Computer freezing within 5 minutes

[pnave01]

Hey everybody hers the problem:

A friends PC keeps crashing every 3-5 minutes. He has current anti-virus (he says don't know about adware or malware software) software, new RAM, and a clean Windows install. He has taken it to a computer shop already they say its the hard drive, problem is he can't afford to pay the $400 they are charging for data backup, new hardware and a reinstall of win XP.

To clarify If he turns it on and (for example) doesn't touch anything, it will boot up, launch Windows xp, bring up his desktop and icons, and then run for a variable period of time from 2 to 5 times before the screen goes black and then it will restart the whole boot up procedures by itself. Left to itself it will just keep doing that.

He can actually use the computer for that 2 to 5 minutes, though it is still in the “launching programs” stage and really sluggish. Using it doesn’t seem to influence the speed or frequency of the crashes. He is having trouble getting it to recognize a portable USB hard drive fast enough to transfer anything before it crashes.

Now i had him start it in safe mode and the computer runs without a problem, which leads me to believe it isn't a hard drive problem considering it should happen in both. Now i am having him check event viewer for any errors that my give me some more info on the problem. Big thing is at the moment i am without a car or i would have been there to fix it already.

Now from everyone's experience on her, has anyone run into this problem before and what did they do to fix it. Also is there anything else i could get him to do to narrow down the problem for me. Thanks for any and all help.

 

[NickCat11]

My first question is why did he bring it to a computer shop and not to you

Secondly, if it's working properly in Safe Mode then that's a big clue as to what's going on. You should be able to narrow it down from there...

 

[pnave01]

Well he didn't want to bother me because at the time i was really sick, so he went to a computer shop in his area.

Thanks for the help.

 

[NickCat11]

Well he didn't want to bother me because at the time i was really sick, so he went to a computer shop in his area.

Thanks for the help.

Gotcha. Hope your feeling better. I would use safe mode to start doing some diagnostic work to help resolve the issue. I really doubt it's the drive or anything hardware related since the problem doesn't exist in safe mode. Wouldn't hurt to test the ram or drive anyway though. Forgot to ask, how are the temps? Use speedfan or something similar to check.

 

[Daifne]

How about turning off the auto reboot on crash so that you can see the blue screen...

 

[pnave01]

A small update he sent me these error that he was getting

The error messages were:

svchost (1336) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

 

[JoATMoN]

Sounds like he has a illegal copy of XP installed on his machine. It's not malware (the link is a valid M$ directory).

I suggest putting in the Windows CD, boot from it, and then go into the Repair Console and run chkdsk on the drive. Should fix your problem.

 

[ComputerClinic]

The fact that the file is in a valid Windows directory means nothing. A quick google search for "CatRoot2\tmp.edb" shows that it is a malware infection. Have him boot into safemode with networking and download combofix. Once downloaded, have him restart the computer to safemode without networking and then run combo fix. This should repair the computer enough to use it without safemode. Have him install and run malwarebytes to clean up anything left over. I would do more than this if it were in your posession but that should be enogh for him to use it again.

P.S. make sure he downloads combofix from the site I linked to. There are a couple of fake combofix sites that will actually infect your computer further if you visit them. And they are the first two results when you google "combofix"

 

[ComputerClinic]

Just to clarify things further, a lot of malware installs itself in the Windows directory. The most common being C:\Windows, C:\Windows\system32, and C:\Windows\system32\drivers. A great way to manually remove viruses is to use UBCD or something similar to check those directories sorting from newest to oldest, and removing anything suspicious (and googling anything your not sure about).

EDIT: after checking a clean computer, I found that file on it as well. And doing some more google research, I am not positive its a malware infection. But it is a possible cause.

 

[TLE]

C:\WINDOWS\system32\CatRoot2\tmp.edb is part of windows update.

I would suggest starting in Safe Mode with Networking and running windows update. Might just kick it into touch; however, it does sound as though the file has become corrupt. So I think the best course of action would be to delete the file in safe mode with networking (you may need to use Open File viewer to kill the svchost process which currently has it locked) , re-boot and then run windows update.

I would make a copy of the file before you delete it and place it on the desktop, just in case.

TLE

 

[joydivision]

I would test the hard drive first before spending ages trying to sort out a virus which may not exist

 

[ComputerClinic]

I would test the hard drive first before spending ages trying to sort out a virus which may not exist

Yes. I apologize for jumping to conclusions. Deleting the file and running CHKDSK should be attempted before checking for malware.

 

[pnave01]

Started off by shutting of auto restart on crash, to have a look and see if there where any BSOD's. Found one Stop 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA did some checking and that usually relates to a ram problem, so i ran memtest and the ram passed.

So i decided to go the virus route i ran combofix in safe mode, after that the freezing stopped. Then i ran malwarebytes, superantispyware, and shut of and restarted system restore in normal mode. Seems to be running well now checked process explorer nothing suspicious was there, hopefully got rid of it.

Only thing that is happening now is that when the computer starts i get a window saying "Windows Cannot find C:\Combofix\RGT.cfxxe was wondering if anyone had encountered this before, and how they fixed it.

Wish i could have taken the computer with me but can't always get what i want. I'd just like to thank everyone for there continued help.

 

[ComputerClinic]

Started off by shutting of auto restart on crash, to have a look and see if there where any BSOD's. Found one Stop 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA did some checking and that usually relates to a ram problem, so i ran memtest and the ram passed.

So i decided to go the virus route i ran combofix in safe mode, after that the freezing stopped. Then i ran malwarebytes, superantispyware, and shut of and restarted system restore in normal mode. Seems to be running well now checked process explorer nothing suspicious was there, hopefully got rid of it.

Only thing that is happening now is that when the computer starts i get a window saying "Windows Cannot find C:\Combofix\RGT.cfxxe was wondering if anyone had encountered this before, and how they fixed it.

Wish i could have taken the computer with me but can't always get what i want. I'd just like to thank everyone for there continued help.

Combofix runs a process after rebooting, so it looks like its having trouble starting that. Did combofix do anything after it restarted? You could try running it again to see if it finishes right this time. Or you could find the process in msconfig and disable it (start, run, msconfig, startup).

 

[topshelfpc]

Don't rule out a possible rootkit just yet. Check for suspicious files from a boot time scanner or a boot cd. I like the AVAST boot time scan, it loads prior to anything else and does a virus scan, just make sure it is updated and be sure not to delete any system files that a rootkit may have patched.