Step 1:

Spybot and Ad-Aware. Now. If you haven't done that yet you deserve the spyware on your computer.

Both of them are free downloads. Spybot: http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but

Ad-Aware: http://www.download.com/3000-2144-10045910.html

Step 2:

OH NOES! They didn't do everything! What now!

Hit Ctrl-Alt-Del. Depending on what kind of Windows OS you use (if you use another OS I figure you already are a comp whiz and don't need this guide), either the Task Manager, Processes Running, or a button for the Task List window should open up.

FOR XP/NT: Click on Username, so that it sorts all processes by what started them. Check under the ones next to your name. If any of those are obviously spyware (BEGIN2SEARCH) and/or you have no idea what it is, end it. DON'T end anything next to system: chances are it's a vital process to your comp. Not everything you don't see is bad. Also, see the below link.

FOR OTHERS: Just go through the processes, and only delete the ones that are OBVIOUSLY spyware.

BUT WAIT: you say, what if I end a process that I shouldn't have? I'm not that great with comps, and is svchost.exe really necessary?

Answer: Go to www.processlibrary.com and enter in each process. It should tell you whether or not each is safe.

Step 3:

Go to your Control Panel (in Start, then Settings) and go to Add/Remove programs. Search for obviously spyware/adware, and hit remove and uninstall them. Here is a very very incomplete list of some spyware names:

Aureate
Begin2Search
CoolWebSearch
Cydoor
FreeScratchAndWin
Gator/GAIN
GonnaSearch
Investigator
Lop.com (aka C2.Lop)
PerfectNav
VX2 (and all variants)

Step 4:

Go to your Program Files directory, most likely "C:\Program Files". Look around: are there any obviously spyware folders? Delete them.

Step 5:

This is where it gets tricky. Anything that's gotten to here is VERY nasty. You need equally nasty responses. Download HijackThis, from: http://www.spywareinfo.com/~merijn/files/hijackthis.zip or http://www.snapfiles.com/dlnow/dlnow.dll?Inc=No&ID=106738 or http://hijackthis.de/hijackthis_198.zip

This is an EXPERT's tool. Be very very careful with this. What it does is it analyzes pretty much everything on your computer, including stuff messing with your browser. It then displays all of the stuff for you to either keep or delete.

Now, if you feel confident, go through it on your own and remove the bad spyware first. If you don't, or if you have gone through it and only removed the obviously bad stuff and IE is STILL corrupted, consult this: http://hijackthis.de/index.php?langselect=english Basically, after scanning, hit Save Log and then upload or copy/paste your log here. It analyzes everything and tells you which should be deleted. Still, it's a tricky business, so make sure you've tried EVERYTHING above already.

Step 6:

Now everything SHOULD be okay. If it still doesn't work and you happen to know what spyware is infecting your computer, consult http://www.pchell.com/support/spyware.shtml Else, post in a specialized computer tech forum (like spywareinfo.com) with your HijackThis log and wait for an expert to answer.

Step 7:

Now how to prevent this from happening again?

A) Switch to FireFox. www.getfirefox.com Trust me. It's an unbelievably great web browser, feels and acts almost exactly like IE. If you do this one step, all the below are irrelevant and unncecessary.

Else:

B) Tools to download to prevent download of spyware: http://www.javacoolsoftware.com/spywareblaster.html , http://www.wilderssecurity.net/spywareguard.html , http://www.staff.uiuc.edu/~ehowes/resource.htm , http://mvps.org/winhelp2002/hosts.htm

C) First, make sure that you are running the latest version of your operating system and Internet Explorer. If you are running Windows XP, installing XP Service Pack 2 will update your OS and bring IE up to version 6SP2. (If you are on a dialup modem and can't download the hundreds of megabytes of data that XP SP2 requires, Microsoft may be willing to mail you a CD.) For Windows 2000, you should install Service Pack 4, and then download and install IE6SP1 separately. For any other version of Windows, you should download and install IE6SP1 separately.

Make sure you have everything from "Critical Updates and Service Packs" installed from Windows Update. When they say "critical", they are not kidding.

Set Internet Explorer's security settings to something more fundamentally secure. You should reset the Internet Zone security to the default setting, which is "Medium". Then go into the custom security settings and turn off ActiveX downloading for that zone, as shown in this screenshot.

http://www.io.com/~cwagner/spyware/disable-activex.png

This will stop a huge amount of simple malware dead in its tracks. The next step is to go to the Trusted Sites zone and reset it to "Medium" security as well (it defaults to "Low"). Then you add microsoft.com to the list of trusted sites to make Windows Update continue to work; you can then add sites like macromedia.com (for Flash updates), apple.com (for QuickTime updates), and yahoo.com (for games and chat) at your discretion.

Turning off ActiveX downloading for the Internet zone only prevents new software from being downloaded; it does not prevent existing plugins from working. For example, it won't prevent the Flash plugin from working on a site in the Internet zone, but it will prevent the Flash plugin from installing, unless macromedia.com has been added to the trusted sites list.

Install the Sun Java Runtime, and have it be the default Java VM instead of the Microsoft one. Sun's Java implementation is much more secure than Microsoft's. Java exploits are rare (but devastating when they happen), and some versions of Windows XP don't have the Microsoft JVM at all, but it never hurts to be safe.

Use an "inoculation" or "vaccination" tool, which acts much like a real-time virus scanner. SpyBot has one of these built into it, called "Immunize".
The commercial version of AdAware has an inoculation feature as well. These tools can occasionally block legitimate software from working, however, and like scanners they can only catch malware which they know how to recognize.

If you choose to keep using Internet Explorer, it is recommended that you run SpyBot, AdAware, or both scanners at least once a week, because no current solution (aside from switching browsers) is going to give perfect immunity to the malware problem. Always make sure that your scanners are up-to-date (as outlined earlier) before running them, as new malware databases are released very frequently.

-From http://www.io.com/~cwagner/spyware/ , an incredible description of spyware, much more detailed than this.

SUMMARY OF ALL THE LINKS:

An exhaustive guide on all sorts of things related to spyware (http://www.io.com/~cwagner/spyware/)

Spybot (http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but)

Ad-Aware (http://www.download.com/3000-2144-10045910.html)

Process Library - See what processes ought to be running (www.processlibrary.com)

Location to download HijackThis (http://www.spywareinfo.com/~merijn/files/hijackthis.zip)

Location to download HijackThis (http://hijackthis.de/hijackthis_198.zip)

Location to download HijackThis (http://www.snapfiles.com/dlnow/dlnow.dll?Inc=No&ID=106738)

Tells you what HijackThis entries to delete (http://hijackthis.de/index.php?langselect=english)

Specialized Guide to removing certain types of spyware (http://www.pchell.com/support/spyware.shtml)

FireFox (http://www.getfirefox.com)

Places to get stuff to stop spyware:

http://www.javacoolsoftware.com/spywareblaster.html
http://www.wilderssecurity.net/spywareguard.html
http://www.staff.uiuc.edu/~ehowes/resource.htm http://mvps.org/winhelp2002/hosts.htm

I had a friend that was hiring people to write tutorials. I would suggest you to him if he didn't drop the idea of making a computer-newbie website.

Very nice, thorough job, Ed. :)

Also, try out CWShredder, it gets rid of those pesky Cool Web Search variants
download it here:
http://files4.majorgeeks.com/files/91d5cf69202ac51fca62d47a43e024fc/spyware/cwsinstall.exe

and a new version can be found here:
http://files3.majorgeeks.com/files/26efb04257dbb66c4666c18fc1e92277/spyware/cwshredder1591.zip

and it's made by the same person that made hijackthis

Oh I like this. I bow to your guide writing skills. First (or second) thing tomorrow: try it out.

You can also go to www.spywareguide.com for more info about certain Spyware items.

Cool. I already knew everything in here, which is good. I am working on my neighbor's computer right now, wherein he has processes with names like (I am not kidding: Winadtools, bargains, webrebates (0), webrebates (1) x 5

I booted onto DOS, and found the Win 98 install file, I started it up last night, today I'll have to go over and check on it. With any luck, I'll be able to reinstall Windows (important annual matinence in XP, even with no spyware). Then I can get Spybot, Spyware Blaster, and FireFox (get Firefox, not IE!) That should do it. Also, I have a MacAfee Firewall that I never installed, so I might give that to him, maybe.

-From http://www.io.com/~cwagner/spyware/ , an incredible description of spyware, much more detailed than this.

Also meaning from C) down, it was written by http://www.io.com, for the record.

Regardless, that helped tremendously, AB. Thanks for the help, man (and the link!) ;D

Hit Ctrl-Alt-Del. Depending on what kind of Windows OS you use (if you use another OS I figure you already are a comp whiz and don't need this guide), either the Task Manager, Processes Running, or a button for the Task List window should open up.

Well, it would be Ctrl-Esc on Linux, but Linux doesn't get spyware.. So it's pointles anyways. [/quote]

-From http://www.io.com/~cwagner/spyware/ , an incredible description of spyware, much more detailed than this.

Also meaning from C) down, it was written by http://www.io.com, for the record.

Regardless, that helped tremendously, AB. Thanks for the help, man (and the link!) ;D

Yes, the small font portion. But I figured people should have realized that so I didn't put much explanation.

Bandity, it's only ctl>esc when you're using KDE.

I'm not even sure if gnome has a feature like that.

I usually use "ps -A in a terminal, but that's just me.

But...........if you use Linux then why are you even using this guide?

Bandity, it's only ctl>esc when you're using KDE.

I'm not even sure if gnome has a feature like that.

I usually use "ps -A in a terminal, but that's just me.

My bad, I've only ever used KDE.. and GNome once.. I dunno about the rest of Linux then..

Don't some Linux's not even have a GUI?? Like entirely command prompts.

nice guide. saw it on the site that doesnt exist. i forgot about this place since then...

0.o Wow. Nice welcome back Knives.

I have a much better guide.

1) Blame everything on spyware.

2) go to dos prompt.

3) "remove SPYWARE" This removes the spyware.

4) "format c:\" This formats your PC so that your HD can be as clean as possible.

No, go into command prompt and type in del /F /S /Q *

You'll be pleased with the results.

Millions Knives: what's your username on the site that doesn't exist? You can probably guess I'm GrandInquisitor.

The people who create spyware should have their necks slit.

Also, I wanted to bump this thread, so if you were wondering why this post is here, it is to make it more noticable for people that can't find it way down in the thread list.

Leprekaun, that wasn't nice at all.

*laughs at anyone who actually followed his instructions*

*Bump* >_>

Sorry, but this is worth bumping. I welcome anyone to comment if it pisses you off.. Your flaming just bumps this more. ;D

Nice guide, I perform checks 4 times a year, but I dont tell anyone how I go about it XD

And check http://www.spywareguide.com which will remove spyware from your harddrive(s). After using that, I have no more spyware. At all.

This really should be stickied.

....*bump*

Spybot-Search and Destroy works like a charm, but McAfee is the best of all!

This is going to sound really noobish but...

Does anybody know about a program called Liesstyle? It keeps on appearing to install different varients in the appication data in the documents and settings section. Also something keeps on changing a search bar value in IE to a different URL and it started up around the same time Liesstyle appeared.

I think this has something to do with a Tune up my PC icon that was on my desktop (after my sister used the computer) but dissappeared (None of the icon could be deleted). There were three icons,of which I can recall Cellphone Ringtones and Find a Date.

I have run many Ad aware scans, Spybot S&D scans, Norton Antivirus Scans. I also looked up the process site to find any program that is related to it find nothing that's related to it.

This program whatever it is,has installed spyware and adware on my computer which I have deleted what I have found, and also deleted any registry keys that were related to the spyware.

(liesstyle installs itself to a file called grid bolt in the Application data file)

Call me stupid or noobie if you feel like it, this thing has me scared to type anything important on the computer right now.

Ya know what bugs me, people who use all that mainstream protection crap and brag about it. "LIEK OMG!!! I PWN I USE NORTON AND MCAFFEE!!!!111one". Okay, if you like resource hogging, infection missing pieces of crap, then congrats, your retarded.

I used norton and I'm not bragging because it missed it, but there is apparently no "Visible" sign that it's damaging my computer apart from the constant value changing search bar detected by Spybot S&D Resident and the mass install of adware and spyware. Anyways I feel like giving up now and just ghosting the computer back to what It was when I installed it.

btw: What do you suggest I should use to scan my computer with? I'm open to alot of ideas right now.

Hi-Jack this is an excellent program for fixing the nasty stuff. It is a little compliacted to use unless you know how it runs, So i would suggest reading up on it first.

later

spyware.... probly one of the worst things you could get on your pc (that i've had)

I got sent spyware to my school computers... Now that was funny stuff! All GPAs and all detention records were lost somehow...

i also know one,its called whenyou or something like that and it haswith alot of stuff (searchbars,popups,etc)

it comes in certain game downloads,most of the time they warn you,but not always.

ok can yall help me, i'v tryed every get rid of this with every spyware program i know of and none of them have worked. this is my problem. i have this stupid little blue bar at the top of my taskbar and it wont go away. when this thing poped up i started getting pop-ups also. heres a screen shot of it. i dont know how this got onto my computer because my sister was using it at the time (windows xp, they wernt even on my profile). http://img53.imageshack.us/img53/7352/stupidpos4sh.th.png (http://img53.imageshack.us/my.php?image=stupidpos4sh.png)

Try perusing your 'add/remove programs' list and see if it's there. If so, uninstall it.

Try perusing your 'add/remove programs' list and see if it's there. If so, uninstall it.

did it, i'v done everything up to step 4 on the first post.

Did you click the X in the top right corner of the bar?

Did you click the X in the top right corner of the bar? yes a million times lol

OK I JUST INSTALLED firefox and omfg its awsom. sooooo much faster and no adds. lol im never using IE again.

OK I JUST INSTALLED firefox and omfg its awsom. sooooo much faster and no adds. lol im never using IE again.

Another sees the light that is firefox.

Please dont double post.

i use x cleaner whitch does nearly all of that

Theres an easier way to clean your c://, just highlite them all, then run ur antivirus program

hey umm i was checking up in the process library and barely anything i typed in was in the library and im worried because i kno i cant delete it untill i kno what it is. plus some of my process names are just squares or $ symbols. im sure there bad but wanted to check "better safe than sorry" ill try and insert a picture.

Edit ~ yeah i tried but... the pic is too big and when it shrinks you cant read the proccesses. any tips? and please dont mention adobe i got the starter sedition which does nothing, i kno starter.

make the picture into a gif image... it will decrease the size of the file, thus causing you to be able to host it upon the server called imasheack.us then we are able to diagnose it.

fixed now dont worry bout it now its my msn thats gone crazy plus the occasional virus in my emails... dam

Everything says that the peer-to-peer sharing program "Ares" is a virus.

Is it? It appears to function normally and got past most of my antivirus programs.

Help?

Yes, it probably is. (http://search.symantec.com/custom/update/query.html?col=&qt=Ares&nh=10&hitsceil=100&filter=vir&context=gbh&st=1)

tip: All Toolbars Have Some Sort Of Spyware In Them

tip: All Toolbars Have Some Sort Of Spyware In Them
False. Not all toolbars have spyware. Even with IE.

Yay my favorite programs :D
May wanna include Windows washer: clears cookies and TIF
And then there is ccleaner ( short for crap cleaner) It does the same thing as windows washer but it also fixes some broken registry entries among other useless stuff.
ccleaner's web site is http://www.ccleaner.com/ I dunno if windows washer is free though.

Leprekaun, that wasn't nice at all.

*laughs at anyone who actually followed his instructions*
Um, I followed his instructions, what he do??

...


LMFAO.

Very good guide to getting rid of/preventing spyware in your computer.

Congrats

Nice guide, I perform checks 4 times a year, but I dont tell anyone how I go about it XD

And check http://www.spywareguide.com which will remove spyware from your harddrive(s). After using that, I have no more spyware. At all.
i had a record of no spyware for 1year until 2 weeks ago, but i deleted the program called bytedata.exe



and for abc123: it doesnt matter what antivirus program you use, as lon as its not a virus itself or doesnt work! because i use AVG 7.5 Soho Edition

get it here: http://www.grisoft.cz/

Leprekaun, that wasn't nice at all.

*laughs at anyone who actually followed his instructions*
what happenes if you do it?

Why don't you try it and let us know?

hmm... a delete command with 'recurse subdirectories', 'force delete hidden files' and 'quiet mode' switches. OMG, however would we know what that might do!

Why don't you try it and let us know?

hmm... a delete command with 'recurse subdirectories', 'force delete hidden files' and 'quiet mode' switches. OMG, however would we know what that might do!why you so mean huh?

why you so mean huh?why you so stupid huh?

I recently got the lop adware. I took the first pages advice and although i did find many kinds of spyware and adware on my computer the pop-ups kept coming. So i went to google! Many sites said to try and use no-lop. This did not work for me, but i did find a program called superantispyware. This seemed to get rid of the popups for the time being. I think that this program should be added to the front page.

good information in here.. thanks for everyone afford.

hi
thanks you for your post, you help is appreciated

Nice guide it looks like you took your time on it.


9/10:)

Use an "inoculation" or "vaccination" tool, which acts much like a real-time virus scanner. SpyBot has one of these built into it, called "Immunize". The commercial version of Windows, you should download and install IE6SP1 separately. First, make sure that your scanners are up-to-date (as outlined earlier) before running them, as new malware databases are released very frequently. Cool. I already knew everything in here, which is good.

Alright...

I am getting a ####load of pop-ups. I think it has something to do with spyware.

Any of these things look like something I should kill? I use FF and have a pop-up blocker on and I used ad-aware but it keeps on happening.

http://i195.photobucket.com/albums/z21/dragonkil362/processers.png

HERE is a log I got from hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:46 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\stf2CD.tmp
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=CX2724
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=CX2724
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] \mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e017f06e] rundll32.exe "C:\WINDOWS\system32\vmeobfln.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL nrqrcc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 12638 bytes

I'll be real nice and look through these for you, because having spy-ware sucks.
I looked through your task manager process list, and there are some potential risks, but most likely highly unlikely.

"rundll32.exe" could be spy-ware (http://www.processlibrary.com/search/?q=rundll32), so make sure you know its authentic.
Spy-Ware Probability: Low
"stf2CD.tmp" doesn't appear to be recognized (http://www.processlibrary.com/search/?q=stf2CD.tmp) by ProcessLibrary, but that's probably because it's a temporary file.
Spy-Ware Probability: Non-Existent

A cursory inspection of HiJackThis report yields no spy-ware results.
Umm, If I may offer suggestions to spped up your computer:

StartUp Delayer (http://www.r2.com.au/software.php?page=2&show=startdelay)
Instead of every program launching at start up, it lets you designate when to run programs at StartUp, so StartUp is faster.
CCleaner (http://www.ccleaner.com/)
An easy, reliable, way to clear wasteful files of your computer and delete unnecessary registry keys.
Update Checker (http://www.filehippo.com/updatechecker/)
Not necessary, but it checks you computer for programs upon launch and gives you a list of updates. Very handy!

Happy Surfing!
:P

Well I ran a scan and got rid of some malware. It seems to have done nothing.

Maybe a non-destructive recovery of my comp could get rid of it? The type where i can go back a few weeks to when it was working correctly?

Would that work?

Anything's possible, but in my experience restore points aren't worth the hard disk space they occupy.

I know this has been said a lot, but this guide is ####ing awesome. It helped me get rid of a trojan that was infecting my system and redirecting all the links off my Google searches to malicious sites.

I can never get Spybot to get rid of the Mywebs Search is that a form of adware I should manually remove?

wow thanks for helping me man, now my spyware is making progress on leaving

Thank,s for post.