Author Topic: computer wont boot normally, shuts down randomly, please help  (Read 4794 times)

0 Members and 1 Guest are viewing this topic.

stefanblandin

  • Guest
Thanks for helping me. I unfortunately can't say much bout this infection, because I really dont know much.
I'm running win7 64 bit.
Here's how a typical session goes.
I start the computer. I get a bluescreen right after the Windows screen. It says c0000145 or some such, because %hs is missing.
I shut down.
It tells me it didn't start correctly last time, I agree to let it run startup repair (the other option, start normally, yeilds the same bluescreen)
So it runs startup repair, which immediately asks if I want to restore (I choose yes because no returns a failed repair)
After half an hour, the computer finally retarts, restored to right before I installed avast. Usually I just reinstall it and scan, but regardless it does the next step, which is suddenly shutting down and the whole proscess repeats.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: computer wont boot normally, shuts down randomly, please help
« Reply #1 on: March 14, 2012, 12:22:01 AM »
Can you get onto your account again? If so, try to attempt these instructions and attach logs in your next post.
http://forum.avast.com/index.php?topic=53253.0
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

stefanblandin

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #2 on: March 14, 2012, 01:18:40 AM »
Here you are. Thanks again.
« Last Edit: March 14, 2012, 01:24:27 AM by stefanblandin »

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: computer wont boot normally, shuts down randomly, please help
« Reply #3 on: March 14, 2012, 01:28:14 AM »
A qualified removal expert named essexboy is notified. You can rest while you wait for him to assist you. :)
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

stefanblandin

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #4 on: March 14, 2012, 01:30:58 AM »
Thank you very much! And thanks Essexboy, tales of your mastery have spread far and wide through the ansible web.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: computer wont boot normally, shuts down randomly, please help
« Reply #5 on: March 14, 2012, 01:13:44 PM »
Hi it is the latest variant and as aswMBR has detected all elements GMER assures me this will work... And I trust him

Re-Run aswMBR

Click Scan

On completion of the scan
Click the   Fix Button

Reboot the computer
Save the log as before and post in your next reply

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    SRV:64bit: - [2009/07/13 20:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\tmlisten.dll -- (bcoreusb)
    NetSvcs:64bit: bcoreusb - C:\Windows\SysNative\tmlisten.dll (Oak Technology Inc.)
    [2012/03/13 22:38:43 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd[2012/01/15 15:24:28 | 000,008,742 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\4b730896
    [2012/01/15 15:24:28 | 000,008,693 | ---- | C] () -- C:\Users\Stefan\AppData\Local\4b8b299c
    [2012/01/15 15:24:28 | 000,008,663 | ---- | C] () -- C:\ProgramData\55192851
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Stefan\AppData\Local\Temp\RarSFX0\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Stefan\AppData\Local\Temp\RarSFX1\procs\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Stefan\AppData\Local\Temp\RarSFX0\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Stefan\AppData\Local\Temp\RarSFX1\h\explorer.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Stefan\AppData\Local\Temp\RarSFX0\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Stefan\AppData\Local\Temp\RarSFX1\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Stefan\AppData\Local\Temp\RarSFX0\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Stefan\AppData\Local\Temp\RarSFX1\winlogon.exe
    @Alternate Data Stream - 1202 bytes -> C:\Users\Stefan\AppData\Local\o9RwvGbsLEewxL:gFjrIl7OhyNRrku4MsRd09


    :Files
    ipconfig /flushdns /c
    netsh winsock reset catalog /c
    netsh int ip reset reset.log hit /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

stefanblandin

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #6 on: March 14, 2012, 10:49:41 PM »
I tried the aswMBR and it had the same error, the computer restarted and I had to do a system restore. the bluescreen says "c0000135"  because "%hs" is missing. I'm going to try the OTL one and give you a log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: computer wont boot normally, shuts down randomly, please help
« Reply #7 on: March 14, 2012, 11:04:03 PM »
Hmm I wonder if the ads is the cause of that

stefanblandin

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #8 on: March 14, 2012, 11:24:25 PM »
Nope, OTL did the same thing. I couldn't provide a log, unfortunately, because it closed too fast. What is ads? like advertizements?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: computer wont boot normally, shuts down randomly, please help
« Reply #9 on: March 14, 2012, 11:36:13 PM »
No it is an alternate data stream, this opens a file every time a folder is accessed

OK bigger hammer

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
File::
C:\Windows\SysNative\tmlisten.dll
C:\Windows\System32\tmlisten.dll

NetSvc::
bcoreusb

Driver::
bcoreusb
Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


stefanblandin

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #10 on: March 15, 2012, 12:15:47 AM »
Works great! I encountered the "marked for deletion" error but like you said, I didn't panic and rebooted. It works! My computer is now virus free. Still can't find the log file though. Any tips on how to avoid this in the future?

Kilia

  • Guest
Re: computer wont boot normally, shuts down randomly, please help
« Reply #11 on: March 15, 2012, 01:17:17 AM »
 Aww..I'm always happy to see this kind of ending to a terrible problem! ;D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: computer wont boot normally, shuts down randomly, please help
« Reply #12 on: March 15, 2012, 02:34:22 PM »
Could you run a fresh OTL scan please selecting all users and with the following scan script

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
Drives
CREATERESTOREPOINT