I have ran avg, spybot, hijack this and numerous other programs trying to get rid of some disease that has taken over my computer. I keep getting this windowsupdate.microsoft.com taking over my webpages, kicking me out of programs that I am running or shutting down Explorerer. ANy suggestions of what the heck is going on! I am running XP, arghhh!

You are joking, right?

If not, see if you have auto-update enabled and disable it.

no, I am not joking....is this XP's way of being funny? If I don't do there updates, which, I don't, then they spam you too death?

Cause that is what they keep directing me too....spam advertising....
BUt I will try that...
I thought it was just some clever spam wear using windowsupdate
name....

Try downloading Hijack This (http://www.subratam.org/?page=removal), extract to a folder in the HDD and scan after setting the computer drive to show all files, copy and paste the resultant log here with the symptoms and wait for advice before removing any items.
:)

It may be malware since there are some that spoof WinUpdate... However, if you are not updating Windows that is probably part of the reason you are infested... The updates plug the holes that MS built into Windows and without the updates you are in a very leaky vessel.... Hold off on updating now until we can be sure your system is clean or it can get worse...

Here she be:

Logfile of HijackThis v1.99.0
Scan saved at 9:39:26 PM, on 1/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\program files\180solutions\sais.exe
C:\WINDOWS\system32\Services\{44D7B286-5456-4199-AAE8-C68FDB45F8CD}\SVCHOST.EXE
C:\WINDOWS\process.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ubi.com\Core\GS4.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eBay\Turbo Lister\Tl.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\WindowsXP\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\WindowsXP\Application Data\Mozilla\Profiles\default\vin95l77.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\WindowsXP\Application Data\Mozilla\Profiles\default\vin95l77.slt\prefs.j s)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [qhmf] c:\windows\qhmf.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{44D7B286-5456-4199-AAE8-C68FDB45F8CD}\SVCHOST.EXE
O4 - HKLM\..\Run: [process.exe] C:\WINDOWS\process.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

Well you definitely have some garbage, but I am not seeing anything that clearly would spoof WinUpdate... Please open an HJT scan and check these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [qhmf] c:\windows\qhmf.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{44D7B286-5456-4199-AAE8-C68FDB45F8CD}\SVCHOST.EXE
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\wnim.dll

This one is suspicious, but the name is too generic to find out if it is bad... Please find it and check Properties to see if it is from a legit company... If it isn't, it is probably a good idea to fix it:

O4 - HKLM\..\Run: [process.exe] C:\WINDOWS\process.exe

This is a registration reminder that is thought to report back to the company that placed it on the user's habit... It is optional, but I recommend fixing it:

O4 - Startup: PowerReg Scheduler V3.exe

Then close all open windows except HJT and click Fix Checked...

Reboot to Safe Mode and run HJT again... Fix any items that I listed that are still there... The O18s are particularly likely to still be there...

Use Add/Remove Programs to remove this if it is there:

180solutions

Then find and delete these if they are still there... You may need to set WinXP to show all open hidden and system files to find them:

C:\program files\180solutions\sais.exe
wnim.dll
c:\windows\qhmf.exe

Then reboot and post a fresh log... Note if you see any changes in your system...

Just a thought and maybe way off line but could you have somehow configured the automatic updating under SP2 so that it is somehow just trying "to do its job".

Paul,

No way are you off line. You're right on the money.

M$ has been pressuring users (by various methods) for a while to do just that. They turned up the heat on the subtle pressure when XP SP2 was coming out. The logic was/is the update is large and can be done in pieces in the background if you set the update to automatic. That's well and good and probably reasonable given the need for SP2, its size, and how hard their servers were hit in the first few weeks of release.

Here's the downside and the symptoms thereof: if you have Windows Update set to full automatic, it kicks into gear (starts) multiple times a day (who knows what the cycle is) whether you need an update or not. The first effect is RAM resources get hit to the tune of 4 to 5MB (I've watched--a drop in the bit bucket, I know) along with the CPU usage hit. The second thing is if for whatever reason you have not told your firewall to "allow" it access to the net, you get the alert pop-up each time.

So, convenience comes with an inconvenience.

Do you know, pop pop, I had completely missed your first post in this thread; sorry.