Computer freezing, often rebooting. Please help!

[Dteachmh]

This is driving me crazy. I will try to give as much information as I can so that someone can help me, I pray. Just in the past few days, I've noticed that my computer freezes up. When it does, sometimes it reboots itself, loosing all unsaved information. Sometimes it just freezes and then does nothing. I have to manually reboot it (control-alt-delete won't even work). Then it takes about 15 minutes to boot back up. I've also noticed that my computer runs REALLY slow, especially my internet. How often does it do this? Well, today it has done it 7-8 times. So it's not constant but it is enough to frustrate me since I do a lot of work on the computer and take college courses and do a lot of stuff on the computer.

There doesn't seem to be a rhyme or reason to it. It's doesn't just do it when I run one particular program or anything. I could be typing a Word document and it happens, I could be checking email and it happens, I could be looking up something on the internet and it happens... no warning, just... poof, gone and then I wait a second or two to see if it's going to reboot itself.

When it boots back up, I usually get the message screen that says “The system has recovered from a serious error". When I click on “details”, it always shows two files. I thought it was always the same two files, but they are not exactly the same. Here are the last three. It's always two files and one is always a .dmp file and the other is always a .xml file. But they do appear a little different each time:

C:\DOCUME~1\Owner\LOCALS~1\Temp\WER0555.dir00\Mini010809-07.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER0555.dir00\sysdata.xml

C:\DOCUME~1\Owner\LOCALS~1\Temp\WER59aa.dir00\Mini010809-08.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER59aa.dir00\sysdata.xml

C:\DOCUME~1\Owner\LOCALS~1\Temp\WER6f36.dir00\Mini010809-09.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER6f36.dir00\sysdata.xml


Some information about my system:
Compaq Presario
2.6 GHz Intel Celeron processor
512 SDRAM
120 DMA hard drive
Windows XP SP3
McAfee

When I run Disk Defrag, it tells me the D drive has a capacity of 4.24 GB, Free space of 704 MB, with 16% Free space. C drive has a capacity of 108 GB, Free space of 90.87 GB, with 84% Free space

Any help would sure be appreciated. My wife thinks I need a new computer. I told her no, the tech guys will help me figure this out! Please help!

David

 

[Osiris]

Can you post a hijackthis log?

 

[Dteachmh]

You got it. I went through the Spyware Removal Guide. It took a while with the computer freezing and/or rebooting every few minutes, but I got through it. Malwarebytes Anti-Malware didn't finish and although I got AVG installed, it did not finish it's scan. Tried twice.

Anyway, here's the HJT log you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:58 AM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095287274920
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5697 bytes



Awaiting further instructions,
David

 

[Osiris]

You may have some other issues, log looks fine.

Was you able to run combofix?

 

[Dteachmh]

Yes, here is the log:

ComboFix 09-01-10.03 - Owner 2009-01-11 18:48:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.504.227 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2067-02-24 15:21 . 2003-02-05 04:02 79,947 --a--c--- c:\windows\fw20.vxd
2009-01-10 00:28 . 2009-01-11 18:06 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-10 00:28 . 2009-01-10 00:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-10 00:28 . 2009-01-10 00:28 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-10 00:28 . 2009-01-10 00:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-09 23:21 . 2009-01-09 23:32 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 23:19 . 2009-01-09 23:21 <DIR> d-------- c:\program files\Trojan Remover
2009-01-09 23:19 . 2009-01-09 23:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Simply Super Software
2009-01-09 23:19 . 2009-01-09 23:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-09 23:19 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-09 23:19 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-01-09 23:19 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-09 23:19 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-01-09 23:19 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-09 21:52 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-09 21:51 . 2009-01-09 21:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 21:51 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 20:47 . 2009-01-09 20:47 <DIR> d-------- c:\program files\CCleaner
2009-01-09 20:32 . 2009-01-09 20:36 <DIR> d-------- c:\program files\CleanUp!
2009-01-09 20:21 . 2009-01-09 20:21 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-01-08 13:49 . 2009-01-05 18:36 663,352 --a------ C:\WindowsXP-KB925922-x86-ENU.exe
2009-01-07 16:24 . 2009-01-10 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 15:24 . 2009-01-07 15:24 <DIR> d-------- c:\program files\AVG
2009-01-07 14:42 . 2009-01-07 14:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-07 14:42 . 2009-01-07 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 14:40 . 2009-01-07 14:41 616 --a------ c:\windows\RegGenie.ini
2009-01-07 14:27 . 2009-01-07 14:58 <DIR> d-------- c:\program files\RegGenie
2009-01-07 14:27 . 2008-11-27 04:35 158,720 --a------ c:\windows\RegGenieOnUninstall.exe
2009-01-07 09:31 . 2009-01-07 09:30 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-05 13:10 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-05 13:10 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-05 13:10 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-05 13:10 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-05 13:10 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-05 13:10 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-05 13:10 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-05 13:10 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-05 13:10 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-25 19:27 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-25 19:27 . 2008-04-13 14:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-25 19:27 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-25 19:27 . 2008-04-13 20:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-25 19:27 . 2008-04-13 20:12 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-25 19:27 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-25 19:22 . 2007-03-15 01:38 450,560 -ra------ c:\windows\system32\mcs_cor1.dll
2008-12-25 19:22 . 2007-03-15 01:38 249,856 -ra------ c:\windows\system32\mcs_dec2.ax
2008-12-25 19:22 . 2007-03-15 01:37 172,032 -ra------ c:\windows\system32\mcs_cor2.dll
2008-12-25 19:22 . 2007-03-15 01:38 114,688 -ra------ c:\windows\system32\mcs_enc.ax
2008-12-25 19:22 . 2007-03-15 01:45 4,111 -ra------ c:\windows\system32\install.inf
2008-12-25 19:19 . 2008-12-25 19:19 <DIR> d-------- c:\program files\DevGuru
2008-12-25 19:19 . 2006-11-01 17:21 319,456 --a------ c:\windows\system32\drivers\DIFxAPI.dll
2008-12-25 19:19 . 2007-01-25 10:04 54,656 --a------ c:\windows\system32\drivers\Camav.sys
2008-12-25 19:19 . 2007-01-25 09:33 12,160 --a------ c:\windows\system32\drivers\camflt.sys
2008-12-22 20:38 . 2009-01-07 17:21 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-22 20:38 . 2008-12-22 20:38 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 04:40 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-10 04:39 --------- d-----w c:\program files\McAfee.com
2009-01-10 04:39 --------- d-----w c:\program files\McAfee
2009-01-07 14:30 --------- d-----w c:\program files\Java
2009-01-05 17:51 --------- d-----w c:\program files\Common Files\AOL
2009-01-05 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-05 17:47 --------- d-----w c:\documents and settings\Owner\Application Data\AOL
2008-12-19 23:36 --------- d-----w c:\documents and settings\Owner\Application Data\Image Zone Express
2008-12-18 18:23 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-03-10 20:58 336 -c--a-w c:\program files\temp995.bat
2006-11-21 16:12 0 -c--a-w c:\program files\Common Files\err.log
2004-06-21 00:22 0 -c-ha-w c:\documents and settings\Administrator\hpothb07.dat
2004-02-21 01:38 24,377,290 -c--a-w c:\program files\Common Files\TaxCut_2003_Federal_UpdaterC.exe
2004-02-07 00:29 23,869,417 -c--a-w c:\program files\Common Files\TaxCut_2003_Federal_UpdaterB.exe
2004-01-10 03:02 16,706,160 -c--a-w c:\program files\AdbeRdr60_enu_full.exe
2003-11-24 00:52 1,093,120 -c--a-w c:\program files\sw260_dk3.exe
2003-11-24 00:48 1,487,360 -c--a-w c:\program files\sw260_dk2.exe
2003-11-24 00:41 1,309,184 -c--a-w c:\program files\sw260_dk1.exe
2003-07-30 00:27 382,808 -c--a-w c:\documents and settings\Owner\My Documents.zip
2002-08-29 12:00 94,784 -csh--w c:\windows\twain.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2004-07-30 05:04 1,216 -csh--w c:\windows\Twunk_16.dll
2004-07-30 05:04 1,216 -csh--w c:\windows\Twunk_32.dll
2002-12-12 07:27 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot_2009-01-09_23.09.20.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-10 05:28:16 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-01-11 23:02:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-10 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-10 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-10 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-10 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-10 76040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-09 38496]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\DRIVERS\fw220.sys --> c:\windows\system32\DRIVERS\fw220.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-11-23 11520]
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2004-07-25 c:\windows\Tasks\WebReg 20040725170633.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2006-06-07 16:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:54:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\avgrsstx.dll
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-11 18:57:54
ComboFix-quarantined-files.txt 2009-01-11 23:56:35
ComboFix2.txt 2009-01-10 04:12:51
ComboFix3.txt 2007-12-31 01:17:47

Pre-Run: 97,368,391,680 bytes free
Post-Run: 97,449,795,584 bytes free

209 --- E O F --- 2009-01-07 13:57:47

 

[Osiris]

Are you still having the same issues after running this?

 

[Dteachmh]

Yes, it's even worse now. Computer won't stay on longer than a few minutes without freezing and/or rebooting.

 

[Osiris]

It might be your best bet to reinstall if your able, probably not spyware related

 

[Dteachmh]

I don't know if this makes a difference or not, but just on a hunch, I restarted it in Safe Mode and it works fine. No freezing and no rebooting. Does that help? So what's the difference in Safe Mode and the regular mode?

 

[Osiris]

Safe Mode doenst load specific drivers, etc