Yes I have CWShredder

I also ran the look2kill you told me to and it said no infection found but I proceeded anyway. Still did not work.

I deleted the 3 lines you said to and reran scans following are the results:

Done!
Removed from your system:
- Hosts file redirections
Windows 2000 (5.00.2195 SP4)
CWShredder v1.57.0
Written by Merijn - merijn@spywareinfo.com
For any additional help with this program or removing CWS, visit:
http://forums.spywareinfo.com/
For information and documentation on the Coolwebsearch
trojan and its variants, visit:
http://www.spywareinfo.com/~merijn/cwschronicles.html
For donations to help support CWShredder, visit:
http://www.spywareinfo.com/~merijn/donate.html

From Ad-Aware This shows up everytime I run this scan and it is usually 3 to 9 files found.

Vendor:Tracking Cookie
Categoryata Miner
Object Type:File
Size:264 Bytes
Location:c:\documents and settings\user\cookies\user@0[2].txt
Last Activity:5-12-2004 1:56:57 PM
Risk LevelLow
Comment:
Description:This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.

From Spybot S & D I get this everytime I run the scan.

FastClick: Tracking cookie or cookie of tracking site (File, nothing done)
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
IGetNet: Redirected host IE Auto Search = 207.36.196.189 (Redirected host, nothing done)


What is that redirected host???? Does any of this mean anything???

From Hijack This

Inline log removed!

Also, did you want me to remove quicktime and realone player? If so should I do it in the add/remove section or the regedit??

Thank you so much.

 

Agreed with MA help us to help you

This should all go
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchexe.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-all.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchexe.com/passthrough/in...ts.yahoo.com/b1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

This is definitely Spyware
O4 - HKLM\..\Run: [zzb] c:\WINNT\System32\zzb.exe
So you need to fix it with HJT then on reboot go into safe mode and delete it, you will need to show hidden files and folders

These look very suspicious
O4 - HKLM\..\Run: [MTAHOVCJ] C:\WINNT\MTAHOVCJ.exe
O4 - HKLM\..\Run: [DGW] C:\WINNT\DGW.exe
O4 - HKLM\..\Run: [ipmtmd] C:\WINNT\ipmtmd.exe

If you dont know what they are then you probably need to fix and delete them

Theres possibly more but i havent really got time at the moment

 

forgot to post this one

O4 - HKLM\..\Run: [rreg] C:\Program Files\Common Files\System\rreg.exe

you need to fix that and delete the file on reboot


Best bet is to Use Google to filter out the bad stuff, nothing beats the satisfaction of fixing problems yourself

 

Hi Chaslang

Glad you got my back man, what do you think of this im pretty sure its bad

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab