$_SERVER["REMOTE_ADDR"] = preg_replace('/.*,\s*/','', $_SERVER["HTTP_X_FORWARDED_FOR"]);
Notice: Undefined index: related in /data/www/spywareguide/product_show.php on line 49
Notice: Undefined variable: incprefix in /data/www/spywareguide/product_show.php on line 241
Program that delivers advertisements on your PC.
Note that many websites have their own advertising, unrelated to adware.
ToolbarCC is an Internet Explorer Browser Helper Object. When it detects you making a Google search, it redirects the query to its controlling server, two.toolbar.cc, which may redirect to another page or return you to Google.
ToolbarCC/Rnd variants use a random four-letter filename. Other variants use four random letters appended to a prefix chosen to sound like a Windows filename.
ToolbarCC/Win files are prefixed 'win'; ToolbarCC/Pre uses prefixes that are themselves random; 'ms', 'com', 'wdm', 'kbd' and 'd3d' have been seen so far.
pqnelhleyy ac1f10b6 5a34c811
It is currently unknown where ToolbarCC is coming from.
The URLs of targeted search pages (including queries) are sent to the controlling server.
Open an Explorer window (a folder viewer or Internet Explorer) and type '%Temp%' in the address bar. This should open your temporary files folder, which may be quite full if you have not cleaned it out recently. Look for a DLL file whose name is four random letters (Rnd variant), or 'win' followed by four random letters (Win variant). If you right-click it and choose 'Properties' you should find its length is about 8.5K.
Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands, replacing 'xxxx' with the actual filename you found.
regsvr32 /u "%Temp%\xxxx.dll"
Next, open the registry (click 'Start', choose 'Run', enter 'regedit') and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you have a 'MatrixScreenSaver' entry on the right pointing to MSS.EXE, delete this.
Restart the computer and you should be able to delete the four-letter DLL and 'MSS.EXE' in the '%Temp%' folder.