Devlin Carnet,
You have been hit by serveral Malware Programs including CoolWebSearch.
These arfe either Spyware or highly suspect:
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\System32\clulegih.exe
C:\Documents and Settings\x\Application Data\osrr.exe
C:\WINDOWS\System32\w?nspool.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\System32\golumm\services.exe
Now have HJT! fix these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.fast-search.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fast-search.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fast-search.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-search.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.fast-search.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.fast-search.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fast-search.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fast-search.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-search.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.fast-search.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fast-search.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteBar\ELITEB~1.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteBar\ELITEB~1.DLL
O4 - HKLM\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\wintzn32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [p0] C:\documents and settings\x\local settings\temp\p0.exe
O4 - HKLM\..\Run: [lB] C:\documents and settings\x\local settings\temp\lB.exe
O4 - HKLM\..\Run: [L] C:\documents and settings\ x\local settings\temp\L.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [Windows System Object] C:\WINDOWS\system32\winsysrun.vbe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\x\HXIUL.EXE
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
O4 - HKCU\..\Run: [Ko08RgK2U] clulegih.exe
O4 - HKCU\..\Run: [Pldo] C:\Documents and Settings\ x\Application Data\osrr.exe
O4 - HKCU\..\Run: [Ibrx] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {12C5D0C2-3DA8-16A4-D9B4-62644D0DFAE7} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {14C85530-DDB3-7953-8BD6-37EC45890F02} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {1E3E231C-9DB4-4AD8-F591-72F6090FDEDE} - http://69.50.188.54/1/gdnUS208.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/us/ringtone/ringtone.exe
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
Once you fix the list above, make sure you run:
Ad-Aware SE Personal Edition 1.05
and
CWShredder
Take Care,
Richard