Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Google installer has stopped working

  1. #1
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Google installer has stopped working

    I've had this computer in here for a week. Thought I got it working properly and then ran into problems when doing a restore to a previous date. I don't know if it's malware related so I'm hoping that Kenny can take a look at it.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by JDS at 12:07:22.81 on Fri 04/30/2010
    Internet Explorer: 8.0.6001.18904
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.561 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Users\JDS\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.google.com/mail/?shva=1#
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmen u.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.ex e" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu. exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistart menu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
    mRun: [CPMonitor] "c:\program files\roxio creator 2009 special edition\5.0\CPMonitor.exe"
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
    mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    StartupFolder: c:\users\jds\appdata\roaming\micros~1\windows\star tm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 relog_ap
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jds\appdata\roaming\mozilla\firefox\profi les\dxkuqpqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.d ll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-6 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-7 297752]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\p rogram files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-6 335240]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-7 908056]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 special edition\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
    S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
    S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 special edition\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

    =============== Created Last 30 ================

    2010-04-18 23:36:12 766 ----a-w- c:\windows\system\CRIcon.ico
    2010-04-14 13:07:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 13:07:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 13:07:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 13:07:05 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 13:07:05 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 13:07:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 13:06:04 62464 ----a-w- c:\windows\system32\l3codeca.acm
    2010-04-14 13:06:04 220672 ----a-w- c:\windows\system32\l3codecp.acm
    2010-04-14 13:06:01 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-04-14 13:06:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-04-14 13:06:00 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-04-14 13:02:52 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 13:01:55 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-12 21:05:35 0 d-----w- c:\users\jds\appdata\roaming\Foxit Software
    2010-04-10 13:33:08 0 d-----w- c:\users\jds\appdata\roaming\TaxCut
    2010-04-10 13:30:41 0 d-----w- c:\program files\PDF995
    2010-04-10 13:30:41 0 d-----w- c:\program files\HRBlock2009
    2010-04-10 13:28:02 0 d-----w- c:\programdata\TaxCut

    ==================== Find3M ====================

    2010-04-30 15:58:23 31681 ----a-w- c:\programdata\nvModes.dat
    2010-04-18 23:37:51 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-04-18 23:37:51 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-04-18 23:37:16 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-02-24 14:16:06 181632 ----a-w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-01 17:34:57 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2008-10-25 23:12:45 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 12:11:25.00 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2008 9:14:52 PM
    System Uptime: 4/30/2010 11:56:24 AM (1 hours ago)

    Motherboard: Wistron | | 303C
    Processor: AMD Turion Dual-Core RM-72 | Socket A | 2100/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 287 GiB total, 209.88 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.819 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR5009 802.11a/g/n WiFi Adapter
    Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1381103C&REV_01\4&B22 4E5E&0&00A0
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR5009 802.11a/g/n WiFi Adapter
    PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1381103C&REV_01\4&B22 4E5E&0&00A0
    Service: athr

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    "Nero SoundTrax Help
    Acronis*True*Image*Home
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player
    Advertising Center
    AnswerWorks 5.0 English Runtime
    Atheros Driver Installation Program
    AVG Free 8.5
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CutePDF Writer 2.7
    CyberLink DVD Suite
    CyberLink YouCam
    Data Lifeguard Diagnostic for Windows
    DirectX 9 Runtime
    DolbyFiles
    EMC 11 Content
    ESU for Microsoft Vista
    Foxit Reader
    Google Update Helper
    H&R Block Deluxe + Efile + State 2009
    H&R Block Pennsylvania 2009
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPTCSSetup
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes' Anti-Malware
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Movie Templates - Starter Kit
    Mozilla Firefox (3.5.5)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    NetWaiting
    NetZero Preloader
    Norton Internet Security
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.0
    Power2Go
    PowerDirector
    PVSonyDll
    Quicken 2009
    Realtek USB 2.0 Card Reader
    Roxio Activation Module
    Roxio Central
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2009 Special Edition
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Skype™ 3.8
    SmartSound Quicktracks Plugin
    SoundTrax
    SPORE Creature Creator Trial Edition
    Spybot - Search & Destroy
    SUPERAntiSpyware Professional
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC 9.0 Runtime
    WD Anywhere Backup
    WD Drive Manager (x86)
    ZoneAlarm

    ==== End Of File ===========================

  2. #2
    Join Date
    Apr 2009
    Location
    USA SC
    Posts
    1,044

    Re: Google installer has stopped working

    Looks fine kelly....

  3. #3
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Re: Google installer has stopped working

    Kenny - thank you for checking. Apparently it's something else. I've been fighting with this since Monday. Puling RAM changing NIC's, doing System Restore to an earlier dates. Beating my head against the wall. At least now I know it's not malware. I'll continue to beat head against wall. It helps sometimes.

    Thanks again,
    - Tony

  4. #4
    Join Date
    Apr 2009
    Location
    USA SC
    Posts
    1,044

    Re: Google installer has stopped working

    When you said "Google installer has stopped working" what to you mean by this?

  5. #5
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Re: Google installer has stopped working

    I'm still on this machine today.

    1) Shortly after booting and before all the icons in the SysTray are loaded, a windows comes up seeming to come from Microsoft Windows. The message is 'Google Installer stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available.'

    The wireless has stopped working. I uninstalled the driver and it got picked up on restart.

    2) So now that the wireless is working, I'm getting another MS Window that says 'Host Process for Windows Services stopped working and was closed ...'.

    3) Then I brought up IE and was met with Windows Explorer has stopped working.

    4) Also got a Windows host process (Rundll32) has stopped working immediatelly when I clicked on 'Connect to a network'. I was even given a chance to choose a network.

    Opening MalwareBytesAM gives Error Code: (0,9). I tried to remove MalwareBytes and got 'Invalid stream format'.

    I can get on the Internet with an Ethernet cable but I just got a 'Host Process for Windows Services stoped working and was closed.

    When I try to download a MBAM, I'm getting Internet Explorer Security window: 'A website wanto to open web content using this program on your computer. - It's AVG SCanning Core Module - Server Part. I have AVG shut down. I'm going to uninstall it.

    Anyway - things were looking good at one time last week, but now I'm finding more and more problems.

    I ran chkdsk on it - only found some problems in the free space.


    I'm seeing disk activity when I don't think there should be any, or at least not as much acitivity when it's idle.

  6. #6
    Join Date
    Apr 2009
    Location
    USA SC
    Posts
    1,044

    Re: Google installer has stopped working

    1. Download ComboFix from below:
      Combofix download

      * IMPORTANT !!! Place combofix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

      You can get help on disabling your protection programs here
    3. Double click on combofix.exe & follow the prompts.
    4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
      Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



      The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
      With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
      Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
      ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
      The Recovery Console was successfully installed.

      Click on Yes, to continue scanning for malware.
    5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    6. When finished, it shall produce a log for you. Post that log in your next reply
      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
      ---------------------------------------------------------------------------------------------
    7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

  7. #7
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Re: Google installer has stopped working

    I turned off the AV's: SAS and AVG. However, ComboFix said they were still running.

    ComboFix 10-05-03.01 - JDS 05/03/2010 14:49:55.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.649 [GMT -4:00]
    Running from: c:\users\JDS\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1376201192-426686078-2981821646-500
    c:\$recycle.bin\S-1-5-21-1906384608-1346715818-2888623819-500
    c:\windows\system32\%appdata%
    c:\windows\system32\ndisapi.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-04-27 13:09 . 2010-04-27 13:09 -------- d-----w- c:\users\JDS\AppData\Roaming\GTek
    2010-04-18 23:34 . 2010-04-18 23:34 -------- d-----w- c:\users\JDS\AppData\Roaming\InstallShield
    2010-04-14 13:07 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 13:07 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 13:07 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 13:07 . 2010-04-30 19:06 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 13:07 . 2010-04-30 19:06 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 13:07 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 13:06 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-04-14 13:06 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-04-14 13:06 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-04-14 13:02 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 13:01 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-12 21:05 . 2010-04-30 15:04 -------- d-----w- c:\users\JDS\AppData\Roaming\Foxit Software
    2010-04-10 13:33 . 2010-04-10 13:33 -------- d-----w- c:\users\JDS\AppData\Roaming\TaxCut
    2010-04-10 13:30 . 2010-04-30 15:04 -------- d-----w- c:\program files\PDF995
    2010-04-10 13:30 . 2010-04-10 13:31 -------- d-----w- c:\program files\HRBlock2009
    2010-04-10 13:28 . 2010-04-10 13:28 -------- d-----w- c:\programdata\TaxCut

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2010-05-03 19:02 . 2009-01-26 13:16 31681 ----a-w- c:\programdata\nvModes.dat
    2010-05-03 18:19 . 2009-01-23 12:22 -------- d-----w- c:\users\JDS\AppData\Roaming\Skype
    2010-05-03 14:23 . 2009-01-07 02:51 -------- d-----w- c:\users\JDS\AppData\Roaming\skypePM
    2010-04-30 15:54 . 2009-01-07 02:02 -------- d-----w- c:\program files\Google
    2010-04-30 15:10 . 2009-01-06 13:53 95792 ----a-w- c:\users\JDS\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-30 15:04 . 2009-11-01 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-30 15:04 . 2009-11-01 14:05 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-30 15:04 . 2009-01-07 02:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-04-26 17:06 . 2009-11-01 14:07 117760 ----a-w- c:\users\JDS\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-18 23:53 . 2009-01-06 13:57 -------- d-----w- c:\users\JDS\AppData\Roaming\Hewlett-Packard
    2010-04-18 23:43 . 2008-10-25 22:51 -------- d-----w- c:\programdata\Hewlett-Packard
    2010-04-14 14:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-04-14 13:40 . 2008-10-25 23:52 -------- d-----w- c:\programdata\Microsoft Help
    2010-04-12 20:50 . 2010-04-12 20:50 3262128 ----a-w- c:\programdata\TaxCut\2009\Downloads\HRBlockPA.exe
    2010-04-10 13:35 . 2010-04-10 13:35 21195208 ----a-w- c:\programdata\TaxCut\2009\Update\US30026901xupd.e xe
    2010-04-06 12:39 . 2008-12-13 03:10 -------- d-----w- c:\programdata\NVIDIA
    2010-03-29 19:53 . 2009-01-07 02:37 -------- d-----w- c:\program files\AVG
    2010-03-29 19:52 . 2009-01-07 02:37 -------- d-----w- c:\programdata\avg8
    2010-03-18 16:12 . 2010-03-18 16:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb19A9.tmp.exe
    2010-03-10 19:20 . 2010-03-10 19:20 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb48E0.tmp.exe
    2010-03-10 18:59 . 2010-03-10 18:59 52224 ----a-w- c:\users\JDS\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-24 14:16 . 2009-10-07 20:00 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-04-01 01:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-04-01 01:16 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-04-01 01:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-04-01 01:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06 . 2010-03-10 08:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05 . 2010-03-10 08:00 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-02-20 20:53 . 2010-03-10 08:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2008-10-25 23:12 . 2008-10-25 22:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-06 2010864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-12-24 222504]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
    "CPMonitor"="c:\program files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe" [2008-08-10 80368]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-17 1164912]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-17 1941784]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
    "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
    "WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

    c:\users\JDS\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):db,37,90,ed,94,47,ca,01

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-01 335240]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-01 908056]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
    R2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
    R2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
    R2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
    R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
    R3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-14 1124848]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-20 108552]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-18 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-18 66632]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-01 297752]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\p rogram files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-04-17 25824]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-18 12872]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 05:02]

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 05:02]

    2010-03-10 c:\windows\Tasks\NeroLiveEpgUpdate-JDS-PC_JDS.job
    - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 18:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mail.google.com/mail/?shva=1#
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion &pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\JDS\AppData\Roaming\Mozilla\Firefox\Profi les\dxkuqpqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    MSConfigStartUp-MioNet - c:\program files\MioNet\MioNetLauncher.exe



    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 15:04
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(720)
    c:\windows\system32\relog_ap.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\AVG\AVG8\avgtray.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\windows\ehome\ehmsas.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\wermgr.exe
    .
    ************************************************** ************************
    .
    Completion time: 2010-05-03 15:12:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-03 19:12

    Pre-Run: 225,438,375,936 bytes free
    Post-Run: 225,454,129,152 bytes free

    - - End Of File - - 9DBE75A8FA42BD6EEE28A8A8E5A95A63

  8. #8
    Join Date
    Apr 2009
    Location
    USA SC
    Posts
    1,044

    Re: Google installer has stopped working

    Run CFScript

    • Close any open browsers.
    • Open Notepad by click start
    • Click Run
    • Type notepad into the box and click enter
    • Notepad will open
    • Copy and Paste everything from the Code box into Notepad:

    Code:
    RegLock:: 
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    Save the file to your desktop and name it CFScript.txt
    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




    This will start ComboFix again. It may ask to reboot.



    Next



    Please visit the links HERE and HERE first to read about this new Microsoft tool!
    Then you can download and use: Microsoft Fix it Center Online
    Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
    It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.


    Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

    • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
    • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
    • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
    Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

  9. #9
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Re: Google installer has stopped working

    ComboFix is running the CFScript.
    btw: Looking thru the CF log, I noticed that Google Update was a scheduled task. I checked the Scheduled Task program and indeed it's in there. It's not in Add/Remove Programs.

  10. #10
    Join Date
    May 2006
    Location
    Malvern, PA
    Posts
    6,619

    Re: Google installer has stopped working

    No joy - I even deleted the Google Updater from the Task folder.

    Let me work no this a bit more.

Bookmarks

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •