Hi liberty61
You have a hijacker or malware on your system. In addition to updating and
running your AV, download, install and run the programs below in Safe Mode
with Hidden Files enabled. This will remove the nasty you have and any
others it may have let in the back door. Some malware can replicate itself
repeatedly if not removed properly, so even if you have already run some
programs, run them again according to the information below. Follow all
instructions carefully:
First, Clear the TIF's and empty the recycle bin:
http://www.mvps.org/winhelp2002/delcache.htm
Also...empty your Recycle bin.
Then do the following:
WARNING>>>> Backup all documents and files before removing any spyware!!
How to properly scan for scumware (read first, if possible)
http://aumha.org/forum/viewtopic.php?t=5878
Hope this helps
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Download and install BHODemon from
http://www.definitivesolutions.com/bhodemon.htm
Your problem may be caused by a bad BHO.
Most importantly, download install and run CWShredder here
http://www.majorgeeks.com/download3019.html
and About Buster, which searches for hidden .dlls that recreate the malware.
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
Then download, install and immediately update these three programs before
running:
AdAware SE - Update immediately after installing
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
AdAware Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
SpyBot S &D - Update immediately after installing
http://www.majorgeeks.com/download2471.html
SpyBot S&D Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
Microsoft Windows Antispyware Program (Beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Also download, install and run CWShredder:
http://www.majorgeeks.com/downloadget.php?id=3019&file=11&evp=9e0433de9f8fd8e137fd6b3ff02edc90
Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure that you choose "fix" or "clean".
Download PocketKkillbox from
http://www.thespykiller.co.uk/files/killbox.exe
and put it on the desktop where you can find it easily
Download, install, and run HiJackThis - it is one of the most important
tools to help clean your system of scumware. Follow the instructions
carefully:
How to download and install HiJackThis: (it does not need to be updated)
http://www.bleepingcomputer.com/forums/topict309.html
Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for you.
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.)
Also, please post a link to the forum where you post your HJT log back to
this thread so that we can follow your progress there.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
How to Show Hidden Files
http://snipurl.com/6rl8