I've picked up your log, lets get this sorted.
Firstly you need to create a new folder on your C drive (for example C\HJT) install HJT into that folder and run it from there. That way it can create backups if required.
Next you have some elements of coolwebsearch so we'll tackle it fully, just in case ad-aware removed some of the bits.
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.
First we will need to download a few tools that will help us in the removal of your problem.
Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here
Download a free 14 day trial of ewido from the link below. Install it and start it up. Follow the prompts to upgrade it, then close it down.
ewido
Set PC to show hidden files (click link if you do not know how)LINK
Save all of these files somewhere you will remember like to the Desktop.
Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)
Run the CleanUp! installer. You dont need to do anything with it right now.
Update About:Buster
- Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
- Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
- Click "OK" at the prompt with instructions.
- Click "Update" and then "Check For Update" to begin the update process.
- If any updates exist please download them by clicking "Download Update" then click the X to close that window.
- Now close About:Buster
- Open CWShredder and click I AGREE
- Click Check For Update
- Close CWShredder
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please run about:buster by RubbeRDuckY:
- Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
- Click Yes to allow it to shutdown explorer.exe.
- It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
- When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
- Reboot your computer into safe mode again
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.
Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.
Now scan with HJT and check the following entries if they are there. Some may have been removed by earlier procedures.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\system32\psoft1.exe
O4 - HKLM\..\Run: [b29ee913c569] C:\WINDOWS\system32\bitsprx2.exe
O4 - HKLM\..\Run: [G3] C:\WINDOWS\system32\GSMedia3.exe
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia...ll/pcs_0015.exe
O16 - DPF: {BA14D944-0D8C-4F16-A950-6E53EEBB558F} - http://akamai.downlo..._1040_EN_XP.cab
Ensure no windows open except HJT and click FIX CHECKED.
now using windows explorer locate the following files/folders and delete them.
C:\WINDOWS\system32\Searchx.htm
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\bitsprx2.exe
C:\WINDOWS\system32\GSMedia3.exe
Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.
Please run an on-line virus scan at Kaspersky OnLine Scan. You need to fill in name, for company type anything you want and add email address in the relevant boxes or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
Now run Ewido. click on the Scanner button, Select drives if you have more than one and then start.
grab a cup of coffee, sandwiches, book as this may take some time. Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.
At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.
Carry out another HJT scan and post the log back here, so we can sort out any remnants