CoolWebSearch is taking over my life and I need it back!

All these forums about extended search, shopping wizard, about:blank, etc. etc. etc. are not helping. Everytime I think I've done it, it comes back and bites me in the ***! I need help.
I've run a trojan remover and ad-aware, obviously it did not work. I am posting my hijack this log and hopefully someone can understand what this all means.

Logfile of HijackThis v1.98.2
Scan saved at 9:48:46 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\regedit.exe:kdhqw
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\fcbvxr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\system32\syscp32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\The Weather Channel\The Weather Channel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Milady Bridges\Desktop\Hijack This\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twxqs.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B4A8261-0A80-402A-F1BE-9B2ACBFECDD5} - C:\WINDOWS\system32\mszt32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [h] C:\WINDOWS\System32\yozljp.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ttmiclh] C:\WINDOWS\System32\fcbvxr.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [syscp32.exe] C:\WINDOWS\system32\syscp32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Desktop Weather 3] C:\Program Files\The Weather Channel\The Weather Channel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b 37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/10658bb9ba4c3b905102/netzip/RdxIE2.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D6E66235-7AA6-44ED-A06C-6F2033B1D993} - http://146.82.109.200/distribution/msiein.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{697AB478-1969-4690-8450-1A518117D24E}: NameServer = 128.6.34.3,128.6.21.63

I have the same problem, and I thought someone here could help, but I guess not. I heard that CWShredder could help, but of course their website is down, so it's impossible to download it. You can try to download it at www.download.com

I tried using cwshredder but it didn't work. =P

Tried Spybot?

right, this may be linked to your problem, you have something installed which basically is spyware, it automatically installs itself without you asking remove any lines like the following:


C:\Program Files\Web_Rebates\WebRebates1.exe

all the lines containing web_rebates, also you can delete the actual file yourself in C:\Program Files\Web_Rebates, it may say this file is already in use, if so, open your task manager (Ctrl, Alt + Delete), press the process's tab and there will be two processes open from web_rebates, clearly labeled - web_rebates, close these and delete the file, this may be allowing coolwebsearch to download itself.
Thank You