OK...adaware and S&D did not work...I have more info tho...when I open up IE it changes the home page address to:

res://mshp.dll/index.html#10213

Now when I change it back then it'll stick but only for the first time I open IE after I change it back...after that one time it'll get changed back to the home page...and also when I run a search on Google it opens another search page (the one in my first post) with the same query I had typed on Google

What do I do about this??? What caused this to happen??? Virus or something??? Any help on my situation would be very helpful...this is getting annoying...THANX
C'YA ?:-D

Hmmm....looks like it doesn't stick...it changes back every time I go to a new webpage AFTER I changed it back to my real home page...so after I change it back and click on a hyperlink IE loads the webpage I clicked on and blinks...I chacked to see if that blinking changed the default webpage and it did...just some more info for ya'

Sounds like something screwed with your hosts file. Navigate to C:\Windows\System32\drivers\etc\hos and open the host file with notepad. If you want, you can just erase everything in there and save it (dont delete the file). Or, check out the FAQ at the top of the Software page and add those into the file.

You might want to give these two utilities a spin...HijackThis and CWShredder....both are found here:

http://www.spywareinfo.com/~merijn/downloads.html

Just be careful not to zap anything that should be there, you have to know how to look for something that doesn't belong, the utility reports suspicious items, but you have to make the decisions.

It might be in this list as it sounds like search-space,com or start-space,com.

Here is the link. http://www.pchell.com/support/spyware.shtml

HijackThis should reveal the culprit (and the assorted entries)
of course the trick is to identify which ones those are

after your cleaned up Id recommend

HTAstop (http://www.nsclean.com/htastop.html)
shut down Microsoft's "HTA" (Hypertext Application) capabilities in any version of Windows. It also permits you to UNblock HTA should it be required momentarily and then turn it right back off once you've used any necessary "legitimate" HTA applications downloaded from a website. "HTA" is a part of Microsoft's "VBS Scripting Host" capabilities which is provided with Internet Explorer and other Microsoft products.

DSOstop2 (http://www.nsclean.com/dsostop.html)
Exploit Description: Executing arbitrary commands without Active Scripting or ActiveX (http://security.greymagic.com/adv/gm001-ie/)

WSH Anti-Polymorphism Patch (http://www.diamondcs.com.au/index.php?page=patch1)
To prevent Windows Scripts (such as VBScript and Javascript) from being able to read/write themselves, making Windows Script polymorphism nearly impossible through conventional means.

Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm)
"AnalogX Script Defender will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc and can even be configured to intercept new script extensions as needed

and or simply Disable (http://www.sophos.com/support/faqs/wsh.html) or Remove (http://securityresponse.symantec.com/avcenter/venc/data/win.script.hosting.html) Windows Script Hosting (WSH)

pest patrol