FREAKING PRIVACYOUTPOST.COM

Discussion in 'adware, spyware & hijack cleaning' started by DJ WILLIE, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. DJ WILLIE

    DJ WILLIE Guest

    Hello guys I am NEW here and I have just ran HIJACK THIS and below are my results , can anybody tell me how to get rid of my HOMEPAGE being redirected to PRIVACYOUTPOST.COM..?

    Thanks guys !
     
  2. DJ WILLIE

    DJ WILLIE Guest

    Sorry guys here is the LOG - I AM TRYING TA' GET RID OF PRIVACYOUTPOST.COM

    Logfile of HijackThis v1.97.7
    Scan saved at 12:47:33 PM, on 1/30/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\reg32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\reg32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\hh.exe
    C:\Documents and Settings\DJ Willie\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.teenhqpics.com/?homeweber.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rxktoq.t.muxa.cc/s.php?aid=420 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.teenhqpics.com/?homeweber.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O1 - Hosts: 213.159.117.235 auto.search.msn.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
    O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove
    O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
     
  3. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey willie,

    welcome to wilders , mate :)

    plz download CWShredder and close all other windows and then run FIX.

    after that reboot and post a fresh log

    thx
     
  4. DJ WILLIE

    DJ WILLIE Guest

    subratam -- Your the F@CKIN' MAN !!!!

    The info you gave me was right on the MONEY !!!!

    IT WORKED !
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    thx we could help but still would request you to post a fresh log just for the experts here to see whether you have any more malware left in ur machine
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You will still need to have Hijack This fix this item:

    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00095\gd-dial.exe -remove

    Now reboot, and delete the GlobalDialer folder in C:\Program Files.

    But a fresh Hijack This log will still be a good idea...
     
Thread Status:
Not open for further replies.