differ

Until now, my questions are not being solved, they are too difficult 1. ewido found CoolWebSearch but cannot remove it and I cannot get the report because ewido closed automatically. 2. Cannot find the CoolWebSearch by other ways.

Hi, I am confused: I deleted aswBoot.exe in C:\WINDOWS\SYSTEM32\, not in C:\Program Files\Alwil Software\Avast4 and I remember I have removed Avast long time ago. When rebooted my PC I didn't get any error message about Avast not starting properly.

Hi, In safe mode, I found C:\WINDOWS\SYSTEM32\aswBoot.exe and the Description of the file is "avast! start-up scanner". I deleted it into the Recycle Bin. In the Registry, I found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (instead of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet Services) but there is no "Xuy v palto"!!

Hi, Please check following report from WinPFind, that is a quite big report: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Buil

Hi, After doing "fix checked" for the item in HijackThis and rebooted the PC, I run ewido again to scan my PC, and unfortunately the CWS still there. This is what ewido said: Registry: HKLM\SOFTW..\Classes\CLSID\{D2B24D87-699F-16C6-2875-242... Infection: Adware.CoolWebSearch Threat: High I clicked the button in ewido to remove it but, again nothing happened. Until finishing the scan, the list in ewido still was Infected objects: 6 Cleaned infections: 0 Ignored infections: 0 (note: only one CWS, the rest are TrackingCookie) Moreover, when finished scan, the Save report and View report buttons

Thank you for your response. I don't know what is "debug a winserver". I used my computer for IIS, Java.....

OK, this is the fresh Hijack this log after set to "Normal Startup" in msconfig. It looks longger? Logfile of HijackThis v1.99.1 Scan saved at 17:30:12, on 05/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Lin\Tool\ewido\ewido anti-malware\ewidoctrl.exe C:\Lin\Tool\ewido\ewido anti-malware\ewidoguard.exe

Hi, I tried my best to remove CoolWebSearch without success. When run the updated ewido anti-malware, I found CoolWebSearch. I clicked the button to remove it but nothing happened. When scanning finished the report buttons were grey that I couldn't get the report. After a second ewido automatically closed. I also tried cwshredder but coudn't find anything. Can you help? --------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:40:54, on 04/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2800.1106