something isn't right

i have two computers, one a dell with Pentium 3 processor at 800 MHz, a 40 gig HD that is only about 20% used and 384SDRAM memory running windows 98 and if i do say so until recently it was running optimally. The other is a dell laptop with a Pentium M, 1.5Hz, a 40 gig HD which is new, and 512MB, 333MHz 2, running Windows XP. I regularly run CW Shredder, Stinger, Adaware, Spybot, Norton's, and Spysweeper on the old computer. I also update windows. The old computer started running a little slow and when I ran everything it cleaned it, but I could not update CW Shredder. And when I try and run it I get the following message : You have a variant of the CoolWebSearch Trojan (CWS Smart Search 2) that has attempted to close CW Shredder. To counter this CW Shredder is now starting with a random string of text in the title bar. CW Shredder is still functioning fine, it has not been corrupted. If you feel you should not be getting this error and you are not infected, restart CW Shredder and this warning should not occur again. I tried downloading CoolWWWSearch.SmartKiller(v1/v2)Mini Removal and it tells me it is downloaded, but when I try and openit, the computer says the file is not there. The computer is running slow and at time on the internet, I get black patched or cannot open things. The new computer only has Norton, Adaware, Spybot, and I just downloaded CW Shredder which when I run it, it says some hosts are present and I get the same error message. I can't download any updates for CW Shredder nor the Mini Removal tool. I have updated windows on the new laptop as well. I tried running the old computer in safe mode and ran all the scans and they show nothing. I haven't disabled system restore on the laptop, but then I am not at the point where I am fixing it yet anyway. Help! Help! Help! It is 2am and has been a very fruitless day.

 

i have meticulously followed you instructions, only on the laptop because it did not work. I downloaded and used in the safe mode CCleaner, Adaware with VX2 plug in, Spybot (updated yesterday), Kill2Me said I have no parasites,About Buster, and HSRemove. A2 removed two and I thought I was home free. I used the thread from Chas Lang which said I was clean. Nothing from any of these, but A2. I still can't update CWShredder and it still repeats the message about the variant CWSSMart Search2. I also still get the follwing message after running the scan. "Found hosts file C:\Windows\system32\drivers\etc\hosts\734bytes,A CWS.msconfig Registry value:HKLM\..|Run [msconfig] C:\windows\PCHealth|Help Ctr|Binaries\msconfig.exe\auto shell registry valuw:HKLM\..\winlogon[shell]explorer.exe" I also ran an updated norton's. This is where I am at.

 

Removed. You linked out for Hijack This, when you should have linked to the tutorial which explains not to post Hijack This log files as cut and paste making us work more now. You are unable to analyze Hijack This log files, so you should not be instructing people to post them. Frustrating. Thanks for understanding.

 

Attached file for you, you didnt know

 

Did I say I knew how to analyze them? I think that was a bit harsh man. Ok, sorry about linking to another site, won't happen again.

 

should i delete the old hijackthis.exe, hijackthis.zip, and the old log file before i continue? if i download a new cwshredder, do i delete the old versionof that? and what is the mgs i am supposed to download cwshredder and the mini removal program (which i have tried to download multilpe times and when i try and open it it says it can't be found)also what other details do you need on my xp machine? please be patient and go slow here, i am old and this is making me feel older. thanks

 

i could not find hijakthis and cwshredder in add/remove. everything there appeared to be stuff i knew, so i deleted them. i cannot download an updated version of hijackthis from the link you gave me. it just keeps saying this page cannot be displayed and sometimes when i clik on it to open the merijn, it won't even attempt tp open the page. it's like you never clicked on it. i disabled the nvidia driver helper. i don't know where to find the BHO stuff you want me to remove (unless those were lines in the now deleted hijackthis log). also what other info do you need about my xp machine. i have to finish this soon hopefully as i will be leaving my current location and taking my laptop with me, but leaving the old windows 98 machine here until i return in 16 days. help!!

 

i tried the alternate links and all i get is "this page cannot be displayed" for both of them. Is there some way, i can get the mini removal tool also or don't i need it. i'm thinking i need everything and a miracle too!

 

i tried downloading from the link you sent, and has happened before whenever i tried to download the mini removal tool, i download, but when i try and open it i get "coolwwwsearch.smartkiller(v1/v1)miniremoval cannot be found on your system."

 

i don't have to be as careful with what i write, as thinking about what i just read. but i am truly a neophyte here and you guys have walked me through an amazing amount of computer fixing. i never could have done it without you. not that we are quite there yet. when i try and download the file from the link you provided, it takes me to the majorgeeks page with the merijn link. but no matter how many times i try and get to it, it tells me that the page cannot be displayed. it must be so cool to know as much as you do about how computers work and how to fix them. i really respect that. anyway, i feel there is hope here and we are getting close.

 

well i got it open in notepad,but i didn't know how to attach it, so i saved as a .txt file and tried to attach it through the maage attachments thing, but i didn't know how to do that either. i am talking about the xp machine now. help.

when i went into internet options there were no web sites on the restricted sites list. then i did the custom level thing and downloads says enabled. Download unsigned Activex controls says disable and download signed activex controls says prompt.

sorry i get stuck so often. i really am a have limited computer knowledge.

 

where is it?

 

i tried it again. i opened it in the run command line, clik post reply,manage attachments, name of file just like in the run line, upload, when finished close, submit reply. but, i don't see it.

 

well i uploaded the txt file, i hope.

 

after working an hour, i have the following:
i do have norton, updated and have run it several times. it shows nothing.
housecall the timer comes up when i clik on the free scan, then it tells me i do not have netscape, and should download it, but it never shows up and so when i clik at that point i get the timer and unltimately an error notoice i can only partially read which says an error has occurred.
panda says page doesn't exist, altho i am at the website at that point.
ravantivirus says it ceased online scanning 9/2/03.
bit defender says it supports only activeX enabled browsers. this makes it unavailable for netscape family browsers.
i tried all of these thru mozilla and also thru comcast.
i did download mozilla successfully however, when i try and download either hijack or shredder i get the same message which is "the connection was refused when attampting to contact 209.133.147.12" that's all for now.

 

i was in park city utah on vacation. i have the old dell there with windows 98, which i have not attempted to fix at all. i came home to arlington hts illinois today. my computer at home here is fine. i just opened the laptop and will try tommorrow to download some of that stuff from here and see if that works based on what you are telling me. i'll let you knoe my progress.

 

my mistake. i copied the number wrong. it was 209.133.47. 12. i was using internet explorer,but it told me for two of those downloads that i should use navigator. i just tried to download shredder and hjack again. the page could not be displayed on comcast for either site, on firefox it said the connection was refused when trying to contact 209.133.47.12 for both sites.

 

my mistake. i copied the number wrong. it was 209.133.47. 12. i was using internet explorer,but it told me for two of those downloads that i should use netscape. i just tried to download shredder and hjack again. the page could not be displayed on comcast for either site, on firefox it said the connection was refused when trying to contact 209.133.47.12 for both sites.

 

the laptop with xp. the one with windows 98 stays in utah. my computer at home in illinois is unaffected and i hope it stays that way. i was so tired las night i missed your this. how do i make it a directory or as it is asking me to do, to make it a different folder.please be very specific here.

 

i am not turning off my computer now until i hear ffom you. this morning when i went to your website with firefox, i could get to the site, but it refused to connect me to your support forum. when i went on explorer, i got to the site, then it took a long time, but ultimately it let me get to the support forum. weird, huh?

 

i think this is the log. i made it a txt file. does this work?

 

i am working only on the xp laptop. you asked where i was and that was why i told you where each macine was. but i am only working on the xp laptop. i think this is the whole log, but i can remove those lines and then do i delete the old log and run it again.

 

i have removed the two BHO lines, now what do i do? just as a benchmark, i have tried downloadin cwshredder from the merijn site and all i get is this page cannot be displayed.

 

when you told me to download firefox, during setup i told it to make it my default browser, but it did not. i tried it a second time and the same thing happened. i have a desktop icon, but even that doesn't aways take me to firefox. more often it goes to microsoft internet explorer and i have comcast broadband here and in utah. the illinois broadband i sometimes have problems with, but in utah have not had any problems with that. anyway, i can get to firefox, but sometimes it requires a little effort. i don't use netscape, those websites were telling me i had to use netscape to get to their sites and use their scans. but i kept getting error messages saying either i didn't have netscape or they couldn't find it on my computer.

 

I am not using netscape. When i tried to download cwshredder, i tried on microsoft explorer and got a page cannot be displayed. i also tried on firefox and got connection was refused to spywareinfo.com. i'll try all those scaning links again, but i told you what happened when i tried before. The Rav thing was a whole page about stopping the scan.I'll try again tho.

 

this is like the twilight zone.

i went to Trend micro no viruses (the left side of the page was the same, but the right side of the site page was different from when i tried it the first time)

panda no viruses but 15 messages - what's that?

rav - no viruses

bitdefender - memory ok
master boot record ok
partition 1 (primary) ok
partition 2 (primary) (active) ok

the las time, i never got security warnings, whatecer i clikked on would not respond either. did removing those things this morning allow me on those sites now? i was reading about a mirror site for merijn called merijn.richardthelionhearted.com in case you can't reach cwshredder or is this a ruse?