http://forums.whatthetech.com/Possible_inf...tml#entry608526
Hi;
I got good help from CatByte, made the adjustments, closed the topic yesterday, and had the background screen only on startup today. Task Manager restarted the computer and the task bar and icons showed up, but I still apparently need help. I'm playing on Facebook a lot recently if that makes a difference.

Yes, there are lots of infections floating around facebook, you could have been reinfected. Lets get some new diagnostic logs, see what is going on.

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Hi, CatByte;
Here are the requested logs. I find if I wait before clicking on my user name at startup the icons load right away.

Hi,

No obvious signs of any malware there, but we can run the Malwarebytes and Kaspersky scans just to make sure. You may just need to defrag to have things run a little better.

Try this:

Download and run Auslogics Disc Defragmenter


NEXT:

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Hi, Catbyte;
Here are the logs:

Hi,

There is no more malware on your system, your issues don't appear to be malware related any longer.

Can you describe your issues in as much detail as possible, If I can't assist perhaps I can directly you to our tech forums to let our expert techs take a look, it may just be a few settings that need adjusting.

Hi, Catbyte;
Sorry for the slow response- I've been very busy and I'm watching what my computer does. Sometimes on startup, I still get background only- no icons or taskbar. I've had to use task manager to restart the computer and I usually get my icons/taskbar. If I wait before clicking on my name (no password) my icons come right up. I just had the same problem, checked task manager and saw a process using most of my cpu resources called ekrn.exe. I've also had an explore.exe error message on shutdown once.
That's about all I can think of for now. I thank you for the help.
FCS

Hi,

ekrn.exe belongs to your ESET NOD32 antrivirus.

I don't believe your issues are malware related any longer.

I suggest you start a new topic in our hardware forum and see if they can assist.

Please delete the DDS and GMER folders from your desktop.

Make sure you link back to both malware topics so the tech's can see that you are clean.

Thanks again for your help, Catbyte.

FCS

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.