I have Windows98, and have searched for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs in both registrar lite and in msdos, both of which show that it isn't on my computer (invalid path name etc...) I know i have this trojan/virus as i have to keep removing it time and time again with cws.shreader, otherwise i get the hotmail re-direct and change of homepage etc... I have also deleted the BHO's and related sections in HJT, with no luck I have the most recent Ad-Aware and have also found this useless for this cause This is very frustrating, i hope someone is able to help, even if it is just telling me that if it isn't in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs then it can't be found thank you =) to toast is fine, to toastie is better

For your second problem, download this: http://www.majorgeeks.com/download.php?det=4086 Then click on Major Geeks 1 Zach http://www.protonic.com

Spybot S&D will probvably do the trick for you, it finds stuff that the others don't pick up. http://www.safer-networking.org/en/download/index.html If you need a simple solution, try mine. I try to give advise on things that have happened to my PC. Changes in registry can be FATAL! I now have a 95% success rate!

thx both to toast is fine, to toastie is better

unfortunatly nither have got rid of the problem, but thanks once again for trying, is there anything more you can suggest? to toast is fine, to toastie is better

In my version of 98 , there is no AppInit_DLLs . Make sure in your research you find info that applies to 98 . ==================================== http://www.google.com.au/search?hl=en&ie=UTF-8&q=cws.searchx&btnG=Search&meta= =================================== If needed , About Buster 13. About Buster - Use this tool to negate the latest CWS variant "res://". Complete details of how to use and updates maintained -> http://forums.subratam.org/index.php?showtopic=1072 http://www.subratam.org/ http://www.subratam.org/?page=removal http://www.atribune.org/downloads/AboutBuster.zip or http://tools.zerosrealm.com/AboutBuster.zip Here are ways to read the hijackthis logfile . HijackThis log file analysis http://hijackthis.de/index.php?langselect=english HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed. It can be downloaded here: Or, manually compare it with yours . http://homepage.ntlworld.com/dvk01uk/tutorial.htm http://www.spywareinfo.com/~merijn/htlogtutorial.html http://www.spywarewarrior.com/ http://www.help2go.com/article153.html http://hjt.wizardsofwebsites.com/ http://www.spywareinfo.com/bhos/ http://www.spychecker.com/program/bholist.html http://www.spywareinfo.com/~merijn/htlogtutorial.html#r http://www.computercops.biz/postt6393.html http://www.google.com/search?q=spyware+list Beginners Guides: Browser Hijacking & How to Stop It http://www.pcstats.com/articleview.cfm?articleID=1579

Thank you so much for all the information you’ve provided me with, particularly that instant HJT analyser, it helped me clear up a few nasties, sadly though none related to CWS. I have trawled the boards you’ve given me and updated my Shredder and downloaded About Buster (the newest version), both gave the same results of it “seeming” to be removed only to reappear next time I try hotmail / visit homepage / mis-type a URL (I tried all the combinations, i.e. In safe mode / clearing temp folder / after visiting about: blank / at he same time and separate). This is so frustrating, it’s making me feel a total noob, I guess I’ll have to put up with it unless anyone else has any other ideas, but thank you once again for the suggestions you’ve made. I feel so close and yet so far. to toast is fine, to toastie is better