• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

pop-up web page - Duplicate Deleted...

3 posts in this topic

Edit: Duplicate Topic deleted... Please stick to 1 Topic per computer...


A few day ago, my pc started having serious pop-up web page on Internet Explorer (mainly 1800Buyer.com or some ads) when I did search on Yahoo, Google, etc, or just browsing online. The 1800Buyer.com's contects were related to searching or browsing. Yahoo pop-up blocker is on. But 1800Buyer.com and other ads appeared as a whole new IE web page each time. Also some ads appeared as windows.


I ran Ad-Aware and it showed "NewDotNet" something and a bunch of cookies. I tried to remove NewDotNet by using NewDotNet uninstaller which was already inside Windows folder (I don't know why). And I removed those cookies everytime.


Symantec AntiVirus found "trojans" several times. Microsoft Windows Malicious Software Removal Tool didn't work. ADS Spy didn't work. I don't know what to do.


Please give me some comment. Any help will be appreciated, thank you.

Edited by Budfred

Share this post

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 4:01:06 PM, on 5/30/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

Boot mode: Normal


Running processes:











D:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE




D:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe

D:\Program Files\Viewpoint\Common\ViewpointService.exe

D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe




D:\Program Files\Synaptics\SynTP\SynTPLpr.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe



D:\Program Files\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

D:\Program Files\Winamp\winampa.exe


D:\Program Files\skype\Phone\Skype.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\pasystem\pasystem.exe

D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

D:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe



D:\Program Files\Skype\Plugin Manager\SkypePM.exe

D:\Program Files\Winamp\winamp.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Microsoft Office\Office10\WINWORD.EXE



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - D:\WINDOWS\System32\dnsersnd.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [sTDSB] D:\WINDOWS\System32\STDSB.exe

O4 - HKLM\..\Run: [WL] D:\WINDOWS\System32\WL.exe

O4 - HKLM\..\Run: [synTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC



O4 - HKLM\..\Run: [ulker] D:\Program Files\BPK\ulker.exe

O4 - HKLM\..\Run: [MPTBox] D:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [proxim_orinoco_11ag] D:\Program Files\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [system] D:\WINDOWS\System32\kernels32.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [skype] "D:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PaSystem] "D:\Program Files\pasystem\pasystem.exe"

O4 - HKCU\..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe



O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: MA521 Configuration Utility.lnk = D:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O13 - WWW Prefix:

O13 - Home Prefix:

O13 - Mosaic Prefix:

O13 - FTP Prefix:

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179613174140

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\System32\GEARSec.exe

O23 - Service: MpService - Canon Inc - D:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: Net Agent - Unknown owner - D:\WINDOWS\dls0523pmw.exe (file missing)

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: V2i Protector - PowerQuest Corporation - D:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe



End of file - 9629 bytes

Share this post

Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.


Thank you for your patience.


[this is an automated reply]

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0