ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 5 October 2011, 19:45:37
Processing time: 8 min 26 sec
Submitted sample:

File MD5: 0xF227C340FED1251FA5810360D979E11F
File SHA-1: 0xB45806F85A8EFA8AA923A09B28B26EE1FCFD97BA
Filesize: 3,447,576 bytes

Summary of the findings:

What's been found	Severity Level
Attempts to use BITS (Background Intelligent Transfer Service). Some threats are known to use BITS to evade firewall filtering and download files without firewall inspection.
Produces outbound traffic.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML	12,722 bytes	MD5: 0xE295A82CD8133FD5698DAC49745518B8 SHA-1: 0x023A7FAC7C18D6D2CF00779A7AB3708194BFA51F	(not available)
2	%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat	4,232 bytes	MD5: 0x7F7E64B34A95E7349473926EB94D175B SHA-1: 0x42B16A17A92BD7E29F06263789D20656F7002441	(not available)
3	%CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat	5,578 bytes	MD5: 0xF4800D160FA2FFE2012C64E51196304B SHA-1: 0xA9DD47555DD337BDC339B5C83E4EE45767027505	(not available)
4	%CommonDesktopDir%\CCleaner.lnk	682 bytes	MD5: 0x200CF229B426C117DAC731205B58EFF5 SHA-1: 0xD3544C3BCD828D2CD9A29C23A452344CA684DC11	(not available)
5	%CommonPrograms%\CCleaner\CCleaner Homepage.url	82 bytes	MD5: 0x20AAC90EEFD7FCF37027FDE1FCF35214 SHA-1: 0x5161CC36B8E0FBE826EF12F536308CC26E5727B6	(not available)
6	%CommonPrograms%\CCleaner\CCleaner.lnk	694 bytes	MD5: 0x84B0FF3600009358FCF9CC6077713550 SHA-1: 0xA49618F1969A4F837D70ACC376FF3C82DC30D4F6	(not available)
7	%CommonPrograms%\CCleaner\Uninstall CCleaner.lnk	507 bytes	MD5: 0x7C8C5285422B865A5C90FB9BD08D6279 SHA-1: 0xC5421D91958DE7760A75CF8B58B64BE6B42F56D4	(not available)
8	%AppData%\Google\Toolbar Cache\7.1.2003.1856\en\annotaions_whitelist.json.content	370 bytes	MD5: 0x4328FC1E15545EB8267CEB6058F35373 SHA-1: 0x8E47D8DCF15D34C5B5A1FCB0C0F2D8E968470549	(not available)
9	%AppData%\Google\Toolbar Cache\7.1.2003.1856\en\translate_element.js.content	2,381 bytes	MD5: 0x3E0FBA39B1BCD8B674CDC1D04CF77B35 SHA-1: 0x7C5682BEB9EF6910C1D9FFEBB7787F2CAF8727EB	(not available)
10	%AppData%\Google\Toolbar Cache\7.1.2003.1856\en\translate_languages.json.content	1,457 bytes	MD5: 0x6DD23D80D42FABD9D39CDC4CA8204543 SHA-1: 0xDD95D703C2B21C3BCFFC369CFAFEE6F66F6163E3	(not available)
11	%AppData%\Google\Toolbar DNS data\data	194 bytes	MD5: 0x79A6AD4009EFAFB1666F944DB2BFF7A6 SHA-1: 0x3B362A441D43F27D881EA1B82768C5A4DCD98338	(not available)
12	%Temp%\GoogleToolbarInstaller1.log	7,961 bytes	MD5: 0xD86949F292BAFA52D284D10E79DEF512 SHA-1: 0xA582A81831A5BB9611A927C11B2A1A9BA9B739A4	(not available)
13	%Temp%\GoogleToolbarInstaller2.log	7,665 bytes	MD5: 0x11FC89232184EE8EEB48A9DB27658A06 SHA-1: 0x80258DBF49EE7793E655842DE8E1C36699451255	(not available)
14	%Temp%\GoogleToolbarInstaller_stub_signed.exe	235,184 bytes	MD5: 0x39D998E29DC9277C8762070901E69A32 SHA-1: 0xEBD09F3EC33B4E56EBC3ECCC0107689D4C5A2BCA	packed with PE_Patch.PECompact [Kaspersky Lab]
15	%Temp%\nsl3.tmp\ExecDos.dll	5,632 bytes	MD5: 0xA7CD6206240484C8436C66AFB12BDFBF SHA-1: 0x0BB3E24A7EB0A9E5A8EAE06B1C6E7551A7EC9919	(not available)
16	%ProgramFiles%\CCleaner\CCleaner.exe	2,585,408 bytes	MD5: 0x59161195EA070A0BB8A85B5B99D8F643 SHA-1: 0x03C19E34303B7FAFD756FC664557C508695FCC5A	(not available)
17	%ProgramFiles%\CCleaner\Lang\lang-1025.dll	26,624 bytes	MD5: 0x7D58119D423B6EE20CBD7C90F5E0A1BB SHA-1: 0x19F1A753CE7FFC0077F78575C42B42EA4729A5E1	(not available)
18	%ProgramFiles%\CCleaner\Lang\lang-1026.dll	32,768 bytes	MD5: 0x992E3A6ECFE8598EEC95BA73FEF2B667 SHA-1: 0xC0301359EADB1B66EA5238BB3D2ECF14F40AA6ED	(not available)
19	%ProgramFiles%\CCleaner\Lang\lang-1027.dll	33,792 bytes	MD5: 0x11736132BEC8BF5EC1C7CE4B83CB3A8A SHA-1: 0x6E5A82B8A34D0AA81B6C5164901B5F8E83AFF182	(not available)
20	%ProgramFiles%\CCleaner\Lang\lang-1028.dll	15,872 bytes	MD5: 0x4C37CC47D056F47D90A6B0EF357A05D0 SHA-1: 0x28D2D25EEA61D4236DBFD12A2232E71F8F3FAB62	(not available)
21	%ProgramFiles%\CCleaner\Lang\lang-1029.dll	28,160 bytes	MD5: 0x6F76C366185ED0859229FE8572788D33 SHA-1: 0x59007E1026320FB72832E1405AB79C2B6BC60C0D	(not available)
22	%ProgramFiles%\CCleaner\Lang\lang-1030.dll	30,208 bytes	MD5: 0xA401CAE1FD963FBC4F5DC3F70C548DF1 SHA-1: 0x695D3C05C858E0F3CC4D5CAC2587AD2D5916B903	(not available)
23	%ProgramFiles%\CCleaner\Lang\lang-1031.dll	30,208 bytes	MD5: 0x6F2A05694031DCC1262E08BAD94ECFED SHA-1: 0x378D33813E3122D8784BD07F359A578E1F975E32	(not available)
24	%ProgramFiles%\CCleaner\Lang\lang-1032.dll	35,328 bytes	MD5: 0xC066F0CA161C1C29B6BAEC1C066BD574 SHA-1: 0x647C664576499D052E338BA28DACE2A7DCA8E14C	(not available)
25	%ProgramFiles%\CCleaner\Lang\lang-1034.dll	33,792 bytes	MD5: 0x42F717581C6868CD41710F9CAA03F397 SHA-1: 0x9E18CF547F1DB6187C270AF754AF18BCB3DCD9A3	(not available)
26	%ProgramFiles%\CCleaner\Lang\lang-1035.dll	31,232 bytes	MD5: 0x1924EC500ACA5D98BD0DD414459AEA66 SHA-1: 0x0AE1D09E49B04822C3F917238FF2923D867EB51E	(not available)
27	%ProgramFiles%\CCleaner\Lang\lang-1036.dll	34,816 bytes	MD5: 0xB0B79A6AA71B8C8456345A31092343BC SHA-1: 0x712BCB3F7A10B1311E96C2A9C73C4CA3A878D5BE	(not available)
28	%ProgramFiles%\CCleaner\Lang\lang-1037.dll	25,600 bytes	MD5: 0xE3F31C342E903CBBB8120B679C559A72 SHA-1: 0xCADF000F54985160242B4238C6E99F97ABBCC68C	(not available)
29	%ProgramFiles%\CCleaner\Lang\lang-1038.dll	31,744 bytes	MD5: 0x2F3F183E812C92F4BCA85BB608045AFF SHA-1: 0x5A30235FC877D0F40F248DC726020ED1480F9EE9	(not available)
30	%ProgramFiles%\CCleaner\Lang\lang-1040.dll	32,256 bytes	MD5: 0x59EF5D125C27228F606BFDB64A7090C3 SHA-1: 0x4B3DB8915FF98B96FAC3EB9DF3E9832304B93CB5	(not available)
31	%ProgramFiles%\CCleaner\Lang\lang-1041.dll	19,456 bytes	MD5: 0x4816003CCFBF7F8F432219A3F0175DB9 SHA-1: 0x46531363D97D49A9687BDF9D10F01D03622053B3	(not available)
32	%ProgramFiles%\CCleaner\Lang\lang-1042.dll	20,992 bytes	MD5: 0x9103363E1666D678D5E421BA01DE5DDB SHA-1: 0xF00E99873A58B87DBDBB5880B0466C6ACAD08E38	(not available)
33	%ProgramFiles%\CCleaner\Lang\lang-1043.dll	33,792 bytes	MD5: 0xF62A483A733C97ACEFB48589440183F2 SHA-1: 0x6BFBE1F7A1ECC9363D07F419B5A763D6A3DAE9DE	(not available)
34	%ProgramFiles%\CCleaner\Lang\lang-1044.dll	29,184 bytes	MD5: 0x59BF5E7C8493095C829517A0F6CA253D SHA-1: 0x130CC09A9978D8CDAB5EAE122289A0A2FAB32D71	(not available)
35	%ProgramFiles%\CCleaner\Lang\lang-1045.dll	31,232 bytes	MD5: 0x824424D6862318B85C71A735225C4A70 SHA-1: 0x5E46058A210BFD0BECCBEBAF3FE5C0C0BC8FECAD	(not available)
36	%ProgramFiles%\CCleaner\Lang\lang-1046.dll	33,792 bytes	MD5: 0xAA167528B5C72A06D96D913FEF87539B SHA-1: 0x3AB3C062B59B4B638B55AA5B5F44B2D8C22E9D0E	(not available)
37	%ProgramFiles%\CCleaner\Lang\lang-1048.dll	29,696 bytes	MD5: 0x9693A6585896337C43D1262119025DF0 SHA-1: 0xF1CE69C3B0257D48E7F95DC9D2F2F3D45F704A66	(not available)
38	%ProgramFiles%\CCleaner\Lang\lang-1049.dll	28,672 bytes	MD5: 0x724D185FDE7CB956E8D87C26FA765080 SHA-1: 0xC1A1729CE72FC8AEDAA111DE63E0D16BD165625B	(not available)
39	%ProgramFiles%\CCleaner\Lang\lang-1050.dll	29,184 bytes	MD5: 0x7BDBF5FC012CE8264EE741A976514EBF SHA-1: 0x384010F5EF85CA5138B498A5EBCE6DB39CA017B6	(not available)
40	%ProgramFiles%\CCleaner\Lang\lang-1051.dll	28,672 bytes	MD5: 0x4BF305813CB34FA61DD0EFDF31F2B5B2 SHA-1: 0x1C6D7F32913B58040137BA9D5F893C9B18AAE7CD	(not available)
41	%ProgramFiles%\CCleaner\Lang\lang-1052.dll	30,208 bytes	MD5: 0x1619425F676DE82A26A54B4A559EF95D SHA-1: 0xEE27E81E79930A72E20E2F8A0D2B11263747CB27	(not available)
42	%ProgramFiles%\CCleaner\Lang\lang-1053.dll	30,720 bytes	MD5: 0x95F840C612A7B817502A040FBA39AFFB SHA-1: 0x3A63249086E7DE7F5D70AEEFEDB3DC3E35D52646	(not available)
43	%ProgramFiles%\CCleaner\Lang\lang-1055.dll	29,184 bytes	MD5: 0x53826C0DB1D6E30F343D9C35D121D9FD SHA-1: 0x119066519DA544A0C9031B2C82349284B85C3466	(not available)
44	%ProgramFiles%\CCleaner\Lang\lang-1058.dll	29,696 bytes	MD5: 0xB76E321CD705BBB5CA7258E9DE50525D SHA-1: 0xBD1B9A21EC5F0BA86580B2F296D3C99202CFF26E	(not available)
45	%ProgramFiles%\CCleaner\Lang\lang-1059.dll	31,232 bytes	MD5: 0x5D75160743E2C55126A2A725EBC78CB5 SHA-1: 0x4D4E15C421E79E160270B5F6DBA5EDA9AB605305	(not available)
46	%ProgramFiles%\CCleaner\Lang\lang-1060.dll	31,232 bytes	MD5: 0x70D9B5ACAB3DFF44F83C978C3AB25393 SHA-1: 0x3791A5E7156BDABEC44F3EAF5E5245CD09EBE159	(not available)
47	%ProgramFiles%\CCleaner\Lang\lang-1061.dll	29,696 bytes	MD5: 0x621CCAE5F4747817A503EC8D7FC9B263 SHA-1: 0x8D2860A82D2C53FA24DE5D669F0838E8405733F7	(not available)
48	%ProgramFiles%\CCleaner\Lang\lang-1063.dll	30,208 bytes	MD5: 0xA327BBFBC67C6897A64358678F2DCE16 SHA-1: 0xC89502165C906F69672B8292B19E6366038B4C95	(not available)
49	%ProgramFiles%\CCleaner\Lang\lang-1065.dll	29,696 bytes	MD5: 0x80091A0667F882EB3F3D599A1187FE21 SHA-1: 0x138C88DBAB795E3487565A7B60E36B3771E96FD3	(not available)
50	%ProgramFiles%\CCleaner\Lang\lang-1066.dll	28,672 bytes	MD5: 0x57A7EDB77FC2C599ABA8C90A99BEB2F6 SHA-1: 0xAEA217969286F801202C85E99C84F653F6E2C0F0	(not available)
51	%ProgramFiles%\CCleaner\Lang\lang-1067.dll	27,648 bytes	MD5: 0xB9F41B991A9F6BBC4EADE9ACEB330DE3 SHA-1: 0xAE57730494D75C43228C0131C015293948E49B90	(not available)
52	%ProgramFiles%\CCleaner\Lang\lang-1068.dll	29,184 bytes	MD5: 0x5D3EDFC6A2AA448C16025DC8040514D9 SHA-1: 0x94B919977A5DFEC4275C8A33272AECBF63D06B26	(not available)
53	%ProgramFiles%\CCleaner\Lang\lang-1071.dll	30,208 bytes	MD5: 0xAF2BB7D5E30DAC2BABFE6D0D45451654 SHA-1: 0xD5D4681006824DBE088441554DDED63538E5F27D	(not available)
54	%ProgramFiles%\CCleaner\Lang\lang-1079.dll	31,232 bytes	MD5: 0x15A4F172F9AD6E5D9F6DFFD9506AA05A SHA-1: 0xA05DDA411DD5C5CCDCECF1BA4C6C31E6C8A17A01	(not available)
55	%ProgramFiles%\CCleaner\Lang\lang-1087.dll	27,136 bytes	MD5: 0x6117C1C048AA185BCCD1B3FB5512E2B1 SHA-1: 0xB8DFDED0AD558CC62AB39E21EBDD77A06BCC08EC	(not available)
56	%ProgramFiles%\CCleaner\Lang\lang-1110.dll	29,184 bytes	MD5: 0xD63D0EF969ED5E4DB54892FA35F21155 SHA-1: 0xE2411B0657481E37F5CB76C4C2B1BD21E8C72C78	(not available)
57	%ProgramFiles%\CCleaner\Lang\lang-2052.dll	15,360 bytes	MD5: 0xEF8489CFA5A809DB2587D9E4599ED242 SHA-1: 0x9FCFF277DDD7E7F1F3E19E2A71CD64C44335755F	(not available)
58	%ProgramFiles%\CCleaner\Lang\lang-2070.dll	33,792 bytes	MD5: 0x5724EFEE2051D82FE838196D5ABB110B SHA-1: 0xDC9B97BDCF850A6DA51BC1914DB463DD0FBF7075	(not available)
59	%ProgramFiles%\CCleaner\Lang\lang-2074.dll	29,184 bytes	MD5: 0xD88804A5155066F64C28C891FBD9C7DB SHA-1: 0x224CA103D5F55125AFB6F28E7DDC85D981623629	(not available)
60	%ProgramFiles%\CCleaner\Lang\lang-3098.dll	29,184 bytes	MD5: 0xE623F2DF6291EF3B49095409E7D06655 SHA-1: 0xC95B2F885A09B22866F45E149A923B7CD523B47E	(not available)
61	%ProgramFiles%\CCleaner\Lang\lang-5146.dll	29,696 bytes	MD5: 0x803687EC26CBAC1EA21392ECFE30A526 SHA-1: 0xD8F6DA1C88AC2AA3B6459BABC4320BAF522BCE8F	(not available)
62	%ProgramFiles%\CCleaner\Lang\lang-9999.dll	33,792 bytes	MD5: 0xB8078839F3E7E38D6150B54DDDF62E2A SHA-1: 0xE888BB69D00779B3C102B5665DECC4FAE1FE6981	(not available)
63	%ProgramFiles%\CCleaner\uninst.exe	129,824 bytes	MD5: 0x6D7CC83AE9C5F23E257B043C3F7FD40D SHA-1: 0x9CAEEA76509C010CDD08342D848B3E0D9123C0AF	(not available)
64	%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe	182,768 bytes	MD5: 0xCC839E8D766CC31A7710C9F38CF3E375 SHA-1: 0xA20FE767AE667638FC2ED43563BD436542CA7AD4	(not available)
65	%ProgramFiles%\Google\Google Toolbar\Component\GoogleCld_26623DE26D4DBD2D.dll	1,206,960 bytes	MD5: 0x9BEC7039F799C8CD3C1D678A40A7697E SHA-1: 0xB4C75823F58BD5538D012CEE6C196FA31849E282	(not available)
66	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar.7.1.2003.1856.manifest.xml	16,985 bytes	MD5: 0x6FD6866088A56C2C31417542B7AB8FFF SHA-1: 0x9D68E64D286553EC0A691623CED418649E0075E6	(not available)
67	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_180E402F04DFD0EC.dll	3,075,760 bytes	MD5: 0xC3AE580C6383E40E738D2F9ECBDC6EC0 SHA-1: 0xB1E9A9CEEE7D9B4B7B316F1C91D1AACB31C0358B	(not available)
68	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll	2,010,288 bytes	MD5: 0xE0929D3026599B26C0C2478B5E0E5329 SHA-1: 0xE5D7898A65A9AD9F9CB92055F0D3A99CF419F338	(not available)
69	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_4E7D715D860E20E1.exe	1,053,872 bytes	MD5: 0x86F096ACF2C09CCB5400DEE3EBBEC5C6 SHA-1: 0x78047A989B30F975CC9B876A512C91C3F6A99FBC	(not available)
70	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_32_06C7E768E8862B48.exe %ProgramFiles%\Google\Google Toolbar\GoogleToolbarUser_32.exe	307,376 bytes	MD5: 0x745EE2C6FB0B43C9F00E017F5E5D7317 SHA-1: 0xEB9B884AA359EE227E0259CA85EA027B4D30903B	(not available)
71	%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_32_CD3C3B22F9378E38.dll %ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll	305,328 bytes	MD5: 0xC097DF5CD7DCB95E0D95644A993AC7EC SHA-1: 0x8C42D8E26254023213074FED8E014DEA5B19D581	(not available)
72	%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe	182,768 bytes	MD5: 0x1C50AB911B3524356D0C58D8D669F09E SHA-1: 0x8196BF79D278F064FEAA77F3353410273F8611E6	(not available)
73	%ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdateSetup_90698EA083D01143.exe	568,472 bytes	MD5: 0xF56DA260AB7EC4DBD6A53EAE39ADAD48 SHA-1: 0xA37B2570FDEFEE91D176CAEE8E3F9A8331CA1A58	(not available)
74	%ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_86D23231A3A85F4A.exe	1,706,552 bytes	MD5: 0xDD5781D97C729154744204FB9C54538B SHA-1: 0x9585322EB84A95B2345964DE81AC8BA4DCCE462F	(not available)
75	%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp	124,928 bytes	MD5: 0x0298318F7E5415CBE12C5DA6DB03F547 SHA-1: 0x7DB23EF135D119E82508C0FA0DB3EBAD8094AC3E	(not available)
76	%ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi	28,160 bytes	MD5: 0x8D256383291BF2427822EBCC321ED3A6 SHA-1: 0x67C4C3DB3F29032077D51CCDAFF41F8E8AB41CC3	(not available)
77	%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\gth.dll	49,208 bytes	MD5: 0x4570944C315CE87DFC2B4DF9BBEA2ACC SHA-1: 0xFF20E8EF055E286B90B9B7442F7389DBC27832AD	(not available)
78	%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll	150,072 bytes	MD5: 0x872E0242259F0CDDA05354DD1A5F3B89 SHA-1: 0x1CC95AF9FFCA5652BD5778E53040A04D75B9F7C8	(not available)
79	%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\Readme.url	99 bytes	MD5: 0x3BBE3AA864A204E86D14112FAC730406 SHA-1: 0x2A629810394F34C9214EDE4D5E3020DF60AB8F6F	(not available)
80	%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll	1,007,160 bytes	MD5: 0xA953E104137DF406B70477D60BC29008 SHA-1: 0xCF8E94F1A1F0E7EB47AD27ADBDDF74CD977A2A8A	(not available)
81	%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe	39,408 bytes	MD5: 0x5D61BE7DB55B026A5D61A3EED09D0EAD SHA-1: 0x215950CE5D40907B041346F22B4E404EE591581D	(not available)
82	%ProgramFiles%\Google\Update\1.2.183.39\GoogleCrashHandler.exe	134,808 bytes	MD5: 0x29C12F26C6075AB69C473E1B081F4651 SHA-1: 0x18BE7685423442EF845B04BB90B40A3C49C10E04	(not available)
83	%ProgramFiles%\Google\Update\1.2.183.39\GoogleUpdate.exe %ProgramFiles%\Google\Update\GoogleUpdate.exe	136,176 bytes	MD5: 0xF02A533F517EB38333CB12A9E8963773 SHA-1: 0x258810D71436C5157CD0752BD13CE1DE20F27EB2	(not available)
84	%ProgramFiles%\Google\Update\1.2.183.39\GoogleUpdateHelper.msi	25,088 bytes	MD5: 0x11204C4DB01E24B3D9E9DA0A46F5A098 SHA-1: 0x1A07E3CB7CC9DED5C2F04F4F78EEAABD6E61EDA9	(not available)
85	%ProgramFiles%\Google\Update\1.2.183.39\goopdate.dll	682,648 bytes	MD5: 0x68CA45DAF2A425E9719B3122EDDDB343 SHA-1: 0x774843F05C0EC5BA5CE0C0CEBC42C7CD4D2FFC88	(not available)
86	%ProgramFiles%\Google\Update\1.2.183.39\GoopdateBho.dll	137,880 bytes	MD5: 0x1ECF73DA7D3EE1CF9CE90B813B027BA2 SHA-1: 0xE7EE6F39E3E9484185C5E824BC04DC33E11775BB	(not available)
87	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_ar.dll	24,728 bytes	MD5: 0x8503C7D840F7E16CE2223FC049D0F453 SHA-1: 0x7FB7BE42087A71C19A53D2FAC76833AA8F7BE9CC	(not available)
88	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_bg.dll	28,312 bytes	MD5: 0x0BFB1C266786051BCBF299B29594BDA4 SHA-1: 0x205068CA09D7854EE4F31C9A924E704F18BA7AE8	(not available)
89	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_bn.dll	26,776 bytes	MD5: 0x409E948CD188CB7758A7F6A821C188D1 SHA-1: 0x0D527597129DC84C37418F81F852C73FD51A94ED	(not available)
90	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_ca.dll	27,800 bytes	MD5: 0x39DDF2DE1A9A87224C87021ECCBB8837 SHA-1: 0x37282DEB3789A66FFA903F9E37A3E902BB4CD713	(not available)
91	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_cs.dll	26,776 bytes	MD5: 0x9A9D96EDE39EE101C95F50D8525C3503 SHA-1: 0xBC65081CF43ECD02E6031E9A74BDD5B9CC9949F4	(not available)
92	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_da.dll	26,776 bytes	MD5: 0xB2EF2515B7D20B4B6A05D015F458C905 SHA-1: 0xE384BAD0C3A3F90FC2B2D195E6A48E8E97BD0462	(not available)
93	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_de.dll	28,312 bytes	MD5: 0x55CDE686A67AB5F124751D1E88A09CD8 SHA-1: 0x4B2A152EF469EFFD4AFEF12EBFE98EB8C9AFA52B	(not available)
94	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_el.dll	28,824 bytes	MD5: 0x1CB6E5C851CA5F7295EFF9BA5CA665FE SHA-1: 0xBA85B32A517DB2194A5471AD39294602C14209B3	(not available)
95	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_en-GB.dll	25,752 bytes	MD5: 0x4A9D487E4B9D311CCA104BB7F5DFFA78 SHA-1: 0xE60A20A8D3774CD50EA56D61087EEACA821C6D4E	(not available)
96	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_en.dll	25,752 bytes	MD5: 0x7DFCB052BF7C5B7BF1EB1817EEFD1041 SHA-1: 0x79533A5A063D0FD41A66DA719B3B7AB140075CAB	(not available)
97	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_es-419.dll	27,288 bytes	MD5: 0x2F8574E2165C218B80E558C6DE0CE014 SHA-1: 0xCF460E5DD49DCFBEC4BA844420DF3A5459EF2962	(not available)
98	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_es.dll	28,824 bytes	MD5: 0xAD54D3E443FA11E033CC55BF3E201CCE SHA-1: 0x5DCBE47A3339E67B5C8C0D8F0376487EB7BB6774	(not available)
99	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_et.dll	26,776 bytes	MD5: 0xF91718C1695C567BBC82D3BF5FCB1DE5 SHA-1: 0x5AB11515D383D9756CB4AF7D5BB7BCC72DC7453D	(not available)
100	%ProgramFiles%\Google\Update\1.2.183.39\goopdateres_fa.dll	25,240 bytes	MD5: 0x0114BBCC29105FB7A32A8FC44D102474 SHA-1: 0xDE64B55253A654F1F4AA2BEDEA64813EA23C1A7C	(not available)

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%AppData%\Google
%CommonAppData%\Google
%CommonAppData%\Google\Custom Buttons
%CommonAppData%\Google\Google Toolbar
%CommonAppData%\Google\Google Toolbar\Component
%CommonAppData%\Microsoft\Network\Downloader
%CommonPrograms%\CCleaner
%Profiles%\LocalService\Local Settings\Application Data\Google
%Profiles%\LocalService\Local Settings\Application Data\Google\Update
%Profiles%\LocalService\Local Settings\Application Data\Google\Update\Manifest
%Profiles%\LocalService\Local Settings\Application Data\Google\Update\Manifest\Initial
%AppData%\Google\CrashReports
%AppData%\Google\Custom Buttons
%AppData%\Google\Custom Buttons\Enterprise
%AppData%\Google\Toolbar
%AppData%\Google\Toolbar Cache
%AppData%\Google\Toolbar Cache\7.1.2003.1856
%AppData%\Google\Toolbar Cache\7.1.2003.1856\en
%AppData%\Google\Toolbar DNS data
%Temp%\Google Toolbar
%Temp%\nsl3.tmp
%ProgramFiles%\CCleaner
%ProgramFiles%\CCleaner\Lang
%ProgramFiles%\Google
%ProgramFiles%\Google\Common
%ProgramFiles%\Google\Common\Google Updater
%ProgramFiles%\Google\CrashReports
%ProgramFiles%\Google\Google Toolbar
%ProgramFiles%\Google\Google Toolbar\Component
%ProgramFiles%\Google\GoogleToolbarNotifier
%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642
%ProgramFiles%\Google\Update
%ProgramFiles%\Google\Update\1.2.183.39

Notes:

%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.

Memory Modifications

There were new services created in the system:

Service Name	Display Name	Status	Service Filename
gupdate	Google Update Service (gupdate)	"Stopped"	"%ProgramFiles%\Google\Update\GoogleUpdate.exe" /svc
gusvc	Google Software Updater	"Stopped"	"%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe"

The following system services were modified:

Service Name	Display Name	New Status	Service Filename
BITS	Background Intelligent Transfer Service	"Running"	%System%\svchost.exe -k netsvcs
MSIServer	Windows Installer	"Running"	%System%\msiexec.exe /V

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdaterService.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ProtectorExe.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\protector_dll.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\18555481990E8AB4CBB63FB4F26006C0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Media
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Media
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A9C08D73A738D4645A912F4E39ABB657
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe]

AppID = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdaterService.exe]

AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ProtectorExe.EXE]

AppID = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\protector_dll.DLL]

AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]

(Default) = "gusvc"
LocalService = "gusvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]

(Default) = "protector_dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]

(Default) = "ProtectorExe"
RunAs = "Interactive User"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]

(Default) = "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itsel
LocalService = "gupdate"
ServiceParameters = "/comsvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command]

(Default) = "%ProgramFiles%\CCleaner\ccleaner.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command]

(Default) = "%ProgramFiles%\CCleaner\ccleaner.exe /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}]

(Default) = "Google Script Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]

(Default) = "Google Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32]

(Default) = "%ProgramFiles%\Google\Update\1.2.183.39\goopdate.dll"
ThreadingModel = "Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}]

(Default) = "PSFactoryBuffer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43e7-84E9-808838809519}]

(Default) = "Google Side Bar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\ProgID]

(Default) = "Google.OneClickCtrl.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Update\1.2.183.39\npGoogleOneClick8.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}]

(Default) = "Google Update Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]

(Default) = "protector_dll.Protector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]

(Default) = "protector_dll.Protector.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]

(Default) = "Protector Class"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID]

(Default) = "GoogleUpdate.OnDemandCOMClassMachine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\TypeLib]

(Default) = "{7E6CD20B-8688-4960-96D9-B979471577B8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID]

(Default) = "GoogleUpdate.OnDemandCOMClassMachine.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Update\GoogleUpdate.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation]

Enabled = 0x00000001
IconReference = "@%ProgramFiles%\Google\Update\1.2.183.39\goopdate.dll,-1004"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}]

(Default) = "GoogleUpdate.OnDemandCOMClass"
LocalizedString = "@%ProgramFiles%\Google\Update\1.2.183.39\goopdate.dll,-3000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]

(Default) = "protector_dll.ProtectorLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]

(Default) = "protector_dll.ProtectorLib.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]

(Default) = "ProtectorLib Class"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]

(Default) = "GUServiceCtl.SilentUpdater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]

(Default) = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]

(Default) = "GUServiceCtl.SilentUpdater.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]

(Default) = "Google Silent Updater class"
AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]

(Default) = "%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

(Default) = "Google Toolbar Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID]

(Default) = "GoogleUpdateProcessLauncher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\TypeLib]

(Default) = "{7E6CD20B-8688-4960-96D9-B979471577B8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID]

(Default) = "GoogleUpdateProcessLauncher.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Update\GoogleUpdate.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}]

(Default) = "Google Update Process Launcher Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]

(Default) = "protector_dll.ProtectorBho"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]

(Default) = "protector_dll.ProtectorBho.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]

(Default) = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

(Default) = "Google Toolbar Notifier BHO"
AppID = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]

(Default) = "GUSchedulerCtl.UpdaterScheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]

(Default) = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]

(Default) = "GUSchedulerCtl.UpdaterScheduler.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]

(Default) = "Google Updater Scheduler class"
AppID = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID]

(Default) = "GoogleUpdate.CoreClass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID]

(Default) = "GoogleUpdate.CoreClass.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}]

(Default) = "Google Update Core Class"
AppID = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]

(Default) = "ProtectorExe.ProtectorHost"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]

(Default) = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]

(Default) = "ProtectorExe.ProtectorHost.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]

(Default) = ""%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]

(Default) = "ProtectorHost Class"
AppID = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
Depend = "%ProgramFiles%\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\18555481990E8AB4CBB63FB4F26006C0]

Complete = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E]

Complete = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Net]

1 = "%ProgramFiles%\Google\Google Toolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList\Media]

1 = ";"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList]

PackageName = "GoogleToolbarHelper_signed.msi"
LastUsedSource = "n;1;%ProgramFiles%\Google\Google Toolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]

ProductName = "Google Toolbar for Internet Explorer"
PackageCode = "F049889E4D09CAF429A717221A4B624A"
Language = 0x00000409
Version = 0x01000000

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

{0E5CBF21-D15F-11D0-8301-00AA005B4383} =
ITBarLayout =

Other details

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
174.133.64.236	80
199.7.48.190	80
199.7.51.190	80
209.85.239.80	80
74.125.212.116	80
74.125.212.151	80
74.125.212.16	80
74.125.212.180	80
74.125.212.209	80
74.125.212.214	80
74.125.47.100	443
74.125.47.102	443
74.125.47.138	443

The data identified by the following URLs was then requested from the remote web server:

http://service.piriform.com/installcheck.aspx?p=1&v=3.09.1493&vx=&l=1033&b=1&o=5.1W3&g=1
http://crl.thawte.com/ThawtePremiumServerCA.crl
http://crl.thawte.com/ThawteCodeSigningCA.crl
http://crl.verisign.com/ThawteTimestampingCA.crl
http://crl.verisign.com/tss-ca.crl
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
http://crl.verisign.com/pca3.crl
http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl
http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarUser_32_06C7E768E8862B48.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleUpdaterService_5898FABCFA121C11.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleUpdateSetup_90698EA083D01143.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/SearchWithGoogleUpdate_86D23231A3A85F4A.exe.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbar_32_CD3C3B22F9378E38.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleCld_26623DE26D4DBD2D.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_32_180E402F04DFD0EC.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll.lz
http://cache.pack.google.com/edgedl/toolbar/components/GoogleToolbarManager_4E7D715D860E20E1.exe.lz
http://v5.cache4.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarManager_4E7D715D860E20E1.exe.lz?redirect_counter=1
http://v8.cache5.c.pack.google.com/edgedl/toolbar/components/GoogleToolbar_32_CD3C3B22F9378E38.dll.lz?redirect_counter=1
http://v1.cache1.c.pack.google.com/edgedl/toolbar/components/SearchWithGoogleUpdate_86D23231A3A85F4A.exe.lz?redirect_counter=1
http://v5.cache6.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll.lz?redirect_counter=1
http://v2.cache7.c.pack.google.com/edgedl/toolbar/components/GoogleCld_26623DE26D4DBD2D.dll.lz?redirect_counter=1
http://v7.cache7.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarUser_32_06C7E768E8862B48.exe.lz?redirect_counter=1
http://v7.cache3.c.pack.google.com/edgedl/toolbar/components/GoogleToolbarDynamic_32_180E402F04DFD0EC.dll.lz?redirect_counter=1
http://v8.cache1.c.pack.google.com/edgedl/toolbar/components/GoogleUpdaterService_5898FABCFA121C11.exe.lz?redirect_counter=1
http://v3.cache2.c.pack.google.com/edgedl/toolbar/components/GoogleUpdateSetup_90698EA083D01143.exe.lz?redirect_counter=1
http://toolbar.google.com/buttons/feeds/topbuttons/?hl=en&sd=com
http://tools.google.com/service/update2
http://tools.google.com/toolbar/js-utils.js
http://clients1.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=5.1.2600&hl=en&ie=6.0.2900.2180&ds=0&pds=0&su=0&hpi=-1&brand=PRFB&pa=0&cl=1&tbv=7.1.2003.1856&id=5ccab37110b14381b81042811b277146261f240a26&from=&to=5.7.6406.1642
http://clients1.google.com/translate_a/l?&client=tb&hl=en&cb=c&ie=utf8&oe=utf8
http://clients1.google.com/tools/pso/ping?as=tbie&brand=PRFB&hl=en&events=T4I,R7I&rep=2&rlz=I7:,W1:,T4:1T4PRFB_enUS452,R7:&dcc=T4:1T4PRFB_enUS452,R2:1R2PRFB_enUS452&id=E9993CB565B981334C123992D239A04C217DB29A00CD1A40D3
http://cr-tools.clients.google.com/service/check2?appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.2.183.39&applang=&machine=1&version=1.2.183.39&osversion=5.1&servicepack=Service%20Pack%202
http://toolbar.google.com/tbredir?r=di&l=en&v=7.1&tbbrand=
http://toolbar.google.com/T7/done.html
http://toolbar.google.com/tbredir?r=ie8am&l=en&sd=com&v=7.1
http://dl.google.com/toolbar/components/Toolbar.6.6.manifest.xml.lz?zx=j-Ehs
http://dl.google.com/toolbar/components/Toolbar.6.6.manifest.xml.lz?zx=JJh9x

Outbound traffic (potentially malicious)

There was an outbound traffic produced on port 443:

00000000 | 804C 0103 0000 3300 0000 1000 0004 0000 | .L....3.........
00000010 | 0500 000A 0100 8007 00C0 0300 8000 0009 | ................
00000020 | 0600 4000 0064 0000 6200 0003 0000 0602 | ..@..d..b.......
00000030 | 0080 0400 8000 0013 0000 1200 0063 23C3 | .............c#.
00000040 | 96A7 2F97 6958 709E 0BC7 2C2C F052 1603 | ../.iXp...,,.R..
00000050 | 0000 8410 0000 80B6 4B3A 99DE 2063 1538 | ........K:.. c.8
00000060 | 18C7 880D 49B9 9B9C CADF 475D 8310 F953 | ....I.....G]...S
00000070 | 6873 C86B 968D 7434 69F5 340F 63BF 2A00 | hs.k..t4i.4.c.*.
00000080 | FAA3 98DF 96D0 DFD4 C4C4 03C4 7B62 E15E | ............{b.^
00000090 | F6F6 BAC2 D8A3 5E0A BF28 3F9A 545D 6B9C | ......^..(?.T]k.
000000A0 | DE99 9C86 21AD 7450 E270 F286 31FA 8D68 | ....!.tP.p..1..h
000000B0 | 10D4 0126 E382 B7F9 8941 584B B839 C935 | ...&.....AXK.9.5
000000C0 | 40B3 8E57 D96A C352 B3EB 3252 EFA3 1E2E | @..W.j.R..2R....
000000D0 | BE8A DDDD 0EC9 A114 0300 0001 0116 0300 | ................
000000E0 | 003C EFF8 D57E 16B8 2923 0212 06E8 8CB3 | .<...~..)#......
000000F0 | 9AF9 4BF0 B2D7 7592 E59D CDFA 8A68 00E4 | ..K...u......h..
00000100 | 1DD5 A462 4420 A6BA 1640 E113 BF88 FE41 | ...bD ...@.....A
00000110 | AE30 5CB6 2E67 E7E6 F3DC 4B1F 6ABD 1703 | .0\..g....K.j...
00000120 | 0001 2000 35AE 51FF 0EA8 C890 4404 BA53 | .. .5.Q.....D..S
00000130 | B270 71FA D088 2F6D A16B 7556 746D CC95 | .pq.../m.kuVtm..
00000140 | 3B24 924C C81C 24CF D7B7 E3F8 9382 6237 | ;$.L..$.......b7
00000150 | CADF C33F 6060 9E92 6268 1F66 4953 8090 | ...?``..bh.fIS..
00000160 | 7084 814A 70AD 1F04 6687 9E69 9638 1BF7 | p..Jp...f..i.8..
00000170 | 02DA 22DC B1C4 4DA9 172E B705 E597 B264 | .."...M........d
00000180 | CBBE D690 0CAF 700F D9B3 F89D 00AC A05A | ......p........Z
00000190 | 1614 4EF4 A8CA A921 73F5 0897 3F54 8D07 | ..N....!s...?T..
000001A0 | 4E6F EB7B 5BEB E033 BA62 A7F4 EA0E C62E | No.{[..3.b......
000001B0 | 6A25 A2E7 5C9B 30DF 8F42 F436 89FF 553D | j%..\.0..B.6..U=
000001C0 | ABA6 A0B1 2D2C 16F1 E140 F2B7 9F07 F794 | ....-,...@......
000001D0 | BE9C 33FB 1972 3987 DCF6 42C7 B188 8E9C | ..3..r9...B.....
000001E0 | 24DA 1998 324D FE56 4C9F BBB5 C80B 5AE3 | $...2M.VL.....Z.
000001F0 | 11B3 6D79 F9E2 3BE8 3FCB ADFF 6E51 E51F | ..my..;.?...nQ..
00000200 | A1FF 31A8 DCE9 D7C1 C528 FDB8 4043 6D47 | ..1......(..@CmG
00000210 | 9A3F 2299 66E9 7B08 724C 51D6 1C38 88C2 | .?".f.{.rLQ..8..
00000220 | FC0C 3C7F C18F 0820 4C72 6E7A 076B F7DE | ..<.... Lrnz.k..
00000230 | 56F3 DE4C 39EE 8FF5 C773 10BE 318F 69B7 | V..L9....s..1.i.
00000240 | 9F14 42                                 | ..B
00000030 | 0080 0400 8000 0013 0000 1200 0063 3C50 | .............c<P
00000040 | CCE5 8FA4 6C45 4AFA 60DE 9311 7FA8 1603 | ....lEJ.`.......
00000050 | 0000 8410 0000 8003 0724 CCCB CD44 7B53 | .........$...D{S
00000060 | 7461 0E32 D7AB 2121 EDB6 B865 D0F4 BF65 | ta.2..!!...e...e
00000070 | E6BB 7AA5 8D31 F5CC 18E9 3607 E382 80DD | ..z..1....6.....
00000080 | E401 4391 DD7A A0B1 7984 CF3E 85A3 6013 | ..C..z..y..>..`.
00000090 | 7ACC 30E8 6451 1AFD 061F BC31 27F4 EDAB | z.0.dQ.....1'...
000000A0 | 12C4 3857 83ED FB98 53BF 0F12 B402 D9A5 | ..8W....S.......
000000B0 | 62DA 1F51 6476 F531 5226 8F94 75E6 EC9C | b..Qdv.1R&..u...
000000C0 | B04E 1B23 1B57 ED60 4526 84EA 7030 4830 | .N.#.W.`E&..p0H0
000000D0 | FDD6 CF0E 5BE5 5914 0300 0001 0116 0300 | ....[.Y.........
000000E0 | 003C CEBA CD34 14DC 56EB 7D0B 0050 15D7 | .<...4..V.}..P..
000000F0 | F433 38A6 A789 CD01 D0AD FB92 5DAE 6882 | .38.........].h.
00000100 | D587 F350 DF75 BE2A 6674 4A7C 4302 BBA3 | ...P.u.*ftJ|C...
00000110 | 3429 B427 9E5B D712 0048 3B10 254B 1703 | 4).'.[...H;.%K..
00000120 | 0001 0F35 8C10 12E4 CBE4 5934 0EC4 CB70 | ...5......Y4...p
00000130 | 251F A46A 846C 0382 B9AE 3BED C781 0208 | %..j.l....;.....
00000140 | B610 B9B8 9BB1 BFD3 C8DA 9724 EF6F E9E6 | ...........$.o..
00000150 | 7955 5A78 3600 8837 1379 6ADA 22AD E243 | yUZx6..7.yj."..C
00000160 | CA76 C1C4 0045 9D4F 5463 D211 A50B F76B | .v...E.OTc.....k
00000170 | 36F3 5D75 4A21 1FDC F858 518C 46C3 0558 | 6.]uJ!...XQ.F..X
00000180 | 25F3 9DE9 1457 919E A45E 48C8 DE68 E589 | %....W...^H..h..
00000190 | B092 BF2A 2220 87E2 FFF9 0ED1 1C0C 7A89 | ...*" ........z.
000001A0 | 61D4 3A09 A7E0 0AAE E35A 21C6 7CB6 2243 | a.:......Z!.|."C
000001B0 | 47C1 8D20 B6EC 823C 273E BBCA 804C 348E | G.. ...<'>...L4.
000001C0 | EC38 B9EA C350 1277 65A3 1C6F 5908 500E | .8...P.we..oY.P.
000001D0 | 30D2 1E79 87DA 6F0E 0787 1196 9C47 1968 | 0..y..o......G.h
000001E0 | 57D7 9235 D2ED CB57 B74D CF19 9453 B9BB | W..5...W.M...S..
000001F0 | 2A59 D0E5 5D92 7CED D3BA CE95 17BF 5345 | *Y..].|.......SE
00000200 | B66F 4821 1EF5 6C5D 8F2C 0521 28E9 A366 | .oH!..l].,.!(..f
00000210 | 7D1F 1036 4B56 392B 1DF1 818D CE74 88CC | }..6KV9+.....t..
00000220 | 9F13 406A B990 D7B3 0F71 BAA7 2E97 4CA5 | ..@j.....q....L.
00000230 | 3F94                                    | ?.
00000030 | 0080 0400 8000 0013 0000 1200 0063 3CC8 | .............c<.
00000040 | B845 8D04 B2E3 A2AD 26C1 F75B 5986 1603 | .E......&..[Y...
00000050 | 0000 8410 0000 802D 3EEC 2E75 FC01 D0E6 | .......->..u....
00000060 | 5535 3704 0F15 DBD2 81E6 51C3 B47A A55E | U57.......Q..z.^
00000070 | FDAE D7C1 6D7A A740 59FB FC8F 0337 C7A2 | ....mz.@Y....7..
00000080 | 79D6 F0A1 6F94 3BFC 7E73 EF04 443A D6E3 | y...o.;.~s..D:..
00000090 | 12D2 9761 8046 2F59 A0FC 6913 84C7 5BC1 | ...a.F/Y..i...[.
000000A0 | 2E49 E1E7 4506 DCA0 B594 CE93 D63B 915D | .I..E........;.]
000000B0 | 9958 5A8F 3819 A04A 79EC A8C7 ED9C A8F1 | .XZ.8..Jy.......
000000C0 | 9871 04B6 920C 1A3A 696E 5714 2F29 CEC2 | .q.....:inW./)..
000000D0 | 64D8 1601 0495 6A14 0300 0001 0116 0300 | d.....j.........
000000E0 | 003C 329D AA0D 20B6 CB87 C1C5 D43F 6A54 | .<2... ......?jT
000000F0 | DFA1 5C6C CD96 5311 6992 F9D6 A8AC DF63 | ..\l..S.i......c
00000100 | EA72 A728 109E A9F7 EF76 B78A 1CA7 DB0F | .r.(.....v......
00000110 | AA16 8CF7 9FE3 E38C 5A85 3D92 7C11 1703 | ........Z.=.|...
00000120 | 0001 49AF A026 2A6C 7353 7FF8 0D0A 2A58 | ..I..&*lsS....*X
00000130 | 29C4 0CD1 8937 48E3 6B3C 1124 F6D8 553D | )....7H.k<.$..U=
00000140 | 12D4 31D1 F205 DC63 CD88 01D6 1862 2F95 | ..1....c.....b/.
00000150 | 8DC0 681B 2E4B 350B 7E42 EB67 C9A0 8892 | ..h..K5.~B.g....
00000160 | E424 73C0 6DB6 7D27 300D 4736 7BCE 3260 | .$s.m.}'0.G6{.2`
00000170 | 037A 4E82 0A82 BAD7 1B27 DB52 AA83 8972 | .zN......'.R...r
00000180 | 8C44 0516 0BB4 A72D 9BC5 DCE5 D10A C0E1 | .D.....-........
00000190 | 144D E1BA 27AE EC75 91A5 9CF2 78EC F5D3 | .M..'..u....x...
000001A0 | 7667 AE32 E4E4 AC0C E40E 9263 935F DE2D | vg.2.......c._.-
000001B0 | 3626 53E5 E48B ADFF BA5B ED24 B5DF B295 | 6&S......[.$....
000001C0 | 92AD C8C1 7C84 F103 9570 980A C694 98F9 | ....|....p......
000001D0 | 3E3F A235 AC66 533D 507E 64F3 3664 0E49 | >?.5.fS=P~d.6d.I
000001E0 | 9CF4 18E0 312F 2EC4 9F7F 520E 3C21 F46C | ....1/....R.<!.l
000001F0 | 6CAD C4DC 7828 E062 9385 EB85 4A07 CBBE | l...x(.b....J...
00000200 | 86AB 6198 1EBB 92B6 2D69 AB3E 3EC8 AE18 | ..a.....-i.>>...
00000210 | 4684 009F 8C20 0537 C573 7AF5 CC09 A16C | F.... .7.sz....l
00000220 | 57CB 867B A4DE 46AB 2221 CD4E F952 C80C | W..{..F."!.N.R..
00000230 | 201B 6A2D BE78 336B A192 A616 CF4A 52F6 |  .j-.x3k.....JR.
00000240 | BD7A B2D4 F106 B9E6 D64D 183F 2134 CB6B | .z.......M.?!4.k
00000250 | 9B17 5C5C B618 3B53 37A1 030B 23CE 63BB | ..\\..;S7...#.c.
00000260 | 58F0 9FE4 B0B6 E0C6 0B81 6914 804C 0103 | X.........i..L..
00000270 | 0000 3300 0000 1000 0004 0000 0500 000A | ..3.............
00000280 | 0100 8007 00C0 0300 8000 0009 0600 4000 | ..............@.
00000290 | 0064 0000 6200 0003 0000 0602 0080 0400 | .d..b...........
000002A0 | 8000 0013 0000 1200 0063 4705 FD57 D1F8 | .........cG..W..
000002B0 | F601 0AF7 9B72 43C6 F6EB 1603 0000 8410 | .....rC.........
000002C0 | 0000 8038 29E3 0493 4417 2B4E A707 24D5 | ...8)...D.+N..$.
000002D0 | 5EB9 AFB6 79E5 07BD 531A 9B85 87D4 C31D | ^...y...S.......
000002E0 | 7663 DC2D 62C1 A16D 3955 305D 8347 5879 | vc.-b..m9U0].GXy
000002F0 | 5419 676C AD2E 0C1C C218 CD0A 2E69 EE7B | T.gl.........i.{
00000300 | A5CE E7F7 4850 A7D2 A4DD 0958 20E4 F698 | ....HP.....X ...
00000310 | AF4B 912C A9EA A590 882C F8BC B014 83D8 | .K.,.....,......
00000320 | 0A44 2D82 0063 3746 5FB1 F939 B5C8 9E62 | .D-..c7F_..9...b
00000330 | C5CC F7C9 622B 16BF D6DE 2BC0 7B4F 665A | ....b+....+.{OfZ
00000340 | F8B4 4B14 0300 0001 0116 0300 003C 233A | ..K..........<#:
00000350 | 4144 F46D 9207 95BA 0168 A85E 05D2 1826 | AD.m.....h.^...&
00000360 | 9721 E0D2 72C4 B198 F429 82D3 0139 1661 | .!..r....)...9.a
00000370 | 7C11 E3E2 3CB9 EF5F D3F7 8D31 9581 2CBA | |...<.._...1..,.
00000380 | 076E 5B49 CD80 4F1A 175F 1703 0001 4928 | .n[I..O.._....I(
00000390 | 4D25 B327 43AF FAB2 3056 3E6B AEA8 B937 | M%.'C...0V>k...7
000003A0 | 2A20 8F45 6289 1561 B356 2065 5DB1 E213 | * .Eb..a.V e]...
000003B0 | 3E97 17CD A7A1 42D0 24BB A93A 2C41 C6B2 | >.....B.$..:,A..
000003C0 | 6E97 D693 B99E D25B A1E4 22F6 995F 376C | n......[..".._7l
000003D0 | D638 CB11 5F1E 6D47 B4E1 9D20 CC4D 32AF | .8.._.mG... .M2.
000003E0 | 2CA4 3999 BE41 652D CFB9 2BB2 5780 E873 | ,.9..Ae-..+.W..s
000003F0 | 3F47 D5C2 BCEE 46EA 363B 85D2 DB02 66C1 | ?G....F.6;....f.
00000400 | F778 7C95 F7FA 7C5A E35E 8DA9 ED69 1BB7 | .x|...|Z.^...i..
00000410 | 8BD0 1B66 0916 AC7A 2366 2DEE 170D 618E | ...f...z#f-...a.
00000420 | 7533 EF3D 5598 13B5 8CF1 B2CB 5B1F 24D9 | u3.=U.......[.$.
00000430 | 4CA5 8858 EB58 5206 6277 265F B5FD 6C38 | L..X.XR.bw&_..l8
00000440 | 9059 67FA 7AF8 F07F CC77 D6F5 F469 E2E5 | .Yg.z....w...i..
00000450 | 682F 634F 6C87 C70C 3A57 82B6 172F 44E5 | h/cOl...:W.../D.
00000460 | E4D4 BC2B 4BFA 8CA0 5E55 4775 807B 06C3 | ...+K...^UGu.{..
00000470 | 7FB4 DF25 7D6A D4CA D153 148D E537 3451 | ...%}j...S...74Q
00000480 | D8FF DA07 78F8 1CA6 4BA4 7CFE A129 0429 | ....x...K.|..).)
00000490 | 1CB8 2DE0 0D83 340E 1086 B9C1 7BED F80B | ..-...4.....{...
000004A0 | 2E29 33A9 28B0 60FB EB10 EB5D FCA0 9862 | .)3.(.`....]...b
000004B0 | C960 C45A 1C28 336E 421B 9C12 48F3 75B4 | .`.Z.(3nB...H.u.
000004C0 | 70EC 35E3 0767 17E1 2FF9 510C 52BA 945A | p.5..g../.Q.R..Z
000004D0 | DE41 0467 7327 47FA                     | .A.gs'G.

Heuristics Analysis

Heuristically identified capability to use BITS (Background Intelligent Transfer Service) to schedule the following download task:

http://dl.google.com/toolbar/components/toolbar.6.6.manifest.xml.lz?zx=jjh9x

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.