spyware keeps reappearing seconds after deletion and/or reboot

ok, this is the 3rd time I've written up this post after spending forever writing 2 really long ones that got deleted...

anyway, I've run Ad-Aware and Spybot (lastest reference files) several times, seconds after running Ad-Aware I'd run it again and it would find the files I'd just deleted (not just quarantine)... I've run both programs at reboot and both find the same spyware objects over and over again...

AdAware finds:

-3 possible browser hijack attempt objects
-several coolwebsearch objects (one of which Ad-Aware says I need to restart and run Ad-Aware again to delete, which I've done but doesn't work)

SpyBot finds:

-Alexa Tangent objects
-advertising.com objects
-DSO exploits (registry change related I think)

also, everytime IE starts, Office 2003 starts doing some weird things like installing components or searching for files to install

also, everytime I start IE I can't seem to keep the homepage I want...

here is my HiJackThis log from the first time I typed this up (like 20-30 min. ago)

this is a second scan I just did after having openend Word and Clipboard Viewer:

pretty weird, huh?

looks like stuff just starting appearing on it's own all of a sudden...

I hope you guys can help somehow please...

BTW, this is from a laptop with Windows 2000, the last time I had problems it was the family computer with Window 98, and that one seems to have keep pretty clear of stuff...

 

ok, I just re-ran Norton, Ad-Aware, and Spybot, here the HiJack log I got seconds ago...

plz help if possible...

 

Can you find the service mentioned in
https://www.wilderssecurity.com/showthread.php?t=28658&page=2&pp=25 ?

There is a newer HJT available at http://computercops.net/downloads-file-328.html

These are the items which currently show in HJT

Processes
C:\WINNT\system32\apikj.exe
C:\WINNT\netvs.exe



Startup entries
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wpodv.dll/sp.html#10213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wpodv.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\wpodv.dll/sp.html#10213
O2 - BHO: (no name) - {55870715-1D2A-F55F-6A5E-8260CB6F81D1} - C:\WINNT\apiov.dll
O4 - HKLM\..\Run: [apikj.exe] C:\WINNT\system32\apikj.exe

 

wow, thanks for the help man...

yeah, those items looked suspicious, but to be honest I'm really new at all this..

I didn't even know what CWB meant, I thought it was something like a company or something like Norton...

I'll go ahead and delete those you've listed...

actually, I was just about to ask you what HJT was, but then I realized, like "duh"...

ok, I'll download the newer one and delete those

thanks

 

hmm, looks better now...

The first time I ran this new HJT it didn't fine the R0 file, just the R1's, so I deleted them, then I ran it again and it found it, then I ran it again (w/ out fixing), and it didn't find it....

weird, but it's probably cause I hadn't closed by Mozilla window the first time...

 

It's changed
These can be a bear if you don't get it all

C:\WINNT\system32\apikj.exe
C:\WINNT\mscp.exe

and

O2 - BHO: (no name) - {10C089B7-77FD-C65D-35F0-BFA1479FFB41} - C:\WINNT\sysfi32.dll

---------
Download FindnFix http://downloads.subratam.org/FINDnFIX.exe

Double Click on the FindnFix.exe you downloaded and it will install into its own folder.
That folder should be C:\FINDnFIX
Browse to the folder
Close all other open windows.
Run (double click on) the !LOG!.bat file

Have a coffee

When it's done
From the FindnFix folder.
- Post (paste) the contents of Log.txt in this thread.
- Attach file Win.txt to the same post. (Please attach, do not paste -- it's large)

 

ok, here it is...

 

You will need to use Start > Run and type services.msc then OK to stop the "Network Security Service"
Set it to disabled on startup as well

Add these files to 'things to delete' along with all the others mentioned so far
C:\WINNT\SYSTEM32\CRBZ.DLL
C:\WINNT\SYSTEM32\GWDIW.DLL

This might be best done from SAFE mode.
How to start the computer in Safe mode


Do you know how to use the recovery console to delete files?