My homepage keeps opening up to the same page: mk:@MSITStore:C:\spe\start.chm::/start.html# Others have posed on this and i downloaded the Hyjackthis program and this is my log. If someone can tell me how to rid my computer of this i would be very grateful. Heres my log. Logfile of HijackThis v1.98.2 Scan saved at 1:26:33 AM, on 9/13/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\cvss.exe C:\WINDOWS\winlogon.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\uved.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\cmmnfiles.exe C:\PROGRA~1\Web Offer\wo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\rundll32.exe C:\Documents and Settings\Matt Martone\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=2&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=2&q=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amerbelomoctbgrnshbc.net/XGLFq2SNztWVcrbP0YbXKibZjEHxkq5o_4/xv_uvm9yAt1OhT3uF_J_YlT_Dw7br.cgi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file) F1 - win.ini: run=fntldr.exe F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 ieautosearch O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {E9621AF7-6ABD-DB9B-C97D-4124F187E8D6} - C:\PROGRA~1\MIXMEE~1\multicorn.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [nijsf] C:\WINDOWS\nijsf.exe O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [hdpschuai] C:\WINDOWS\System32\grkzppow.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [Boob Memo] C:\PROGRA~1\FreeWave\Dupe Inside Third.exe O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe O4 - HKLM\..\Run: [iexplore.exe] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE O4 - HKLM\..\Run: [Jugs Dale Ping Grim] C:\Documents and Settings\All Users\Application Data\drv scr jugs dale\poke64.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Brhuxji] C:\WINDOWS\System32\uved.exe O4 - HKCU\..\Run: [H04nRhNqi] cmmnfiles.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe O4 - HKCU\..\Run: [Unwa] C:\Documents and Settings\Matt Martone\Application Data\puao.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: Microsoft® JavaScript® Console - {7C5CDB65-5CED-4589-A79A-71CFD1800D91} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {7C5CDB65-5CED-4589-A79A-71CFD1800D91} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll (file missing) O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU) O9 - Extra button: Microsoft® JavaScript® Console - {7C5CDB65-5CED-4589-A79A-71CFD1800D91} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {7C5CDB65-5CED-4589-A79A-71CFD1800D91} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=2&q= O13 - WWW Prefix: http://www.heretofind.com/show.php?id=2&q= O13 - Home Prefix: http://www.heretofind.com/show.php?id=2&q= O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=2&q= O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=2&q= O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=0c8af29cad1529a0c2f12262efe492244d317f6ab2c86bff7585b7e883263ddf35912dd813dee463c744961d2b31add589650eef4d876c0fc2a2f745d64562:c31e3730b38c174130e1e2729109a237 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com/activex/src/KeyActivexTest.ocx O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1019_bundle43v2d33.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A45321E5-EB1F-422C-8991-F06D66094409}: NameServer = 128.6.216.19,128.6.224.114 O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4E3E4C-A844-4326-BBA5-1AAFE2068B0C}: Domain = rutgers.edu

Same as here . http://computing.net/security/wwwboard/forum/13629.html

You must have missed this part. DO NOT post a HiJackThis log here unless an expert has requested it. The ability to follow instructions is the key to removal. Hijackthis log reading help sites.

Go Here and paste your log http://hijackthis.de/index.php?langselect=english You have a shed load of nasty stuff that needs attention HTH Alan56 If it ain't broke....Then why the hell not?

Alan, was that link not already provided? Are you sure that he will not F-up something without the proper help? Mess with the 010 items, and you loose net access!