Note that many websites have their own advertising, unrelated to adware.
Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only. Users should check the EULA and Privacy policy to ensure if the adware on their machines conforms to their standards.
Official
Description:
ToolbarCC is an Internet Explorer Browser Helper Object. When it detects you making a Google search, it redirects the query to its controlling server, two.toolbar.cc, which may redirect to another page or return you to Google.
ToolbarCC/Rnd variants use a random four-letter filename. Other variants use four random letters appended to a prefix chosen to sound like a Windows filename.
ToolbarCC/Win files are prefixed 'win'; ToolbarCC/Pre uses prefixes that are themselves random; 'ms', 'com', 'wdm', 'kbd' and 'd3d' have been seen so far.
pqnelhleyy 266bb3ed 4fc060b5
It is currently unknown where ToolbarCC is coming from.
The URLs of targeted search pages (including queries) are sent to the controlling server.
Manual
removal:
Open an Explorer window (a folder viewer or Internet Explorer) and type '%Temp%' in the address bar. This should open your temporary files folder, which may be quite full if you have not cleaned it out recently. Look for a DLL file whose name is four random letters (Rnd variant), or 'win' followed by four random letters (Win variant). If you right-click it and choose 'Properties' you should find its length is about 8.5K.
Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands, replacing 'xxxx' with the actual filename you found.
cd "%WinDir%\System"
regsvr32 /u "%Temp%\xxxx.dll"
Next, open the registry (click 'Start', choose 'Run', enter 'regedit') and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you have a 'MatrixScreenSaver' entry on the right pointing to MSS.EXE, delete this.
Restart the computer and you should be able to delete the four-letter DLL and 'MSS.EXE' in the '%Temp%' folder.
3 [