While visiting some random website via internet explorer today, I get a quick popup that looks like it loads something really fast, then closes itself, then pops up another window. Anyhow, now everytime I open Internet Explorer, I have bookmarks that read "Only Sex website" and "seven days of free p***". There is also a folder under the bookmark area titled "Sites about" which contains well over 20+ sites ranging from insurance to loans. I downloaded and installed Panda's Trial version of "Panda Platinum 2005 internet security" and it has had numerous alerts such as
adware/cws.aboutblank
Location:
e:\windows\system32\mfcrh32.exe
adware/cws.aboutblank
location:
e:\windows\system32\sysxk32.exe
It has stated they have been neutralized but each popup contains a different file. It has also had popups containing an "easysearch" adware and one file it listed was gdgsh.dll
Another problem this seems to be causing is within AOL instant messenger. I can open AIM but as soon as I double click a name to send an instant message, AIM locks up. Same as internet explorer goes - I can navigate around but as soon as I try and close IE, it hangs.
I have tried running CWshredder in both safe and normal mode (the normal mode attempt was scanning then all of a sudden my pc restarted). The safe mode attempt found nothing. I have browsed around the forums reading other posts and have tried numerous programs such as Hijackthis (will post a log in a bit). I have downloaded onto my pc Regsrch, aboutbuster and cwsremove9x all of which we ran in safe mode. Ad-aware was also ran in same mode and found both of these adware's, and claims to have fixed, yet I still have the same problem in normal mode. The hijackthis log is below.
_____________
Logfile of HijackThis v1.99.1
Scan saved at 5:47:32 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\program files\powerstrip\pstrip.exe
E:\Program Files\PerSono\perstray.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\alg.exe
E:\mIRC\mirc.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\DOCUME~1\Geno\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\gdgsh.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\gdgsh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\gdgsh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\gdgsh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\gdgsh.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8D24EEA0-CCFD-2662-E69E-084B8B29DD85} - E:\WINDOWS\sdkwk.dll
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [nTrayFw] E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [PowerStrip] e:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SCANINICIO] "E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [iexplore.exe] E:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Perstray.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: app_filter - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - E:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 6Q' - Unknown owner - E:\WINDOWS\system32\mfcrh32.exe (file missing)
___________________________
If there is any more information I can provide to help you guys help me, please let me know This is very dis-heartning on only my 2nd day on my new custom pc.