I was peacefully browsing trough the internet, when, all of sudden, all my browsers closed, and 30 seconds later, POOF! CONTRAGULATIONS, YOU INSTALLED THE SEARCH ASSISTANT TOOLBAR! Without any implicit or explicit permission of mine! :O Now, so far its not such a bad thing, until I realise that my computer is starting to slow down. Each time a windows open, this window freezes for a couple of seconds. That's not cool at all. But it gets even worse, not only I get random pop-ups leading to Coolsearch (it opens the site itself, not an ad), but adding to this, it's set as my Home page, in my favorites, etc. What now? PORN ADS! Everywhere! The ones that you close and then another appears, and you have to do that for like 20 TIMES before it stops. I also get THOUSANDS of those ads in my favorites, and one icon on my DESKTOP! >:( THAT'S STILL NOT ALL! When I let the PC idle for a couple of minutes, or right when I log on, I get ads about PILLS AND JOINTS, 10 of them, that shows one after the other, wich are very irritating. They promote a site called PATCH WINDOWS (or WINDOWS PATCH, I dont remember) And what now? It prompts me to restart my PC, being that I was typing, I accidently hit ENTER and at the same time, let it restart my PC. And what do I get when its restarted? I try to log on to my account, but it logs me off RIGHT AFTER! (Fortunately I solved this only problem by overwriting my installations of windows, but all the other problems are still here) Now, each time I log on, there's this tool bar that appears in my task bar, and adding to this I get 3-4 windows saying "Couldn't find this DLL blah blah blah" I am extremely annoyed right now, so if anyone heard about the same type of problem, then tell me more about it please.

Have a look at the top of the page... a search feature, try searching for your problem. This is a common occurrence so you will get results. Iligitimi non carborundum est

Work through the list here: Security Tools good luck! AOSCLAY Monkies Can't Do This

Vidda I did have it and have now succeeded in getting rid of the search toolbar in my Taskbar - so I know how annoying it is. However, your system seems to be having a lot more troubles than mine did. I didn't get the popups but then I have a Popup stopper installed. Also my computer did not reboot itself. To get rid of the search toolbar in your Taskbar: Back up your Registry first !!! If you don't know how. please ask. Use HijackThis (downloadable from http://www.spywareinfo.com/~merijn/downloads.html) to delete these entries if you have them: F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe Next step is to go into Add/Remove Programs and delete a program called Windows SA (if you have it), then go into Windows Explorer, Program Files and find the Windows SA folder and delete it and empty the Recycle Bin. Immediately upon doing this, you will probably get a web page opening up by itself - it will be BlazeFind.com, just close it. Do a search for any file/folder with 'blaze' as the file name or part of and if you have used Spybot you may find an entry in Spybot Recovery. If so, delete that entry. Then do a search for any trace of 'Windows SA' and if you find any, delete them. Find and delete a file called UnstSA2.exe and another file called key2.txt and (if you have it) a file called 2_0_1browserhelper2.dll. I only had the first 2 files. Empty the Recycle Bin. Then open up regedit (Start, Run and type in regedit, click Ok), find and delete these keys (if you have them - I didn't find them in my registry though): HKEY_CLASSES_ROOT\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} Also while in regedit, look for any suspicious entry using various search terms such as: My Web, My Way, Search Assistant, Fun Web etc and delete them. Next run Adaware (Active in-depth scan) and delete anything to do with BlazeFind or VX2. (Ensure that you have the latest Adaware updates first.) Adaware found several BlazeFind entries and a few VX2 in mine - just delete them. Run CWShredder (also downloadable from http://www.spywareinfo.com/~merijn/downloads.html). Then reboot and you should have got rid of the search toolbar in Taskbar. Check by right-clicking on the Taskbar, go to Toolbars and the Search Assistant should be gone !!! Hope this helps you as I have found by doing a few Google searches that there are there are quite a lot of users out there with this same problem. Regards Jeff I.T. student soon to open my own business diagnosing, troubleshooting, optimising and networking home computers to residents of Brisbane, Australia.

Okay, after hours of work and thanks jeftfall's directions, I think I did it! :D Thank you lots! If I see another symptom of a trojan-virus-adware-y toolbar I'll ask for help here. Thank you lots again, -Vidda.

DAGN! I still get weird ads, in actual non internet explorer windows! O.o If there's an Hijack I should delete then tell me. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legendaryfrog.com/ O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKLM) O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37805.551412037 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab Also after a scan I seem to have one trojan horse left in WIN.exe. How do I delete it without deleting WIN.EXE?

Sorry for triple-posting btw. Here's an example of the ads I get: http://www.angelfire.com/pro/edwardvmuir/2dares.jpg (If it doesnt work copy & paste the URL in your browser adress bar) I blurred all the adresses so that it is not a real ad. It is NOT a browser window, but a real message window.