Whats Up With Google Earth?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
I use Win XP Home SP3. I installed Google Earth about 2 weeks ago. A few days after I noticed in the Event Viewer > Administration that Google's update file, "gupdate.exe" was trying to connect back home to the Google servers several times a day. I disabled gupdate.exe in Services. Last night, the Google Earth program was reinstalled on my system without my knowledge. The way I noticed was that a Google Earth shortcut icon was installed on my desktop, I didn't have a shortcut icon on my desktop before, only in my start menu. I checked the Events Viewer > Administration and it stated that "MsInstaller" had performed the following task - Product: Google Earth -- Installation operation completed successfully. Since I had disabled the Google installer file, "gupdate.exe", what triggered "MsInstaller" to perform an installation of Google Earth when no updated version was available? :confused:
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear GoJoAGoGo,
Hi there! 1)Did you initially use IE (7 OR 8?) to download Google Earth? Were you on par with all the recent hotfixes?2) Please run---> SAS,MBAM, your AV, and an online AV scanner ( i prefer to run them ,one after the other,don't ask me why!. Kindly install Sophos Anti-Rootkit and run it (please post the results). website to download : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html. Please do not try to "repair;)" any registry issues! Let this be the starting point as malware or a browser hijack seems very likely! Hoping for the best!(y)
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
Hi perfume thanks for your input.

I ran SAS,MBAM and Avira AntiVir all scans found nothing. Downloaded and ran Sophos Anti-Rootkit, nothing found.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,117
Go here and click the green icon to download and save HijackThis 2.0.2.

Close all open browser windows first, then install it in its default location: C:\Program Files\Trend Micro\HijackThis.

Start it, then click "Do a system scan and save a log file".

When the scan is finished and the log appears, save the log.

Return here, then copy-and-paste the entire log here.

--------------------------------------------------------------
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
perfume: I use IE8, Windows Updates were last installed on 4/13/10. I used Firefox 3.6.3 to download Google Earth.

flavallee: Here's the HJT log you requested.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:47 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis_1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269430984687
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 4974 bytes
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,117
You've got multiple antivirus programs installed and running at the same time, and you've got over-kill with antispyware/antimalware programs.

Avira AntiVir

COMODO Internet Security

Emsi a-squared

Lavasoft Ad-Aware

Spybot - Search & Destroy

SUPERAntiSpyware


I'm not a fan of McAfee SiteAdvisor either.

I'd keep Avira AntiVir and SUPERAntiSpyware and add Malwarebytes Anti-Malware to the mix and get rid of all the others.

--------------------------------------------------------------

I can't really say if this is causing the problem you're having with Google Earth.

--------------------------------------------------------------
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear sir,
Sorry for pestering you with so many queries! Never looked but only saw! As flavallee said remove Comodo. Spybot does not jell with Ad-Aware, so dump Ad_Aware! Avira Antivir is still the best among the free AVs. Please use IE8 as a last resort! Can you kindly post what add-ons you have in your FF3.6.3? Instead of McAfee Site Advisor, Install WOT( it is available as an add-on in FF! It can be installed in Google Chrome and IE!

Please run an "online AV scan ,preferably with Trend-Micro free on-line scan. Completely uninstall Google Earth using Revo Un-installer, restart and re-install Google earth. Restart again and see how things go. I have a policy of restarting(rebooting) the PC after every un-install and every new install!Kindly use an administrator log-in password! Best wishes sir!:)(y)

PS: I am still in my teens and any faults i have made is because of the "Hormone surges";).
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
Frank, thanks for your input:

COMODO Internet Security - I don't have the antivirus installed, just the firewall

Emsi a-squared - I "believe" there is no real time protection

Lavasoft Ad-Aware - Real time protection Ad-Watch is disabled

Spybot - Search & Destroy - Real time protection Tea Timer is disabled

Even though none of these programs are providing Real Time Protection are they still conflicting with Avira AntiVir?
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
perfume:

Thanks for telling me about WOT. I removed McAfee Site Advisor and installed WOT. My other Add-ons are Xmarks, Personas, Old Location Bar, NoScript, Answers and IE View.

I've been using Firefox for about 6 yrs now and I hardly even use IE8.

I have removed Google Earth completely and will wait before installing it again, if ever. :D

I did an online scan at Trend-Micro, nothing was found.
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
Sometimes but not very often these days, a web page doesn't display correctly in Firefox, so I use IE View as a quick link to that web page. I looked at your Add-ons list and installed KeyScrambler.
 

GoJoAGoGo

Joe
Thread Starter
Joined
Dec 26, 2002
Messages
42,057
Google Earth 5.1.3534 was released today.

----------------------------------------------------------------
That must be the reason why Google Update Service (gupdate.exe) reinstalled Google Earth on 04/17/10 without my permission. As I mentioned in my 1st post, I had disabled gupdate.exe in "Services" but still the update was still done. I found some links on the web concerning the Google Update Service (gupdate.exe) and how to disable it. After checking the Events Viewer > Administration, gupdate.exe will check for updates about every 4 hrs and attempt to connect with the Google servers. That's like 6 times a day. Not many antivirus programs check for updates that often. So why is Google checking for updates on their non security programs that much?

http://www.bing.com/search?q=Google+Earth+-+gupdate.exe&x=37&y=17&form=MSNH14&qs=n

After reading some of the articles, I had since uninstalled Google Earth using the Revo Uninstaller which said it had removed Google Earth completely. I did some scans of my registry and about 100 more entries concerning (gupdate.exe) were found and removed. I also did some scans of all my system folders and more Google Folders were found in various C:\Windows and C:\Documents and Settings locations. As these articles mentioned, Google tends to install Folders not only in C:\Program Files but in several other locations.

So I won't be using Google Earth or any other Google program any longer as it seems Google has overdone their "Updating Process".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top