I have been scouring this machine for three days, and still, everytime I think I have it cleaned, the IE start page is corrupted again by this LionSearch page listing a bunch of information categories.
I have run all the software suggested in sticky post to this forum.
Finally, I am resorting to HijackThis. Here is the log:
Logfile of HijackThis v1.99.0
Scan saved at 10:47:12 PM, on 12/26/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\williams\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://66.55.144.200/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://66.55.144.200/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Program Files\IESearchToolbar\0.8\IESearchToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: Casa Language fr_FR - https://www.citidire.../casa_fr_fr.cab
O16 - DPF: Casa Language he_IL - https://www.citidire.../casa_he_il.cab
O16 - DPF: Casa Language hu_HU - https://www.citidire.../casa_hu_hu.cab
O16 - DPF: Casa Language it_IT - https://www.citidire.../casa_it_it.cab
O16 - DPF: Casa Language ja_JP - https://www.citidire.../casa_ja_jp.cab
O16 - DPF: Casa Language ko_KP - https://www.citidire.../casa_ko_kp.cab
O16 - DPF: Casa Language nl_NL - https://www.citidire.../casa_nl_nl.cab
O16 - DPF: Casa Language pl_PL - https://www.citidire.../casa_pl_pl.cab
O16 - DPF: Casa Language pt_BR - https://www.citidire.../casa_pt_br.cab
O16 - DPF: Casa Language ro_RO - https://www.citidire.../casa_ro_ro.cab
O16 - DPF: Casa Language ru_RU - https://www.citidire.../casa_ru_ru.cab
O16 - DPF: Casa Language sk_SK - https://www.citidire.../casa_sk_sk.cab
O16 - DPF: Casa Language tr_TR - https://www.citidire.../casa_tr_tr.cab
O16 - DPF: Casa Language zh_CN - https://www.citidire.../casa_zh_cn.cab
O16 - DPF: Casa Language zh_TW - https://www.citidire.../casa_zh_tw.cab
O16 - DPF: Casa Libraries - https://www.citidire...ie/casalibs.cab
O16 - DPF: Casa Liquidity - https://www.citidire...saliquidity.cab
O16 - DPF: Casa List Manager - https://www.citidire...casalistmgr.cab
O16 - DPF: Casa Lockbox - https://www.citidire...casalockbox.cab
O16 - DPF: Casa Misc - https://www.citidire...ie/casamisc.cab
O16 - DPF: Casa PayerApproval - https://www.citidire...yerapproval.cab
O16 - DPF: Casa Payments Banamex - https://www.citidire...pmtsbanamex.cab
O16 - DPF: Casa Payments Common - https://www.citidire...asapmtscomm.cab
O16 - DPF: Casa Payments Detail - https://www.citidire...casapmtsdtl.cab
O16 - DPF: Casa Payments Disbursements - https://www.citidire...sbursements.cab
O16 - DPF: Casa Payments Libraries - https://www.citidire...asapmtslibs.cab
O16 - DPF: Casa Payments Misc - https://www.citidire...asapmtsmisc.cab
O16 - DPF: Casa Pref Mgr - https://www.citidire...casaprefmgr.cab
O16 - DPF: Casa Receivables Mandates - https://www.citidire...lesmandates.cab
O16 - DPF: Casa ReceivablesDirectDebit - https://www.citidire...directdebit.cab
O16 - DPF: Casa ReceivablesInquiries - https://www.citidire...esinquiries.cab
O16 - DPF: Casa Report - https://www.citidire.../casareport.cab
O16 - DPF: Casa Safeword - https://www.citidire...asasafeword.cab
O16 - DPF: Casa Security Admin - https://www.citidire...curityadmin.cab
O16 - DPF: Casa ServForCollItems - https://www.citidire...orcollitems.cab
O16 - DPF: Casa ServicesForLR - https://www.citidire...servforrece.cab
O16 - DPF: Casa ServicesProducts - https://www.citidire...cesproducts.cab
O16 - DPF: Casa Taiwan CBR - https://www.citidire...e/casatwcbr.cab
O16 - DPF: Casa Trade FI Common - https://www.citidire...asaficommon.cab
O16 - DPF: Casa Trade FI Detail - https://www.citidire...asafidetail.cab
O16 - DPF: Casa Trade FI Lib - https://www.citidire...e/casafilib.cab
O16 - DPF: Casa Trade FI Summary - https://www.citidire...safisummary.cab
O16 - DPF: Casa User Maint - https://www.citidire...asausrmaint.cab
O16 - DPF: CasaReceivablesServices - https://www.citidire...lesservices.cab
O16 - DPF: CasaServForProducts - https://www.citidire...forproducts.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
Thanks in advance for any help you can give.