Please help, every time I type a url it goes to the same old website, plus my homepage will not change. i have tried using ad-ware se and spyware docter but they dont seem to get rid of the problem. i do have a hijackthis log if it will help but it says i cant post it in my 1st post.

Download hijackthis and scan, then send us your log, DO NOT DELETE ANYTHING UNTIL WE SAY SO!!! http://www.majorgeeks.com/download.php?det=3155 From there, click on Major Geeks 1. Zach www.totalpc.org

I would also try spyware S&D, it finds things that adaware misses. http://www.safer-networking.org/en/download/index.html If you need a simple solution, try mine. I try to give advise on things that have happened to my PC. Changes in registry can be FATAL! I now have a 95% success rate!

i tried spyware S&D it found some registry problems and i fixed them, but the problem just keeps coming back. here is my log: Logfile of HijackThis v1.98.2 Scan saved at 11:45:52, on 28/08/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.exe C:\WINDOWS\System32\CTHELPER.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O9 - Extra button: Corel Network monitor worker - {8D4E21C1-9E3B-4FF5-B12E-B7147608A368} - (no file) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8D4E21C1-9E3B-4FF5-B12E-B7147608A368} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe O9 - Extra button: Corel Network monitor worker - {8D4E21C1-9E3B-4FF5-B12E-B7147608A368} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8D4E21C1-9E3B-4FF5-B12E-B7147608A368} - (no file) (HKCU) O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=14&q= O13 - WWW Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Home Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=14&q= O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1C170-0067-482F-B384-238C985ADADB}: NameServer = 195.93.35.134

Remove all these: 1. O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=14&q= O13 - WWW Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Home Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=14&q= O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=14&q= O17 - 2. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=14&q=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# 3. Delete the directory c:\spe 4. Click on START --> CONTROL PANNEL --> INTERNET OPTIONS ---> DELETE FILES --> Put the check on DELETE ALL OFFLINE CONTENTS. Next, DELETE COOKIES and then Clear Histories. fell free to e-mail me: jeff_injc at yahoo dot com