	Description
Trojan.Adclicker!sd6	Trojan.Adclicker!sd6 is a malicious program that does not infect other files but may represents security risk for your computer and/or network environment.
Adware.Agent	Adware.Agent will display advertisements on an infected system.

Attention! The following threat categories were identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
	A potentially unwanted adware program designed to deliver various advertisements to the users' systems

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	[file and pathname of the sample #1]	188,416 bytes	MD5: 0xD4BD08B05A2EB33566F839AD5EC5BFE3 SHA-1: 0x767DE3FE9E2B9A552C9D373F8C9F901FD9464B77	(not available)
2	[file and pathname of the sample #2]	69,632 bytes	MD5: 0x6C5F6417C6174C95DE463D7265BDBD33 SHA-1: 0x6D054FEAA36A9FE5C91600925129154BCC5F0C61	Trojan.Adclicker!sd6 [PCTools] Trojan.Adclicker [Symantec] not-a-virus:AdWare.Win32.Agent.bmt [Kaspersky Lab]

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	188,416 bytes

The following module was loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
[filename of the sample #2]	[file and pathname of the sample #2]	Process name: [generic host process] Process filename: [generic host process filename] Address space: 0x3E0000 - 0x3F1000

Note:

[generic host process filename] is a full path filename of [generic host process].

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FA24E3E-422C-4D94-A125-104F32352C90}

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\VersionIndependentProgID]

(Default) = "PromoteDemo.Promote"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\TypeLib]

(Default) = "{24DBFE5E-3A0D-4891-998C-FB99832D46EE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\ProgID]

(Default) = "PromoteDemo.Promote.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}\InprocServer32]

(Default) = "[file and pathname of the sample #2]"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA24E3E-422C-4D94-A125-104F32352C90}]

(Default) = "Promote Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\TypeLib]

(Default) = "{24DBFE5E-3A0D-4891-998C-FB99832D46EE}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A0428F-85F6-4295-85CB-9F6E129F26B5}]

(Default) = "IPromote"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\0\win32]

(Default) = "[file and pathname of the sample #2]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\HELPDIR]

(Default) = "%System%\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24DBFE5E-3A0D-4891-998C-FB99832D46EE}\1.0]

(Default) = "PromoteDemo 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote\CurVer]

(Default) = "PromoteDemo.Promote.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote\CLSID]

(Default) = "{0FA24E3E-422C-4D94-A125-104F32352C90}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote]

(Default) = "Promote Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote.1\CLSID]

(Default) = "{0FA24E3E-422C-4D94-A125-104F32352C90}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PromoteDemo.Promote.1]

(Default) = "Promote Class"

Other details

Analysis of the file resources indicate the following possible country of origin:

China

The data identified by the following URLs was then requested from the remote web server:

http://www.myyiso.com/internet/index.php?srcid=1&op=1&ver=23&mac=000000000000
http://www.myyiso.com/internet/log.php?op=1&hr=0&srcid=1&ver=23

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.