| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97564 | 2009-02-20 03:18:00 | GoogleUpdate.ex in my taskmanager | lightfoot500 (14634) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 749568 | 2009-02-20 03:18:00 | Hi, What is googleupdate and why do i want it in my puter? here is the problem. i have a firewall and it gave notice that (Google Installer) GoogleUpdate.exe was trying to contact cr-tools.clients.google.com [209.85.147.101], did i want to let this meeting take place? and naturally I said NO, I dont know you so why should i let you in my computer. So i look in task manager i saw GoogleUdate.ex (without the last e), i tried to end it's sorry little life and it blocked me. so i did a file search for googleupdate.ex and all it came up with was C:\Programs\Google\googleupdate.exe and it also blocked me from deleting it. I did a Highjack this log and I didnt know what to delete and didnt see anything related to a googleupdater. My OS is windows 2000 up till very recently have been using kaspersky av. I ran bitdefender's online scan and it came up with several infected files, much more than kaspersky had found. But Bitdefender 2009 doesnt work with Win2k, so the online rep told me. so i would have to get a 2008 version if i wanted to use bitdefender to clean my computer. My computer has been running slowly like it took forever to go to yahoo's website for some reason. I have come to suspect the firewall, sygate personal firewall 5.5 may have something to do with it, sygate was bought out by symantec, i believe. i have been thinking of using komodo as a firewall. I will post the HighJackThis Log in a subsequent post. ligh500 |
lightfoot500 (14634) | ||
| 749569 | 2009-02-20 03:19:00 | Post the log here That file probably belongs to Google toolbar or something to do with Google Get malwarebytes below install it update it then scan |
Speedy Gonzales (78) | ||
| 749570 | 2009-02-20 03:25:00 | Logfile of HijackThis v1.97.7 Scan saved at 8:06:40 PM, on 2/19/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\Smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\devldr32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe C:\Program Files\NSNetMon\NetMon.exe C:\Program Files\NSNetMona\NetMon.exe C:\Program Files\NSNetMonb\NetMon.exe C:\DOWNLOAD\FreeWARE\FreeRamMemory\FreeRAM XP Pro 1.40.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\LVComsX.exe C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe c:\program files\pegasus transtech\transflo now\transflo.client.agent.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\taskmgr.exe C:\DOWNLOAD\FreeWARE\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - (no file) O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray. exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2 O4 - HKLM\..\Run: [Transflo Notify] C:\Program Files\Pegasus TransTech\TRANSFLO Now\Transflo.Notify.exe O4 - HKLM\..\Run: [NSNetMon_jbcfdbijcdbjfcid] C:\Program Files\NSNetMon\NetMon.exe O4 - HKLM\..\Run: [NSNetMon_jidcigiheebbabbi] C:\Program Files\NSNetMona\NetMon.exe O4 - HKLM\..\Run: [NSNetMon_gejgdcccjhjabija] C:\Program Files\NSNetMonb\NetMon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOWNLOAD\FreeWARE\FreeRamMemory\FreeRAM XP Pro 1.40.exe" -win O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Downloads (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - www.surfsecret.com O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl.sun.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - www.microsoft.com O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - www.crucial.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - download.mcafee.com |
lightfoot500 (14634) | ||
| 749571 | 2009-02-20 03:37:00 | Tick these entries then tick fix checked Close browsers R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm O2 - BHO: (no name) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - (no file) O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Whats his belong to ? O4 - HKLM\..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2 I have no idea what this is, if you dont know uninstall it O4 - HKLM\..\Run: [NSNetMon_jbcfdbijcdbjfcid] C:\Program Files\NSNetMon\NetMon.exe O4 - HKLM\..\Run: [NSNetMon_jidcigiheebbabbi] C:\Program Files\NSNetMona\NetMon.exe O4 - HKLM\..\Run: [NSNetMon_gejgdcccjhjabija] C:\Program Files\NSNetMonb\NetMon.exe O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - Then reboot, then get trojan remover below, update it then scan Then select all options under utilities |
Speedy Gonzales (78) | ||
| 749572 | 2009-02-20 04:23:00 | ok thanks, i removed those entries and going to reboot. I hope this works, Mr. Spock. Netmon.exe is a little tool that runs along pinging a website of your choice to let you know how your connectivity is. my dsl provider, qwest, will lost signal for about 10 seconds 3-4 times a day, often it is late in the afternoon. i have 3 netmons running in the background for comparison. i started to see if my slowdown problem was the connection. which i am convinced now it is in my computer. my new laptop on the same dsl can load up a webpage that will take my 2.4ghz single cpu computer a couple minutes. so here i go... |
lightfoot500 (14634) | ||
| 749573 | 2009-02-20 04:45:00 | Ok, Im Back... I still have the googleupdate.exe. does any one know if that is worth keeping around? and how to get rid of it? seemed like it took a longer time to reboot, i was starting too worry. |
lightfoot500 (14634) | ||
| 749574 | 2009-02-20 04:48:00 | uninstall? | GameJunkie (72) | ||
| 749575 | 2009-02-20 05:08:00 | No, not in uninstall/remove in windows. But i did find out that googleupdate.exe may have come down from google earth. But i still dont think i want it running in the background. |
lightfoot500 (14634) | ||
| 749576 | 2009-02-20 05:19:00 | Google update is installed with other google products, you cannot uninstall it. To remove it, go run>services.msc>enter Navigate to the GoogleUpdate service, right click, select properties Then change startup type to disabled |
Blam (54) | ||
| 749577 | 2009-02-20 05:21:00 | ?? Why cant you uninstall it, if you dont want it, of course you can uninstall it . . If there are any Google programs in add/remove programs, that you dont want uninstall it / them |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||