I've been through the whole How to remove Begin2Search / CoolWebSearch.... and went through the steps in order and carefully. After a boot up in normal mode, I thought my trojan was gone... This is what I had for a few days (see that new search field next to my sys tray???) Windows is doing it's thing, and then I get a popup that says "You may be a victim of software counterfiting. This copy of windows in not validated" So I click the grey star in the system tray and it takes me to the windows validation page and I then get this message, "Validation Incomplete: Unable to Perform Validation" Meanwhile, I get this new popup window: I am using a real version of WinXP SP2 that came installed when I bought my new computer. I'm attaching the Hijack log file before I started cleaning & fixing, and after. Help Please?? Also - Here is a picture of the files I "fixed" from hijackthis. I couldn't save them as a txt file so I saved a screenshot.. http://img.photobucket.com/albums/v450/rjbeals/Hijackthis-Blocklist.gif Thanks Rob.