# Whats Up With Google Earth?



## GoJoAGoGo (Dec 26, 2002)

I use Win XP Home SP3. I installed Google Earth about 2 weeks ago. A few days after I noticed in the Event Viewer > Administration that Google's update file, "gupdate.exe" was trying to connect back home to the Google servers several times a day. I disabled gupdate.exe in Services. Last night, the Google Earth program was reinstalled on my system without my knowledge. The way I noticed was that a Google Earth shortcut icon was installed on my desktop, I didn't have a shortcut icon on my desktop before, only in my start menu. I checked the Events Viewer > Administration and it stated that "MsInstaller" had performed the following task - *Product: Google Earth -- Installation operation completed successfully. *Since I had disabled the Google installer file, "gupdate.exe", what triggered "MsInstaller" to perform an installation of Google Earth when no updated version was available?


----------



## perfume (Sep 13, 2008)

Dear GoJoAGoGo,
Hi there! 1)Did you initially use IE (7 OR 8?) to download Google Earth? Were you on par with all the recent hotfixes?2) Please run---> SAS,MBAM, your AV, and an online AV scanner ( *i prefer to run them ,one after the other,don't ask me why!*. Kindly install Sophos Anti-Rootkit and run it (please post the results). website to download : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html. Please do not try to "repair" any registry issues! Let this be the starting point as malware or a browser hijack seems very likely! Hoping for the best!:up:


----------



## GoJoAGoGo (Dec 26, 2002)

Hi perfume thanks for your input.

I ran SAS,MBAM and Avira AntiVir all scans found nothing. Downloaded and ran Sophos Anti-Rootkit, nothing found.


----------



## perfume (Sep 13, 2008)

What version of Internet Explorer are you using? Are MS updates-up to date? Please look up to this G-Earth support site : http://earth.google.com/support/bin/answer.py?answer=134362&cbid=134362&src=cb&lev=index
best wishes!:up:


----------



## flavallee (May 12, 2002)

Go here and click the green icon to download and save *HijackThis 2.0.2*.

Close all open browser windows first, then install it in its default location: C:\Program Files\Trend Micro\HijackThis.

Start it, then click "Do a system scan and save a log file".

When the scan is finished and the log appears, save the log.

Return here, then copy-and-paste the entire log here.

--------------------------------------------------------------


----------



## GoJoAGoGo (Dec 26, 2002)

perfume: I use IE8, Windows Updates were last installed on 4/13/10. I used Firefox 3.6.3 to download Google Earth.

flavallee: Here's the HJT log you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:47 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis_1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269430984687
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 4974 bytes


----------



## flavallee (May 12, 2002)

You've got multiple antivirus programs installed and running at the same time, and you've got over-kill with antispyware/antimalware programs.

*Avira AntiVir

COMODO Internet Security

Emsi a-squared

Lavasoft Ad-Aware

Spybot - Search & Destroy

SUPERAntiSpyware*

I'm not a fan of *McAfee SiteAdvisor* either.

I'd keep Avira AntiVir and SUPERAntiSpyware and add *Malwarebytes Anti-Malware* to the mix and get rid of all the others.

--------------------------------------------------------------

I can't really say if this is causing the problem you're having with *Google Earth*.

--------------------------------------------------------------


----------



## perfume (Sep 13, 2008)

Dear sir,
Sorry for pestering you with so many queries! Never looked but only saw! As flavallee said remove Comodo. Spybot does not jell with Ad-Aware, so dump Ad_Aware! Avira Antivir is still the best among the free AVs. Please use IE8 as a last resort! Can you kindly post what add-ons you have in your FF3.6.3? Instead of McAfee Site Advisor, Install WOT( it is available as an add-on in FF! It can be installed in Google Chrome and IE!

Please run an "online AV scan ,preferably with Trend-Micro free on-line scan. Completely uninstall Google Earth using Revo Un-installer, restart and re-install Google earth. Restart again and see how things go. I have a policy of restarting(rebooting) the PC after every un-install and every new install!Kindly use an administrator log-in password! Best wishes sir!:up:

PS: I am still in my teens and any faults i have made is because of the "Hormone surges".


----------



## GoJoAGoGo (Dec 26, 2002)

Frank, thanks for your input:

*COMODO Internet Security *- I don't have the antivirus installed, just the firewall

*Emsi a-squared* - I "believe" there is no real time protection

*Lavasoft Ad-Aware *- Real time protection Ad-Watch is disabled

*Spybot - Search & Destroy* - Real time protection Tea Timer is disabled

Even though none of these programs are providing Real Time Protection are they still conflicting with Avira AntiVir?


----------



## GoJoAGoGo (Dec 26, 2002)

perfume:

Thanks for telling me about WOT. I removed McAfee Site Advisor and installed WOT. My other Add-ons are Xmarks, Personas, Old Location Bar, NoScript, Answers and IE View.

I've been using Firefox for about 6 yrs now and I hardly even use IE8.

I have removed Google Earth completely and will wait before installing it again, if ever. 

I did an online scan at Trend-Micro, nothing was found.


----------



## perfume (Sep 13, 2008)

Dear sir,
why do use IE View! Kindly see the list of add-ons in my FF, in the thumbnail below.


----------



## GoJoAGoGo (Dec 26, 2002)

Sometimes but not very often these days, a web page doesn't display correctly in Firefox, so I use IE View as a quick link to that web page. I looked at your Add-ons list and installed KeyScrambler.


----------



## flavallee (May 12, 2002)

*Google Earth 5.1.3534* was released today.

----------------------------------------------------------------


----------



## GoJoAGoGo (Dec 26, 2002)

flavallee said:


> *Google Earth 5.1.3534* was released today.
> 
> ----------------------------------------------------------------


That must be the reason why Google Update Service (gupdate.exe) reinstalled Google Earth on 04/17/10 without my permission. As I mentioned in my 1st post, I had disabled gupdate.exe in "Services" but still the update was still done. I found some links on the web concerning the Google Update Service (gupdate.exe) and how to disable it. After checking the Events Viewer > Administration, gupdate.exe will check for updates about every 4 hrs and attempt to connect with the Google servers. That's like 6 times a day. Not many antivirus programs check for updates that often. So why is Google checking for updates on their non security programs that much?

http://www.bing.com/search?q=Google+Earth+-+gupdate.exe&x=37&y=17&form=MSNH14&qs=n

After reading some of the articles, I had since uninstalled Google Earth using the Revo Uninstaller which said it had removed Google Earth completely. I did some scans of my registry and about 100 more entries concerning (gupdate.exe) were found and removed. I also did some scans of all my system folders and more Google Folders were found in various C:\Windows and C:\Documents and Settings locations. As these articles mentioned, Google tends to install Folders not only in C:\Program Files but in several other locations.

So I won't be using Google Earth or any other Google program any longer as it seems Google has overdone their "Updating Process".


----------



## helpful (Sep 18, 2009)

Have you tried downloading the "advanced setup" without Allow Google Earth to automatically install recommended updates checked?

http://earth.google.com/intl/en/download-earth-advanced.html

Or use the Direct Link below:

http://dl.google.com/earth/client/advanced/current/GoogleEarthWin.exe


----------



## GoJoAGoGo (Dec 26, 2002)

So if you *(Uncheck)* Allow Google Earth to automatically install recommended updates, the gupdate.exe or any other Google Updater file isn't installed?


----------



## perfume (Sep 13, 2008)

flavallee said:


> *Google Earth 5.1.3534* was released today.
> 
> ----------------------------------------------------------------


Dear flavallee,
Thanks !:up:

Dear helpful,
Nice tip!


----------



## perfume (Sep 13, 2008)

Dear sir( GoJoAGoGo),
Google which started as a very helpful "search engine" has grown so much, that their shoe sizes are>15, and unless we keep our eyes "really peeled open",it will become a pain at the wrong place! But Google Earth is a real joy and i am pestering mom to give me the euros needed to buy a full-fledged pro version! It is supposed to even show a Coke can in your backyard! Now the emphasis has shifted to buying a damn good laptop/netbook too, for my classes and i *request my young friends in the forum to suggest a killer of a machine which can make the ladies in the class delighted! You see, i have to salvage something out of the anxiety and stress, which can make sugars go"Zoom".*:up:
http://forums.techguy.org/members/51114-gojoagogo.html


----------



## helpful (Sep 18, 2009)

Yes, Google Updater does not get installed, so no service is running in the background polling Google servers for application updates.

You can always manually update Google earth later through the application if required.

Open Google Earth
> Help Menu
> Check for Updates Online


----------



## GoJoAGoGo (Dec 26, 2002)

helpful:

Thanks, that sounds like the way to go.


----------



## helpful (Sep 18, 2009)

perfume said:


> Dear sir( GoJoAGoGo),
> Google which started as a very helpful "search engine" has grown so much, that their shoe sizes are>15, and unless we keep our eyes "really peeled open",it will become a pain at the wrong place! But Google Earth is a real joy and i am pestering mom to give me the euros needed to buy a full-fledged pro version! It is supposed to even show a Coke can in your backyard! Now the emphasis has shifted to buying a damn good laptop/netbook too, for my classes and i *request my young friends in the forum to suggest a killer of a machine which can make the ladies in the class delighted! You see, i have to salvage something out of the anxiety and stress, which can make sugars go"Zoom".*:up:


Not sure what your budget is but here is my suggestion...

ASUS G Series G73JH-X1 - $1599

http://www.newegg.com/product/product.aspx?Item=N82E16834220695


----------



## perfume (Sep 13, 2008)

Dear helpful,
Ever heard of the"Gravy Train"? My dad a diplomat and since two years he's been in India! Yea, i can tweak his arm and get one( i hope so!). Thanks for the post!


----------

