Computer Crashes To Restart

you got it

 

i apologize for the delay, i had a death in the family. i'll post the scan results by the weekend.

 

thank you very much, here is the report you asked me to scan. i did as you said. Here is what i've done since the last time we spoke.

1. Ran the Malwarebytes scan like you asked

2. Purchased new Ram (4) 1GB sticks. I removed the previous ram and installed the new ram. A total of 4 gb, but only 3.08 show up in system info. All the Ram are made by the same manufacture and are identical in brand, size, and model.

What causes only 3.08gb to show instead of the full 4gb? i do have a 32bit system with an older video card (RADEON 9250 which is a 256MB video card). I'm assuming the video card memory plays a role in why my pc isnt showing the full 4gb, but i would assume not the entire 1 gig that's missing.

So far there havent been any crashes with or without the external hard drives plugged in.

 

my apologies, i will run that scan tonight.

Also, im trying to remove Java 2 Runtime Environment SE v1.4.2 because i have the most recent Java, but i can't remove it.

i keep getting

"the feature your are trying to use is on a network resource that is unavailable"

How do i fix this? i have tried using Start > Control Panel > Add/remove programs & CCleaner, but have the same problem.

 

installed revo uninstaller and tried to uninstall the old java, but i received the windows installer pop up that says:

"the path 'C:\Documents and Settings\Owner\Local Settings\Application Data\{7148FOA6-6813-11D6-A77B-00B0D0142000}\Java 2 Runtime Environment, SE v1.4.2msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'Java 2 Runtime Evironment, SE v1.4.2.msi' in a folder from which you can install the product Java 2 Runtime Environment, SE v1.4.2."

i clicked ok and canceled the search for Java 2 Runtime Environment SE v1.4.2 and Revo went into leftover registry items and there are 12 items in bold with options to delete them. What should i proceed with?

 

the text document has all the programs CClenar shows as able to uninstall. You will see the Java program im talking about.

i've also noticed that in

Start > Run > Msconfig > Startup > there are 3 items that don't have a name or a command, just a location. This seemed odd to me and wanted to know if i should do anything.

I would like to perform all scans once the external hard drives are disconnected, so please let me know if you need me to use any other scans before that.

 

attached

 

here is the MBR check you asked for. i disconnected the external hard drives as you requested and ran the scan.

2 more things:

1. Revo Uninstaller, just to clarify, even though it's unable to uninstall the old java program you want me to remove all "bold" items listed? Will this make my registry unstable?

2. Internet Explorer tends to run slow and freeze at times. I've even noticed frequent "tab recovered" problems. I've read that this can be associated with certain add ons. So i have tried to run IE 8 without addon's and still come across the lagging and tab recovered issues. MS has a "fix it" program to use when issues like this arise. Should i proceed to use the program?
http://support.microsoft.com/mats/ie_freezes_or_crashes/en-us

 

since i reformatted i do have an original Windows XP home edition disk. Should i proceed with a sfc/scannow or move over to the software forum?

 

alright, thank you for all your help

 

i've had 0 issues with my pc magically shutting down since the last time we talked, but i have noticed issues with web surfing.

when clicking on web pages the page i've chosen jumps to what appears to be an advertisement web page. the intended search is always on the up and up, but you can watch the address bar change multiple times to an advertisement page. im assuming that's connected to a virus or spyware of some sort. would malwarebytes/superantispyware/avast/and spydoctor detect such issues or would i have to complete the original steps from before?

In regards to the external drive that was in question i've found

trojan.Agent/Gen-Autorun[Swisyn]
P:\SYSTEM VOLUME INFORMATION\_RESTORE{xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx}\RP151\A0023876.EXE
P:\SYSTEM VOLUME INFORMATION\_RESTORE{xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx}\RP151\A0023877.EXE

the files in question on the external P drive included what appeared to be a 32 digit serial number following the word "RESTORE".

Also how would i go about learning how to understand the programs you've had me use so that i don't have to continue coming back and wasting your time?

 

1. I'm definitely going to look into that link you sent me, im very interested.

2. I believe it's a redirect infection illustrated in the thread i just found last night, http://forums.majorgeeks.com/showthread.php?t=230267. the pages are defintely "redirecting" to others that have nothing to do with the original link. it usually takes 3 or 4 processes (click on Original link > redirected to another page > click back > try original link again) before i can get to the original link i wanted.

I have 2 PC's on my home network. The one that has the problem, which is the one im posting from and another (my mothers). I've also noticed a random "access violation" error on my mothers. i scanned that computer and found some infections that i successfully removed. This along with being redirected on the problematic PC we're discussing leads me to think there's definitely an infection. if need be i would rather be safe and runs the proper scans than proceed with a possible infection. Should i proceed with the directions from the 'redirect thread' or 'malware removal guide', or both?

3. Should i try disabling system restore points and do some standard Avast/SAS/Malwarebytes scans before i make a new thread?

4. I'm almost certain the P:drive is the one with the bad MBR. The only problem i have is determining which 465gb drive is which in the MBR scan because i have 2 externals that both 465gb. is there a way other than process of elimination to determine which is which? I'd prefer to not to start fresh (reformat) with either drive as they store a lot of vital information.

 

Here is a common example of what happens. I'm on the site www.freecovers.net looking for a game cover; Fifa 12. I'm signed in and click on the link to display the cover and im redirected to www[dot]hellolocals[dot]com and or www[dot]cheapstuff[dot]com, comparestores[dot]net. i click "back" and go back to try again. It takes 2 two times before i finally get what im looking for.

 

So far i followed your thread on fixing google redirection/hijacking problems and still have the same problems. I've gotten to Step 5 where it says to do an MBR check.

i did the scan and it came back with the same problem we had before (found non-standard or infected MBR). So to identity which drive has the problem i disconnected the P drive, the drive i told you yesterday had errors on it and ran the MBR check again. It came back with the same "found non-standard or infected MBR" so i know the MBR problem is not on the P drive (as it was disconnected during the scan). The drive that has the MBR problem is drive Q.

i don't know what that means or how to proceed with fixing that external hard drive (drive Q).

 

will do, and should i continue with the malware removal/cleaning procedures due to the redirect issue?

I've already gone through the thread about the redirect issue and have moved onto running the malware removal guide. Im currently on step 2/5 doing the malwarebytes anti-malware scan.

i can have it done by tomorrow if need be, just let me know

 

i ran the scan with the Q drive disconnected. the results are attached below.

Currently backing up the files i intend to keep.

Yes i have the windows boot CD that i used to recently reformat my pc, but i think you addressed the issue that it doesnt have the same service pack.

I noticed that even with the drive disconnected im still getting the same redirect problems.

 

the files i intend to keep are quite large in total size so it may take a couple hours tonight, but they are backing up as we speak.

Since i already began the malware removal guide a 2nd time (as requested from the redirect virus thread) is it safe to continue with hidden files and folders viewable and normal startup mode selected or should i undo these?

 

i forgot to ask something. i had problems running the MBR scan the first time we talked because i didnt have the proper windows CD to boot from and i ended up reformatting my pc. i don't want to go down that path again if i absolutely don't have to. So if i'm receiving a non-standard or infected MBR on this external drive (Q) can i wipe that drive clean and start fresh? i know i said i wanted to refrain from doing so, but if need be i will gladly start fresh on that drive if it solves the problem. i just don't know how to do so.

I'm not sure if my understanding is correct, but a non standard or infected MBR on drive Q means theres a problem with windows or just the drive in question?

 

my apologies, the correct scan is attached now. there are 3 external drives (M/P/Q). i disconnected M & P and kept Q plugged in.

 

everything is backed up and ready to go

 

when you asked to rerun MBRcheck just like i have previously done in the past are you referring to running MBR with all externals connected or just drive Q?

 

i just ran the MBR scan with only the Q external drive connected. M&P drives were disconnected. Both logs are attached below.

 

i noticed the switch from 3 to 1 as well. when running the recovery console im not prompted with the same steps from that link. the difference is the disc i reformatted with was the Gateway Windows XP Gome Edition operating system version1.5 disc. It's the disc that came with my Pc many years ago. i want to check with you about the specifics before i choose any options.

 

I'm going to just burn the image you suggested as it seems the easier route, the only problem is the link you gave me opens to a blank page. Address = about:blank. is there another link to try?

 

i got the link to work, burned an image, loaded correctly. i tried to run fixmbr \device\harddisk1 and the outcome was 'the old master boot record cannot be read'. i typed exit and rebooted and removed cd.

 

i removed all data from the drive so if you want to completely erase the damn thing im fine with it. i don't know if that helps in anyway but i wanted you to know.

 

i see that your from northern nj i hope the storm didnt knock your power out, hope you're ok.

 

Hi, thedon01
As you guessed, chaslang is currently experiencing some power issues. I will try to help you while he is away.

The Q: drive may have some corruption on it. I have not seen this error message first hand but from what I've read on this error message that is what most people are suggesting. I have asked chaslang as well as he may know more about this.

You were able to get the data off it without any problems, right?

Also, I think chaslang asked you this earlier but I wasn't sure if you ever provided an answer. If you leave the Q: external drive unplugged from the PC; do you still experience the random PC crashes/reboots?

Can you try the below with only the Q: external drive attached!!!

http://img833.imageshack.us/img833/7035/aswmbricon.gif Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista and Win7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

 

thank you for responding, i figured something was up with chas, hope he's ok.

yes i copied the files i intended to save off the Q drive, so if you need to reformat in anyway it won't bother me.

i havent had crash issues since reformatting, whether the Q drive is connected or disconnected, but i am experiencing serious redirect issues. when trying to go to web pages i will get redirected to fake sites. it may take 3-5 tries before i can get the page i want. very frustrating.

i downloaded the program you suggested and will do the scan and post the results. thank you

 

i did the scan with only the Q drive attached and powered on, except for obiously the C: drive (internal). results attached below.

 

It looks like aswMBR only scanned the 160GB internal drive. That's ok.

If you have all the data backed up from Q: external that you wanted. It will be easiest just to format the Q: drive only. From My Computer, you can find the Western Digital 500gb external hard drive (should be Q: ) and right-mouse click it >> Format...

See if your problems persist. Also run these afterwards:

http://img685.imageshack.us/img685/3557/tdsskiller.gif Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

 

successfully reformatted drive Q, and ran both scans as requested. Still came back with a bad MBR, but not having a redirect issues as of right now. that could change however as it would take more time for me to verify. logs attached below.

 

Ok, let me know when you get a chance to verify it a bit more.

Unknown does not necessarily mean infected.

 

ok ill get back to you tomorrow on it, thank you