1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Somethings wrong with my google, please help!

Discussion in 'Virus & Other Malware Removal' started by sandhulol, Oct 3, 2009.

Thread Status:
Not open for further replies.
  1. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    alright well i had malware and other stuff on my computer, i got rid of all that using super anti-spyware, spybot, and malware anti-bytes. the computer seems clean, but im getting doubts now because anything thats related to google.. i cant go on it. for instance, i try going on youtube, it takes me there and when i try signing in.. it says the url is invalid because when you click sign in on youtube it goes through the google page. i cant use the msn search engine, cant use yahoo, cant use bing, im using askjeeves. when i try going on google i get the following message "the url address is invalid". Whats wrong? im so fed up with this.

    im using windows xp a456c hp pavilion
    pentium 4 processor, intel inside.
    512 mb ram
    120 gig harddrive
  2. Sponsor

  3. TheShooter93

    TheShooter93 Malware Specialist

    Jul 9, 2008
    First Name:
    It sounds like a virus to me, but that's my best guess. I'd suggest doing thorough sweeps with every software you can think of. xD
  4. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    it cant be a virus, iv scanned with multiple scanners not 1 or 5, but maybe 10.
  5. TheShooter93

    TheShooter93 Malware Specialist

    Jul 9, 2008
    First Name:
    Try using a different browser and checking your internet options and firewalls.
  6. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    did all the things you mentioned.. nothing seems to work.
  7. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    can anyone help?
  8. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    i need this fixed asap and i am willing to paypal 10 dollars to anyone who can help me out on this.
  9. flavallee

    flavallee Trusted Advisor

    May 12, 2002
    First Name:

    Go here and click the green icon to download HijackThis 2.0.2.

    Close all open windows, then install it in its default location: C:\Program Files\Trend Micro\HijackThis.

    Run a scan with it - which will take 30 seconds or less.

    Save the resulting log in Notepad.

    Return here, then copy-and-paste the ENTIRE log here.


    You made a typo. Your HP Pavilion is a a465c and not a a456c.

    It originally came with 2 - 256 MB modules and with the other 2 RAM slots empty.

    It supports up to 2048 MB of RAM and uses DDR PC3200 modules.

    You should consider purchasing 4 - 512 MB modules and maxing out the RAM in that desktop.

    You can purchase them here. I've used that site for years and can attest to its reliability.

  10. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:01:25 PM, on 10/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Windows Media Player\wmplayer.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10181&jr=true
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O1 - Hosts: 4-open-davinci.com
    O1 - Hosts: securitysoftwarepayments.com
    O1 - Hosts: privatesecuredpayments.com
    O1 - Hosts: secure.privatesecuredpayments.com
    O1 - Hosts: getantivirusplusnow.com
    O1 - Hosts: secure-plus-payments.com
    O1 - Hosts: www.getantivirusplusnow.com
    O1 - Hosts: www.secure-plus-payments.com
    O1 - Hosts: www.getavplusnow.com
    O1 - Hosts: www.securesoftwarebill.com
    O1 - Hosts: secure.paysecuresystem.com
    O1 - Hosts: paysoftbillsolution.com
    O1 - Hosts: google.ae
    O1 - Hosts: google.as
    O1 - Hosts: google.at
    O1 - Hosts: google.az
    O1 - Hosts: google.ba
    O1 - Hosts: google.be
    O1 - Hosts: google.bg
    O1 - Hosts: google.bs
    O1 - Hosts: google.ca
    O1 - Hosts: google.cd
    O1 - Hosts: google.com.gh
    O1 - Hosts: google.com.hk
    O1 - Hosts: google.com.jm
    O1 - Hosts: google.com.mx
    O1 - Hosts: google.com.my
    O1 - Hosts: google.com.na
    O1 - Hosts: google.com.nf
    O1 - Hosts: google.com.ng
    O1 - Hosts: google.ch
    O1 - Hosts: google.com.np
    O1 - Hosts: google.com.pr
    O1 - Hosts: google.com.qa
    O1 - Hosts: google.com.sg
    O1 - Hosts: google.com.tj
    O1 - Hosts: google.com.tw
    O1 - Hosts: google.dj
    O1 - Hosts: google.de
    O1 - Hosts: google.dk
    O1 - Hosts: google.dm
    O1 - Hosts: google.ee
    O1 - Hosts: google.fi
    O1 - Hosts: google.fm
    O1 - Hosts: google.fr
    O1 - Hosts: google.ge
    O1 - Hosts: google.gg
    O1 - Hosts: google.gm
    O1 - Hosts: google.gr
    O1 - Hosts: google.ht
    O1 - Hosts: google.ie
    O1 - Hosts: google.im
    O1 - Hosts: google.in
    O1 - Hosts: google.it
    O1 - Hosts: google.ki
    O1 - Hosts: google.la
    O1 - Hosts: google.li
    O1 - Hosts: google.lv
    O1 - Hosts: google.ma
    O1 - Hosts: google.ms
    O1 - Hosts: google.mu
    O1 - Hosts: google.mw
    O1 - Hosts: google.nl
    O1 - Hosts: google.no
    O1 - Hosts: google.nr
    O1 - Hosts: google.nu
    O1 - Hosts: google.pl
    O1 - Hosts: google.pn
    O1 - Hosts: google.pt
    O1 - Hosts: google.ro
    O1 - Hosts: google.ru
    O1 - Hosts: google.rw
    O1 - Hosts: google.sc
    O1 - Hosts: google.se
    O1 - Hosts: google.sh
    O1 - Hosts: google.si
    O1 - Hosts: google.sm
    O1 - Hosts: google.sn
    O1 - Hosts: google.st
    O1 - Hosts: google.tl
    O1 - Hosts: google.tm
    O1 - Hosts: google.tt
    O1 - Hosts: google.us
    O1 - Hosts: google.vu
    O1 - Hosts: google.ws
    O1 - Hosts: google.co.ck
    O1 - Hosts: google.co.id
    O1 - Hosts: google.co.il
    O1 - Hosts: google.co.in
    O1 - Hosts: google.co.jp
    O1 - Hosts: google.co.kr
    O1 - Hosts: google.co.ls
    O1 - Hosts: google.co.ma
    O1 - Hosts: google.co.nz
    O1 - Hosts: google.co.tz
    O1 - Hosts: google.co.ug
    O1 - Hosts: google.co.uk
    O1 - Hosts: google.co.za
    O1 - Hosts: google.co.zm
    O1 - Hosts: google.com
    O1 - Hosts: google.com.af
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - D:\PROGRA~1\INBOXT~1\Inbox.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - D:\PROGRA~1\INBOXT~1\Inbox.dll
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237680186562
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - D:\PROGRA~1\INBOXT~1\Inbox.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    End of file - 10371 bytes
  11. flavallee

    flavallee Trusted Advisor

    May 12, 2002
    First Name:

    I see no antivirus installed and running in the background. :eek:


    Uninstall Windows Defender (n) and Spybot - Search & Destroy (n) and install Malwarebytes Anti-Malware 1.41 (y) and SUPERAntiSpyware (y) to replace them. They're very user-friendly, they do a much better job, and they're well recommended in these forums.

    After you install them and update their definition files, run a "quick scan" with them - one at a time of course. After each one completes its scan, allow it to fix EVERYTHING it finds. Restart after each scanning process.


    Download HostsXpert 4.3 and just save it for now. Don't install it or do anything with it yet.


    Advise me when the above has been done.

  12. distary


    Oct 26, 2009
    does it say "hacked by godzilla" on your internet browser? if so you need to search hacked by godzilla virus because it blocks a lot of sites.
  13. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    i installed only malwarebytes because i already had superantispyware on my computer, and windows defender wont get removed. i get an error everytime i log on that says something about window defender that i actually never cared to read because it doesn't bugg me.

    distary, no it doesn't say hacked by godzilla or anything on my internet browser.
    i also downloaded hostsexpert.
    im about to scan my computer now and i will tell you guys the results.
  14. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    this is my logfile:

    Malwarebytes' Anti-Malware 1.41
    Database version: 3037
    Windows 5.1.2600 Service Pack 3
    10/26/2009 1:00:18 PM
    mbam-log-2009-10-26 (13-00-16).txt
    Scan type: Quick Scan
    Objects scanned: 94657
    Time elapsed: 3 minute(s), 33 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> No action taken.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    D:\Documents and Settings\KSandhu\Local Settings\Temp\dogpile_sub_installer.exe (Trojan.Dropper) -> No action taken.
  15. flavallee

    flavallee Trusted Advisor

    May 12, 2002
    First Name:
    Where is the SUPERAntiSpyware scan log?


    Windows Defender will uninstall in XP. It's an optional install and isn't part of the operating system like it is in Vista.


    Go to Start - Run - MSCONFIG - OK - Startup(tab).

    In the "Startup Item" column, write down the name of all entries that have a checkmark.

    Post that list here in a vertical column, and make sure to spell them exactly as you see them listed.

  16. sandhulol

    sandhulol Thread Starter

    Oct 3, 2009
    the superantispyware only scanned 37 adware cookies so i didnt think it would be so necessary to post that, sorry i didnt know that you needed that as well.

    i know windows defender will uninstall but someone deleted some files out of it on my computer so now it removed itself from my add/remove list and icons but yet the error pops up for it everytime i log on

    this is a list of all the startup items:

  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/865740