Hello,
First I want to say that this site is great source for anything spyware/adware/malware related and I would like to graciously thank the admins and the people that work so hard to keep up with it.

I am having some issues with a coolwebsearch variant that keeps re-installing itself through some unknown means. CWShredder isn't stopping it, Ad-aware finds it and removes it, but the damn thing keeps reappearing, unmitigated. I run the startchmfix that was listed in a post I found to solve an earlier coolwebsearch issue, and the file that it has been bouncing back at me only recently is:
The bad files found are:

C:\WINNT\System32\LOGLI.DLL +++ File read error


It says this file is in use and is likely a new hijack, and I cannot seem to manually locate this file either. The startchmfix never caught this before, so I know this is a more recent occurence on my computer. I cannot find any information about fixing this issue, nor through several different anti-spyware sites. This is my final hope! Thanks for the help!

darksharkman,

You'll need to rack up a HJT log. Follow instructions carefully, proceed as follows:

First
Please read these messages
Virus=Read This: /postt8864.html
HiJack= Read This: /t911-Before_You_Post_Read_Follow_These_Rules_and_Guidelines.html

Then
Download: HiJack This!

Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and press "Scan".
Unzip the download (using a piece of software like: Winzip)


When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log in a text file, and post it in the CCSP "Spyware - Hijack Related" forum:

/f67-Trend_Micro_HijackThis_Logs.html

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.


*Please, be patient. An expert will examine your log and this does take time. Please, no 'Bumps' and no 'Duplicates'. Thank you.*