Computer Crashes To Restart

I see 8 responses all in all. :confused So not sure what you mean there.

For me to verify if this may be a malware issue you will need to go through the R&R, yes.

 

People responded before today. Attach the logs once you are ready.

 

Yes, do continue on.

 

Yes, but more than likely a log could have been created. Check for a C:\MGlogs.zip file please and attach it if you locate it.

Otherwise, if it really did not produce a log you will have to do this:

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

• cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
• nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
• analyse <-- this attempts to run HijackThis. Be sure to click the Accept button twice in the license agreement popup or it will just sit there and wait.

Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.

 

Important Notice: A new version of SUPERAntiSpyware is available.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this log later.

Java(TM) 6 Update 22 <--- uninstall this outdated software.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

File::
C:\Documents and Settings\Owner\Local Settings\Application Data\q2f17716jns3bn8e5584
C:\Documents and Settings\All Users\Application Data\q2f17716jns3bn8e5584
C:\Documents and Settings\Owner\Templates\q2f17716jns3bn8e5584

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!


Do you use an Xbox?

 

No problem.

Combofix will run when you follow my instructions to run the script I gave you.

 

Double click C:\MGTools.exe (right click and run as admin if using win7 or vista) and run it again, THEN attach the new C:\MGlogs.zip please.

 

Then you must be trying to attach an older one. Did you run MGTools again as requested and still have trouble attaching the NEW C:\MGlogs.zip? :confused

 

It does not appear that you followed my instructions to run the Combofix script. I still see the files I wanted dead showing in the latest newfiles.log that you attached for me. Nor did you uninstall outdated Java and install new... Or... you are just attaching old logs.

So... let's get a fresh look on things.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:files
C:\Documents and Settings\Owner\Local Settings\Application Data\q2f17716jns3bn8e5584
C:\Documents and Settings\All Users\Application Data\q2f17716jns3bn8e5584
C:\Documents and Settings\Owner\Templates\q2f17716jns3bn8e5584

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  q2f17716jns3bn8e5584

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

That means you are trying to attach the same old log!!! You first need to either rerun MGtools.exe or the C:\MGtools\GetLogs.bat file that Kestrel13! asked you to run. Then a new log would be created.

If you cannot get it to run properly, then delete the current MGlogs.zip file and rerun the individual programs Kestrel13! asked you to run in msg # 8. This should at least update those few logs and then you can attach the new MGlogs.zip

 

It is not looking like malware is the reason for your crashes, but let's run a couple more checks first.

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Also click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. Let me know what happens when you run this.

 

Almost forgot this. Also delete the below two files:


C:\Documents and Settings\Owner\Local Settings\Application Data\q2f17716jns3bn8e5584
C:\Documents and Settings\Owner\Templates\q2f17716jns3bn8e5584

 

Okay!

Also let me know if you were able to successfully delete those two files

 

First a question. Is the disk that you are putting into your CD drive the same service pack level as you are running? If yes, then check the below links. If it is not the same service pack as you are running, you need the same service pack level CD.


See if the below links provide any help:

http://support.microsoft.com/kb/909059

http://support.microsoft.com/kb/291594

 

Well that is not a service pack version so it may just be some manufacturer disk version. Since you do not have the required CD and you PC seems to have a variety of Windows related problems. I suggest that you go back to the Software Forum and get help on uninstalling SP3. Then redownload it and reinstall it which may help to get all the missing/corrupted files fixed.

 

Follow the below.

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Your problems may be due to Windows operating system issues which is why I suggested a reinstall of SP3. However, let me ask you something about what I saw in your MBRcheck log which I had first just thought was simply an unregonized master boot record. The below is from your MBRcheck log

Code:

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  [URL="file://\\.\PhysicalDrive0"]\\.\PhysicalDrive0[/URL]   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    930 GB  [URL="file://\\.\PhysicalDrive2"]\\.\PhysicalDrive2[/URL]   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    465 GB  [URL="file://\\.\PhysicalDrive1"]\\.\PhysicalDrive1[/URL]   RE: Western Digital MBR code detected
            SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA
[B][COLOR=purple]    465 GB  [/COLOR][/B][URL="file://\\.\PhysicalDrive3"][B][COLOR=purple]\\.\PhysicalDrive3[/COLOR][/B][/URL][B][COLOR=purple]   RE: Unknown MBR code[/COLOR][/B]
            SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F

What is the drive that I highlighted in purple? Is it the same as physical drive 1 which is an Western Digital drive? Are these removable drives? What is physical drive 3 for and does it contain a Windows operating system ( OS ) is is it used to boot a different OS.

 

Pysically uplug/disconnect all three external drives then reboot. Run another MBRcheck scan and attach the log. Also tell me how things work without these drives connected.


Remember you do have Windows OS issues to fix.

 

It is just a false detection. This is a normal setting.

Not necessarily. It looks for what it has been programmed to look for just like other tools. If they were all the same, you would need only one. They are not all the same and some find things others do not. Hence why we use multiple tools.

In the link I gave you on How to protect yourself from malware!

There is no perfect solution or perfect scanner. And if we were to test and rate programs today. The ratings would likely be differnent tomorrow due to updates to the programs and due to changes in malware ( thousands of new infections occur each week ). The main difference between tools you pay for and the free tools is that you will also get support ( to some extent ) and you will get some more features. For example, if you purchase Malwarebytes or SUPERAntiSpyware, you will get realtime protection which you don't get in the free versions.

You can use as many "SCAN ONLY" tools as you want but you must not use duplicate full blown antivirus or antispyware or firewalls.

 

You never did what I requested in message # 43 so that we could truly verify if the problem is related to the external drives....especially the one with the unknown MBR.

Formatting a hard disk does not necessarily fix ALL malware problems. For a couple examples, it would not fix infected MBRs and it would not fix an infected BIOS ( BIOS infections are rare, but they do occur ). Also formatting one drives does not fix problems that may be arising due to other drives or any form of removabel media ( even a camera, a phone, a USB flash drive, etc ).

 

First unplug ALL of the external drives. Then run the scan and post the results. Then keep the external drives unplugged and test how your PC operates without them plugged in.