McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

W32/Pate.b!11125391B6​12

This page shows details and results of our analysis on the malware W32/Pate.b!11125391B612

Threat Detail

Malware Type: Virus

Malware Sub-type: Win32

Discovery Date: 2012-04-02

Next Steps:

Overview

Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.


Minimum DAT

6667 (2012-04-01)

Updated DAT

6667 (2012-04-01)

 Minimum Engine

5400.1158

File Length

784338

 Description Added

2012-04-02

Description Modified

2012-04-02

Malware Proliferation

Characteristics

This is a Virus

File PropertiesProperty Values
McAfee DetectionW32/Pate.b
Length784338 bytes
MD511125391b61204cbde13edf2d6fd82b4
SHA157babfd167e7be159d848c4b1335002cb2eb997b


Other Common Detection Aliases

Company NamesDetection Names
ahnlabWin32/Parite
avastWin32:Parite
AVG (GriSoft)Win32/Parite
aviraW32/Parite
KasperskyVirus.Win32.Parite.b
Dr.WebWin32.Parite.2
F-ProtW32/Parite.B
Microsoftvirus:win32/parite.b
SymantecW32.Pinfi
EsetWin32/Parite.B
normanw32/pinfi.a
pandaW32/Parite.B
risingWin32.Parite.aj
SophosW32/Parite-B
Trend MicroPE_PARITE.A
vba32Win32.Parite.b
V-BusterWin32.Parite.b
Vet (Computer Associates)Win32/Pinfi.A virus

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
Enumerates many system files and directories.Low
Process attempts to call itself recursivelyLow


McAfee ScansScan Detections
McAfee BetaW32/Pate.b
McAfee SupportedW32/Pate.b



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

57babfd167e7be159d848c4b1335002cb2eb997b

The following files have been added to the system:

  • %TEMP%\GUMA.tmp\GoogleCrashHandler.exe
  • %TEMP%\GUMA.tmp\goopdateres_gu.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_pt-BR.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll
  • %TEMP%\GUMA.tmp\psmachine.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_am.dll
  • %WINDIR%\Tasks\GoogleUpdateTaskMachineCore.job
  • %TEMP%\GUMA.tmp\goopdateres_zh-TW.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_id.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ro.dll
  • %TEMP%\GUMA.tmp\goopdateres_no.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_de.dll
  • %TEMP%\GUMA.tmp\goopdateres_hu.dll
  • %TEMP%\GUMA.tmp\goopdateres_am.dll
  • %TEMP%\GUMA.tmp\goopdateres_sw.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_th.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\npGoogleUpdate3.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_pt-PT.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ml.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ur.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_fil.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_hi.dll
  • %TEMP%\GUMA.tmp\goopdateres_bg.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_lv.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_sw.dll
  • %TEMP%\GUMA.tmp\GoogleUpdateBroker.exe
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ca.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_iw.dll
  • %TEMP%\GUMA.tmp\goopdateres_iw.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_vi.dll
  • %TEMP%\GUMA.tmp\goopdateres_hr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_it.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_sl.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_gu.dll
  • %TEMP%\GUMA.tmp\goopdateres_ko.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_uk.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ja.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ta.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_en-GB.dll
  • %TEMP%\GUMA.tmp\goopdateres_de.dll
  • %TEMP%\GUMA.tmp\goopdateres_te.dll
  • %TEMP%\GUMA.tmp\goopdateres_el.dll
  • %TEMP%\GUMA.tmp\goopdateres_uk.dll
  • %TEMP%\GUMA.tmp\goopdateres_fil.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\GoogleUpdateBroker.exe
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ms.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\GoogleUpdateHelper.msi
  • %TEMP%\GUMA.tmp\goopdateres_es-419.dll
  • %TEMP%\GUMA.tmp\goopdateres_lt.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_te.dll
  • %TEMP%\GUMA.tmp\GoogleUpdate.exe
  • %PROGRAMFILES%\Google\Update\1.3.21.79\GoogleCrashHandler.exe
  • %PROGRAMFILES%\Google\Update\1.3.21.79\GoogleUpdate.exe
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_tr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_et.dll
  • %TEMP%\GUMA.tmp\goopdateres_ur.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ru.dll
  • %PROGRAMFILES%\Google\Update\GoogleUpdate.exe
  • %TEMP%\GUMA.tmp\psuser.dll
  • %TEMP%\GUMA.tmp\goopdateres_fr.dll
  • %TEMP%\GUMA.tmp\goopdateres_id.dll
  • %TEMP%\GUMA.tmp\goopdateres_pt-PT.dll
  • %TEMP%\GUMA.tmp\goopdateres_pl.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_el.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe
  • %TEMP%\GUMA.tmp\goopdateres_ms.dll
  • %TEMP%\GUMA.tmp\goopdate.dll
  • %TEMP%\GUMA.tmp\goopdateres_vi.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_fa.dll
  • %TEMP%\GUMA.tmp\goopdateres_ta.dll
  • %TEMP%\GUMA.tmp\goopdateres_tr.dll
  • %TEMP%\GUMA.tmp\GoogleUpdateOnDemand.exe
  • %TEMP%\GUTB.tmp
  • %TEMP%\lbc7.tmp
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_is.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_zh-TW.dll
  • %TEMP%\GUMA.tmp\goopdateres_sk.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_sk.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_sv.dll
  • %TEMP%\GUMA.tmp\goopdateres_cs.dll
  • %TEMP%\GUMA.tmp\npGoogleUpdate3.dll
  • %TEMP%\GUMA.tmp\goopdateres_en-GB.dll
  • %TEMP%\GUMA.tmp\goopdateres_th.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_bn.dll
  • %TEMP%\GUMA.tmp\goopdateres_ja.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\psmachine.dll
  • %TEMP%\GUMA.tmp\goopdateres_sv.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_fr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_nl.dll
  • %TEMP%\GUMA.tmp\goopdateres_da.dll
  • %TEMP%\GUMA.tmp\GoogleUpdateHelper.msi
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_bg.dll
  • %TEMP%\GUMA.tmp\goopdateres_lv.dll
  • %TEMP%\GUMA.tmp\goopdateres_ar.dll
  • %TEMP%\GUMA.tmp\goopdateres_sr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_hr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_kn.dll
  • %TEMP%\GUMA.tmp\goopdateres_pt-BR.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_es.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ko.dll
  • %TEMP%\GUMA.tmp\goopdateres_et.dll
  • %TEMP%\GUMA.tmp\goopdateres_is.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_mr.dll
  • %TEMP%\GUMA.tmp\goopdateres_kn.dll
  • %TEMP%\GUMA.tmp\goopdateres_bn.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_fi.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_pl.dll
  • %TEMP%\GUMA.tmp\goopdateres_sl.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_da.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_hu.dll
  • %TEMP%\GUMA.tmp\goopdateres_fi.dll
  • %TEMP%\GUMA.tmp\goopdateres_en.dll
  • %TEMP%\GUMA.tmp\goopdateres_nl.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_en.dll
  • %TEMP%\GUMA.tmp\goopdateres_ro.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_lt.dll
  • %TEMP%\GUMA.tmp\goopdateres_fa.dll
  • %TEMP%\GUMA.tmp\goopdateres_ml.dll
  • %TEMP%\~DF2A45.tmp
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_sr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\psuser.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_zh-CN.dll
  • %TEMP%\GUMA.tmp\goopdateres_hi.dll
  • %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_ar.dll
  • %TEMP%\GUMA.tmp\goopdateres_mr.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_es-419.dll
  • %TEMP%\GUMA.tmp\goopdateres_ru.dll
  • %TEMP%\GUMA.tmp\goopdateres_it.dll
  • %TEMP%\GUMA.tmp\goopdateres_es.dll
  • %TEMP%\GUMA.tmp\goopdateres_zh-CN.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_cs.dll
  • %PROGRAMFILES%\Google\Update\1.3.21.79\goopdateres_no.dll
  • %TEMP%\GUMA.tmp\goopdateres_ca.dll
The following files have been deleted:

  • C:\MSI78156.tmp
  • %PROGRAMFILES%\Google\Update\Install
The following files were temporarily written to disk then later removed:

  • %TEMP%\Cab47.tmp
  • %TEMP%\Tar2C.tmp
  • %TEMP%\Cab2D.tmp
  • %TEMP%\Tar3A.tmp
  • %TEMP%\Cab2F.tmp
  • %TEMP%\Tar28.tmp
  • %TEMP%\Cab59.tmp
  • %TEMP%\Cab27.tmp
  • %TEMP%\Cab19.tmp
  • %TEMP%\Cab4F.tmp
  • %TEMP%\Cab45.tmp
  • %TEMP%\Tar50.tmp
  • %TEMP%\Tar34.tmp
  • %TEMP%\Cab39.tmp
  • %TEMP%\Tar22.tmp
  • %TEMP%\Cab25.tmp
  • %TEMP%\Tar30.tmp
  • %TEMP%\Cab4D.tmp
  • %TEMP%\Cab31.tmp
  • %TEMP%\Cab43.tmp
  • %TEMP%\Tar3E.tmp
  • %TEMP%\Cab1B.tmp
  • %TEMP%\Tar46.tmp
  • %TEMP%\Tar58.tmp
  • %TEMP%\Cab3B.tmp
  • %TEMP%\Tar54.tmp
  • %WINDIR%\Installer\178157.ipi
  • %TEMP%\Tar38.tmp
  • %TEMP%\Cab49.tmp
  • %TEMP%\Tar26.tmp
  • %WINDIR%\Installer\178158.msi
  • %TEMP%\Tar40.tmp
  • %TEMP%\Tar2A.tmp
  • %TEMP%\Cab1F.tmp
  • %TEMP%\Tar1A.tmp
  • %TEMP%\Cab29.tmp
  • %TEMP%\Tar4E.tmp
  • %TEMP%\Cab33.tmp
  • %TEMP%\Cab51.tmp
  • %TEMP%\Tar1C.tmp
  • %TEMP%\Cab1D.tmp
  • %TEMP%\Cab21.tmp
  • %TEMP%\Cab4B.tmp
  • %TEMP%\Tar2E.tmp
  • %TEMP%\Tar42.tmp
  • %TEMP%\Cab57.tmp
  • %TEMP%\Tar3C.tmp
  • %TEMP%\Cab3D.tmp
  • %TEMP%\Cab2B.tmp
  • %TEMP%\Tar44.tmp
  • %TEMP%\Tar4A.tmp
  • %TEMP%\Cab37.tmp
  • %TEMP%\Tar52.tmp
  • %TEMP%\Tar20.tmp
  • %TEMP%\Tar1E.tmp
  • %TEMP%\Tar36.tmp
  • %TEMP%\Cab55.tmp
  • %TEMP%\Tar24.tmp
  • %WINDIR%\installer\msi18.tmp
  • %WINDIR%\Installer\178155.msi
  • %TEMP%\Tar32.tmp
  • %TEMP%\Tar56.tmp
  • %TEMP%\Cab35.tmp
  • %TEMP%\Cab23.tmp
  • %TEMP%\Tar4C.tmp
  • %TEMP%\Cab41.tmp
  • %TEMP%\Tar5A.tmp
  • %TEMP%\Cab53.tmp
  • %TEMP%\GUMA.tmp
  • %TEMP%\Cab3F.tmp
  • %TEMP%\Tar48.tmp
The following registry elements have been created:

  • HKEY_CURRENT_USER\SOFTWARE\GOOGLE\
  • HKEY_CURRENT_USER\SOFTWARE\GOOGLE\UPDATE\
  • HKEY_CURRENT_USER\SOFTWARE\GOOGLE\UPDATE\PROXY\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\GOOGLEUPDATE.EXE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{424419F3-36BB-40EA-9C39-0AC0A013BC0D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{424419F3-36BB-40EA-9C39-0AC0A013BC0D}\INPROCHANDLER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5F11C557-7DBD-4B9C-8B85-6B41D936E996}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5F11C557-7DBD-4B9C-8B85-6B41D936E996}\INPROCSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ELEVATION\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ELEVATION\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ELEVATION\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LOCALSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\INPROCSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\INPROCSERVER32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\PROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VERSIONINDEPENDENTPROGID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKCTRL.9\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKCTRL.9\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKPROCESSLAUNCHERMACHINE.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKPROCESSLAUNCHERMACHINE.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKPROCESSLAUNCHERMACHINE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKPROCESSLAUNCHERMACHINE\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.ONECLICKPROCESSLAUNCHERMACHINE\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.UPDATE3WEBCONTROL.3\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLE.UPDATE3WEBCONTROL.3\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COCREATEASYNC.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COCREATEASYNC.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COCREATEASYNC\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COCREATEASYNC\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COCREATEASYNC\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CORECLASS.1\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CORECLASS.1\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CORECLASS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CORECLASS\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CORECLASS\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COREMACHINECLASS.1\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COREMACHINECLASS.1\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COREMACHINECLASS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COREMACHINECLASS\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.COREMACHINECLASS\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CREDENTIALDIALOGMACHINE.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CREDENTIALDIALOGMACHINE.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CREDENTIALDIALOGMACHINE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CREDENTIALDIALOGMACHINE\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.CREDENTIALDIALOGMACHINE\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINE.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINE.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINE\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINE\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINEFALLBACK.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINEFALLBACK.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINEFALLBACK\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINEFALLBACK\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSMACHINEFALLBACK\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSSVC.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSSVC.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSSVC\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSSVC\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.ONDEMANDCOMCLASSSVC\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.PROCESSLAUNCHER.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.PROCESSLAUNCHER.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.PROCESSLAUNCHER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.PROCESSLAUNCHER\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.PROCESSLAUNCHER\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3COMCLASSSERVICE.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3COMCLASSSERVICE.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3COMCLASSSERVICE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3COMCLASSSERVICE\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3COMCLASSSERVICE\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINE.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINE.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINE\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINE\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINEFALLBACK.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINEFALLBACK.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINEFALLBACK\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINEFALLBACK\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBMACHINEFALLBACK\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBSVC.1.0\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBSVC.1.0\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBSVC\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBSVC\CLSID\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GOOGLEUPDATE.UPDATE3WEBSVC\CURVER\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\93BAD29AC2E44034A96BCB446EB8552E\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\MEDIA\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\NET\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\DBFF5159BA0409649B38F48A1EE47E5F\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D363682-561D-4C3A-81C6-F2F82107562A}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D363682-561D-4C3A-81C6-F2F82107562A}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D363682-561D-4C3A-81C6-F2F82107562A}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{49D7563B-2DDB-4831-88C8-768A53833837}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{49D7563B-2DDB-4831-88C8-768A53833837}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{49D7563B-2DDB-4831-88C8-768A53833837}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{909489C2-85A6-4322-AA56-D25278649D67}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{909489C2-85A6-4322-AA56-D25278649D67}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{909489C2-85A6-4322-AA56-D25278649D67}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B3A47570-0A85-4AEA-8270-529D47899603}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B3A47570-0A85-4AEA-8270-529D47899603}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B3A47570-0A85-4AEA-8270-529D47899603}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C6398F88-69CE-44AC-B6A7-1D3E2AA46679}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D999CE21-98B3-4894-BACB-A49A1D50848F}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D999CE21-98B3-4894-BACB-A49A1D50848F}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{D999CE21-98B3-4894-BACB-A49A1D50848F}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE908CDD-22BB-472A-9870-1A0390E42F36}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NUMMETHODS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE908CDD-22BB-472A-9870-1A0390E42F36}\PROXYSTUBCLSID32\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-VND.GOOGLE.ONECLICKCTRL.9\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-VND.GOOGLE.UPDATE3WEBCONTROL.3\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTS\{430FD4D0-B729-4F61-AA34-91526481799D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{430FD4D0-B729-4F61-AA34-91526481799D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATEMEDIUM\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\NETWORK\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\NETWORK\SECURE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\PINGS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\IEXPLORE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\IEXPLORE\ALLOWEDDOMAI\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\IEXPLORE\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\IEXPLORE\ALLOWEDDOMAI\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\INPROGRESS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\UPGRADECODES\DBFF5159BA0409649B38F48A1EE47E5F\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\9507B717889AF294FAB1CD7FB08E90B\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=3\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=3\MIMETYPES\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=3\MIMETYPES\APPLICATION/X-VND.GOOGLE.UPDATE3WEBC\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=9\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=9\MIMETYPES\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\@[Domain Removed]/GOOGLE UPDATE;VERSION=9\MIMETYPES\APPLICATION/X-VND.GOOGLE.ONECLICKCTR\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MOZILLAPLUGINS\
The following registry elements have been changed:

  • HKEY_CURRENT_USER\SOFTWARE\GOOGLE\UPDATE\PROXY\SOURCE = IE
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\LOCALSERVICE = gupdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\SERVICEPARAMETERS = /comsvc
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\LOCALSERVICE = gupdatem
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\SERVICEPARAMETERS = /comsvc
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\GOOGLEUPDATE.EXE\APPID = {4EB61BAC-A3B6-4760-9581-655041EF4D69}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{424419F3-36BB-40EA-9C39-0AC0A013BC0D}\INPROCHANDLER32\THREADINGMODEL = Both
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\APPID = {4EB61BAC-A3B6-4760-9581-655041EF4D69}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\APPID = {9465B4B4-5216-4042-9A2C-754D3BCDC410}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LOCALIZEDSTRING = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-3000
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION\ENABLED = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION\ICONREFERENCE = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-1004
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5F11C557-7DBD-4B9C-8B85-6B41D936E996}\INPROCSERVER32\THREADINGMODEL = Both
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LOCALIZEDSTRING = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-3000
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ELEVATION\ENABLED = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ELEVATION\ICONREFERENCE = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-1004
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LOCALIZEDSTRING = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-3000
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION\ENABLED = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION\ICONREFERENCE = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-1004
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\APPID = {9465B4B4-5216-4042-9A2C-754D3BCDC410}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LOCALIZEDSTRING = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-3000
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ELEVATION\ENABLED = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ELEVATION\ICONREFERENCE = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-1004
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\INPROCSERVER32\THREADINGMODEL = Both
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LOCALIZEDSTRING = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-3000
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ELEVATION\ENABLED = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ELEVATION\ICONREFERENCE = @%PROGRAMFILES%\Google\Update\1.3.21.79\goopdate.dll,-1004
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\INPROCSERVER32\THREADINGMODEL = Apartment
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\INPROCSERVER32\THREADINGMODEL = Apartment
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\APPID = {9465B4B4-5216-4042-9A2C-754D3BCDC410}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\93BAD29AC2E44034A96BCB446EB8552E\COMPLETE
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\ADVERTISEFLAGS = 388
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\ASSIGNMENT = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\AUTHORIZEDLUAAPP = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\CLIENTS = :
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\INSTANCETYPE = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\LANGUAGE = 1033
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\PACKAGECODE = 8AA432BAB7130C6468837AC10D46BE3D
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\PRODUCTNAME = Google Update Helper
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\VERSION = 16973845
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\LASTUSEDSOURCE = n;1;%PROGRAMFILES%\Google\Update\1.3.21.79\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\PACKAGENAME = GoogleUpdateHelper.msi
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\MEDIA\1 = 59
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E\SOURCELIST\NET\1 = %PROGRAMFILES%\Google\Update\1.3.21.79\
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\DBFF5159BA0409649B38F48A1EE47E5F\93BAD29AC2E44034A96BCB446EB8552E
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-VND.GOOGLE.ONECLICKCTRL.9\CLSID = {C442AC41-9200-4770-8CC0-7CDB4F245C55}
  • HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-VND.GOOGLE.UPDATE3WEBCONTROL.3\CLSID = {C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\MSISTUBRUN = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\PATH = %PROGRAMFILES%\Google\Update\GoogleUpdate.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\VERSION = 1.3.21.79
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTS\{430FD4D0-B729-4F61-AA34-91526481799D}\NAME = Google Update
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTS\{430FD4D0-B729-4F61-AA34-91526481799D}\PV = 1.3.21.79
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\USAGESTATS = 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{430FD4D0-B729-4F61-AA34-91526481799D}\BRAND = GGEP
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{430FD4D0-B729-4F61-AA34-91526481799D}\IID = {39F72AD3-E720-F49C-4434-4E17BF11FFC6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{430FD4D0-B729-4F61-AA34-91526481799D}\INSTALLTIME = 1299040382
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\CLIENTSTATE\{430FD4D0-B729-4F61-AA34-91526481799D}\PV = 1.3.21.79
  • HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\UPDATE\PINGS\129435140236250000 =
The applications attempted the following network connection(s):

  • 199.7.59.***:80
  • 96.17.15.**:80
  • 173.194.33.**:443
  • hxxp://tools.google.com/service/*****
  • 199.7.51.***:80
  • 199.7.52.***:80
  • hxxp://crl.verisign.com/*****
  • 173.194.33.**:80

Symptoms

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Method of Infection

Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

Removal

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore .

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

1. Please go to the Microsoft Recovery Console and restore a clean MBR.

On windows XP:

Insert the Windows XP CD into the CD-ROM drive and restart the computer.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Select the Windows installation that is compromised and provide the administrator password
Issue 'fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.


On Windows Vista and 7:

Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Issue 'bootrec /fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.

Variants

United States - English