Posts by Urbanfox

Oh, this topic is still up.

It's a very weird thing. I took it to friends who were a little tech-y... nothing. One told me it was a bad mobo, another said there was something wrong with the power getting to it. So I ended up getting a new computer. About nine months later, I try it just on a whim, and it works. Just as it did beforehand. It's been working now for nine months without a hitch... so far.

So, I guess that's the weird thing about vaios. I've read lots of stories where people leave it alone for a while and it suddenly works. This was one of those cases.

I've learned that this really doesn't matter the modem, router, or computer. No matter what I get, I'm 1,000 miles away and cannot access some of my sites (not a firewall issue, not a virus issue, etc.)

What can I do? I want an IP address in my own city. Is that too much to ask for?

Within the past week, I noticed I couldn't access some of the sites I usually visit. I eventually found out this was because I had an IP address in a much different location than where I am currently located (at least 1000 miles away...). Consequently, I tried to figure out what the problem is. I'd connect the computer to the modem, restart it, then it'd give me an IP address near my current location. The moment I go back to wireless on my router, however, my IP address changes drastically. I've tried to manually insert the IP address into my router, but since I have a dynamic IP, this only solves the problem for less than a day. A few things:

- I don't think this is a computer issue. I've tried this with other computers, same result.
- I don't think this is a router issue. I've tested other routers, same result.

This leads me to believe it's an ISP problem (which they can't figure out) or a bad modem. Can anyone help?

Does that help any?

Checked - it's 802.11b

Is the wireless card 802.11g or is it only 802.11b?

I'm not sure - where would I go specifically to check for that? It's a built-in wireless card, so I'd assume there'd be a way to check somewhere around device manager

This is for an IBM Thinkpad R40. The computer has XP (service pack 3) installed, all windows updates installed, etc. Basically, I can connect to WEP and unsecured networks, but nothing in regards to WPA. As a matter of fact, when I attempt to connect to a WPA network, it responds with this message basically stating the network appears to be unresponsive, etc. Going in to try and enable the network manually allows only for WEP encryption, not WPA

I've tried to update the drivers for the wireless, but they appear to be updated properly. The wireless driver I have installed is Cisco Systems PCI Wireless LAN Adapter and the other non-wireless is Intel(R) PRO/100 VE Network Connection. Again, don't really know what's the problem, but I am willing to try anything.

Apparently someone I have never met has taken a password of mine from a popular writing site. I am not really sure what is going on, but I have run a few scanners and it hasn't detected anything. Just to be sure, I have also saved a hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:51 AM, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\Owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\Users\Owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common …

She recently informed me, for some reason, while browsing the internet she gets what sounds to be the start of an ad or a pop up, but it doesn't come up. The occurrence makes her computer run very slow.

I asked her to do a HJT scan, and she gave me the logfile below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:24 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eEye Digital Security\Blink\blinksvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Belkin\F5D8053\v5\Belkinwcui.exe
C:\Program Files\eEye Digital Security\Blink\Blink.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: …

Well now I don't know who is to blame.

The system restore worked, as said, so I tried to re-trace my steps to see what happened. Updating Java was no problem. Tried to disk defrag again, and we have a problem. There's just one tiny detail - now it's stuck in vallium mode. I thought defrag programs made computers run faster?

So now that I found out the problem is defraging makes it slow, and I can't return it back to messy, what can I do? Also, as a bonus, Microsoft Word refuses to work.

Well, I did a system restore, and it's working perfectly. So *something* had to cause it.

Sorry. Most sites have the 1.99 version.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:23 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\sony\Wireless adapter\ZDWLan.EXE
C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 …

I recently inherited my father's old laptop (vaio, about three years old), and all has been going well so far... up until a few hours ago. I decided today to do a defrag since I figured it could need one. I downloaded AUSlogic defrag and performed a full defrag, which it defragmented over five thousand files. Once it was finished, I downloaded the newest version of Java (it currently had update four) and used the program JavaRe to remove the old versions. Finally, I removed the software he used at the hospital, Electronic Patient (made by IMNET).

Somewhere between the start of the scan and the deletion of the large-filed Electronic Patient program, I noticed my sound being slow - like it was choppy. For instance, a normal "beep" would sound "be-e-e-ep". That's not all - it takes quite a long time to start up, programs take a longer time to respond, and the mouse can be choppy as well. Even as I type it's almost as if the computer has to think about writing a character down after I type it. I tried to use regscrub XP to remove the dead or misplaced entries, and it ended up fixing over 450 entries, 400 of which were from that Electronic patient program.

So in short, it's slow. I'm not really sure why though - no processes are running like mad, performance is kind of jagged, but around 0-20%, and overall it's not that bad. Just incredibly annoying.

…

Do you have the log produced from when you ran combofix the first time? I never asked that you run it twice.

Unfortunately, I do not. Combofix stalled when I tried to save the logfile despite me not clicking or doing any other action.

Alright, here's the combofix log:

ComboFix 08-10-10.09 - Main 2008-10-11 12:28:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.188 [GMT -4:00]
Running from: C:\Documents and Settings\Main\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-08 14:30 . 2008-10-08 14:30 <DIR> d-------- C:\Documents and Settings\Main\Application Data\Malwarebytes
2008-10-08 14:30 . 2008-10-08 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 14:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 14:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:33 . 2008-10-08 12:33 488 --a------ C:\WINDOWS\system32\av.dat
2008-10-08 12:32 . 2008-04-13 20:12 26,112 --a------ C:\WINDOWS\system32\stus.exe
2008-10-02 02:35 . 2008-10-02 02:35 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-02 02:35 . 2008-10-02 02:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-02 02:35 . 2008-10-02 02:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-24 22:42 . 2008-09-24 22:42 0 --a------ C:\WINDOWS\MSDraw.ini
2008-09-15 18:14 . 2008-09-15 18:14 <DIR> d-------- C:\Documents and Settings\Main\Application Data\IMVU Previewer
2008-09-15 18:08 . 2008-09-15 18:08 <DIR> d-------- C:\3dsmax7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-08 16:23 --------- d-----w C:\Documents and Settings\Main\Application Data\IMVU
2008-09-20 06:23 --------- d-----w C:\Documents and Settings\Main\Application Data\Apple Computer
2008-09-15 22:10 --------- d-----w C:\Documents and Settings\Main\Application Data\IMVUClient
2008-08-22 17:22 --------- d-----w C:\Program Files\Java
2008-08-21 01:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 02:01 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 18:29 --------- d-----w C:\Program …

Running close to the same, perhaps a hair faster. Still noticing the same issue with svchost, and I'm going to do another virus scan just to be sure. Here's the logfile:

============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:26 AM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programs\PCtool\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft …

Kapersky crashed my computer (problem with winlogon.exe...), but I got someone nearby to help me with the Trojan, and I've done a few scans with various malaware and internet virus scanners (trend micro, Avira on my computer too), so that front is okay.

But I'm still having problems with my svchost.exe. For *some* reason, putting in my wireless card makes a component of svchost run 99 processes. Simply ending the process kills it until the next restart. I've provided a new update to my hijackthis file as well:

=======
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:33 PM, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\PCtool\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = …

Actually, I did remove the threats after saving a logfile. Both threats were removed.

New Hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:15 PM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
D:\Programs\PCtool\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: …

Alright, here is the malaware log file:

Malwarebytes' Anti-Malware 1.28
Database version: 1244
Windows 5.1.2600 Service Pack 3

10/9/2008 12:37:38 PM
mbam-log-2008-10-09 (12-37-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 258160
Time elapsed: 7 hour(s), 15 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=========================

And the accompanying hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:43 PM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

About two weeks ago, I noticed my Sony VAIO Laptop (five years old, runs on Windows XP) would run SVChost.exe to 99 processes, running about 4,000 k of space, and was under the user name "Network Service". This would only happen when I was trying to re-connect to the internet and simply ending the process via control-alt-delete would solve the problem.

Today, I noticed Anti-vir (Avira) found a slew of trojans, which I have since quarantined. In short, I could use help, big time. I've posted my hijackthis logfile, and will check this thread frequently. So far, I've only noticed slow performance, but I'd like to nip this in the bud before it becomes a major issue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:54 AM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program …

ah, okay, got it. NM

Which one should do that, my friend with his computer, or me with my computer?

OK, well, I got him to get hijackthis and send me a logfile. Here's the logfile from *his* computer. Anything wrong with it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:17 AM, on 03/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Users\Matt\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet …

Actually, a friend of mine said this could be an MSN virus that attempts to give out e-mail addresses... I don't know. Neither does the sic_one11 guy, for that matter. I told him to come here and post his hijackthis logfile, if that's alright.

Hope we can get to the bottom of this.

I think I figured it out... I was browsing MSN at the time, and I checked again, well, his account is in my contact list. Spoke to him, and it seems like I must've misclicked or something. Possibly MSN messed up. Unsure, but it seems okay now.

(post discarded)

Sorry about that. Here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:20 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\mmc.exe
D:\Programs\PCtool\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - …

Nope. To be honest, I just contacted a very trustworthy friend of mine who's good with computers and he tried to do remote assistance with my computer, but it didn't work (never has, oddly enough). So to this day, I have not noticed anyone else using my computer. It's firewalled, has Windows Defender and AntiVir on it, and aside from tonight, never really got anything like this before. But it sounded weird, so I figured I'd post it.

Logfile of HijackThis v1.99.1
Scan saved at 11:09:02 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\cmd.exe
D:\Programs\PC Tools\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet …

Also, I should say those add-ons were from Firefox directly, so they shouldn't be a problem

I own Firefox 3.0 on an XP system, recently added some ad-ons that help protect my computer when I browse it. So a few minutes ago I got a message stating I was attempting to log in a hotmail account as sic_one11. Trouble is, I don't own that account, or any hotmail account for that matter. I had not touched my browser in over a minute before this happened. What's going on?

A friend of mine IM's me today and tells me IE, though closed, will run a pop-up every minute or so. Initially, he tried downloading something from limewire and I guess he tried to get the wrong song or something like that. His start menu and task manager wouldn't work, but I helped him and fixed those two issues. Had him end the iexplore.exe task, and it seemed to re-appear after each time his IE would put up another pop-up. Tried housecall, tried AVG, etc, but still pop-ups and no real trojan deletions. It says he has the "generic10.BCQN" trojan. I don't know what this means. Also checked for other iexplore.exe programs, but he only has one, and it's in the right location.

Here's his logfile:
Logfile of HijackThis v1.99.1
Scan saved at 2:31:22 AM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe

I ran hijack this and saved the report it spit out. Didn't do anything more since I can't read these logfiles as of yet:

Logfile of HijackThis v1.99.1
Scan saved at 1:16:54 AM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\Adobe PE\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\programs\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programs\Sports Mogul\Baseball Mogul 2008\BB2K8.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Programs\PC Tools\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} …

I've been reading some of the topics on here, and I'm not sure if anyone has the specific problem I have. I own a Sony VAIO PCG-K23. It's four years old and has only stopped working once due to an overheating issue about six months ago (has been working fine since, until today). I turned my computer off at around 11 AM today and packed it up to move it to a new location. Five hours later, went to turn it on, and nothing happened. Thinking it might have been overheated again, I let it sit for a while and came back to it. Still nothing. Tried running it with only the AC, then just the battery. Still nothing. I opened it up to make sure everything looked alright, and didn't remove/touch anything. That's when I noticed whenever I put the battery back in, even with it shut down completely, I'll hear about 5 click noises coming from around the battery terminal area. It's not around the hard drive - I checked. This is near the battery. The clicking noises sound like a second hand on a watch ticking. Also, I tried holding down on the power button, then putting back the battery and AC adapter to see if that works. Nothing.

About a month ago, I noticed a screw had come loose inside the computer (very small one). I opened it up, and it was lodged in plastic, but I couldn't get it out (couldn't see it even). …