Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot in normal mode after System Restore


  • This topic is locked This topic is locked
6 replies to this topic

#1 OCaptainmycapn

OCaptainmycapn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 07 January 2012 - 10:50 AM

Hello all - first post here and I could use some help. Here are the string of events which have led me here. Sorry if this is long, but I'm trying to be as detailed as possible in the hopes that someone will be able to help.

First, I have a home built PC with a newly purchased version of Windows 7 that I've been running without incident since around September. I had also purchased and am/was running Avast antivirus with Internet Security. More on that later.

Ok, so yesterday morning I was doing some routine web surfing before going to work - normal stuff, nothing out of the ordinary, no crazy websites, etc. I shut down my PC and left.

Got home last night, booted the PC and then immediately began getting all these pop ups for Win 7 Internet Security 2012. This kept blocking me from accessing the internet, but not before I was able to a quick search to find out this was a virus/malware application.

So I scanned my PC with Avast. It finds one infected file, which I instructed it to fix/remove. Then Avast recommended that I perform a further scan, which appeared to be done in a DOS-like mode. It was just a black screen with white text running its scan. Took quite awhile. After the scan completed, I re-booted and everything seemed fine and Win 7 Internet Security 2012 appeared to be removed as there were no more pop ups. I ended up downloading Malwarebytes Anti-malware and ran a scan, which came back clean.

To be sure, I then decided to do a system restore to a few days back. This is where things got dicey. Once I was instructed to re-start my PC after the system restore, the computer did not load Windows 7 properly. It got to the blue screen where it prompted me for my password, which I entered, and then it hung on the blue Welcome screen and then went black and all I saw was my mouse cursor. I manually shut off the PC, restarted, and when prompted, booted into Safe Mode. Upon getting into Safe Mode, Windows then notified me that the System Restore was successful. I then re-started the computer and it then loaded Windows 7 just fine in normal mode.

But then I noticed that my Avast program stopped runnning and I can't seem to fix this.

When I attempt to launch Avast, I get a message saying, "The Avast program has stopped running or is an inconsistent state" There's a "Fix It" button but nothing works. Ok, so Avast needs to be fixed and I will either uninstall/reinstall it or call their customer service.

However, the bigger issue, and I'm not sure if it's related to the Avast issue, is that when I shut down my PC and re-boot, it keeps hanging before booting into Windows 7 as it first did above. The only way I've been able to get around this is if I manually shut down, and then keep creating new System Restore points within Safe Mode and then re-starting back into normal mode.

Any suggestions would be most appreciated. I'm wondering if the two issues are related. At any rate, this is most frustrating as everything has been working perfectly with Windows 7 since I've been running it for the last four months and now I'm having this annoying issue.

Thanks in advance for any advice or suggestions.

Edited by hamluis, 07 January 2012 - 01:16 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:09 PM

Posted 07 January 2012 - 01:39 PM

Welcome aboard Posted Image

Restart computer in Safe Mode with Networking....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 OCaptainmycapn

OCaptainmycapn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 07 January 2012 - 07:32 PM

Thanks Broni.

I think things might have gotten worse. While I had the PC running in regular mode I downloaded and ran four out of the five programs you told me to and kept the scan logs. I then shut down because I had to go out. I was planning to download and run GMER when I got back. I should have left the machine on because I just tried to start it up and now I can't even choose Safe Mode because now my keyboard doesn't work when I'm prompted to choose which method to start up. My arrow keys won't function. Can't move up or down. I know the keyboard works because if I try booting into regular mode I'm able to type in my password. But then it just hangs at the welcome screen as I previously described. Ugh. Is there another way to boot into safe mode without using the keyboard or arrow keys? Sounds almost impossible but I'm at a loss right now. Thank you.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:09 PM

Posted 07 January 2012 - 10:09 PM

Hold on there.
I'll report this topic to appropriate helpers.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:09 PM

Posted 08 January 2012 - 12:06 AM

:welcome:

Lets give it a try. You will need a USB (Flash) drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

As an alternate method, you can use the install CD to get to the Repair Console command prompt and work from there.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 OCaptainmycapn

OCaptainmycapn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 08 January 2012 - 05:40 PM

Issue Resolved.

Had a friend stop by today who is in software programming or something along those lines. He was able to download MS Security Essentials and run some scans and also create a new system restore point as he said the one I had created became corrupted and that was part of the problem. I scanned all my drives with that program and then again with Malwarebytes and everything seems to be ok now. Ended up getting rid of Avast.

Thanks to everyone who offered suggestions. Great forum.

Cheers.

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:09 PM

Posted 08 January 2012 - 07:52 PM

Thanks for the feedback.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users