A required .DLL file, WINSPOOLDRV, was not found.

Go to http://tomcoyote.org/hjt/ or http://lurkhere.com/~nicefiles and download HiJackThis. Use Winzip to unzip it, then install and run it.

NOTE: HiJackThis.exe file SHOULD be installed in it's own folder. Before downloading create a folder and name it HiJackThis then d/l HiJackThis to that folder. To run double-click the HiJackThis.exe file.

The reason for it's own folder is because HiJackThis will create not only log files, but a backup of whatever it removes so you can restore if necessary. If you d/l HiJackThis to your desktop and run it from there you will have log and backup files scattered all over your desktop.

To run, click the "Scan" button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the not so good items that may be in there.

IF you get an error saying msvbvm60.dll is missing,
Download and run the MS visual basic 6.0 runtime files

You have two hijack parasites, Cool Web Search and New Dot Net.

Download CWShredder at
http://www.merijn.org/cwschronicles.html (merijn's site has been under a denial of service lately so try the second link)
http://www.majorgeeks.com/download4086.html

Run CWShredder, check you have the current version by clicking check for update and let it update
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do its thing.

Make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually re-infected.

The patches are:
http://support.microsoft.com/default.aspx?kbid=828026
http://www.microsoft.com/technet/tr...in/ms03-011.asp

REBOOT

Next go to Control Panel > add/remove programs and remove New Dot Net.

REBOOT

Next run HiJack This and have it fix that is left. Some of the items listed her should have been taken care of by CWShredder so don't be surprised it everything listed isn't on the next scan.

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.the-exit.com/search
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)

O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_80.dll

O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: (no name) - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - (no file)

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab



This one is a little confusing. I'm not sure what AIM is doing inside of Corel and why Corel is listed under root and not c:\Program Files\Corel\?

O4 - HKCU\..\Run: [AIM] C:\COREL\SUITE8\PROGRAMS\CCWIN\AIM\aim.exe -cnetwait.odl

IF you are running ME or XP Disable SYSTEM RESTORE : How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

Next reboot into Safe Mode and remove the following files and folders that are bolded

C:\Program Files\NewDotNet Delete the whole folder

See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

Reboot into normal mode.

Before you re-enable system restore I would strongly recommend that you do an online virus scan at least one and preferably 2 of the following sites:

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

RE-ENABLE SYSTEM RESTORE and create a NEW restore point

Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks