Excellent stuff - it had changed the DNS settings - changing back to obtain automatically sorted it. Thanks a lot!

OMG...thanks so very much for the info.

Sure enough I had to DNS severs in there:

85.255.113.92
85.255.112.195

Changing to auto for the DNS has helped.

Thanks again!

To all who is having this JUPK.COM DNS redirect problem. I have found an explanation for this problem from a IT security web site: PLEASE READ!!! Summary: ============ The Internet community has recently been observing a new attack against Microsoft Windows systems running Internet Explorer 6 (MSIE6) and IE7 in the form of a JavaScript triggered worm. The current release of Microsoft Internet Explorer contains an un-patched vulnerability within its ObjectData handling method(s). The currently detected worm carries out a range of actions upon successfully exploiting a victim, most notable of which is the alteration of the systems DNS settings. The result is that instead of attempting DNS resolution via previously configured servers, the victim host now uses an alternate set of DNS servers. This allows the attacker to control where users are browsing by redirecting their web browsing and other Internet activities to alternate addresses. A possible scenario might be that the attacker alters the victim's DNS settings and the user attempts to browse Amazon.com. When their system does a DNS lookup instead of sending the user to the correct page the alternate DNS server may send the user to a page pretending to be Amazon. As a result when the user enters their credit card details to purchase a book they may in-fact be giving them to the attacker instead. (This example is hypothetical in nature and not based on any observed reality.) When the vulnerability within the ObjectData handling method(s) is exploited by the now active Trojan, MSIE6 executes a contained ActiveX object within a piece of JavaScript. MSIE6 is programmed to check whether this ActiveX code is 'safe' and during this process MSIE6 determines that the ActiveX code is, in fact, simple HTML/Jscript. As a result it does not prompt the user to save the data to disk, but instead remembers it as HyperText Application (HTA) content and invokes the MSHTA.EXE process to execute the 'simple HTML/Jscript' code. This code is x[1].hta which creates and executes AOLFIX.EXE. AOLFIX.EXE is downloaded in to the victim systems \temp directory, executed and deleted. The final result is the user's system settings being altered and DNS settings changed. Who is Affected: ============ All users who have Microsoft Internet Explorer version 6 are likely vulnerable to this attack. This issue has been proven to work on Microsoft Window ME, Windows NT, Windows 2000, and Windows XP. It is also considered likely to work on Microsoft Windows 9x and Windows Server 2003. Symptoms if Exploited or Targeted: ================ Users that have been affected by this Trojan will notice a series of changes to their system, and changes in system behaviour when attempting to access certain web sites or domain names. Behavioural changes will most likely manifest themselves as pages not resolving, or not appearing correct. Directories Created: -------------------- %systemdrive%:\bdtemp %systemdrive%:\bdtemp\temp Files Created: -------------- AOLFIX.EXE - Deleted immediately upon execution. %systemdrive%:\%systemroot%\winlog - Contains the letter 'A' %systemdrive%:\%systemroot%\help\hosts - Contains static DNS mappings to many IP addresses of popular search engines. See 'Details' section below for list of addresses mapped. Registry Entries: ----------------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\windows] "r0x"="your s0x" "NameServer"="69.57.146.14" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{45F95E82-B443-428B-9EB7-4C65CDCD9006}] "NameServer"="69.57.146.14" HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "DataBasePath"="%SystemRoot%\help" Actions: ============ Disabling ActiveX functions withing the MSIE6 browser will not provide any level of protection against this vulnerability. Mitigation: ----------- - Disable Active Scripting within the MSIE6 (& Outlook) application(s). This will prevent execution of the pages delivering the exploit. - Ensure firewalls (perimeter defences) are configured to block unauthorised outbound traffic as well as inbound traffic. This will prevent users from using unauthorised DNS servers. As such victim systems will reveal themselves very quickly as they fail to look up Internet domain names. - Configure host firewalls (personal firewalls) that can control application level access to the network (such as ZoneAlarm) to deny access to the network for MSHTA.EXE. - Disable HTA MIME types from within the Windows System Registry. To do this remove the entry "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ContentType\application/hta". This can be restored later, once a patch is available and applied. - Configure IDS (intrusion detection systems) to monitor for suspicious traffic that may alert the administrator to the attack or victim systems. A sample rule set for Snort might be: snort.conf: var MAL_DNS [216.127.92.38/32,69.57.146.14/32,69.57.147.175/32] dns.rules: alert tcp any any $MAL_DNS 53 (msg:"Malicious DNS Traffic"; sid:900027; rev:1 alert udp any any $MAL_DNS 53 (msg:"Malicious DNS Traffic"; sid:900027; rev:1 Fix: ---- No patch is currently available for this issue. The patch MS03-032 does not address this issue.