• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tolga

homepage hijacked by topotun (also CoolWebSearch)

2 posts in this topic

Hi,

 

(I read the FAQ page)

My default homepage keeps being changed to topotun.com/index.htm. I used many programs, including ad-aware, spywareblaster, spyware doctor, bazooka, and finally spysweeper. None worked. In each case, I removed/fixed all the detected sofwares, but the topotun adware didn't go!

 

On "Registry Editor", I searched for "topotun" and modified all the results found, from "topotun.com" to "google.com". However, my modifications worked only for the first time I opened a new IE (Version 6.0) window. The second time I opened a new IE window, my homepage was "topotun.com/index.htm" again! I tried this many times. (I observed this phenomenon with "spysweeper", too. I remove all the problems detected. But then, one minute after I open a new IE window, spysweeper gives an alert saying that it has just detected 'changes in IE's default pages' and 'home page', and 'additions to my IE Favorites'.)

 

Also, I should add that the address bar of Internet Explorer _usually_ reads "about:blank" when the page is on "topotun.com".

 

The other problem is: The ad-aware also detects "CoolWebSearch" objects, which also reappear no matter how many times I delete them. However, I think that "topotun" overrules the "CoolWebSearch" -or sth like that- because my homepage is always "topotun".

 

Any help is welcome. And thanks for the job you are doing there.

 

Here is my Hijackthis log file:

 

 

Logfile of HijackThis v1.98.0

Scan saved at 02:52:04, on 26.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSNBC\Alert\NEWSALRT.EXE

C:\windows\dllhlp.exe

C:\Program Files\Spyware Doctor\spydoctor.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe

C:\Program Files\Naviscope\naviscope.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe

C:\Program Files\ICQ\ICQ.exe

C:\Documents and Settings\tolga\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\tolga\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://topotun.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O2 - BHO: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL

O2 - BHO: (no name) - {59B5C62F-F5C7-4812-94DA-0673457349CE} - C:\WINDOWS\System32\ccincia.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKCU\..\Run: [News Alert] C:\Program Files\MSNBC\Alert\NEWSALRT.EXE

O4 - HKCU\..\Run: [cvchost] c:\windows\svchost.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q

O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: AGSatellite.lnk = ?

O4 - Startup: Bazooka.lnk = C:\Program Files\Bazooka Spyware Scanner\spywarescanner.exe

O4 - Startup: Faq.lnk = ?

O4 - Startup: Manual.lnk = ?

O4 - Startup: naviscope.lnk = C:\Program Files\Naviscope\naviscope.exe

O4 - Startup: Uninstall.lnk = C:\Program Files\Bazooka Spyware Scanner\Uninstall.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.EXE

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O15 - Trusted Zone: http://*.windowsupdate.microsaft.com

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.ntvmsnbc.com/download/nm1228.cab

O16 - DPF: {2FF18E30-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.02) - http://www.ntvmsnbc.com/download/nm0321.cab

O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/app/toolbar/c...ta.cab?r=DIJMMT

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C65163F-64DF-43C1-9434-BE585D9BC7AB}: NameServer = 212.252.119.3 212.252.119.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{6C65163F-64DF-43C1-9434-BE585D9BC7AB}: NameServer = 212.252.119.3 212.252.119.4

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F80-00104B107C96}

O18 - Filter: text/html - {55250C65-0C2C-4C32-A2E3-088A42D8EC09} - C:\WINDOWS\System32\ccincia.dll

O18 - Filter: text/plain - {55250C65-0C2C-4C32-A2E3-088A42D8EC09} - C:\WINDOWS\System32\ccincia.dll

Edited by tolga

Share this post


Link to post
Share on other sites

Sorry for the delay, if you still have problems post a fresh log please

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0