Of SPYWARE an their "REMOVAL"--HELP

prakhar_agrawal · Oct 31, 2004

I have a unique problem(as far as I can think it is). I know this is going to be a bit lengthy but please be a little patient and read on and try to help me out.

I have WIN XP PRO on my system. I had "SPYBOT SEARCH AND DESTROY " installed. A few days ago I planned to run a routine check but couldn't find the program and no file associated with it could be found on the system though it was listed in the "Add Remove Programs" list. When I tried to click the uninstall tab no action would take place. When I tried to reinstall the program from a previous DIGIT CD the Directory couldn't be seen anywhere but the program was listed in the interface and I also remember installing the program from the CD. When I tried to download the program from the website the explorer would cloase automatically without any message. When I searched GOOGLE with the keyword "Spybot" it returned the official site of the doftware and also a listing from the symantec site stating about a "SPYBOT WORM" but on opening either of these links IE would close automatically without any message. I tried to download other spyware remover tools like "PAL spyware removal tool" either the site would not open or the setup would not run aborting without any message.

Apart from the above mentioned problems I dont have any problem in installing any other software or opening any other website. I also dont recieve any unwanted popups.There is no unwanted entry under the processes tab in the TASK MANAGER.

Why is this happening and why only to spyware removal tools. Is it a spyware, virus or a worm and how can I remove it(Pls dont suggest formatting or reinstallation).

ujjwal · Oct 31, 2004

Strange problem ... try posting your hijackthis logfile here ... *www.spywareinfo.com/~merijn/downloads.html

tarey_g · Nov 1, 2004

try 'webroot spysweeper' solvs many of my probs

it is included in this month's(oct 2004) cd

xenkatesh · Nov 1, 2004

i use SPYBOT!!!

pratham_gharat2003 · Nov 2, 2004

As the 1st reply said Strange Problem.......
This is a wild guess but i think a spammer had made a virus which has a dictionary or all the spywares removal tools available and it closes all applications that relate to downloading and installing of spywares removal tools.

PraKs · Nov 4, 2004

Use Adaware

Hi

As far as I know SpyBot is good & really nice tool for Spyware removal

No problem ever faced in my office,
We have more then 5000 Computers in our office.
Almost all use this Software.. Only One reply from them - Its BEST

Anywayz, U can Use Adaware

Download from www.lavasoftusa.com

Mail me for any probs

Bye, Take care..

prakhar_agrawal · Nov 7, 2004

I fully agree with u pratham. But the question is how to solve it

SmoothCriminal · Nov 7, 2004

I've used both Adaware and Spybot.. their scope is limited..

it_waaznt_me · Nov 8, 2004

Please post the HijackThis logfile ..

prakhar_agrawal · Nov 8, 2004

Please post the HijackThis logfile ..

where do I find this??

perk_bud · Nov 8, 2004

a combination of ad-aware and spybot works fine but webroot's spysweeper found few bugs that these 2 couldn't

it_waaznt_me · Nov 9, 2004

Hmm.. Even as Ujjwal has already posted the link above .. I post again....

Please post your HijackThis Logfile for better assesment of your problem.

Okay ..?

prakhar_agrawal · Nov 9, 2004

i cannot download the tool mentioned by ujjwal and it_waaznt_me . I use DAP for downloads After download is complete it says cannot combine the parts of the file. It has never happened before and I can download other files successfully. It may b bcos of the same spyware or whatever it is. Pls help me by making more use of ur grey cells.

prakhar_agrawal · Nov 16, 2004

well I have been able to do some work myself. When I repaire windows (without formatting) the icons were visible and the spyware removal tools would start but then close automatically. I have some how been able to get the hijackthis log file now see if u can help me

Logfile of HijackThis v1.98.2
Scan saved at 3:44:33 PM, on 16/Nov/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Prakhar\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *xhgiin.outhost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *xhgiin.outhost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *xhgiin.outhost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = *
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *xhgiin.outhost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *xhgiin.outhost.info/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *xhgiin.outhost.info/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *xhgiin.outhost.info/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O1 - Hosts: 213.159.118.228 collections.inhost.info
O1 - Hosts: 213.159.118.228 collections.inhost2.info
O1 - Hosts: 213.159.118.228 1-se.com
O1 - Hosts: 213.159.118.228 58q.com
O1 - Hosts: 213.159.118.228 aifind.cc
O1 - Hosts: 213.159.118.228 aifind.info
O1 - Hosts: 213.159.118.228 allneedsearch.com
O1 - Hosts: 213.159.118.228 approvedlinks.com
O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com
O1 - Hosts: 213.159.118.228 awebfind.biz
O1 - Hosts: 213.159.118.228 best.royalsearch.net
O1 - Hosts: 213.159.118.228 cracks.am
O1 - Hosts: 213.159.118.228 default-homepage-network.com
O1 - Hosts: 213.159.118.228 find.microgirls.com
O1 - Hosts: 213.159.118.228 find4u.net
O1 - Hosts: 213.159.118.228 freshvideogals.com
O1 - Hosts: 213.159.118.228 i-lookup.com
O1 - Hosts: 213.159.118.228 ie-search.com
O1 - Hosts: 213.159.118.228 in.webcounter.cc
O1 - Hosts: 213.159.118.228 itseasy.us
O1 - Hosts: 213.159.118.228 just.find-itnow.com
O1 - Hosts: 213.159.118.228 link.startmake.com
O1 - Hosts: 213.159.118.228 mysearchnow.com
O1 - Hosts: 213.159.118.228 nativehardcore.com
O1 - Hosts: 213.159.118.228 qwertysearch123.biz
O1 - Hosts: 213.159.118.228 search.ieplugin.com
O1 - Hosts: 213.159.118.228 search.psn.cn
O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 213.159.118.228 searchcentrix.com
O1 - Hosts: 213.159.118.228 searchmyrequest.com
O1 - Hosts: 213.159.118.228 super-spider.com
O1 - Hosts: 213.159.118.228 t.rack.cc
O1 - Hosts: 213.159.118.228 teen-biz.com
O1 - Hosts: 213.159.118.228 teenhqpics.com
O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net
O1 - Hosts: 213.159.118.228 webcoolsearch.com
O1 - Hosts: 213.159.118.228 wmmse.com
O1 - Hosts: 213.159.118.228 www.008i.com
O1 - Hosts: 213.159.118.228 www.2fastsearch.net
O1 - Hosts: 213.159.118.228 www.8095.com
O1 - Hosts: 213.159.118.228 www.alfa-search.com
O1 - Hosts: 213.159.118.228 www.boredlife.com
O1 - Hosts: 213.159.118.228 www.couldnotfind.com
O1 - Hosts: 213.159.118.228 www.cracks.am
O1 - Hosts: 213.159.118.228 www.daum.net
O1 - Hosts: 213.159.118.228 www.dreamwiz.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find4u.net
O1 - Hosts: 213.159.118.228 www.firstbookmark.com
O1 - Hosts: 213.159.118.228 www.gajai.com
O1 - Hosts: 213.159.118.228 www.hand-book.com
O1 - Hosts: 213.159.118.228 www.hao123.com
O1 - Hosts: 213.159.118.228 www.hotsearchbox.com
O1 - Hosts: 213.159.118.228 www.hotwebsearch.com
O1 - Hosts: 213.159.118.228 www.hugesearch.net
O1 - Hosts: 213.159.118.228 www.iquicksearch.com
O1 - Hosts: 213.159.118.228 www.lookfor.cc
O1 - Hosts: 213.159.118.228 www.maxxxhosters.com
O1 - Hosts: 213.159.118.228 www.naver.com
O1 - Hosts: 213.159.118.228 www.nkvd.us
O1 - Hosts: 213.159.118.228 www.novafuck.com
O1 - Hosts: 213.159.118.228 www.ohcorea.com
O1 - Hosts: 213.159.118.228 www.omega-search.com
O1 - Hosts: 213.159.118.228 www.onet.pl
O1 - Hosts: 213.159.118.228 www.power-search.info
O1 - Hosts: 213.159.118.228 www.rightfinder.net
O1 - Hosts: 213.159.118.228 www.search-1.net
O1 - Hosts: 213.159.118.228 www.search-and-go.com
O1 - Hosts: 213.159.118.228 www.search-dot.com
O1 - Hosts: 213.159.118.228 www.search-space.com
O1 - Hosts: 213.159.118.228 www.searchforge.com
O1 - Hosts: 213.159.118.228 www.searching-the-net.com
O1 - Hosts: 213.159.118.228 www.searchv.com
O1 - Hosts: 213.159.118.228 www.searchxl.com
O1 - Hosts: 213.159.118.228 www.seznam.cz
O1 - Hosts: 213.159.118.228 www.slotch.com
O1 - Hosts: 213.159.118.228 www.spidersearch.com
O1 - Hosts: 213.159.118.228 www.startium.com
O1 - Hosts: 213.159.118.228 www.therealsearch.com
O1 - Hosts: 213.159.118.228 www.ttjj.com
O1 - Hosts: 213.159.118.228 www.viewpornkey.com
O1 - Hosts: 213.159.118.228 www.wazzupnet.com
O1 - Hosts: 213.159.118.228 www.websearch.com
O1 - Hosts: 213.159.118.228 www.windowws.cc
O1 - Hosts: 213.159.118.228 www.xgmm.com
O1 - Hosts: 213.159.118.228 xwebsearch.biz
O1 - Hosts: 213.159.118.228 yourbookmarks.ws
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Roboform\RoboForm.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Roboform\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -1
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://E:\Program Files\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: RoboForm &2 - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - *www.addictivetechnologies.net/DM0/cab/60wu82rd.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *public.windupdates.com/get_file.ph...21e4b1f7feb4:b26d5d59881e3d3ce8ab2292e6aa4d79
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - *www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - *217.73.66.1/del/loader.cab

it_waaznt_me · Nov 16, 2004

prakhar_agrawal said:
Platform: Windows XP SP1 (WinNT 5.01.2600)

First of all, get yourself SP2 ..

C:\WINDOWS\svhost.exe

Kill this process from Task Manager before proceeding .. Notice the filename .. Its svhost.exe and not svchost.exe which is a legitimate windows process ...

C:\Documents and Settings\Prakhar\Desktop\hijackthis.exe

Move HijackThis to its own dedicated folder, it will help you to get the backup ..

To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
Please make sure that all Internet Explorer and Windows Explorer windows are closed.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *xhgiin.outhost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *xhgiin.outhost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *xhgiin.outhost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = *
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *xhgiin.outhost.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *xhgiin.outhost.info/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *xhgiin.outhost.info/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = *xhgiin.outhost.info/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O1 - Hosts: 213.159.118.228 collections.inhost.info
O1 - Hosts: 213.159.118.228 collections.inhost2.info
O1 - Hosts: 213.159.118.228 1-se.com
O1 - Hosts: 213.159.118.228 58q.com
O1 - Hosts: 213.159.118.228 aifind.cc
O1 - Hosts: 213.159.118.228 aifind.info
O1 - Hosts: 213.159.118.228 allneedsearch.com
O1 - Hosts: 213.159.118.228 approvedlinks.com
O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com
O1 - Hosts: 213.159.118.228 awebfind.biz
O1 - Hosts: 213.159.118.228 best.royalsearch.net
O1 - Hosts: 213.159.118.228 cracks.am
O1 - Hosts: 213.159.118.228 default-homepage-network.com
O1 - Hosts: 213.159.118.228 find.microgirls.com
O1 - Hosts: 213.159.118.228 find4u.net
O1 - Hosts: 213.159.118.228 freshvideogals.com
O1 - Hosts: 213.159.118.228 i-lookup.com
O1 - Hosts: 213.159.118.228 ie-search.com
O1 - Hosts: 213.159.118.228 in.webcounter.cc
O1 - Hosts: 213.159.118.228 itseasy.us
O1 - Hosts: 213.159.118.228 just.find-itnow.com
O1 - Hosts: 213.159.118.228 link.startmake.com
O1 - Hosts: 213.159.118.228 mysearchnow.com
O1 - Hosts: 213.159.118.228 nativehardcore.com
O1 - Hosts: 213.159.118.228 qwertysearch123.biz
O1 - Hosts: 213.159.118.228 search.ieplugin.com
O1 - Hosts: 213.159.118.228 search.psn.cn
O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 213.159.118.228 searchcentrix.com
O1 - Hosts: 213.159.118.228 searchmyrequest.com
O1 - Hosts: 213.159.118.228 super-spider.com
O1 - Hosts: 213.159.118.228 t.rack.cc
O1 - Hosts: 213.159.118.228 teen-biz.com
O1 - Hosts: 213.159.118.228 teenhqpics.com
O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net
O1 - Hosts: 213.159.118.228 webcoolsearch.com
O1 - Hosts: 213.159.118.228 wmmse.com
O1 - Hosts: 213.159.118.228 www.008i.com
O1 - Hosts: 213.159.118.228 www.2fastsearch.net
O1 - Hosts: 213.159.118.228 www.8095.com
O1 - Hosts: 213.159.118.228 www.alfa-search.com
O1 - Hosts: 213.159.118.228 www.boredlife.com
O1 - Hosts: 213.159.118.228 www.couldnotfind.com
O1 - Hosts: 213.159.118.228 www.cracks.am
O1 - Hosts: 213.159.118.228 www.daum.net
O1 - Hosts: 213.159.118.228 www.dreamwiz.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find-itnow.com
O1 - Hosts: 213.159.118.228 www.find4u.net
O1 - Hosts: 213.159.118.228 www.firstbookmark.com
O1 - Hosts: 213.159.118.228 www.gajai.com
O1 - Hosts: 213.159.118.228 www.hand-book.com
O1 - Hosts: 213.159.118.228 www.hao123.com
O1 - Hosts: 213.159.118.228 www.hotsearchbox.com
O1 - Hosts: 213.159.118.228 www.hotwebsearch.com
O1 - Hosts: 213.159.118.228 www.hugesearch.net
O1 - Hosts: 213.159.118.228 www.iquicksearch.com
O1 - Hosts: 213.159.118.228 www.lookfor.cc
O1 - Hosts: 213.159.118.228 www.maxxxhosters.com
O1 - Hosts: 213.159.118.228 www.naver.com
O1 - Hosts: 213.159.118.228 www.nkvd.us
O1 - Hosts: 213.159.118.228 www.****.com
O1 - Hosts: 213.159.118.228 www.ohcorea.com
O1 - Hosts: 213.159.118.228 www.omega-search.com
O1 - Hosts: 213.159.118.228 www.onet.pl
O1 - Hosts: 213.159.118.228 www.power-search.info
O1 - Hosts: 213.159.118.228 www.rightfinder.net
O1 - Hosts: 213.159.118.228 www.search-1.net
O1 - Hosts: 213.159.118.228 www.search-and-go.com
O1 - Hosts: 213.159.118.228 www.search-dot.com
O1 - Hosts: 213.159.118.228 www.search-space.com
O1 - Hosts: 213.159.118.228 www.searchforge.com
O1 - Hosts: 213.159.118.228 www.searching-the-net.com
O1 - Hosts: 213.159.118.228 www.searchv.com
O1 - Hosts: 213.159.118.228 www.searchxl.com
O1 - Hosts: 213.159.118.228 www.seznam.cz
O1 - Hosts: 213.159.118.228 www.slotch.com
O1 - Hosts: 213.159.118.228 www.spidersearch.com
O1 - Hosts: 213.159.118.228 www.startium.com
O1 - Hosts: 213.159.118.228 www.therealsearch.com
O1 - Hosts: 213.159.118.228 www.ttjj.com
O1 - Hosts: 213.159.118.228 www.viewpornkey.com
O1 - Hosts: 213.159.118.228 www.wazzupnet.com
O1 - Hosts: 213.159.118.228 www.websearch.com
O1 - Hosts: 213.159.118.228 www.windowws.cc
O1 - Hosts: 213.159.118.228 www.xgmm.com
O1 - Hosts: 213.159.118.228 xwebsearch.biz
O1 - Hosts: 213.159.118.228 yourbookmarks.ws
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Roboform\RoboForm.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Roboform\RoboForm.dll
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -1 <-- This is a virus
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -1
O8 - Extra context menu item: Customize Menu &4 - file://E:\Program Files\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: RoboForm &2 - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - *www.addictivetechnologies.net/DM0/cab/60wu82rd.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *public.windupdates.com/get_file.ph...21e4b1f7feb4:b26d5d59881e3d3ce8ab2292e6aa4d79
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - *www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - *217.73.66.1/del/loader.cab

Of SPYWARE an their "REMOVAL"--HELP

Have you ever faced such a problem before?

YES

NO

CAN'T UNDERSTAND THE PROBLEM

prakhar_agrawal

Broken In

ujjwal

Padawan

tarey_g

Hanging, since 2004..

xenkatesh

Bewitched!

pratham_gharat2003

Right off the assembly line

PraKs

Youngling

prakhar_agrawal

Broken In

SmoothCriminal

In the zone

it_waaznt_me

Coming back to life ..

prakhar_agrawal

Broken In

perk_bud

Journeyman

it_waaznt_me

Coming back to life ..

prakhar_agrawal

Broken In

prakhar_agrawal

Broken In

it_waaznt_me

Coming back to life ..