Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TCICP hijaked


  • This topic is locked This topic is locked
3 replies to this topic

#1 Helpme12

Helpme12

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 October 2009 - 03:04 AM

ok..so i downloaded a file..was in .rar format.....was a link to a youtube video.....so i went to look and see what files was in te rar before i extraced....the second i clicked on the rar file.....it instantly opened it fully...a gif pic pops up saying..." your internet is mine now!!!".......skull and bones pic.

noticed there was a txt file.....it says...i own your internet now.....no anti virus in the world will remove it...only i have the removal tool.....if you ever want you rinternet back then contact me on msn....has his msn name.....gives times he is on msn.....says he from croatia....the file had his youtube name on it....was added to youtube like 8 days ago.....name is Dai.
the txt file also said you can re install internet exployer but you'll never remove my virus try all you want!!!



ok...so i noticed i get a error (not connected to internet etc....when i try to go online......yahoo works fine...messanger.

ok so i noticed if tcicp settings get reset it lets the first page on browsers load....but anything past that goes back to the error....so it's reseting the registry settings back everytime it is changed back....

i'm on firefox now and it let me get here....but even on firefox...it refuses to let me on myspace....let me on face book.....would not let me on google.....

I've ran spyhunter, malware bytes, vundofix, hijack this, combo fix, lspfix, av's rootkit removal, etc etc

still nothing. i am sure the file probally hidden somewhere.....i've set the settings to show hidden files but still not sure what file it is or where it's hiding.

probally the hardest thing to remove thus far.....i removed windowspolicepro awhile back....and the sdra64.exe virus awhile back.....but this one...apprently is even tougher to remove. combofix removed the windowspolicepro and sdra64.exe problem in just under 30 minutes......so i figured it would find this one also..but nothing.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:01 AM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O1 - Hosts: 127.0.0.2 www.orbitz.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

ok...also when the virus started..it did pop up the c:\ command window.

anyway here is what cam eup when i ran catchme.

says no hidden files, processes, or files.



catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 03:30:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

BC AdBot (Login to Remove)

 


#2 Helpme12

Helpme12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 October 2009 - 03:05 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3034
Windows 5.1.2600 Service Pack 2

10/28/2009 3:50:46 AM
mbam-log-2009-10-28 (03-50-18).txt

Scan type: Quick Scan
Objects scanned: 90897
Time elapsed: 11 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.

Files Infected:
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090609-043155.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090609-043712.418.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090610-043501.358.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090610-072425.884.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-144642.870.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-144731.891.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-144815.764.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-173155.153.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-173323.931.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-214727.480.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-214815.920.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-223700.736.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-223708.727.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090612-152421.068.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090613-164436.092.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090613-164839.482.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090614-060447.418.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090614-063938.535.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090614-142601.872.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-020821.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090620-205137.032.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090622-040243.516.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090622-040607.159.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090624-080632.495.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090625-195155.509.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-204426.168.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-204807.796.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-205142.866.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-054051.192.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-054117.159.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-055202.337.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-041926.210.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-042048.438.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-042128.165.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-042159.120.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-230038.146.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-152658.292.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-153238.271.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090818-153459.925.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-171236.955.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090924-155247.903.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090927-150517.548.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091002-114334.719.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-170445.398.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-170605.544.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-172027.653.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-174440.993.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-174539.758.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-175048.131.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-203413.676.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-204557.301.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-221146.934.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091010-075001.300.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091010-075145.549.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091010-075204.216.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091012-081730.498.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091013-012131.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091013-060011.995.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091013-060359.523.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091016-061459.654.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091017-184720.701.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091020-080515.596.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091020-181424.336.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091020-182148.535.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-102204.252.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Brandon Pierpont\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-130851.867.log (Adware.DoubleD) -> No action taken.

#3 Helpme12

Helpme12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 October 2009 - 03:08 AM

Failed to Connect













Firefox can't establish a connection to the server at www.myspace.com.







Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.









thats when i tried to go to myspace......for some reason i was able to come to bleepingcomputer....but only with firefox...not slimbrowser.......also only aol's main screen opens if i try to use aol...if i try to use aol for goign to other sites..same type of message pops up...only reason aol and slimbrowser's main first page opens...is because it asks if i want to allow a change in tcicp registry....and that pops up several times and then the main page opens and loads etc.....but after that typing in other sites it gets error....firefox seems to be able to load more sites.


Windows XP

Edited by Helpme12, 28 October 2009 - 03:10 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:20 PM

Posted 28 October 2009 - 07:10 PM

Hello,

We do not analyze HiJack This logs in the Am I Infected forum. I see, however, that you have a log posted here: http://www.bleepingcomputer.com/forums/t/267672/hijacked-tcicp/ Therefore, this topic shall be deleted to avoid confusion.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

This topic shall disappear in the next 24 hours or so.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users