From previous posts the recommended procedure is to download and run CWShredder from click here
The info on the site suggests that "We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. Take a look at this snippet from the description of the Java.Shinwow trojan:
This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.
The variants of this trojan that we have seen in the wild have been functionally diverse; the common factor amongst them has been the use of the ByteVerify exploit to achieve their goals. Some variants may do little more than change the user's default Internet Explorer home page and/or search page via modifications to the registry.
We strongly recommend you install the patch, available from this MS security bulletin. If you have Windows XP with Service Pack 1a, your system has no MS Java VM. Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found click here."