ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 11 July 2011, 06:03:04
Processing time: 9 min 46 sec
Submitted sample:

File MD5: 0x22607BDCABB2C34599BF4DB6BB957031
File SHA-1: 0x801015F4FBC5EA3BDA110B1DFD7FAAE11F2A2243
Filesize: 1,715,861 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML	12,820 bytes	MD5: 0xA41B71A96BF9FD9D56C4410A380FCE69 SHA-1: 0x7F50CF77DFE753AD0A51D1472009A9C90BBE61C4	(not available)
2	%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat %CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat	4,096 bytes	MD5: 0x09BD95C49387DB6A4DCD338486E3C65B SHA-1: 0x3211AF85476DD07B1D2C55F481C153AF3AC0A59E	(not available)
3	%Temp%\eInspect1\GetMac.dll	188,416 bytes	MD5: 0xD2064755A36A1D80BE967505FE076DBD SHA-1: 0xDEA6F9FE40B9E952FFDC8625B8CE3729C6091933	(not available)
4	%Temp%\GoogleToolbarInstaller1.log	4,308 bytes	MD5: 0x65FA2D6C08F415274E7F2191F66A0C5F SHA-1: 0x6744F9EA10EF6DCD60AFEB693D03C56E8F8B2288	(not available)
5	%Temp%\GoogleToolbarInstaller2.log	4,847 bytes	MD5: 0x4A1FCF925D536C47CBFF5FAD63D66527 SHA-1: 0x3ED83ECA8B6D018C910BA41AA97454085403AD05	(not available)
6	%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe	182,768 bytes	MD5: 0xCC839E8D766CC31A7710C9F38CF3E375 SHA-1: 0xA20FE767AE667638FC2ED43563BD436542CA7AD4	(not available)
7	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar.6.4.1321.1732.manifest.xml	22,020 bytes	MD5: 0xE9D1C1177B8BAC1CEE630CAD6A113058 SHA-1: 0x3DE79EC8CADB87C4375062F30F692DE11A2E6959	(not available)
8	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_78F32466E61F1EEC.dll	2,908,272 bytes	MD5: 0x7DA764DA0C164E9CEDFE45847B2FA514 SHA-1: 0x903AA8CCD58750C61D7AC96D84DCC26BA0D27D91	(not available)
9	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll	848,896 bytes	MD5: 0x9C626E135B52F704B9934774E37DDE4A SHA-1: 0x4F7691FDF7B2D175246B6179C6F59149C70EB8A8	(not available)
10	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe	1,037,936 bytes	MD5: 0x19DF43A34C9BB7E790CB119AFCB7F66B SHA-1: 0xF1304E1D3EBEFD78CA4BA6B5118231ABBBDF311F	(not available)
11	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_32_7397BBD21492BAA9.exe %ProgramFiles%\Google\Google Toolbar\GoogleToolbarUser_32.exe	298,608 bytes	MD5: 0xDEA8E97225B79A52094459422FA9BE66 SHA-1: 0x379A0A0F08A8682B35476CF362AA42D7A5A44CAA	(not available)
12	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_32_788D2431A6FFBD5A.dll %ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll	279,664 bytes	MD5: 0xCE18BAFCF08340AC9A31044B86FA5FED SHA-1: 0xAEAB8D164B4F60AE7FD3166E953BA9BB60751957	(not available)
13	%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe	182,768 bytes	MD5: 0x1C50AB911B3524356D0C58D8D669F09E SHA-1: 0x8196BF79D278F064FEAA77F3353410273F8611E6	(not available)
14	%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdateSetup_0002B5AEB6C5B612.exe	563,696 bytes	MD5: 0x5A81DAF322DFB89B925C1EE597302847 SHA-1: 0x6221A910EFCEB05583E82E25AF0CA8DF012D1278	(not available)
15	%ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_60BF91FC421232D7.exe	1,487,344 bytes	MD5: 0xF0C64E8621073E5E6155A084D064C6FB SHA-1: 0xDFAB77008ED210FF0154BDBF27014F74CED69A0D	(not available)
16	%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp	119,808 bytes	MD5: 0x7C1F2F928AD72C15B6DDE410A0D9D43A SHA-1: 0x1E1E6CE38C2DE7FFEF611FC0D2A7A7DF13E8AAB3	(not available)
17	%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi	28,160 bytes	MD5: 0xF7B15892385FE4B7F4A657B0619968D2 SHA-1: 0x935ADA5066CED268466EFBD5D18F777633928331	(not available)
18	%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\gth.dll	49,136 bytes	MD5: 0x15DC752B83DCB799D483BD715B855CF1 SHA-1: 0x8A0BE53000620F7141E07F3D4B41E72C6F6AAF2A	(not available)
19	%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\gtn.dll	148,976 bytes	MD5: 0xC31BBDCD066E35BE40DCF2C4EEF12F97 SHA-1: 0x69C41009431105CE0E9A4E7CFE4A6063C900C167	(not available)
20	%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\Readme.url	99 bytes	MD5: 0x1E621AC94C2FFC45C85455EF6D808D15 SHA-1: 0x86A3940AF40700EB741480B6091120BF5AD96FE8	(not available)
21	%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll	812,528 bytes	MD5: 0xA414F9F0E60B3AB385E56586D4EEAAF3 SHA-1: 0x28C4F210FBEA5C05EFF3FB66F171A49B33EBEDDC	(not available)
22	%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe	39,408 bytes	MD5: 0x5D61BE7DB55B026A5D61A3EED09D0EAD SHA-1: 0x215950CE5D40907B041346F22B4E404EE591581D	(not available)
23	%ProgramFiles%\Google\Update\1.2.183.13\GoogleCrashHandler.exe	136,176 bytes	MD5: 0x975A3190EB50EAC7AA89488233E18294 SHA-1: 0x862F1AD96CB36E449FAE11E9C3276E5B12FEEECA	(not available)
24	%ProgramFiles%\Google\Update\1.2.183.13\GoogleUpdate.exe %ProgramFiles%\Google\Update\GoogleUpdate.exe	135,664 bytes	MD5: 0x8F0DE4FEF8201E306F9938B0905AC96A SHA-1: 0xD2E2915087427BE8EA88B4A174C334C578208E78	(not available)
25	%ProgramFiles%\Google\Update\1.2.183.13\GoogleUpdateHelper.msi	26,624 bytes	MD5: 0xFDA3E5076FADA18E867796219345ECE6 SHA-1: 0x598144E7D2467FA1865EAEAB9D95A20403156F46	(not available)
26	%ProgramFiles%\Google\Update\1.2.183.13\goopdate.dll	681,968 bytes	MD5: 0xEB24B0549C3F45594AF82A452CD4F822 SHA-1: 0x66528D7802891D129DEE7CF54B5A670012AC6F36	(not available)
27	%ProgramFiles%\Google\Update\1.2.183.13\GoopdateBho.dll	138,736 bytes	MD5: 0x626CA57682D15856B3BD87D6C5169DDE SHA-1: 0xA4D28A8E5042F2911282DE534ECD9C106CC6E9CD	(not available)
28	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ar.dll	25,584 bytes	MD5: 0x2CF039038FDF0212511041BD7EB614E5 SHA-1: 0x604CC4517D13CE675BCE4A7A8A95988EEB50E833	(not available)
29	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_bg.dll	29,168 bytes	MD5: 0x915B9A095F53B8EF00C309FD17342362 SHA-1: 0x6DEEF71D075B9C05E23B2ACAB008FA598961283A	(not available)
30	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_bn.dll	27,632 bytes	MD5: 0x0596334BE2CAF19AE2F3C2365945F952 SHA-1: 0xC0D4D11CC4BAA154ECA122CA30D13F1DBCF8F0A2	(not available)
31	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ca.dll	28,656 bytes	MD5: 0xABF850D51375F417A0FC705B824C7901 SHA-1: 0x7CA5CC857A64AB6C7E2F82EC0B62C45B4CB9FF80	(not available)
32	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_cs.dll	27,632 bytes	MD5: 0xD683C18C679A65F4047652C89DADBAFD SHA-1: 0x7F5C3549304586578A48B4E60398401565CBF1B0	(not available)
33	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_da.dll	27,632 bytes	MD5: 0x62DE54C443CF0A3C46C98CE2DDC54CCD SHA-1: 0x7260BE0431A56BFEA25074A2218811153D698ED6	(not available)
34	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_de.dll	29,168 bytes	MD5: 0x43AC9E666688C83286A47398FAEAE97C SHA-1: 0x86B214E8D7E523C56BFF164BCD96CFA3AE1B8E8F	(not available)
35	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_el.dll	29,680 bytes	MD5: 0x08C9E18A040E6D17BB5F32509D097FB2 SHA-1: 0x2D325997AED5385385D24D27CE88F964DF4A48B6	(not available)
36	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_en-GB.dll	26,608 bytes	MD5: 0xF6353A1D5496091CC1E842073039F6AD SHA-1: 0x0428DBDB1EA3845C8E7D8696C75803D8104CCFC0	(not available)
37	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_en.dll	26,608 bytes	MD5: 0xA36BFDB76F6DE037527E542B064352B4 SHA-1: 0xF411AABE9C44ACBF0FE6AAC4813EC03AA2172A6E	(not available)
38	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_es-419.dll	28,144 bytes	MD5: 0x26C8998B707B6ABF0C885FE8BFE7B70C SHA-1: 0x82A6F4ABCD6E6FC8B1BC9316F02E52F7CA59D3EA	(not available)
39	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_es.dll	29,680 bytes	MD5: 0xFFD3238E87E676E2096D956D64BA739C SHA-1: 0xE3E475D4C264580C83896F9A0BFF2741456C1AF8	(not available)
40	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_et.dll	27,632 bytes	MD5: 0xDF74F20D71FA8B163258D9A1421AEE2B SHA-1: 0x3609DCBA743F2E1050A358224109732E0ED6AC64	(not available)
41	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_fa.dll	26,096 bytes	MD5: 0xC8B1FCEFBB65CA0940A949713DD73A4C SHA-1: 0x6AE64E57FD5D85A54FFBA0EE9A1648740848DB3F	(not available)
42	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_fi.dll	27,632 bytes	MD5: 0x8883BA20C9A6195546D22843B86C4422 SHA-1: 0x6ADD22E529943AA20081C3384126D68F336AE897	(not available)
43	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_fil.dll	29,168 bytes	MD5: 0x42A043E07A337B6AA26FB780AC2DD237 SHA-1: 0xF813CF4BF67AAE334C0DA77BA0140C03CB0F1D37	(not available)
44	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_fr.dll	29,168 bytes	MD5: 0x637C122614C52E5033CDAFF6A25C565E SHA-1: 0xE08817E54C38319CE56CACF1A4D60A0C96486126	(not available)
45	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_gu.dll	27,632 bytes	MD5: 0x6193F819D6AEEA7704F0027B4E653E05 SHA-1: 0x278EEDB49BC35B5B3B40DBF95CA54EBB131C3533	(not available)
46	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_hi.dll	27,632 bytes	MD5: 0xDC749E295E30224C26C47F1846B3F8A4 SHA-1: 0xC855CC47786D4717B4567C2554D266A5FEDC8D3C	(not available)
47	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_hr.dll	28,144 bytes	MD5: 0xEA686CF175F4D5805FB4AD2E57CDA98D SHA-1: 0x29A558AC5E61B409FEE4B8D0A1291E9F8C10856C	(not available)
48	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_hu.dll	28,656 bytes	MD5: 0x2EF909CD751C8473EC5C9FFE37974B4C SHA-1: 0x8538EF6896650FEB9DE3C6D64EF9CF3626EF85B3	(not available)
49	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_id.dll	27,120 bytes	MD5: 0x04A67B0E04FBF77F89D1EDBFCD21EF47 SHA-1: 0x8D0DA32D1D53FDA3CC9612C4F7F71C322F3AA9DE	(not available)
50	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_is.dll	27,120 bytes	MD5: 0xE6A3CBF8ADA45A539719C977994510E6 SHA-1: 0x347978762D72F15D24C838F82FD6E5444F7C984E	(not available)
51	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_it.dll	28,656 bytes	MD5: 0xDDDFEA335F4B4E28C3BF85ECEEFECF79 SHA-1: 0x51B3C2FE27D3E3E90839FEAA522323AFDB1E6743	(not available)
52	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_iw.dll	25,072 bytes	MD5: 0x8139CB8D74D8EF7F7A2854FBE3C0AF76 SHA-1: 0x8FA61A270D4BA26BA0A63BF1C2EE910270EC7C32	(not available)
53	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ja.dll	23,536 bytes	MD5: 0x14285F1B95D593E85DF89CFA44D65806 SHA-1: 0xFB794D4C987CD0CFFA520A0724FB377BBC9DEAA7	(not available)
54	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_kn.dll	27,120 bytes	MD5: 0xFDB8B6A20067B0FA45487AD5E36C7402 SHA-1: 0x829A7F207CADD98C884AC89BD9DDCA749FAA6F92	(not available)
55	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ko.dll	23,024 bytes	MD5: 0xF25FB0F9A824D08D0F567ABA1478E7F8 SHA-1: 0x7AFA0E4E6B84606003C0FCA64C5593D946319948	(not available)
56	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_lt.dll	27,120 bytes	MD5: 0xADF35D7960FAC520E7BAFD4B570C1CA2 SHA-1: 0x03299C51914F28C7BA863BD6951FC776EDEF7F72	(not available)
57	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_lv.dll	28,144 bytes	MD5: 0x64C36134E64BBFD3986C063C1D125192 SHA-1: 0x4DFC082366B5B5AF2EAA845DEA53618142D1EAD3	(not available)
58	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ml.dll	30,192 bytes	MD5: 0x29BBEF27EF3B90333DE012BEB52525C7 SHA-1: 0x9194B5FBC25D12753834E6A83142192909610852	(not available)
59	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_mr.dll	27,120 bytes	MD5: 0xE93DDA6814B50A51AB68392E75A3F0BB SHA-1: 0xD86FD9D7350DDA67D41EA68EE84737A65FEA9966	(not available)
60	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ms.dll	27,632 bytes	MD5: 0x7AC1FA6283695B80E5FAC196EE080FBC SHA-1: 0x397950D8A28AB86881BF9F5D7B3AEFEBC83E6BD7	(not available)
61	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_nl.dll	28,656 bytes	MD5: 0xEE9F379E11E3C51A972841A41C4C6D01 SHA-1: 0x9A7867D42E6024C7F4814C0260991584242222A4	(not available)
62	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_no.dll	28,144 bytes	MD5: 0xAD792161B42FD01862AFEA8FC1D0190A SHA-1: 0x96EF2B78AB89EDC6CDF0C323A52854FC96B58D11	(not available)
63	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_or.dll	28,144 bytes	MD5: 0x6312EE635F4D08C9100078A18F8D5FCA SHA-1: 0x4D1F66493A1FD48C5BEE2F2875520476B1B15697	(not available)
64	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_pl.dll	28,656 bytes	MD5: 0x102CDE57D0B43BC89F1778E8DBFB9683 SHA-1: 0xDE8D64E625DB2E03479AE902769E8924E608945F	(not available)
65	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_pt-BR.dll	28,144 bytes	MD5: 0xB596772B683712E1B2CD23C629F759F6 SHA-1: 0xF0115509AD9D532C83F219B156B2F537CF890719	(not available)
66	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_pt-PT.dll	28,144 bytes	MD5: 0x2B43F94BD95FCC71C5BC018378FAA9B6 SHA-1: 0x8B345AD4730C17610743AF5E9B17CF006C44D901	(not available)
67	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ro.dll	28,656 bytes	MD5: 0xE789E9A6B1F898D440DAC21933058367 SHA-1: 0x8715AE49CAA0920B7BE041F9E57FB3556338CDB5	(not available)
68	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ru.dll	27,120 bytes	MD5: 0x334C0EFFA5DD4B51F61147ADD0D18AC8 SHA-1: 0x6EBB21E96566FD8D00BCD7841635A96C2E8A4C5C	(not available)
69	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_sk.dll	28,144 bytes	MD5: 0xE4F03035C193319CCA05B6D8C8FA22EF SHA-1: 0xD8CD52A774F6239A6BD41D35917E4689E0498F94	(not available)
70	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_sl.dll	28,144 bytes	MD5: 0x3C8650B6A006884D7B886C4772A4594D SHA-1: 0x677452614D7F8D81C57423A0DBD8DEDE35305FAF	(not available)
71	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_sr.dll	28,144 bytes	MD5: 0x3097E837ADB586E9C17066225F11B550 SHA-1: 0x8ADCC3BA1C71E49E831C392EFBBED99F85E157E3	(not available)
72	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_sv.dll	27,120 bytes	MD5: 0x342A70A8C94ACBEEADFBE963A6BDD8DA SHA-1: 0x55317878B83CCF478DE8674ACE07313790754D8E	(not available)
73	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ta.dll	28,656 bytes	MD5: 0xDC98F5B90E964773382B3DCCFC3B6934 SHA-1: 0xEAADC5DC0D9AF59948508A53E0383C654FB53588	(not available)
74	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_te.dll	28,144 bytes	MD5: 0x2C47A4DFB694FCDC3DC2AA91964475B7 SHA-1: 0x9CFFB2043E293AE23BD1A6DAF5FA35FF375DE22A	(not available)
75	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_th.dll	26,608 bytes	MD5: 0x02104AD05D6BB2F75C25A6B8460E22B3 SHA-1: 0x41CD7C233CC7E034737B2607FA66547A5F8AE406	(not available)
76	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_tr.dll	28,144 bytes	MD5: 0x9A9DE57F6B7EB431B541CE4282813790 SHA-1: 0xFA8B86EA37864F89B25062A2F561E14AD4E0264A	(not available)
77	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_uk.dll	27,632 bytes	MD5: 0xC1DED2D70D8D53741FBFC873B9D2F3A1 SHA-1: 0xAF39828D9C26B59184245FEB96C3F040E4E6B5D6	(not available)
78	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ur.dll	27,632 bytes	MD5: 0x1F97E0BA8E78A15CABC9626E59A29B8B SHA-1: 0xF25CA3F7133D011318B3EE01928A774C9A2EF436	(not available)
79	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_vi.dll	27,120 bytes	MD5: 0xE45C0002C259BEBD2CCBCCE57D135430 SHA-1: 0x357086986E43D4B9951A922C29C15CC612E404EE	(not available)
80	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_zh-CN.dll	20,976 bytes	MD5: 0xFDB7CFA71118E106847E5A1468C97CE4 SHA-1: 0xFCE61BE42F6C54A18921353039716CAA5D4862CC	(not available)
81	%ProgramFiles%\Google\Update\1.2.183.13\goopdateres_zh-TW.dll	20,976 bytes	MD5: 0x038FEE0D9ABCF82A2246D4EB4C0D26F2 SHA-1: 0x0471257CD92CFDEB452BBD812BF607169513DE1F	(not available)
82	%ProgramFiles%\Google\Update\1.2.183.13\npGoogleOneClick8.dll	220,144 bytes	MD5: 0xC0D98B4F630BECAE3AA5C831C4E51993 SHA-1: 0x16A2466ABCCEE51B5F3D9BC82D17DABCBF0A4B3E	(not available)
83	%ProgramFiles%\My application\uninst.exe	46,554 bytes	MD5: 0x8F6958AD07AF223C4818B741472C6622 SHA-1: 0x2C4193060A9FCAAF8686418B80D90C140B77E243	(not available)
84	%Windir%\Installer\1d1b5.msi	24,064 bytes	MD5: 0x6DC678E0BCC35249389153344C7C376E SHA-1: 0x016A8557239CDA63F9F31B0B4D139C6DB91F38A1	(not available)
85	%Windir%\Installer\1d1b9.msi	22,528 bytes	MD5: 0xA961B0A364B6A09F0A51530A8409BFD2 SHA-1: 0x4F858431962C0517339E7A9AF038D26347A39CD5	(not available)
86	%System%\ASBarBroker.exe	126,976 bytes	MD5: 0x4811122162EADBE29DA935C8120D984E SHA-1: 0xF03E5D043FF80AEBA892EB5CE6A3C7B7E9AEE41D	(not available)
87	%System%\doyo1Addr.dll	1,184,176 bytes	MD5: 0x57D9F8B6E595EF4A02D8630C53FDDCC3 SHA-1: 0x523DEDD35613DC3221657876A3F5248E38E2A842	(not available)
88	%System%\gmac.exe	1,864,704 bytes	MD5: 0x82852B57F48CAB9F08B5BAFAC6519C60 SHA-1: 0xFA934B82F7D27418AB489F1C99E237175026C9A4	(not available)
89	%System%\GoogleToolbarInstaller_download_signed.exe	216,176 bytes	MD5: 0x334035B8CC8DAAE44A29FB729CCE4CC1 SHA-1: 0x980F9297282928524BA8BF68ECEA6CB1A0ED6CDF	packed with PE_Patch.PECompact [Kaspersky Lab]
90	[file and pathname of the sample #1]	1,715,861 bytes	MD5: 0x22607BDCABB2C34599BF4DB6BB957031 SHA-1: 0x801015F4FBC5EA3BDA110B1DFD7FAAE11F2A2243	(not available)
91	%Windir%\Tasks\GoogleUpdateTaskMachineCore.job	886 bytes	MD5: 0x46B012F92B313ECFA7041424DD42F152 SHA-1: 0x1D1C04F4705796CE9948FF75633B275159398B4F	(not available)
92	%Windir%\Tasks\GoogleUpdateTaskMachineUA.job	890 bytes	MD5: 0xF1B9CC7E80BB9967045015F06F62EE12 SHA-1: 0xB506FC818E871E99473CC29AD81FF5F255AF5EF8	(not available)

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directories were created:

%CommonAppData%\Google
%CommonAppData%\Google\Custom Buttons
%CommonAppData%\Google\Google Toolbar
%CommonAppData%\Google\Google Toolbar\Component
%CommonAppData%\Microsoft\Network\Downloader
%Profiles%\LocalService\Local Settings\Application Data\Google
%Profiles%\LocalService\Local Settings\Application Data\Google\Update
%Profiles%\LocalService\Local Settings\Application Data\Google\Update\Manifest
%Profiles%\LocalService\Local Settings\Application Data\Google\Update\Manifest\Initial
%AppData%\doyo1Addr
%AppData%\Google
%AppData%\Google\CrashReports
%Temp%\eInspect1
%Temp%\Google Toolbar
%ProgramFiles%\Baidu
%ProgramFiles%\Google
%ProgramFiles%\Google\Common
%ProgramFiles%\Google\Common\Google Updater
%ProgramFiles%\Google\CrashReports
%ProgramFiles%\Google\Google Toolbar
%ProgramFiles%\Google\Google Toolbar\Component
%ProgramFiles%\Google\GoogleToolbarNotifier
%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820
%ProgramFiles%\Google\Update
%ProgramFiles%\Google\Update\1.2.183.13
%ProgramFiles%\My application

Notes:

%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
GoogleToolbarManager_E85CDE7661A53A6A.exe	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe	1,089,536 bytes

There were new services created in the system:

Service Name	Display Name	Status	Service Filename
gusvc	Google Software Updater	"Stopped"	"%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe"
gupdate	Google Update Service (gupdate)	"Stopped"	"%ProgramFiles%\Google\Update\GoogleUpdate.exe" /svc

The following system services were modified:

Service Name	Display Name	New Status	Service Filename
BITS	Background Intelligent Transfer Service	"Running"	%System%\svchost.exe -k netsvcs
MSIServer	Windows Installer	"Running"	%System%\msiexec.exe /V

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ASBarBroker.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdaterService.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ProtectorExe.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\protector_dll.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\18555481990E8AB4CBB63FB4F26006C0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Media

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ASBarBroker.EXE]

AppID = "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe]

AppID = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdaterService.exe]

AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ProtectorExe.EXE]

AppID = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\protector_dll.DLL]

AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}]

(Default) = "ASBarBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]

(Default) = "gusvc"
LocalService = "gusvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]

(Default) = "protector_dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]

(Default) = "ProtectorExe"
RunAs = "Interactive User"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]

(Default) = "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itsel
LocalService = "gupdate"
ServiceParameters = "/comsvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}]

(Default) = "Google Script Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\VersionIndependentProgID]

(Default) = "AddressSearch.JsObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\TypeLib]

(Default) = "{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\Programmable]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\ProgID]

(Default) = "AddressSearch.JsObject.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}\InprocServer32]

(Default) = "%System%\doyo1Addr.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}]

(Default) = "JsObject Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]

(Default) = "Google Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]

(Default) = "%ProgramFiles%\Google\Update\1.2.183.13\goopdate.dll"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}]

(Default) = "PSFactoryBuffer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}]

(Default) = "Google Side Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}\ProgID]

(Default) = "Google.OneClickCtrl.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Update\1.2.183.13\npGoogleOneClick8.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33B16641-F94B-4CD0-8D2B-0633B2C35790}]

(Default) = "Google Update Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]

(Default) = "protector_dll.Protector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]

(Default) = "protector_dll.Protector.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]

(Default) = "Protector Class"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]

(Default) = "GoogleUpdate.OnDemandCOMClassMachine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\TypeLib]

(Default) = "{7E6CD20B-8688-4960-96D9-B979471577B8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]

(Default) = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Update\GoogleUpdate.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]

Enabled = 0x00000001
IconReference = "@%ProgramFiles%\Google\Update\1.2.183.13\goopdate.dll,-1004"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]

(Default) = "GoogleUpdate.OnDemandCOMClass"
LocalizedString = "@%ProgramFiles%\Google\Update\1.2.183.13\goopdate.dll,-3000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\VersionIndependentProgID]

(Default) = "7956A63A-3FBC-8F70-3578-1A34BEDD5422.Addr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\TypeLib]

(Default) = "{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\Programmable]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\ProgID]

(Default) = "7956A63A-3FBC-8F70-3578-1A34BEDD5422.Addr.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}\InprocServer32]

(Default) = "%System%\doyo1Addr.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7956A63A-3FBC-8F70-3578-1A34BEDD5422}]

(Default) = "7956A63A-3FBC-8F70-3578-1A34BEDD5422 Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]

(Default) = "protector_dll.ProtectorLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]

(Default) = "protector_dll.ProtectorLib.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]

(Default) = "ProtectorLib Class"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]

(Default) = "GUServiceCtl.SilentUpdater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]

(Default) = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]

(Default) = "GUServiceCtl.SilentUpdater.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]

(Default) = "Google Silent Updater class"
AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\VersionIndependentProgID]

(Default) = "ASBarBroker.BDBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\TypeLib]

(Default) = "{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\ProgID]

(Default) = "ASBarBroker.BDBroker.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}\LocalServer32]

(Default) = ""%System%\ASBarBroker.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}]

(Default) = "BDBroker Class"
AppID = "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

(Default) = "Google Toolbar Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]

(Default) = "GoogleUpdateProcessLauncher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\TypeLib]

(Default) = "{7E6CD20B-8688-4960-96D9-B979471577B8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]

(Default) = "GoogleUpdateProcessLauncher.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Update\GoogleUpdate.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]

(Default) = "Google Update Process Launcher Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]

(Default) = "protector_dll.ProtectorBho"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]

(Default) = "protector_dll.ProtectorBho.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

(Default) = "Google Toolbar Notifier BHO"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]

(Default) = "GUSchedulerCtl.UpdaterScheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]

(Default) = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]

(Default) = "GUSchedulerCtl.UpdaterScheduler.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]

(Default) = "Google Updater Scheduler class"
AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]

(Default) = "GoogleUpdate.CoreClass"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

Other details

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
114.112.178.4	80
123.125.114.102	80
199.7.48.190	80
199.7.52.190	80
208.117.249.149	80
208.117.249.206	80
208.117.249.79	80
208.117.249.84	80
208.117.249.8	80
208.117.254.226	80

The data identified by the following URLs was then requested from the remote web server:

http://count.namiuu.com/count.aspx?channel=13&mac=
http://open.baidu.com/app?module=beijingtime
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
http://crl.verisign.com/pca3.crl
http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
http://crl.verisign.com/ThawteTimestampingCA.crl
http://crl.verisign.com/tss-ca.crl
http://tc.v19.cache2.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll.lz?redirect_counter=1
http://tc.v23.cache8.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarUser_32_7397BBD21492BAA9.exe.lz?redirect_counter=1
http://tc.v8.cache7.c.pack.google.com/edgedl/toolbar/components/GoogleToolbar_32_788D2431A6FFBD5A.dll.lz?redirect_counter=1
http://tc.v14.cache7.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarManager_E85CDE7661A53A6A.exe.lz?redirect_counter=1
http://tc.v11.cache6.c.pack.google.com/edgedl/toolbar/components/GoogleUpdateSetup_0002B5AEB6C5B612.exe.lz?redirect_counter=1
http://tc.v7.cache7.c.pack.google.com/edgedl/toolbar/components/GoogleUpdaterService_5898FABCFA121C11.exe.lz?redirect_counter=1
http://tc.v5.cache3.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_32_78F32466E61F1EEC.dll.lz?redirect_counter=1
http://tc.v6.cache4.c.pack.google.com/edgedl/toolbar/components/SearchWithGoogleUpdate_60BF91FC421232D7.exe.lz?redirect_counter=1
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarManager_E85CDE7661A53A6A.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarUser_32_7397BBD21492BAA9.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleUpdaterService_5898FABCFA121C11.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleUpdateSetup_0002B5AEB6C5B612.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/SearchWithGoogleUpdate_60BF91FC421232D7.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbar_32_788D2431A6FFBD5A.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_32_78F32466E61F1EEC.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll.lz
http://www.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=5.1.2600&hl=en&ie=6.0.2900.2180&ds=0&pds=0&su=0&hpi=-1&brand=CPUZ&pa=0&cl=1&tbv=&id=e0b3ddcd6e134f0097d1f4d6530c2b7c261f240a2f&from=&to=5.5.4723.1820
http://tools.google.com/service/update2
http://clients1.google.com/tools/pso/ping?as=tbin&mode=3&sin=1&ein=0&version=6.4.1321.1732&brand=CPUZ&hl=en&tbiv=6.3.1106.427&time=1310389420&fitime=1310389420&browser=6.0.2900.2180&osver=5.1&ossp=2.0&osarch=32&ext=EXE&id=1D155CE8A732399C64232A1B889F10FE1FE2AoORWJ
http://dl.google.com/toolbar/components/Toolbar.6.3.manifest.xml.lz?zx=j-Ehs
http://dl.google.com/toolbar/components/toolbar.manifest.64.legacy.xml.lz

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.