I've been trying to fix this computer for several days now, and it keeps getting worse instead of better
I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.
I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa
Here is my HJT log, let me know what if anything else will help.
Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\argh\LOCALS~1\Temp\3.tmp.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
O2 - BHO: (no name) - {6742C3D1-BD21-8E93-CE5B-B08960395678} - C:\WINDOWS\system32\atlta32.dll
O4 - HKLM\..\Run: [iety.exe] C:\WINDOWS\system32\iety.exe
O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\argh\LOCALS~1\Temp\3.tmp.exe 3 10001
O4 - HKLM\..\RunOnce: [ipuf.exe] C:\WINDOWS\ipuf.exe
O4 - HKLM\..\RunOnce: [atlta32.exe] C:\WINDOWS\system32\atlta32.exe
O4 - HKLM\..\RunOnce: [msbo32.exe] C:\WINDOWS\system32\msbo32.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.
I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa
Here is my HJT log, let me know what if anything else will help.
Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\argh\LOCALS~1\Temp\3.tmp.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
O2 - BHO: (no name) - {6742C3D1-BD21-8E93-CE5B-B08960395678} - C:\WINDOWS\system32\atlta32.dll
O4 - HKLM\..\Run: [iety.exe] C:\WINDOWS\system32\iety.exe
O4 - HKLM\..\Run: [3.tmp.exe] C:\DOCUME~1\argh\LOCALS~1\Temp\3.tmp.exe 3 10001
O4 - HKLM\..\RunOnce: [ipuf.exe] C:\WINDOWS\ipuf.exe
O4 - HKLM\..\RunOnce: [atlta32.exe] C:\WINDOWS\system32\atlta32.exe
O4 - HKLM\..\RunOnce: [msbo32.exe] C:\WINDOWS\system32\msbo32.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com