FREAKING PRIVACYOUTPOST.COM

Discussion in 'adware, spyware & hijack cleaning' started by DJ WILLIE, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. DJ WILLIE

    DJ WILLIE Guest

    Hello guys I am NEW here and I have just ran HIJACK THIS and below are my results , can anybody tell me how to get rid of my HOMEPAGE being redirected to PRIVACYOUTPOST.COM..?

    Thanks guys !
     
  2. DJ WILLIE

    DJ WILLIE Guest

    Sorry guys here is the LOG - I AM TRYING TA' GET RID OF PRIVACYOUTPOST.COM

    Logfile of HijackThis v1.97.7
    Scan saved at 12:47:33 PM, on 1/30/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\reg32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\reg32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\hh.exe
    C:\Documents and Settings\DJ Willie\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.teenhqpics.com/?homeweber.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rxktoq.t.muxa.cc/s.php?aid=420 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.teenhqpics.com/?homeweber.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O1 - Hosts: 213.159.117.235 auto.search.msn.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
    O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove
    O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey willie,

    welcome to wilders , mate :)

    plz download CWShredder and close all other windows and then run FIX.

    after that reboot and post a fresh log

    thx
     
  4. DJ WILLIE

    DJ WILLIE Guest

    subratam -- Your the F@CKIN' MAN !!!!

    The info you gave me was right on the MONEY !!!!

    IT WORKED !
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    thx we could help but still would request you to post a fresh log just for the experts here to see whether you have any more malware left in ur machine
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    You will still need to have Hijack This fix this item:

    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove

    Now reboot, and delete the GlobalDialer folder in C:\Program Files.

    But a fresh Hijack This log will still be a good idea...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.