Versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
picasa3.exe
Overview
There are 2 versions of picasa3.exe in the wild, the latest version being . It is started as a Windows Service called 'Websteroids'. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. It is integrated as a plugin to Internet Explorer as a Browser Helper Object, often without any obvious user interface, and will load for each instance of IE. The average file size is about 4.75 MB.
Details |
File name: | picasa3.exe |
Typical file path: | C:\Program Files\google\picasa3\picasa3.exe |
Windows Service |
Display name: | Websteroids |
Behaviors
(Note, the behaviors below are for all versions of picasa3.exe, select a unique version for details.)
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
- Handler name 'Picasa2ImportPicturesOnArrival'
Scheduled tasks
- The job 'Adobe Flash Player Updater' runs daily in the path '\Adobe Flash Player Updater'
- Entry path '\{CAD0A645-A3DB-42A5-8182-E086A7C10289}'
- Entry path '\{8BB6D8DD-9790-48F6-8969-B3B962A5F2B8}'
- Entry path '\{5C4C7580-D574-4DC0-9C84-E7CA9E749F81}'
- Entry path '\{2AB35ACC-8046-445E-90BB-E753F69228E9}'
- Entry path '\AppleSoftwareUpdate'
Safe for scripting controls
Marked as a safe ActiveX control for Internet Explorer (digitally signed with script execution permission)
- Implemented as 'CLSID\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{D9BB4CEE-B87A-47F1-AC92-B08D9C7813FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C5702CD0-9B79-11D3-B654-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C5702CCF-9B79-11D3-B654-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C5702CCE-9B79-11D3-B654-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C5702CCD-9B79-11D3-B654-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C5702CCC-9B79-11D3-B654-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C531D9FD-9685-4028-8B68-6E1232079F1E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{C45268A2-FA81-4E19-B1E3-72EDBD60AEDA}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{BB530C63-D9DF-4B49-9439-63453962E598}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{B64016F3-C9A2-4066-96F0-BD9563314726}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{B0EDF163-910A-11D2-B632-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{AD8E510D-217F-409B-8076-29C5E73B98E8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{A2E30750-6C3D-11D3-B653-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{A2E3074E-6C3D-11D3-B653-00C04F79498E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{9CD64701-BDF3-4D14-8E03-F12983D86664}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
- Implemented as 'CLSID\{92ED88BF-879E-448f-B6B6-A385BCEB846D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
Safe for initializing controls
- {ADB880A6-D8FF-11CF-9377-00AA003B7A11}
- {52A2AAAE-085D-4187-97EA-8C30DB990436}
- {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}
- {F08DF954-8592-11D1-B16A-00C0F0283628}
- {DD9DA666-8594-11D1-B16A-00C0F0283628}
- {C74190B6-8589-11D1-B16A-00C0F0283628}
- {C1A8AF25-1257-101B-8FB0-0020AF039CA3}
- {BDD1F04B-858B-11D1-B16A-00C0F0283628}
- {8E3867A3-8586-11D1-B16A-00C0F0283628}
- {66833FE6-8583-11D1-B16A-00C0F0283628}
- {35053A22-8589-11D1-B16A-00C0F0283628}
- {2C247F23-8591-11D1-B16A-00C0F0283628}
- {1EFB6596-857C-11D1-B16A-00C0F0283628}
Automation objects
- CLSID: {B0EDF163-910A-11D2-B632-00C04F79498E}, registry path: 'CLSID\{B0EDF163-910A-11D2-B632-00C04F79498E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {F08DF954-8592-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {DD9DA666-8594-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {C74190B6-8589-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {C1A8AF25-1257-101B-8FB0-0020AF039CA3}, registry path: 'CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {BDD1F04B-858B-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {8E3867A3-8586-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {66833FE6-8583-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {35053A22-8589-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {2C247F23-8591-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
- CLSID: {1EFB6596-857C-11D1-B16A-00C0F0283628}, registry path: 'CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}'
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
- 'contact_wab_auto_file' with CLSID {CF67796C-F57F-45F8-92FB-AD698826C602}
- 'group_wab_auto_file' with CLSID {16C2C29D-0E5F-45f3-A445-03E03F587B7D}
- '.contact shell extension handler' with CLSID {8082C5E6-4C27-48ec-A809-B8E1122E8F97}
- '.group shell extension handler' with CLSID {4F58F63F-244B-4c07-B29F-210BE59BE9B4}
- 'Windows Contact Preview Handler' with CLSID {13D3C4B8-B179-4ebb-BF62-F704173E7448}
- 'Desktop Shortcut' with CLSID {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
- 'Mail Service' with CLSID {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
- CLSID: {CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1}
- CLSID: {62AE1F9A-126A-11D0-A14B-0800361B1103}
Shell open commands
PROTOCOLS handlers
- tv
- dvd
- vbscript
- res
- mailto
- javascript
- about
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'help' → C:\users\user\appdata\Roaming\InstallDir\help.exe
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {A80431BC-B3CA-EAD4-7106-2B788EB811BD}
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Hosted services
Runs as a shared service under the Windows svcHost
- Shared name is 'ezSharedSvc'
All file variations of picasa3.exe
Distribution by Windows OS
OS version | distribution |
Windows Vista Home Basic |
54.47% |
|
Windows Vista Business |
26.02% |
|
Windows 7 Ultimate |
11.38% |
|
Windows 7 Home Premium |
2.44% |
|
Windows Vista Home Premium |
2.44% |
|
Windows 7 Professional |
1.63% |
|
Windows 8 Pro |
0.81% |
|
Windows 8 |
0.81% |
|
Distribution by country
United States installs about 88.62% of picasa3.exe.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Toshiba |
90.79% |
|
Hewlett-Packard |
3.29% |
|
Dell |
2.63% |
|
ASUS |
1.32% |
|
MSI |
1.32% |
|
Acer |
0.66% |
|