re: IE flashes badurl.grandstreetinteractive.com
Wednesday, June 23, 2004 at 7:04 pm
Windows XP Annoyances Discussion Forum
Posted by Falcon
(13489 messages posted)
Uninstall your ISP's software and find out how to configure your Internet connection
without it. http://www.liutilities.com/products/wintaskspro/processlibrary/cfd/
Uninstall SpySweeper from Add/Remove Programs. It's a scam...
Read this information and follow any removal procedures:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.TD
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JF
http://www.reger24.de/prozesse/realsched.exe.php
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WINDRIV.A
From now on, if any of these items no longer
exist, ignore and fix the remaining.
Kill these processes in Task Manager:
>>C:\Program Files\Support.com\bin\tgcmd.exe
>>C:\WINDOWS\System32\Msrv32.exe
>>C:\WINDOWS\System32\msawindows.exe
>>C:\WINDOWS\System32\iroczb.exe
>>C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
>>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Fix these in HijackThis:
Definitely Fix
>>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144440
>>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
>>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
>>R3 - Default URLSearchHook is missing
>>O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
>>O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
>>O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
RealNetworks has a rather poor reputation.
>>O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
>>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
>>O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
>>O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe"
/server /startmonitor /deaf /nosystray
>>O4 - HKLM\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
>>O4 - HKLM\..\Run: [Msrv32] Msrv32.exe
>>O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
>>O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
>>O4 - HKLM\..\Run: [qciubdidvkig] C:\WINDOWS\System32\iroczb.exe
>>O4 - HKLM\..\Run: [OMPACTC] C:\WINDOWS\System32\OMPACTC.exe
>>O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe
>>O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
>>O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
>>O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
/0
Maybe Fix
>>O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
http://www.windowsstartup.com/wso/detail.php?id=3365
>>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft
Works\WkDetect.exe
http://www.liutilities.com/products/wintaskspro/processlibrary/wkdetect/
>>O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection
Manager\IP InSight\IPMon32.exe"
http://www.windowsstartup.com/wso/detail.php?id=1328
>>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
>>O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Unnecessary junk...
>>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Loads Office at startup. Fixing can reduce startup time.
>>O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B96FDC-6A87-4A5C-8E84-F2B12BC51F4C}:
NameServer = 206.141.192.60 206.141.193.55
Fix if this is not your ISP or company. Looks correct:
Host name: dns1.chcgil.sbcglobal.net
Reboot to Safe Mode
After reboot
Delete these if they exist. Make sure hidden files are visible.
- C:\Program Files\Support.com
- C:\WINDOWS\System32\Msrv32.exe
- C:\WINDOWS\System32\msawindows.exe
- C:\WINDOWS\System32\iroczb.exe
- C:\WINDOWS\systb.dll
- C:\Program Files\BroadJump
- C:\WINDOWS\System32\WinDriv32.exe
- C:\WINDOWS\alchem.exe
- C:\WINDOWS\System32\OMPACTC.exe
If you still experience problems with connecting to the Internet, use LSPFix to make
sure all the LSP's are renumbered correctly: http://www.cexx.org/lspfix.htm
Post another log so I can make sure you are clean.
The Wereotter
virusmagnet1@viruswatch.ath.cx.
This link here intentionally.
|
All messages in this thread [show all]
 | | |  | re: IE flashes badurl.grandstreetinteractive.com (Falcon: Wed, Jun 23, 2004, 7:04 pm) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
