1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Whats Up With Google Earth?

Discussion in 'General Security' started by GoJoAGoGo, Apr 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    I use Win XP Home SP3. I installed Google Earth about 2 weeks ago. A few days after I noticed in the Event Viewer > Administration that Google's update file, "gupdate.exe" was trying to connect back home to the Google servers several times a day. I disabled gupdate.exe in Services. Last night, the Google Earth program was reinstalled on my system without my knowledge. The way I noticed was that a Google Earth shortcut icon was installed on my desktop, I didn't have a shortcut icon on my desktop before, only in my start menu. I checked the Events Viewer > Administration and it stated that "MsInstaller" had performed the following task - Product: Google Earth -- Installation operation completed successfully. Since I had disabled the Google installer file, "gupdate.exe", what triggered "MsInstaller" to perform an installation of Google Earth when no updated version was available? :confused:
     
  2. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear GoJoAGoGo,
    Hi there! 1)Did you initially use IE (7 OR 8?) to download Google Earth? Were you on par with all the recent hotfixes?2) Please run---> SAS,MBAM, your AV, and an online AV scanner ( i prefer to run them ,one after the other,don't ask me why!. Kindly install Sophos Anti-Rootkit and run it (please post the results). website to download : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html. Please do not try to "repair;)" any registry issues! Let this be the starting point as malware or a browser hijack seems very likely! Hoping for the best!(y)
     
  3. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    Hi perfume thanks for your input.

    I ran SAS,MBAM and Avira AntiVir all scans found nothing. Downloaded and ran Sophos Anti-Rootkit, nothing found.
     
  4. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,909
    First Name:
    Frank
    Go here and click the green icon to download and save HijackThis 2.0.2.

    Close all open browser windows first, then install it in its default location: C:\Program Files\Trend Micro\HijackThis.

    Start it, then click "Do a system scan and save a log file".

    When the scan is finished and the log appears, save the log.

    Return here, then copy-and-paste the entire log here.

    --------------------------------------------------------------
     
  6. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    perfume: I use IE8, Windows Updates were last installed on 4/13/10. I used Firefox 3.6.3 to download Google Earth.

    flavallee: Here's the HJT log you requested.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:47 PM, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis_1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269430984687
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

    --
    End of file - 4974 bytes
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,909
    First Name:
    Frank
    You've got multiple antivirus programs installed and running at the same time, and you've got over-kill with antispyware/antimalware programs.

    Avira AntiVir

    COMODO Internet Security

    Emsi a-squared

    Lavasoft Ad-Aware

    Spybot - Search & Destroy

    SUPERAntiSpyware


    I'm not a fan of McAfee SiteAdvisor either.

    I'd keep Avira AntiVir and SUPERAntiSpyware and add Malwarebytes Anti-Malware to the mix and get rid of all the others.

    --------------------------------------------------------------

    I can't really say if this is causing the problem you're having with Google Earth.

    --------------------------------------------------------------
     
  8. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear sir,
    Sorry for pestering you with so many queries! Never looked but only saw! As flavallee said remove Comodo. Spybot does not jell with Ad-Aware, so dump Ad_Aware! Avira Antivir is still the best among the free AVs. Please use IE8 as a last resort! Can you kindly post what add-ons you have in your FF3.6.3? Instead of McAfee Site Advisor, Install WOT( it is available as an add-on in FF! It can be installed in Google Chrome and IE!

    Please run an "online AV scan ,preferably with Trend-Micro free on-line scan. Completely uninstall Google Earth using Revo Un-installer, restart and re-install Google earth. Restart again and see how things go. I have a policy of restarting(rebooting) the PC after every un-install and every new install!Kindly use an administrator log-in password! Best wishes sir!:)(y)

    PS: I am still in my teens and any faults i have made is because of the "Hormone surges";).
     
  9. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    Frank, thanks for your input:

    COMODO Internet Security - I don't have the antivirus installed, just the firewall

    Emsi a-squared - I "believe" there is no real time protection

    Lavasoft Ad-Aware - Real time protection Ad-Watch is disabled

    Spybot - Search & Destroy - Real time protection Tea Timer is disabled

    Even though none of these programs are providing Real Time Protection are they still conflicting with Avira AntiVir?
     
  10. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    perfume:

    Thanks for telling me about WOT. I removed McAfee Site Advisor and installed WOT. My other Add-ons are Xmarks, Personas, Old Location Bar, NoScript, Answers and IE View.

    I've been using Firefox for about 6 yrs now and I hardly even use IE8.

    I have removed Google Earth completely and will wait before installing it again, if ever. :D

    I did an online scan at Trend-Micro, nothing was found.
     
  11. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear sir,
    why do use IE View! Kindly see the list of add-ons in my FF, in the thumbnail below.:)
     

    Attached Files:

  12. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    Sometimes but not very often these days, a web page doesn't display correctly in Firefox, so I use IE View as a quick link to that web page. I looked at your Add-ons list and installed KeyScrambler.
     
  13. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,909
    First Name:
    Frank
    Google Earth 5.1.3534 was released today.

    ----------------------------------------------------------------
     
  14. GoJoAGoGo

    GoJoAGoGo Thread Starter

    Joined:
    Dec 26, 2002
    Messages:
    42,011
    First Name:
    Joe
    That must be the reason why Google Update Service (gupdate.exe) reinstalled Google Earth on 04/17/10 without my permission. As I mentioned in my 1st post, I had disabled gupdate.exe in "Services" but still the update was still done. I found some links on the web concerning the Google Update Service (gupdate.exe) and how to disable it. After checking the Events Viewer > Administration, gupdate.exe will check for updates about every 4 hrs and attempt to connect with the Google servers. That's like 6 times a day. Not many antivirus programs check for updates that often. So why is Google checking for updates on their non security programs that much?

    http://www.bing.com/search?q=Google+Earth+-+gupdate.exe&x=37&y=17&form=MSNH14&qs=n

    After reading some of the articles, I had since uninstalled Google Earth using the Revo Uninstaller which said it had removed Google Earth completely. I did some scans of my registry and about 100 more entries concerning (gupdate.exe) were found and removed. I also did some scans of all my system folders and more Google Folders were found in various C:\Windows and C:\Documents and Settings locations. As these articles mentioned, Google tends to install Folders not only in C:\Program Files but in several other locations.

    So I won't be using Google Earth or any other Google program any longer as it seems Google has overdone their "Updating Process".
     
  15. helpful

    helpful

    Joined:
    Sep 17, 2009
    Messages:
    697
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917571

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice