still getting surprise cold boot

Well rats! zeroth, I thought we had this licked last week!
I really don't see a thing in the log.
Tell me, how much RAM is installed on the sytem?
Have you done "general housecleaning" of the computer lately? Don't mean disk cleanup or anything like that, I mean checking for dust inside the case, vents, on fan blades, etc.?
Also, go to Start, Control Panel, Administrative Tools, Event Viewer. Click on Application and take note of errors showing there around the time of the shut downs. Double click on one of them to actually see what caused the error.
Do the same in System. This "might" give us a clue, can't promise it will but it cannot hurt to check.

I thought we did too! computer has 4G RAM

there are some errors, since all was reorged, etc. Since I can't copy from that box, here's some info

8/3 4:37PM mshtml.dll failed running IE
8/4 6:39AM kernal32.dll failed running IE
8/4 6:40AM kernal32.dll failed running IE
8/5 9:25AM jscript.dll failed running IE

these are the only events besides the following that are errors since last week. I remember the system crashing twice on 8/6, though. There is one more error on that date

Ad-aware internal error 2753 - but I got rid of Ad-aware (it's possible that's the date I removed it but I don't remember - thought it was last week)

I'm not certain these times match the crashes. Next time I'll pay more attention. Plus I'm not sure what you mean when you say do the same with System.

Thanks again,
zeroth

Have found this information you might try, now you didn't say if you have the pop-up blocker turned on or off but try this and see if it makes a difference go to that Accuweather site where you had the problem and try changing your settings to always allow pop-ups for this site.
You need to check
your Internet Privacy Options (which will be the same in IE6 &7). If you are
using IE7 then at the bottom of the page for the site you should see a small
icon for changing the security options for the site and you can do it there
online. Allow all popups.
See if this makes a difference.

I didn't respond right away simply because it was my daughter's birthday and didn't get a chance but I did look at your suggestions - couldn't figure out what you meant. I'm looking at the bottom of this page and I see:

privacy report
security settings
zoom level

I checked in security settings and didn't see anywhere I could block/unblock popups - I do see where you can block cookies. Can you give me more info on popups?

Besides that, I think I have narrowed this thing down, at least in my mind. I finally looked at the event monitor for System (after re-reading one of your posts) and there ARE some errors listed, especially around the time of the last crash. It's saying there are processes that weren't loaded at startup.

So, I've suspected for some time that my copy of XP has been compromised somehow and that the crashes come when the system calls one of these subroutines that's not there. What that would mean by now is that the backup for XP now doesn't have the files either. Short of buying a full copy of XP, how can I clean this up since the O/S no longer comes with the machine?

Thanks,
zeroth

In IE go to Tools, Internet Options, Privacy Tab. There is where you will find the option to turn on or off the pop up blocker.

It's saying there are processes that weren't loaded at startup.

So, I've suspected for some time that my copy of XP has been compromised somehow and that the crashes come when the system calls one of these subroutines that's not there. What that would mean by now is that the backup for XP now doesn't have the files either. Short of buying a full copy of XP, how can I clean this up since the O/S no longer comes with the machine?

Number 1;
What ARE the processes which are not being loaded?
Number 2; No, this does not necessarily mean your copy of XP is compromised, this just means they are disabled. It is very possible they can be turned back on, but I need to know what they are. That does NOT mean the backup doesn't have the files either. Backup is exactly what it means...a backup copy. A working copy may have compromised or corrupted files but the backup copy isn't used...it is sitting there as backup...usually untouched.
Number 3. Did your system come with a restore disk? If so, then you DO have a copy of XP. If the computer has a restore partition, then you DO have a copy of XP. However, if this was/is a pirated copy of XP then no, you do not have any backups and would very likely have to purchase a full NEW XP.

it's a legit copy, I even have two of these HP machines. I feel better about my system backup now, though, with you explanation. I don't have a restore disk, these machines don't come with any disks.

I haven't played with any O/S since Win98, I'm one of the dinosaur mainframe programmers left over from the 60s and don't like to upgrade to buggy software when I have already gotten a machine stable (although my 9 year old has Vista). Anyway, don't know much about XP as you can see. A good reference book suggestion would be appreciated. Meanwhile, I really appreciate your educating me!! I owe you one...I'm a wireless engineer if I can return the favor.

Back to the subject, we're getting somewhere I think:

Looking at all the event errors under System, I found a pattern that now makes sense. It's Avira with something still running in the machine that I can't find. The Avira Scheduler Service and Guard Service are trying to run and there's nothing to run. missing files are avgio avipbb ftsata2 and ssmdrv. Sorry I can't copy the lines...there's a repeating three errors, first the scheduler can't run, then Guard can't run, then the 4 files that weren't loaded (the first two with avi seem to indicate Avira, no)? This is repeated back in time...remember that I told you the system would not let me add/remove the Avira software, it would crash when I tried. Finally, I just removed the files myself...obviously didn't get them all...

So, I guess all I have to do is find whatever scheduler and guard programs are still resident. Don't have a clue where to start, though.

It's Avira with something still running in the machine that I can't find. The Avira Scheduler Service and Guard Service are trying to run and there's nothing to run

Go to Start, Control Panel, Administrative Tools, Services. When this opens everything is listed in alphabetical order and scroll down to Avira listings, there are probably two of them like it shows in my first attachment.
One at a time double click on each entry. Change Start up type to Disabled. Click Apply.
See both of my other attachments.
Once you have done that then reboot the machine and see if errors are still appearing.

I got this last task done and got rid of Avira and just let it run for a couple days to try and get a pattern. This is getting strange as, since that exercise, IE has not been listed at the core of crashes, since 8/11 anyway. On 8/12 skype crashed it 4 times...however, I just downloaded skype a few days ago so it could not have been the culprit - plus, each time I tried to update my outlook contacts into skype, it crashed after the task was complete - the times match exactly, so I'm going to discount that as a cause. Additionally, system didn't ask for a chkdsk on these events.

After this series of 4 events, there are two more:

8/12 15:11 App Error module ntdll.dll outlook.exe crashed
8/13 08:53 App Error module oleaut32.dll wmipruse.exe crashed

These DID require a chkdsk - I've tried to skip chkdsk before to see what happens and after the system starts up, it immediately crashes when the system tried a disk retrieve.

Anyway, these last two seem to eliminate IE

This last one just now I was on daniweb and the event log says outlook. fyi, it just went black screen and restarted without warning...

Thanks,
zeroth

wmipruse.exe

Are you sure it isn't wmiprvse.exe?

Ok, have gone back through our other thread. I want to be absolutely certain that all remnants of your previous infections were removed and I was really wrong not to request it in the other thread.
If you still have Malwarebytes-Anti-Malware program on the machine, hopefully you do, go back into it and find the log for the scan you did that removed the trojans, etc. When you open the program you will see a lot of TABS, one of those says Logs. There the previous logs are saved by date. If you are not sure of the date then you will have to go through and double-click on each log to open and read it so you can hopefully find the right one.
Post that for me.

Then next I would like you to update Malwarebytes and run another full scan. Allow it to fix whatever is found. Post THAT log also.
Then I would like you to run Deckard's System Scanner and post the logs that it will produce, there should be two of them.

If you don't have Malwarebytes program remaining on your system then you can download both it and Deckard's at this link HERE

Judy

Are you sure it isn't wmiprvse.exe?

you're right, typo.

I'm working on the last post and will get back to you.

zeroth

If you still have Malwarebytes-Anti-Malware program on the machine, hopefully you do, go back into it and find the log for the scan you did that removed the trojans, etc.

There are only 2 logs, the second ran clean - here are both. I'm going to run a fresh one and post it shortly and I'll get and run Deckard's also.

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

8:23:38 AM 7/30/2008
mbam-log-7-30-2008 (08-23-38).txt

Scan type: Quick Scan
Objects scanned: 49689
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1401778126-1715410036-1313791078-1007\Dc14\BugDoctor.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

2:53:34 PM 8/7/2008
mbam-log-8-7-2008 (14-53-34).txt

Scan type: Quick Scan
Objects scanned: 48673
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Judy, you're gonna love this! After I posted the above, I started the MalWareBytes scan again and the computer crashed immediately.

There was no application event. The systems event was the same as the other day.
"the following boot-start or systems drivers failed to load"
avgio
abipbb
ftsata2
ssmdrv

Looking back I see this four or five times in the last few days - maybe we've isolated the issue to this event?...I also see other events where ntfs fails, that's where the disk shows corrupted, which may be why those "avgio,etc." restarts require a chkdsk on the way back up.

I'm scanning the other computer now (I have several other computers on my network) and I thought I'd post this while I'm waiting. In fact, the scan just stopped and there was nothing detected. I'm going to Deckard's now.

zeroth

From this Deckard log, I see those files I mentioned are missing and also Avira is asking for a file that's not there. I guess I still have issues with Avira...can't believe it. I had a lot of trouble removing that system and then you helped me remove some remnants. Something's still there...

Can I get those files from i386?

Anyway, here's the report...

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-08-14 11:22:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-08-14 15:15:49 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-08-13 16:03:46 UTC - RP4 - System Checkpoint
3: 2008-08-12 15:29:33 UTC - RP3 - System Checkpoint
2: 2008-08-11 12:52:42 UTC - RP2 - Removed Skype™ 3.8
1: 2008-08-10 15:39:17 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:03 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\downloads\dss.exe
C:\DOWNLO~1\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217943070764
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.1.102/PlayerPT.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.1.109/NetCamPlayerWeb11gv2.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {FA478DB9-803F-4154-9DDB-765EA9E35333} (Sony SNC-P1 Control) - http://192.168.1.111/program/SonySncP1View.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2902DADA-98FF-4EEC-9630-01E0B626B8F6}: NameServer = 24.25.5.60,24.25.5.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{2902DADA-98FF-4EEC-9630-01E0B626B8F6}: NameServer = 24.25.5.60,24.25.5.61
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8876 bytes

-- HijackThis Fixed Entries (C:\DOWNLO~1\backups\) -----------------------------

backup-20080802-162116-126 O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
backup-20080802-162116-272 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 avgio - c:\program files\avira\antivir personaledition classic\avgio.sys (file missing)
S1 avipbb - c:\windows\system32\drivers\avipbb.sys (file missing)
S1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys (file missing)
S3 avgntflt - c:\program files\avira\antivir personaledition classic\avgntflt.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 USBBULK (USB Bulk device driver) - c:\windows\system32\drivers\usbbulk.sys <Not Verified; MICRIUM TECHNOLOGIES CORPORATION; USB Bulk driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ELService (Intel(R) Quick Resume technology) - c:\program files\intel\inteldh\intel(r) quick resume technology drivers\elservice.exe <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>

S4 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) -

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-14 11:17:45 484 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
2008-08-11 20:48:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-14 and 2008-08-14 -----------------------------

2008-08-11 09:09:01 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-08-11 09:08:47 0 d-------- C:\Program Files\Skype
2008-08-11 09:08:47 0 d-------- C:\Program Files\Common Files\Skype
2008-08-10 20:03:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-10 20:03:14 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-08-10 20:01:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 16:43:27 0 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-08-07 16:23:05 0 d-------- C:\Program Files\Panda Security
2008-08-07 14:14:45 0 d-------- C:\Bryan
2008-08-06 21:17:28 0 d-------- C:\Program Files\Lavasoft
2008-08-05 10:03:33 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-02 16:01:34 0 d-------- C:\Program Files\CodeStuff
2008-08-02 15:49:31 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-02 15:49:31 0 d-------- C:\Program Files\Belarc
2008-07-30 07:13:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-30 07:13:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 07:13:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 10:21:20 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 05:03:16 0 d-------- C:\Sling
2008-07-15 14:37:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR

-- Find3M Report ---------------------------------------------------------------

2008-08-12 10:19:11 38026 --a------ C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR
2008-08-12 10:17:52 21726 --a------ C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).EML
2008-08-11 09:08:47 0 d-------- C:\Program Files\Common Files
2008-08-06 20:44:17 0 d-------- C:\Program Files\DISC
2008-08-05 09:50:05 0 d-------- C:\Program Files\Java
2008-08-05 09:42:02 0 d-------- C:\Program Files\SpywareBlaster
2008-08-02 16:33:40 0 d-------- C:\Program Files\Yahoo!
2008-07-26 10:15:44 0 d-------- C:\Program Files\Max Registry Cleaner
2008-07-25 21:13:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 08:35:15 0 d-------- C:\Program Files\QuickLOAD
2008-07-18 08:32:21 0 d-------- C:\Program Files\QuickDESIGN
2008-06-25 13:05:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/01/2006 11:18 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 11:05 PM C:\WINDOWS\RTHDCPL.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 01:14 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/23/2006 03:40 PM]
"PCDrProfiler"="" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [9/11/2007 7:22:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

-- End of Deckard's System Scanner: finished at 2008-08-14 11:25:36 ------------

avgio.sys
abipbb.sys
ssmdrv.sys
avgntflt.sys
Can I get those files from i386?

All of those above are related to Antivir Avira Personal Edition. You don't need to restore these because it is gone. Log shows that these are set to load during either boot up or system start.

ftsata2.sys can be related to Promise ATA RAID drivers. Do you have this on the system?

Looking through the log I see references to two registry cleaner program that I am not familiar with;
Max Registry Cleaner
Eusing Free Registry Cleaner
Did you use these? If so, did you make backups?

First, the registry cleaners can be deleted - I downloaded them and then didn't use them.

I thought we disabled Promise, however. I just looked at CodeStuffStarter and didn't see it.

I thought those 4 files were for Avira...then that's not the problem...although I would like to find whatever's causing that error so we can eliminate it.

In the beginning, I downloaded Avira because I was having this crash issue. But system restore wasn't set on when the problem started happening so I don't have a point at which I can go back.

That's why I keep wanting to do a complete reload of Windows...used to work wonders pre-XP.

I was just thinking back, Judy, and this entire issue started over Christmas when I got Tiger Woods 2008. It was so unstable that it kept restarting the computer every other hole. I finally deleted it and got the 2006 version, which is still kind of unstable. I guess I could delete that and see what happens...I don't use it very much and wouldn't miss it.

Plus does that info ring any bells as to this weird problem I have?

Well, have done some searching around about this and sounds to me like it is a very common problem with all versions of the game. Most places seem to feel that persons having problems had video cards which were not compatible with the games. Found several threads where solution was to reset graphics settings from "normal" I guess you would say, to specific settings for the game to play correctly but that this didn't work with all graphics cards!
Could be part of your problems maybe, at this point I am stumped.
What graphics card do you have and do you have the most current drivers? These you should get from the graphic card website by the way rather than your computer manufacturers website.
I am still wondering about some hidden "something" on there though, but if "Tiger" made some settings changes....?

That's why I keep wanting to do a complete reload of Windows...used to work wonders pre-XP.

Another option, if you are seriously considering this, is to use your XP CD to do a repair installation of XP. You will not lose any info, but you will need to redownload any security updates or service packs.

Another option, if you are seriously considering this, is to use your XP CD to do a repair installation of XP. You will not lose any info, but you will need to redownload any security updates or service packs.

I've been wanting to do that since the beginning of the problem. But there is no XP CD. These HPs don't come with one. I've considere buying it even but that's pretty ridiculous...I guess I'm going to have to ask HP.

Again, many thanks for the help...at the very least you've forced me to learn more about XP...is that an advantage??:'(

at the very least you've forced me to learn more about XP...is that an advantage??

Absolutely. I love this os. Honestly, I didn't find it that much different from my old 98.
I believe most HP's come with the Recovery Partition. A small partition on the hard drive contains a record of all software installed at the factory and shipped with this system. This includes images for the Microsoft Operating System and supplemental products. If you have a problem with the operating system or device drivers, the programs on the recovery partition can restore the PC to proper operation.
Here is an HP link that explains it in general terms anyway. There are more than likely specific instructions at their website dealing with your specific model.

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=us&docname=c00239036&dlc=en

Why not try Chat with a Tech on HP?
I have done it many times with pretty good results. They can certainly explain to you how to do this.

Thanks again so much, Judy, for your patience and thouroughness!! This last suggestion will be my option of last resort.

However, I believe you have found the issue in that last post...only time will tell. I just downloaded the drivers for my monitor from the vendor's website - the computer was running the Microsoft Plug&Play driver and I just feel like that was it. First, I took Tiger completely off the system. Sorry I didn't remember that a week or so ago, no?

Right now, I'm going to go mark the first post as "solved" and I'll keep this one open for a few days, just in case. If I don't see a crash for a few days, I'll report and close this thread also. I would like to find the cause of that Avira issue, however.

zeroth

Please check your video driver also.
Right Click My Computer, Choose Properties. When System Properties opens then go to Hardware, Device Manager. You should then be able to find the Display Adapter. Double Click on that and you should see what video adapter you are using and the manufacturer. Go to that manufacturer's web page to check on current adapters.

done...and thanks again!

Maybe somebody else can come up with solution on those avira driver warnings...we know they actually are not even supposed to be on the system since you removed the program but obviously there is still a setting someplace that says they are supposed to load. Have searched high and low and cannot find the answer. I will be away for a week beginning tomorrow afternoon so other folks will be checking in this post I am sure. Hopefully one of them will have the answer I couldn't find.
Judy