So at the moment I got audio playing on my speakers, some sort of advertisements for crap.

Yet no program is open, and according to Windows Task Manager no pgrams are drawing CPU usage.

I s Defendeng ATM, and I know as soon as I turned on my PC I was hit with a crapload of spyware/adware, I also have pop ups appearing every so often.

I did not do this to my PC, by the way, my wonderful cousin used the PC before me while I was at work, I get on and it's gone to hel.

Any idea what it could be? I've never heard of /sound/ware, just spy/ad.

Run Spybot (http://www.safer-networking.org/) and Ad-Aware (http://www.lavasoftusa.com/) to scan for spyware/adware. Also, run Crap Cleaner (http://filehippo.com/download_ccleaner/) to get rid of all your temporary internet files and whatnot. That should do the trick.

And if not, it sounds like you got strongarm ware, the second worst of the worst! Strongarm ware is from places like Popcorn.net that goes out of it's way to force you just to buy the software if you want it uninstalled.

I would also suggest Hijack This.

Crap cleaner?
Ooo new toys, I've never run across that before.

Probably the most fun thing is that every so often it'll act like some window is being opened(The window I'm in goes gray on the blue bar, as though it's no longer selected). Makes me wonder how much crap is happening that I can't see on Task Manager.

Do you have Karen's Power Tools? Those are pretty good for finding out these sort of things.

Dude...aside from anti-spyware crap I don't know a darn thing about any of this stuff, Deme.
So Karen's Power Tools? Got no clue /what/ that is let alone where to get it.

Powertools is free on their website, as is Hijack This, a quick read of the FAQ's will put you in a good place!

My hijack this log:
On a side note, I love the spoiler2 code, it's so helpful in blocking out big blocks of bigness!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:25:35 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\stsystra.exe
C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Bruces\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://frontier.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {C5814C75-CFF4-44B8-B94B-6F5E05E79422} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\byxuvvs.dll
O2 - BHO: (no name) - {E01E9400-9FAF-43D8-A30D-E2CAAA2A3BD3} - C:\Program Files\Windows NT\safemunu83122.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\WinPop" > nul
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02C3D6F2-1B88-4885-AC17-4D18F0B983E7} (Game Class) - http://www.laxelore.com/laxelore/autorun/laxelore.cab
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Rise%20of%20Atlantis/Images/stg_drm.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161730261796
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: byxuvvs - C:\WINDOWS\SYSTEM32\byxuvvs.dll
O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fvpeabn.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\bazy.html

--
End of file - 9939 bytes

My hijack this log:
On a side note, I love the spoiler2 code, it's so helpful in blocking out big blocks of bigness!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:25:35 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\stsystra.exe
C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Bruces\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://frontier.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {C5814C75-CFF4-44B8-B94B-6F5E05E79422} - C:\WINDOWS\system32\vtsqn.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\byxuvvs.dll
O2 - BHO: (no name) - {E01E9400-9FAF-43D8-A30D-E2CAAA2A3BD3} - C:\Program Files\Windows NT\safemunu83122.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\WinPop" > nul
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02C3D6F2-1B88-4885-AC17-4D18F0B983E7} (Game Class) - http://www.laxelore.com/laxelore/autorun/laxelore.cab
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Rise%20of%20Atlantis/Images/stg_drm.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161730261796
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: byxuvvs - C:\WINDOWS\SYSTEM32\byxuvvs.dll
O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fvpeabn.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\bazy.html

--
End of file - 9939 bytes


I would recommend taking care of (i.e. cleaning and removing) those in red. At least one of (http://www.google.com/search?q=retadpu1000106.exe) them is the source (http://www.fileresearchcenter.com/I/IWINGA~1.DLL-10644.html) of your problem.
Those in yellow are either a) things I did not recognize and certainly could be bad or b)should/could be removed without any negative side effects.

The first yellow checks out as clean, as do the last two, assuming that you don't have an aversion to the (very basic) version of MSN Messenger that comes with pretty much every computer. If the Messenger service is disabled, I don't see much of a reason to get rid of those.

Also, remember to back up your Registry before you fiddle with it, just in case ;)

EDITUS: Also also, lynch your cousin.

Oh I plan to.

I think I managed to clear out everything. At about 9pm last night it started downloading even more crap, so I had to DC from the internet and then just hunker down and rip out everything that had been installed that I didn't recognize within the past day.

Some weird alphanumeric named dll files were in my backup that were downloaded at about what I consider "Time of infection". So I'm expecting those were the original root of my problem.

Last I checked...

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Is one of the ways that many adware/spyware/SOUNDWARE (Ive had this before too) try to hide their activities
Theyll tell the comp that <program> is running, and <virus> is a component of <program>. So it makes up programs!

Regardless, if the file is missing, there's no need for it.

My IE stopped working a while back for the stupidest of reasons, and I had a hell of a time trying to get it to work again. While going through different options, I downloaded things google recommended as scan/fixers, like PC Doctor and RegistrySmart. They are both not only scams but they seem to have brought their own spyware with them. Thanks a lot google. So now I'm fighting spyware and adware kind of like what you described (sound plays but no windows open).

And running Spybot didn't seem to help, everything came back.

Run Spybot S&D, Ad-Aware, AVG, and HijackThis!; post the log for the latter here.

Man, that last bit has probably been said here more in the last two weeks than in the last year. Weird.

hokay, I have the log for you.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:33:54 AM, on 6/26/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\MV\APPLIC~1\SSEMBL~1\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\fultfgkf.exe
C:\Documents and Settings\MV\Desktop\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.1.1:21
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\System32\hggffee.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {464918DA-AF6D-87BF-1A13-8B8DB925809E} - C:\WINDOWS\System32\mpdmtaxq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O2 - BHO: (no name) - {AFBC736D-424D-4AEA-ADEB-4BFB0C68E471} - C:\WINDOWS\System32\qomkh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win24.tmp.exe
O4 - HKLM\..\Run: [yhypghyz.exe] C:\Documents and Settings\All Users\Application Data\yhypghyz.exe
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [clcl11] C:\WINDOWS\System32\clcl11.exe
O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\RunServices: [Virtual Drivers Builder] C:\Program Files\Virtual Drivers Builder\sysrun.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Tths] "C:\DOCUME~1\MV\APPLIC~1\SSEMBL~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Bbxwjcvp] "C:\Program Files\??mantec\e?plorer.exe"
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKUS\S-1-5-18\..\Run: [Browser Help Svc] BHSV.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Browser Help Svc] BHSV.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Browser Help Svc] BHSV.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Browser Help Svc] BHSV.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: hggffee - C:\WINDOWS\SYSTEM32\hggffee.dll
O20 - Winlogon Notify: qomkh - C:\WINDOWS\System32\qomkh.dll
O20 - Winlogon Notify: winkbe32 - C:\WINDOWS\SYSTEM32\winkbe32.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DomainService - - C:\WINDOWS\System32\fultfgkf.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 6319 bytes

Holy cat! That is a lot of crap!

Zilla, with your name I have one thing to say once you get this all fixed, moZilla, ask other folks here before downloading 'recommended' programs and get yourself some blackice.

Also if you know the date of the original infection, use your built-in search engine to see what programs were CREATED on the date of said infection, around the time of said infection. Then just delete it all.

That's what I ended up doing. And it worked. I had some weird .dll's

Well I ran a search to see what was modified in the time in question and, being that I'm not the only user of this PC, I didn't notice anything, which suprised me. There was stuff that I was pretty sure belonged to one of the other users.

Also, I do use Firefox, but MSN doesn't work if IE doesn't work, gunbound won't play without IE, and Windows Media Player can't open media from the internet without IE.

I ran Ad Aware and really, it wasn't as bad as I'd have expected. I'd had worse infections before... This kinda worries me.

I'd just like to say that while I haven't posted solutions yet, it's because I've been suffering from mild heatstroke, and now I have to go to a class. I am still working on finding out exactly what your problems (Definitely problems) are.

Does this have to be for just Hijack this logs becuase I've got a different problem.http://i166.photobucket.com/albums/u86/gr33d_2007/Screen0002.jpg

Anyone know what's causing this? I've seen it in Oblivion often and to this degree too, and once in Morowind to a much lesser extent.

Fixed it with Loki's help. The new driver I'd installed was shitty, so I went back to an older one.

yeah, so my mom set IE to accept all cookies >_<

So now we're riddled with spyware that won't quit.

Zilla, I'm terribly sorry for the long delay; I have a load of excuses, but given the length of time, they're pretty weak. In any event, the results:

Running processes:

C:\WINDOWS\System32\fultfgkf.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\System32\hggffee.dll
O2 - BHO: (no name) - {464918DA-AF6D-87BF-1A13-8B8DB925809E} - C:\WINDOWS\System32\mpdmtaxq.dll
O2 - BHO: (no name) - {AFBC736D-424D-4AEA-ADEB-4BFB0C68E471} - C:\WINDOWS\System32\qomkh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win24.tmp.exe
O4 - HKLM\..\Run: [yhypghyz.exe] C:\Documents and Settings\All Users\Application Data\yhypghyz.exe
O4 - HKLM\..\Run: [clcl11] C:\WINDOWS\System32\clcl11.exe
O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\RunServices: [Virtual Drivers Builder] C:\Program Files\Virtual Drivers Builder\sysrun.exe

O4 - HKCU\..\Run: [Tths] "C:\DOCUME~1\MV\APPLIC~1\SSEMBL~1\winlogon.exe " -vt yazb
O4 - HKCU\..\Run: [Bbxwjcvp] "C:\Program Files\??mantec\e?plorer.exe"
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKUS\S-1-5-18\..\Run: [Browser Help Svc] BHSV.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Browser Help Svc] BHSV.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Browser Help Svc] BHSV.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Browser Help Svc] BHSV.EXE (User 'Default user')

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: hggffee - C:\WINDOWS\SYSTEM32\hggffee.dll
O20 - Winlogon Notify: qomkh - C:\WINDOWS\System32\qomkh.dll
O20 - Winlogon Notify: winkbe32 - C:\WINDOWS\SYSTEM32\winkbe32.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

O23 - Service: DomainService - - C:\WINDOWS\System32\fultfgkf.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Now, while I'd like someone to go over these again, basically what it says is that you have a bloody large load of viruses/malware. I'm now going to ask you the following. Do you:

A) Have a copy of the Windows disc that came with your computer?
B) Have any files you wouldn't like to see gone? If so, how big are they?
C) Share the computer with anyone who B) would apply to?

If your answers were yes, no, and no, then I believe it would probably be easier for you to reformat your computer and reinstall Windows. It would give you a fresh start, and a chance to re-educate some of the other users on proper internet safety.

However, if any of your answers are different, we'll have to take a different approach. That's probably not going to be as effective, however; in any case, please get back to me with an answer ASAP; I'm leaving for a trip on Sunday, and I won't be back for 7 weeks.

yar, there's some data on here I'd probably like to salvage, but luckily, most things I've made/scanned are on another PC, and everything else (except maybe saved games) can go for me. There's other people who use the PC though, and formatting is a touchy issue.

I've wrested this beast from the jaws of the internet before, and I'll do it again, by jove!

(I actually did have a long course of deleting registry keys with regedit once).

Well, that makes things easier (somewhat).

Check with the other people; there are a few backup options, depending on the size of the files and the quantity. The format would (obviously) destroy a lot of programs (Savegames can likely be saved), but when you combine Windows with users who don't really know what they're doing (I have a few of those myself...not fun), a regular formatting is pretty much a must. I'm going to run one myself before I leave, and run another when I get back.

May I ask why formatting is a touchy issue? Assuming backups of important files can be made, in this case it would be a hell of a lot easier, complete, and likely faster, than trying to remove all of the infections either manually or through scanners.

Mom has downloaded games (probably a source of some of the adware too, the company is kinda fishy) that she paid for that gave her the stuff.. and there's lot of media stuff that they've recorded from their "paranormal investigations" alongside some stuff my step-dad did with arcade work and whatnot.

Mom has downloaded games (probably a source of some of the adware too, the company is kinda fishy) that she paid for that gave her the stuff..

Which company would this be? If they're seriously the source of the infection, they're not worth having. I understand that money has already been paid, but this is the same situation as being scammed by carnies; the money is gone, best thing you can do is walk away; if your parents do any kind of online banking/anything that should be secure, inform them that this kind of thing could theoretically lead to identity theft, or to the hijacking of your computer for use in illegal activities.

and there's lot of media stuff that they've recorded from their "paranormal investigations"

I take it that these are video files? How big are they, and how many are there? You could probably stuff them on a CD or flash drive with no problems.

alongside some stuff my step-dad did with arcade work and whatnot.

Are these self-made games? If so, they're liable to be very, very small in terms of file size; chances are they could fit in the same storage as the media stuff.

Anyone mind looking over this and if possible telling me what to look out for when I do future scans?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:02:20 PM, on 7/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Philip Pinkert\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymomqcqeyyeysppmillrt.com/Rs2IMiumc0XakCj_vegU/IRgKPTFHvqUjsgyH85W98pZe_6yDXPH7ZShmaKGBEK5.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qpuob.dll/sp.html#28129%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {077DEE11-872C-33B0-9709-F389AA183E7E} - (no file)
O2 - BHO: (no name) - {15FEC491-F0D8-A206-B818-8D1D3FEDF979} - (no file)
O2 - BHO: (no name) - {19AAF535-F392-F5CD-033A-D570F33F30FC} - (no file)
O2 - BHO: (no name) - {1BF99432-062E-70AF-0CDB-DD7B52B34282} - (no file)
O2 - BHO: (no name) - {2E651794-347D-9882-B60F-CF52A9AA5182} - (no file)
O2 - BHO: (no name) - {34AA1510-CBD7-2EFC-3684-44FA741EB872} - (no file)
O2 - BHO: (no name) - {3C5C5913-3184-9CE4-7A8D-2A7FC8EC1538} - (no file)
O2 - BHO: (no name) - {4B49C233-41E6-542A-7DCB-BB3C0869BABE} - (no file)
O2 - BHO: (no name) - {56602600-9335-D10F-A0C5-C6602AA24FD3} - (no file)
O2 - BHO: (no name) - {605BBF84-21B7-B5C3-6838-B831A2001C69} - (no file)
O2 - BHO: (no name) - {647DE399-C4EF-5619-7DFB-9F7343092A93} - (no file)
O2 - BHO: (no name) - {7C0AE957-6323-61F8-C4ED-40ED789AD33C} - (no file)
O2 - BHO: (no name) - {84850937-9A02-7E55-8FA6-C522AD1E86A5} - (no file)
O2 - BHO: (no name) - {899FFBF9-14AC-C5B8-9040-4073A21C2CF0} - (no file)
O2 - BHO: (no name) - {8DD0E093-F203-A226-34B6-803644787EFF} - (no file)
O2 - BHO: (no name) - {99336825-8A2F-E710-D7AA-913C67C38EDC} - (no file)
O2 - BHO: (no name) - {9ABD7A72-E3AF-99CC-2DB5-195B9DBD1932} - (no file)
O2 - BHO: (no name) - {A5365394-C0D5-0936-EEBA-1BEC0A99D851} - (no file)
O2 - BHO: (no name) - {B8F28A6B-4308-8C8B-4DAA-1D2763F029F9} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEE8C679-3770-D30F-66CC-DEE2C16FBD48} - (no file)
O2 - BHO: Class - {D04B13F5-0E39-EE4E-D33A-14F3941F8539} - C:\WINDOWS\system32\d3ms.dll
O2 - BHO: (no name) - {DE181EF0-ABE1-2541-3A0D-3A3940709D47} - (no file)
O2 - BHO: (no name) - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - (no file)
O2 - BHO: (no name) - {EB850A67-681C-36D5-5229-28172E2E04B1} - (no file)
O2 - BHO: (no name) - {EC15E88B-8211-11D5-283C-E2E36C934580} - (no file)
O2 - BHO: (no name) - {F18BBC8A-FEF0-15C1-7B52-91E58B069D60} - (no file)
O2 - BHO: (no name) - {F2407144-991F-536B-0211-1DBA5D9A5AD3} - (no file)
O2 - BHO: (no name) - {F86F75A9-3FEC-ADEE-C7E1-DCBB57E594CE} - (no file)
O2 - BHO: (no name) - {F8DD58A3-392C-9160-C63A-DEFE0C0B32CB} - (no file)
O2 - BHO: (no name) - {FFD546EC-FB9C-77B7-E8C5-9C46B980AA6C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [crik.exe] C:\WINDOWS\crik.exe
O4 - HKLM\..\Run: [Bits Audio Software Dart] C:\Documents and Settings\All Users\Application Data\exitextrabitsaudio\Pollfast.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunOnce: [sysqs32.exe] C:\WINDOWS\sysqs32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [upload poke] C:\DOCUME~1\PHILIP~1\APPLIC~1\DVDMAN~1\download deaf.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Downloads - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-kazemule-uk\index.html (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099430807390
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winsf32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 10578 bytes

A lot of this came from when my parents still used my computer.

You may want to at least consider backing up all your important data and making the switch to a Linux distro. Linux is becoming more and more user friendly every day while still allowing power-users to do their thing. It's very secure, and you can probably do everything that you do in Windows (unless you think gaming is worth the security vulnerabilities). OSalt (www.osalt.com) is a great site to find open-source alternatives to "essential" Windows apps.

To repeat what someone else said, I would be afraid to do any online banking on that computer.

So I have another problem of an entirely different nature... I'll post it here since if I started a new thread, it would essentially be called the same thing.

Somehow, the permissions on my forum folder have been changed to 000. No reading, writing, or executing. I'm trying to change it back, but no matter what I use, be it the cPanel, an ftp client, or my browser, I get an error of some kind or another that says either "550 Could not change perms on /public_html/forums: Permission denied"

Or

[a fatal error or timeout occurred while processing this directive]

I similarly can't access the contents of this folder, nor can I rename, move, or copy it.

Any ideas on what to do? I think changing the permissions to 755 is the way to get it to work, but I can't do that.

...well, for starters, what are you trying to access, and where is it? If you're not hosting it, it may not be your problem.

In the meantime, try using the simple file sharing and see if it helps.

I'm trying to access the forum folder via the cPanel or ftp clients, on my own webspace. It's at http://fivesidedsquare.com/forums. I have a temporary replacement for the normal 403 error it gives.

Ah. Well, I'm afraid I can't help you here. I know next to nothing about HTML, php, mySQL, or any other web-based languages. Sorry :S

My problem has been fixed.

[23:33] Zilla: hello? I'm having a problem with setting permissions on a folder on my site, fivesidedsquare.com
[23:33] Ashley - eSupport24: hello
[23:34] Zilla: hey, yeah, the forums are set to 000 and it won't let me change them
[23:35] Zilla: I've tried with the cPanel, coffeecup FTP, and filezilla, but no luck.
[23:36] Zilla: are you able to help?
[23:36] Ashley - eSupport24: fixed

Crazy tech support ftw.