[Resolved] Help!!

  • 49 Replies
  • 16838 Views
*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #30 on: April 06, 2011, 05:37:11 PM »
I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now try running an Avast scan from this.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #31 on: April 06, 2011, 05:47:08 PM »
will do! do you think if all else fails a re-image from a backup image that was created with windows 7 backup tool will fix?

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #32 on: April 06, 2011, 05:54:00 PM »
should i run avast on all drives?

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #33 on: April 06, 2011, 06:01:08 PM »
Do you have all your data saved?

And if Avast will run, definitely run it on all drives.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #34 on: April 06, 2011, 06:04:38 PM »
if you mean all my documents, music pictures, yes I store that on a separate drive. Avast scan is running!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #35 on: April 06, 2011, 08:55:14 PM »
I talked to some of the other malware removal staff, and so far no one has had good experiences with ThreatFire. They all like the idea of how it is suppose to work, but apparently it does not work as advertised. But if you want to try it, it might be worth it.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #36 on: April 06, 2011, 09:05:02 PM »
Thanks I read similar about threatfire. Avast found a rootkit in a program iobit malware. I removed the program and now avast is running abbot scan.

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #37 on: April 07, 2011, 07:58:44 AM »
Ok Avast found what it called a rootkit in a program iobit Malwarefighter, the file was called filemonitor.sys. I let avast delete the file and was able to completly remove the program. I then let avast run a full boot scan, it did find some corrupt files and deleted the too. I rebooted and reenabled startup items through "msconfig" so far this morning all is good. However I still see errors in the system and application evnt viewers. They refer to
System log:The flush and hold writes operation on volume D: timed out while waiting for file system cleanup.<BR><BR>Volume Shadow Copy Service error:

Application:The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b0fc8158-3304-11df-b514-806e6f6e6963}\. The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.<BR>], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.<BR>], Release[0x00000000, The operation completed successfully.<BR>], OnRun[0x00000000, The operation completed successfully.<BR>]. <BR><BR>Operation:<BR>&nbsp; Executing Asynchronous Operation<BR><BR>Context:<BR>&nbsp; Current State: DoSnapshotSet

So I am not sure if those errors lead to the PC crapping out??

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #38 on: April 07, 2011, 08:03:17 AM »
I also just remembered I have Microsoft "sync toy" running that syncs a folder from that drive to a public folder.....

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #39 on: April 07, 2011, 08:11:37 AM »
Try turning off the Sync Toy and see if the VSS problem clears up.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #40 on: April 07, 2011, 08:13:05 AM »
will do!!  fingers crossed!! will those type errors cause the crashes?

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #41 on: April 07, 2011, 08:24:53 AM »
Conflicting software can always be a source of a crash. But I have no idea if it is the source of your particular problem though. But we keep knocking down problems as we see them, and soon all will be well with the universe.  :a

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #42 on: April 07, 2011, 10:54:33 AM »
 :AG

*

Offline stogie53

  • Bronze Member
  • 30
Re: [In Progress] Help!!
« Reply #43 on: April 08, 2011, 06:38:33 AM »
Looks like we got it!! Thank You very much! PC has been running fine since night before last! No VSO shadow errors today.  I am not convinced that was the cause of any problem, since i see errors like that dating back at least a month.  most likely something from combofix or other scans fixed it??? :ty :t

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27193
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Help!!
« Reply #44 on: April 08, 2011, 08:17:47 AM »
It was just the last piece of the puzzle. More than likely something changed because of the malware infection, something that caused SyncToy's problem to come to the surface.

Do you have any other questions or concerns or other problems that need addressing? If not we can do some cleanup and call this done.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!