Out of respect for DragonsLore and everyone who needs to remove parasites, I've posted at a different thread.
If you want to know some of the software hackers use to get into PC's, try this link.

btw, if you are using a firewall and notice that a popup from that program shows access by UDP, etc. on a very high port (like 54463, 1150, 8150, etc.) then it's very likely your computer is infected.

Read DragonsLore first post and follow the instructions!!

I've seen those sites before.

There are many of them all using the same engine and the biggest problem with
those type of sites is that the inexperienced user is bound to miss stuff and
even experienced user still need to verify all the results which means researching
each item.

The way I'm looking at things is once the security forums openly start advocating
the use of such analyzers, then I'll include them in the Spyware thread.

But to add them before that point is to invite more problems for the inexperienced
users.

Too many people as it is don't even bother to read the article and pick & chose
what they want to run instead of following directions.

Unless the system is serioulsy messed up so it would not be worth trying to save,
I generally do not advise formatting the drive.

This is just some basic help to get you started.

Use Internet Explorer and run three online scans.....

- 1) HouseCall
- 3) F-Secure

These can both be found in the above article and they are good AV scanners

If you are unable to reach any of these online scanners, then download and run
PepiMK's CoolWWWSearch.SmartKiller removal tool, then try accessing the scanners.

After this, run TrojanScan which can be found in the same article.

Download HiJackThis, then run the tool. When the dialog box appears, use the
first button at the top of the list. Pay particular attention to where you save
the log file and the name you give it.

Once you do this, use Notepad to open the log file, then copy the contents of the
log file.

Now go to the Spywareinfo Forums, to the Malware Forum. (Register first)
Create a new post and paste the complete contents of the log file in the post.
For the title, use something like "Please Check my HJT Log"

After you do this, read the sticky by PGPhantom which will be in the same forum
as this will be of some help to you.

Most of the tools they might ask you to run if needed are listed in the above article.

Good Luck

xtianknights, I know you mean well, but the information you have provided is incomplete at best for people who are already in a jam. The advice DragonsLore has posted here has proven effective in helping literally thousands of people from removing all sorts of malware from their computers.

And the fact of the matter is that no single program is effective at removing all the various strains of malware. And, in my opinion, the worst possible time to be uninstalling one AV program and installing another is when you are already infected. That's the time to be using online AV scans and other tools

Further, the vast majority people view their computers as tools to get a job done - nothing more. By directing people to go test their computers against the site you have posted - specifically designed for researchers - you are recommending that they turn their PCs into "science experiments." Yet the fact is that the site warns people that they can get into trouble - and that the site will not help people undo the problems. I've got no problems with the site - its doing its job. But most people will be poorly equipped to undo the damage. For example the site says

Important note: Eicar cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. You download these files at your own risk. Download these files only if you are sufficiently secure in the usage of your AV scanner. Eicar button cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.We understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore. At this point we must refer to our standard answer concerning support for the test file. We are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased. Please contact the support people of your vendor. They have the required expertise to help you in the usage of the tool. Needless to say that you should have read the user's manual first before contacting them.

I urge you to rethink your advice

If you want to safely check out how well the different Anit-Virus Programs work,
then go to this site. AV-Comparatives

They even have a forum of their own and if you don't see an AV program listed,
you can ask about it.

You should read the first sticky in the FatWallet forum for configuration issues.

Cash Back Solutions! Read here to solve problems with links, reporting, credits and more!

XoftSpy has made great strides in turning their software arond.

EDITED TO ADD MORE INFORMATION WHILE LEAVING ORIGINAL RESPONSE

Earlier versions of this program used to be rogue (bad) and would use such
practices as false positives to try to get you to purchase the program.

If you had posted to one of the security forums, I'm sure they would have
asked you to run this program.

The ability to remove Spy Sheriff is something that was recently developed
as everyone has been racing to find a way to remove this new strain.

Looks like I have a new item to add to the article when I am able to update it.

UPDATE

Well, it looks like I won't be adding this tool to the list in the article after all.

This morning after I got home from work, I downloaded, installed and ran this tool.

Needless to say, I was not very happy with the results it showed.

While it was scanning, at one point it showed that it was scanning the directory

"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\spysheriff"
This Directory does not exist on my system and never has.

Also, I very rarely use Internet Explorer and I have it set to delete all files on close.
While scanning, it also showed it to be scanning non existent directories for the IE Temp folders.

"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files" This folder does exist.

But the non existent folders it showed were

"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\" with a series of sub-directories containing alfa-numeric numbers and the scan showed it to be scanning non-existent files in those directories. A whole crap load of them.

It also claimed to have found MainPean Dialer which is non-existent on this system. I double checked all the registry entries and even did a google on this and checked the manual removal instructions.


Both during and after, I checked everything and needless to say, it did not do anything other than to show me stuff that did not exist.

During the scan where it was supposedly scanning the non-existent spysheriff folder, it found 152 CWS entries which it labelled as Hosts file items and in the top right, it labelled these items as registry entries.

Now my Hosts file does contain a bunch of CWS entries all redirected to the local host 0.0.0.0

So I made a copy of the hosts file just to be safe.

I even had this program fix what it supposedly found.

It made absolutely no changes to my system or even to my hosts file.

I have since completely removed this program from my system and I will not be recommending it as it seems that they are still up to their old tricks.

In Rebutable to Microsoft Denial.

For those of you who may have used GRC.com's DcomBobulator, you will find that
MS Anti-Spyware will delete this tool and re-enable Dcom on your system.

Here is something I already posted this in a couple of Free Spyware Tool threads
in the Free Stuff forum earlier this week.

MS Anti-Spyware is not all it's cracked up to be.

4-28-2005 Microsoft Downgrades Detions of Claria Products
"Several sources have now confirmed that Microsoft downgraded its detections of Claria's adware products in the latest update (#5731) to Microsoft AntiSpyware released today. Where Microsoft AntiSpyware used to detect Claria's products and present users with a "Recommended Action" of "Quarantine," following today's update Microsoft AntiSpyware now presents users with a "Recommended Action" of "Ignore"... While Claria's products have not been removed from the Microsoft AntiSpyware definitions, this change is troubling, coming so close on the heels of the revelation that Microsoft has been in talks with Claria to acquire the company..."
The State of Claria Detections

Microsoft to Buy Claria?

Microsoft wants to Buy Claria?

The sticky is floating away!!!

Have read the article and this is what I did.
I scanned using lavasoft - and the following data miners were found. They are now guaranteed but attune will prompt an error whenever I start my PC.

IE user were advised to turn off "2 install on demand and 1 enable 3rd party browser extnsion"
Have done that. Now I do not get Yahoo icon and bunch of other stuff at the tool bar and my IE do not crash after closing a 2nd window.

Thanks Fatwallet and OP!Will need to read more and learn from Fatwallet members.
Hvn't download Spybot yet.Anyone know if I can delete the attune program. Not sure what it for.Thanks again!

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Other Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\\software\\aveo

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\\microsoft\\internet explorer\\extensions\\{c95fe080-8f5d-}

Other Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\\aveo

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-
Rootkey : HKEY_USERS
Object : .DEFAULT\\software\\microsoft\\internet explorer\\extensions\\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4