99 replies to this topic

[LDTate]

How are the icons?

[Nman]

Opps, sorry, lol. Yes, they are fine now.

[LDTate]

How's the computer running now?

[Nman]

It's running fine now, though I haven't run the McAfee to see if it will stop on that file again. I could do that, but I need to be leaving for work soon again, and then I will be gone all day tomorrow too (night shift tonight, morning shift tomorrow... fun) Other than that no slow downs right now to speak of. PS. My wife saw your rank as Forum God and busted out laughing.

[LDTate]

It's running fine now, though I haven't run the McAfee to see if it will stop on that file again. I could do that, but I need to be leaving for work soon again, and then I will be gone all day tomorrow too (night shift tonight, morning shift tomorrow... fun) Other than that no slow downs right now to speak of.

PS. My wife saw your rank as Forum God and busted out laughing.

Lets leave this open and run McAfee when you get the chance.


We get "Forum God" when we hit 10k post

[Nman]

Okay so I ran the scan, and it stopped on that again, but after a few hours of being that way (I was at work and my wife was watching it for me.) eventually a window popped up, from windows. It read as follows: McAfee Host service has stopped working and was shut down, windows will notify you if a solution becomes available. However, I could still do nothing on my laptop at that time, it was still frozen. Now I am also wondering this, what is that file? It only appears as C:\...\ieui.dll while all the other files it scans before that one show more, though some do have the \...\ in them. But all in all, that is what happened. Stopped on that file, froze and I had to forcefully turn it off and back on. One should note that the only reason I started to scan my computer at all, when this all first started, is because it was acting weird and programs became non responsive. Now that has stopped and McAfee is just doing it... On an off topic note, my wife said that at 50,000 posts the ranking should be the "God of all forum Gods", lol on our board we have never seen that many posts!

[LDTate]

ieui.dll is a Internet Explorer file.
Why the scan would stop / lock on that file? I don't know.

Have you tried Windows updates lately?

[Nman]

Yes I have tried updating, but no new updates have been available for a while now. That is actually the first thing I tried before coming here. Would it matter that I don't have IE8? When my wife got it, it took over her computer, and it took forever to get things back to how she wanted them. So I decided to not go through the hassle of having to do that as well. I use Fire Fox any way so to me it didn't seem like a big deal. Maybe I should just go ahead and do it though.... Okay I will be back after work, have a good day! And thanks for your help and patience!

[LDTate]

I personally don't care too much for IE8 at this time. I'll do some checking on that error and post later.

[LDTate]

Lets do another Rootkit check

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Nman]

Okay I ran the scan, but when I tried to open the text file to paste it, my computer crashed with the blue screen warning that something has caused windows to stop working so it was shutting down to protect it self. Should I just up load it again. I must admit though, I did run the scan twice, only because the first time I accidentally unchecked C:\ I am very tired and miss read your instructions, I hope that didn't screw things up though. I need to go and lay down here soon, so please let me know what to do next. Thanks Again for all your help!

[LDTate]

Don't worry about the time it's taking. I'm in no hurry. Take a break when you need to.

We're trying to find out why the tools won't run.

We'll try GMER without the Sections option.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Now we'll try GMER again.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Nman]

Okay I did all that you put on here. I was able to get a report this time, however when I opened it, it caused it to crash again. (But the crash did not restart the computer like normal, it just stayed on the blue screen and said to contact the system admin). But, like I said it did make a report. Is there any way I can upload it without opening it so that you can read it? PS. Feeling better today, which is always good!

[LDTate]

To attach a file, do the following:

• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[Nman]

It keeps saying upload failed, you are not allowed to upload this type of file. I can edit the Properties of the file though without a crash. Any Ideas on what I can do to make it readable without making it crash? I saw a property that says to read and execute and I denied that permission. Should I be able to read it now? Or see it some how?

Edited by Nman, 03 July 2010 - 09:49 PM.