Sounds like you have been infected with the coolsearch CWS Trojan. Removing this pestilence from one's system should solve your problems and speed up your system as well. The key to removing this is the registry key called HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs You have to remove this key. The value of this key may look blank, but it isn't. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc. The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it's added right back by the trojan). So what you have to do is the following which worked for me. 1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2. 2. Now delete the AppInit_DLLs key under the Windows2 folder. 3. Hit F5 and notice that AppInit_DLLs doesn't come back. 4. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is gone, run the latest Adaware/Spybot/whatever to remove the trojan for good. Reboot your machine. Your computer should be free of this for good now. Run this cws shredder when your done as well and do a google search for spywareblaster to prevent this in the future! http://www.spywareinfo.com/~merijn/downloads.html
I thank you in advance for your advice which I am about to implement. In case things screw up and I can't restart the puter, please accept the following, also in advance : @#^##$$ @!#%@##^#$ *#$%#&
Are you firewalled? Have you downloaded ANY software at all? Do you use anything lower than the High security setting on the browser?
Test it here http://bandwidthplace.com/speedtest/ At home, errr make that @Home, I get ~120k with Roger's Lite internet. At work it is a T1.
Yes. No. No, to the best of my knowledge. My only point is that the chronological course of events is compromise -> download security update and not the other way around, as you seem to imply.
You definitely should check the security setting for the Internet zone for your browser (Tools->Internet Options->Security) - unless you specifically changed it to High, it's probably not. If the security setting is too loose, you could be allowing untrusted modules a way to be activated without knowing it. As for the course of events it IS normally that the security updates are available BEFORE users get compromised. I'm not talking about the flavor of the month new virus or worm that some idiot hacker wannabe releases, I'm referring to some exploit that might have been found in some system software component or protocol. In those cases, the update has been usually available before the exploit goes into wide attempted use and normal users are exposed - e.g., in the case of the last several updates, the updates were available weeks before hackers launched a serious exploit. It's anecdotal, but none of the dozen or so folks I know who've been hit had bothered to stay up to date with updates. Five of them wouldn't have been touched if they had and the others picked up a virus or trojan either by downloading and installing a piece of freeware or by having it shoved down to their machine through a flaw in non-Microsoft software (e.g., an otherwise innocent IM or file sharing program). Staying safe these days is definitely non-trivial.