Attached is my logfile from HijackThis.
I know part of the problem is the R1 problem here but everytime I fix it in HijackThis it just comes back in a different form.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ejdfqhkgm...HVun6pP9FVF.asp
Logfile of HijackThis v1.98.2
Scan saved at 12:30:19 AM, on 12/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\SYSTEM32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Scansoft\PaperPort\PPLinks.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ejdfqhkgm...HVun6pP9FVF.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JRA\Application Data\Mozilla\Profiles\default\vltogvky.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JRA\Application Data\Mozilla\Profiles\default\vltogvky.slt\prefs.js)
O1 - Hosts: 172.31.64.80 CIN00 # Cincinnati Notes server/Internal IP Address
O1 - Hosts: 172.31.64.80 SVCMAIL # Short address for svcmail.svc-ag.com, used internally
O1 - Hosts: 172.31.64.80 INFOCENTRAL # Short address for InfoCentral.itelligencegroup.com, used internally
O1 - Hosts: 66.148.150.232 ITELL00 # US SAP Systems/External IP Address
O1 - Hosts: 172.31.64.53 hobbes.svc-ag.com #Hobbes SAP System
O1 - Hosts: 172.31.64.58 itell01 # itell01 SAP Server
O1 - Hosts: 66.148.150.237 occsrv.svc-ag.com #occsrv Outsourcing Server
O1 - Hosts: 204.79.199.2 sapserv4 # SAPSERV4 OSS/CSU SAP Systems
O1 - Hosts: 147.204.2.15 sapserv1a.wdf.sap-ag.de
O1 - Hosts: 147.204.2.16 sapserv2a.wdf.sap-ag.de
O1 - Hosts: 194.76.45.2 cisco # CISCO 4000 Router
O1 - Hosts: 194.76.45.4 consult
O1 - Hosts: 194.76.45.211 florida # SUN Ultraserver
O1 - Hosts: 194.76.45.212 texas # HP-NT-Server
O1 - Hosts: 194.76.45.213 sylt # HP D210
O1 - Hosts: 194.76.45.80 IM001 # Notes-Server Bielefeld
O1 - Hosts: 194.76.45.81 Bi00 # Main Notes-Server Bielefeld
O1 - Hosts: 19.67.144.250 bt0250
O1 - Hosts: 149.238.245.202 utuscexch01 #Tuscaloosa exchange server and site server
O1 - Hosts: 149.238.24.15 ubataexch01 #Batavia exchange server
O1 - Hosts: 149.238.24.36 btvsapbw
O1 - Hosts: 149.238.24.45 btvsapbwp
O1 - Hosts: 19.67.144.60 btvird
O1 - Hosts: 149.238.24.19 btv03
O1 - Hosts: 19.67.144.252 btv02
O1 - Hosts: 19.67.144.252 btv02.batavia.zf.com
O1 - Hosts: 19.67.144.252 btv02.batavia.zf-group.com
O1 - Hosts: 149.238.24.20 btv01
O1 - Hosts: 149.238.24.20 btv01.batavia.zf.com
O1 - Hosts: 149.238.24.20 btv01.batavia.zf-group.com
O1 - Hosts: 19.67.144.20 bt0001
O1 - Hosts: 19.67.144.20 bt0001.pto.ford.com
O1 - Hosts: 19.67.144.21 bt0002
O1 - Hosts: 19.67.144.21 bt0002.pto.ford.com
O1 - Hosts: 19.67.144.22 bt0003
O1 - Hosts: 19.67.144.22 bt0003.pto.ford.com
O1 - Hosts: 19.67.144.102 btv00002
O1 - Hosts: 19.67.150.79 btvadp
O1 - Hosts: 19.67.146.168 btvwww
O1 - Hosts: 19.67.146.168 btvwww.pto.ford.com
O1 - Hosts: 19.67.146.244 a05sp050
O1 - Hosts: 19.67.146.250 a05sp040
O1 - Hosts: 19.67.146.248 a05sp020
O1 - Hosts: 19.67.146.245 a05sp010
O1 - Hosts: 19.5.39.100 smtpna2
O1 - Hosts: 19.5.39.100 smtpna2.ford.com
O1 - Hosts: 19.59.112.117 smtpna1
O1 - Hosts: 19.59.112.117 smtpna1.ford.com
O1 - Hosts: 204.167.5.63 psw.fidelity.com
O1 - Hosts: 19.1.28.20 www.tcs.ford.com #Proxy server for Ford network
O1 - Hosts: 19.59.112.160 NA1FCM01
O1 - Hosts: 19.59.112.160 NA1FCM01.ford.com
O1 - Hosts: 19.59.112.161 NA1FCM02
O1 - Hosts: 19.59.112.161 NA1FCM02.ford.com
O1 - Hosts: 19.59.112.162 NA1FCM03
O1 - Hosts: 19.59.112.162 NA1FCM03.ford.com
O1 - Hosts: 19.59.112.163 NA1FCM04
O1 - Hosts: 19.59.112.163 NA1FCM04.ford.com
O1 - Hosts: 19.59.112.164 NA1FCM05
O1 - Hosts: 19.59.112.164 NA1FCM05.ford.com
O1 - Hosts: 19.59.112.165 NA1FCM06
O1 - Hosts: 19.59.112.165 NA1FCM06.ford.com
O1 - Hosts: 19.59.112.166 NA1FCM07
O1 - Hosts: 19.59.112.166 NA1FCM07.ford.com
O1 - Hosts: 19.59.112.167 NA1FCM08
O1 - Hosts: 19.59.112.167 NA1FCM08.ford.com
O1 - Hosts: 19.59.112.45 NA1FCM09
O1 - Hosts: 19.59.112.45 NA1FCM09.ford.com
O1 - Hosts: 19.59.112.36 NA1FCM10
O1 - Hosts: 19.59.112.36 NA1FCM10.ford.com
O1 - Hosts: 19.59.112.35 NA1FCM11
O1 - Hosts: 19.59.112.35 NA1FCM11.ford.com
O1 - Hosts: 19.59.112.34 NA1FCM12
O1 - Hosts: 19.59.112.34 NA1FCM12.ford.com
O1 - Hosts: 19.59.114.72 NA1FCM13
O1 - Hosts: 19.59.114.72 NA1FCM13.ford.com
O1 - Hosts: 19.59.114.73 NA1FCM14
O1 - Hosts: 19.59.114.73 NA1FCM14.ford.com
O1 - Hosts: 19.59.114.66 NA1FCM15
O1 - Hosts: 19.59.114.66 NA1FCM15.ford.com
O1 - Hosts: 19.59.114.74 NA1FCM16
O1 - Hosts: 19.59.114.74 NA1FCM16.ford.com
O1 - Hosts: 19.59.114.75 NA1FCM17
O1 - Hosts: 19.59.114.75 NA1FCM17.ford.com
O1 - Hosts: 19.59.114.76 NA1FCM18
O1 - Hosts: 19.59.114.76 NA1FCM18.ford.com
O1 - Hosts: 19.59.114.77 NA1FCM19
O1 - Hosts: 19.59.114.77 NA1FCM19.ford.com
O1 - Hosts: 19.59.114.122 NA1FCM20
O1 - Hosts: 19.59.114.122 NA1FCM20.ford.com
O1 - Hosts: 19.59.114.121 NA1FCM21
O1 - Hosts: 19.59.114.121 NA1FCM21.ford.com
O1 - Hosts: 19.59.114.123 NA1FCM22
O1 - Hosts: 19.59.114.123 NA1FCM22.ford.com
O1 - Hosts: 19.59.112.187 NA1FCM23
O1 - Hosts: 19.59.112.187 NA1FCM23.ford.com
O1 - Hosts: 19.59.112.188 NA1FCM24
O1 - Hosts: 19.59.112.188 NA1FCM24.ford.com
O1 - Hosts: 19.5.39.98 NA1ECM01
O1 - Hosts: 19.5.39.98 NA1ECM01.ford.com
O1 - Hosts: 19.5.39.95 NA1ECM02
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {4EC40E6D-8AB1-0345-8C3A-39F2A6C5F89E} - C:\DOCUME~1\JRA~1.JRA\APPLIC~1\CREATI~1\Load16.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Playproxybendjump] C:\Documents and Settings\All Users\Application Data\realbookplayproxy\idol bolt.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Eq Real] C:\DOCUME~1\JRA\APPLIC~1\64MATH~1\multioozebags.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://notesmail.ibrat.com/iNotes.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligence....bex/ieatgpc.cab
Thanks for any assistance,
Jason