[email protected]

Ryan ... I think it might be GONE! Dare I say it? You mean to tell me that it was a Google toolbar or a Yahoo tool bar that brought this hideous thing in? I always heard that downloading toolbars was trouble. At the risk of jumping in too soon, THANK YOU!!!! (Fingers crossed) I hope this is it! You were magnificent! Patient, quick to respond, and thorough! I will tell everyone I know! Linda

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:09:46 PM, on 12/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\

Actually, Ryan, I go to a Dell page with a Google search field that says, Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites: Does that change anything? I'm being hijacked, but by whom? Linda

Malwarebytes' Anti-Malware 1.30 Database version: 1427 Windows 5.1.2600 Service Pack 3 12/3/2008 1:45:05 PM mbam-log-2008-12-03 (13-45-05).txt Scan type: Full Scan (C:\|) Objects scanned: 252658 Time elapsed: 3 hour(s), 48 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registr

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:57 PM, on 12/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\

--------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09 USER : LINDA SONDERMANN ( Administrator ) BOOT : Normal boot Antivirus : AVG 7.5.552 7.5.552 (Activated) C:\ (Local Disk) - NTFS - Total:88 Go (Free:42 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 01-11-2008|16:30 ) Option : [1] ( Sun 11/30/2008|21:59 ) --------------------\\ Listing folders

Yup. Still there. This thing is relentless!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:25 PM, on 11/30/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Prog

As of an hour ago, I still can't use eBay search. Here is the HJT log, and the Uninstall log. Thanks, Ryan! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:35:50 PM, on 11/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost

Hey, Ryan, Here is the log file from mbam. Gosh, I sure hope this works! Malwarebytes' Anti-Malware 1.30 Database version: 1427 Windows 5.1.2600 Service Pack 3 11/26/2008 7:08:44 PM mbam-log-2008-11-26 (19-08-44).txt Scan type: Full Scan (C:\|) Objects scanned: 260311 Time elapsed: 2 hour(s), 9 minute(s), 4 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 58 Memory Processes Infected: C:\Program Files\Intelinet\intelin2.exe (Rogue.Intelinet) -> Unloaded

I run Intelinet every day. AVG once in a while. Tried PC TOOLS. Went through the self-help list and deleated as instructed, but the freaking thing is still here. I can't use my eBay search at all. It's making me nuts. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:31 PM, on 11/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOW