ok... ive done everything short of formatting my computer to try to fix this and im very frustrated yesterday my friend was playing with my comp and she used internet explorer. i never use IE, always firefox, and no i havent updated to SP2 yet please dont give me a lecture about that. anyways, browser wins start popping up and stuff i ran SpybotSD and Ad-aware a billion times, as well as Hijack This and AVG anti virus. after some investigation i found out that something is modifying my 'hosts' file in C:\WINDOWS\system32\drivers\etc\hosts these 3 lines were added/modified: 18.104.22.168 auto.search.msn.com 22.214.171.124 search.netscape.com 126.96.36.199 ieautosearch ive tried everything to get rid of em. edited them in notepad, googled a bunch of crap and deleted/modified registries as instructed at Symantec, ran HJT, SpybotSD, Ad-aware, AVG again and again and again BUT THEY KEEP COMING BACK!!! something is running in the background that constantly checks that file and adds those values. i went into my system32 in WinXP Safe Mode and googled every single file that was modified within the last 24 hours. if google couldnt find it, or something malicious turned up, they're deleted. but even those .dlls keep coming back. so now i have 2 problems, 1. unable to delete malicious .dlls and 2. unable to delete host entries. im so close to just formatting my comp but i would really like to beat this mofo. one more thing that i noticed: if i delete those host entries in regular Safe Mode, they DO NOT come back. BUT if i delete them in Safe Mode with Networking, the DO come back. im not sure what that means, so maybe someone out there knows. and yes, i have followed instructions in the thread, whatever its called, that is Stickied in this forum about spyware for newbies. THANKS VERY MUCH TO ANYONE THAT CAN HELP!!