Original problem:
This add (red and black) for a securitycompany (smart security) hijacked my desktpop background and genereal appereance.
After checking the companypages, this add proved to be illegeal, and smart security are trying to help people remove it. I`ve manged to get my general appereance back (icons ), but the add still stays. The companypages also offered an expanation of how to remove the add manually (the first was a download), I haven`t tried this yet.
This add also visits me as a popup-window, how nice of it tio care. In addition I`me bothered with to popups; adslim(something) and dosearch (something), both offering me spyware removal.
In my quest for removing theese pests I`ve disvovered some interesting automatic startupprocesses, you know - the ones that`s not supposed to be there. I elimenated one of them (service host), but I`me unable to elimanate the other to that seeme suspicious (they also seem to be connected some how). When I try to delete them they seem to regenerate. I`ve identified theese as TBPS and WinTools. After googling them of I found out theyre supposed to be really har to get rid of.
I`me not sure if theese processes are directly connected to the adds.
Anyway like I said, I`ve run the programs you suggested, they all identified and eliminated quite an amount of files. They all left some intact to, unable to do anything. TDS3, as the last step I`ve completed, gave me a list og files that seeme suspiscious somehow. However, since I`me only a geek in a non-computing fashion, and generally afraid of what my computer can do to me, I`me not sure what to do with this list. I`me posting it below.
This concludes everything I know about my problems, hope you can help me.
TDS3 scan:
Scan Control Dumped @ 14:39:08 12-04-05
Positive identification <Adv>: Possible keylogger
File: c:\windows\bpo.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\dpc.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\ncf.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\dkh.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\uji.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\itr.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\goq.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\hvj.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\oln.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vps.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\sfn.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\tac.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\csh.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\pjg.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\qmh.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\lln.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\ilb.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\fit.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\kom.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\iao.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\plt.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\cvk.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\hlg.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\hhh.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\tgh.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vbi.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\dcn.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\prt.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\iuc.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\ovs.exe
Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vqm.exe
Positive identification: Riskware.Tool.Exporun
File: c:\program files\toolbar\iexploreskins.exe
Almost forgot to mention, a searchpage has bloced my startpage in explorer - and I`me unable to change it: http://searchmeup.co...dex.php?aid=186
On top of everything I`me not able to run hijackthis, it encounters an error and haas to shut down...
Edited by Theprem, 13 April 2005 - 09:03 AM.