Desktop Icons Turning off on Windows 7 - After enabling them, the user STILL sees no icons

JOsborne · May 10, 2017

I have a user running Windows 7 Pro. He's reported that his desktop icons have gone missing. I've remoted in using TeamViewer, and they're turned off....ok, easy fix - I turn them back on. I can see them on my remote session, but he says he still CAN'T see them. Apparently, if he reboots, he can see them for a while, but they disappear again after a few hours or so.
If I remote in again when he's having a problem, they're turned off again. Turning them on, I can see them, but he still can't. This is the damned thing!

I haven't been on-site yet to look at this, as he's usually accessing it early in the morning - its his home computer, and he's checking things before going into the office, or after returning from work.

I haven't even begun to look into why the desktop icons keep getting turned off as I'm confused why he can't see them when I can.

Anyone have any ideas?

Archon Prime · May 10, 2017

holy deja vu....I saw this EXACT post somewhere on here. or somewhere else.
Try system file checker? Tweaking.com Windows Repair? rebuild icon cache? Hit it with a hammer?

Mick · May 10, 2017

You scanned for malware?

cypress · May 10, 2017

McFarland IT said:
holy deja vu....I saw this EXACT post somewhere on here. or somewhere else.
Try system file checker? Tweaking.com Windows Repair? rebuild icon cache? Hit it with a hammer?

Bingo. I would definitely give this a shot.

ell · May 10, 2017

If all that fails try creating a new user acct and copy data over.

fencepost · May 10, 2017

Does Windows think it has dual monitors? Otherwise, icon cache, plenty of instructions online.

GTP · May 11, 2017

+ 1 icon cache rebuild.
Oh, and a good malware scan with "The Herd" or "Metadefender"

Archon Prime · May 11, 2017

Barcelona said:
+ 1 icon cache rebuild.
Oh, and a good malware scan with "The Herd" or "Metadefender"

The herd is MIA at the moment

"We are currently not distributing herdProtect at this time, if you would like to be placed on the waiting list, please email us at download@ herdProtect.com. We are looking to re-release the software in the coming weeks."

GTP · May 11, 2017

McFarland IT said:
The herd is MIA at the moment

"We are currently not distributing herdProtect at this time, if you would like to be placed on the waiting list, please email us at download@ herdProtect.com. We are looking to re-release the software in the coming weeks."

I had the download already, it updated fine last time I used it. But I haven't used it for a couple of weeks.

nlinecomputers · May 11, 2017

GPO? Some 3rd party desktop theme software?

Mick · May 11, 2017

@Barcelona. Metadefender? That's new to me. Looks promising - thanks.

ComputerRepairTech · May 11, 2017

JOsborne said:
Apparently, if he reboots, he can see them for a while, but they disappear again after a few hours or so.

After a few hours? thats quite a while, I wonder if theres a set duration after a reboot that it occurs.

Your PCMD · May 11, 2017

ComputerRepairTech said:
After a few hours? thats quite a while, I wonder if theres a set duration after a reboot that it occurs.

Either that or what are the chances that Micro$oft is remoting into the computer to muck things up to get them to switch to Windows 10? It could happen!

Your PCMD · May 11, 2017

Barcelona said:
"Metadefender"

Yeah, OK....

Code:

Metadefender Client Scan Report
Start Time: 2017/05/11 17:02:25 GMT
Stop Time: 2017/05/11 17:04:10 GMT
Total Files Processed: 1393
Total Potentially Infected Files: 11
Unknown Files: 1
Clean Files: 1380
Total IPs Scanned: 0
Potentially Infected IPs Found: 0
Clean IPs Found: 0

Client version: 4.0.5.140
Device MAC address: -----------------
IP Address: 192.168.0.xxx
Device name: ROB-PC
User name: Rob

----------Potential Infections----------
Kabuto.exe 2017/04/06 03:14:41 PM 2/40
C:\Program Files\Kabuto\Kabuto.exe
SHA256: 6692D324298D49B303FE3501F1710E9473CAF36100F9037D7E096615FD7C0DFC
          Threat Name: Trojan.MSIL.fuap
          AV Name: Jiangmin
          AV Definition Date: 2017/04/06
          Threat Name: Trojan.AgentCRTD.Win32.5584
          AV Name: Zillya!
          AV Definition Date: 2017/04/06

Clean Engine Results:
          AVG (AV Def: 2017/04/06)                          AegisLab (AV Def: 2017/04/06)
          Agnitum (AV Def: 2017/03/31)                      Ahnlab (AV Def: 2017/04/06)
          Avira (AV Def: 2017/04/06)                        Baidu (AV Def: 2017/04/06)
          BitDefender (AV Def: 2017/04/06)                  ByteHero (AV Def: 2017/04/06)
          CYREN (AV Def: 2017/04/06)                        ClamAV (AV Def: 2017/04/06)
          DrWebGateway (AV Def: 2017/04/06)                 ESET (AV Def: 2017/04/06)
          Emsisoft (AV Def: 2017/04/06)                     F-prot (AV Def: 2017/04/06)
          F-secure (AV Def: 2017/04/06)                     Filseclab (AV Def: 2017/04/06)
          Fortinet (AV Def: 2017/04/06)                     Hauri (AV Def: 2017/04/06)
          Ikarus (AV Def: 2017/04/06)                       K7 (AV Def: 2017/04/06)
          Lavasoft (AV Def: 2017/04/06)                     McAfee (AV Def: 2017/04/06)
          Microsoft (AV Def: 2017/04/06)                    NANOAV (AV Def: 2017/04/06)
          Preventon (AV Def: 2017/04/06)                    QuickHeal (AV Def: 2017/04/06)
          STOPzilla (AV Def: 2017/04/05)                    SUPERAntiSpyware (AV Def: 2017/04/05)
          Sophos (AV Def: 2017/04/04)                       ThreatTrack (AV Def: 2017/04/06)
          TotalDefense (AV Def: 2017/04/05)                 TrendMicro (AV Def: 2017/04/05)
          TrendMicroHouseCall (AV Def: 2017/04/04)          VirITeXplorer (AV Def: 2017/04/06)
          VirusBlokAda (AV Def: 2017/04/06)                 Xvirus (AV Def: 2017/04/06)
          Zoner (AV Def: 2017/04/05)                        nProtect (AV Def: 2017/04/06)


firefox.exe 2017/05/05 06:18:04 PM 1/40
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SHA256: 1ED1BBBCC9E413E67DCEC73586AFA5D96727B3B35AAAE29CFC01500B7FD7A6D0
          Threat Name: Trojan.Win32.Heur.Gen
          AV Name: ByteHero
          AV Definition Date: 2017/05/05

Clean Engine Results:
          AVG (AV Def: 2017/05/04)                          AegisLab (AV Def: 2017/05/05)
          Agnitum (AV Def: 2017/05/04)                      Ahnlab (AV Def: 2017/05/04)
          Avira (AV Def: 2017/05/04)                        Baidu (AV Def: 2017/05/05)
          BitDefender (AV Def: 2017/05/05)                  CYREN (AV Def: 2017/05/05)
          ClamAV (AV Def: 2017/05/05)                       DrWebGateway (AV Def: 2017/05/05)
          ESET (AV Def: 2017/05/05)                         Emsisoft (AV Def: 2017/05/05)
          F-prot (AV Def: 2017/05/05)                       F-secure (AV Def: Unknown)
          Filseclab (AV Def: 2017/05/04)                    Fortinet (AV Def: 2017/05/05)
          Hauri (AV Def: 2017/05/05)                        Ikarus (AV Def: 2017/05/05)
          Jiangmin (AV Def: 2017/05/05)                     K7 (AV Def: 2017/04/04)
          Lavasoft (AV Def: 2017/05/05)                     McAfee (AV Def: 2017/05/05)
          Microsoft (AV Def: 2017/05/05)                    NANOAV (AV Def: 2017/05/05)
          Preventon (AV Def: 2017/05/04)                    QuickHeal (AV Def: 2017/05/05)
          STOPzilla (AV Def: 2017/05/04)                    SUPERAntiSpyware (AV Def: 2017/05/04)
          Sophos (AV Def: 2017/04/04)                       ThreatTrack (AV Def: 2017/05/05)
          TotalDefense (AV Def: 2017/05/04)                 TrendMicro (AV Def: 2017/05/05)
          TrendMicroHouseCall (AV Def: 2017/05/04)          VirITeXplorer (AV Def: 2017/05/04)
          VirusBlokAda (AV Def: 2017/05/04)                 Xvirus (AV Def: 2017/05/05)
          Zillya! (AV Def: 2017/05/04)                      Zoner (AV Def: 2017/05/04)
          nProtect (AV Def: 2017/05/05)          

plugin-container.exe 2017/05/06 10:27:05 AM 1/40
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
SHA256: 99318D635FF7C9518CE6EB093121C2C3746BA72B063C0BAA73749ABAD88DA588
          Threat Name: Trojan.Win32.Heur.Gen
          AV Name: ByteHero
          AV Definition Date: 2017/05/06

Clean Engine Results:
          AVG (AV Def: 2017/05/06)                          AegisLab (AV Def: 2017/05/06)
          Agnitum (AV Def: 2017/05/04)                      Ahnlab (AV Def: 2017/05/05)
          Avira (AV Def: 2017/05/05)                        Baidu (AV Def: 2017/05/06)
          BitDefender (AV Def: 2017/05/06)                  CYREN (AV Def: 2017/05/06)
          ClamAV (AV Def: 2017/05/06)                       DrWebGateway (AV Def: 2017/05/06)
          ESET (AV Def: 2017/05/05)                         Emsisoft (AV Def: 2017/05/06)
          F-prot (AV Def: 2017/05/06)                       F-secure (AV Def: 2017/05/06)
          Filseclab (AV Def: 2017/05/06)                    Fortinet (AV Def: 2017/05/06)
          Hauri (AV Def: 2017/05/06)                        Ikarus (AV Def: 2017/05/06)
          Jiangmin (AV Def: 2017/05/06)                     K7 (AV Def: 2017/05/06)
          Lavasoft (AV Def: 2017/05/06)                     McAfee (AV Def: 2017/05/06)
          Microsoft (AV Def: 2017/05/05)                    NANOAV (AV Def: 2017/05/05)
          Preventon (AV Def: 2017/05/06)                    QuickHeal (AV Def: 2017/05/06)
          STOPzilla (AV Def: 2017/05/06)                    SUPERAntiSpyware (AV Def: 2017/05/05)
          Sophos (AV Def: 2017/05/05)                       ThreatTrack (AV Def: 2017/05/06)
          TotalDefense (AV Def: 2017/05/05)                 TrendMicro (AV Def: 2017/05/06)
          TrendMicroHouseCall (AV Def: 2017/05/05)          VirITeXplorer (AV Def: 2017/05/05)
          VirusBlokAda (AV Def: 2017/05/05)                 Xvirus (AV Def: 2017/05/06)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/05/04)
          nProtect (AV Def: 2017/05/06)          

MSVCP120.dll 2017/05/11 04:45:11 PM 1/40
C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\MSVCP120.dll
SHA256: 87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
          Threat Name: Adware.Mobogenie.A.zrvw
          AV Name: Filseclab
          AV Definition Date: 2017/04/30

Clean Engine Results:
          AVG (AV Def: 2017/05/10)                          AegisLab (AV Def: 2017/05/10)
          Agnitum (AV Def: 2017/05/05)                      Ahnlab (AV Def: 2017/05/10)
          Avira (AV Def: 2017/05/10)                        Baidu (AV Def: 2017/05/11)
          BitDefender (AV Def: 2017/05/11)                  ByteHero (AV Def: 2017/05/11)
          CYREN (AV Def: 2017/05/11)                        ClamAV (AV Def: 2017/05/10)
          DrWebGateway (AV Def: 2017/05/11)                 ESET (AV Def: 2017/05/11)
          Emsisoft (AV Def: 2017/05/11)                     F-prot (AV Def: 2017/05/11)
          F-secure (AV Def: 2017/05/11)                     Fortinet (AV Def: 2017/05/11)
          Hauri (AV Def: 2017/05/11)                        Ikarus (AV Def: 2017/05/10)
          Jiangmin (AV Def: 2017/05/11)                     K7 (AV Def: 2017/05/11)
          Lavasoft (AV Def: 2017/05/11)                     McAfee (AV Def: 2017/05/10)
          Microsoft (AV Def: 2017/05/10)                    NANOAV (AV Def: 2017/05/10)
          Preventon (AV Def: 2017/05/10)                    QuickHeal (AV Def: 2017/05/11)
          STOPzilla (AV Def: 2017/05/10)                    SUPERAntiSpyware (AV Def: 2017/05/10)
          Sophos (AV Def: 2017/05/10)                       ThreatTrack (AV Def: 2017/05/11)
          TotalDefense (AV Def: 2017/05/10)                 TrendMicro (AV Def: 2017/05/10)
          TrendMicroHouseCall (AV Def: 2017/04/30)          VirITeXplorer (AV Def: 2017/05/10)
          VirusBlokAda (AV Def: 2017/05/10)                 Xvirus (AV Def: 2017/05/11)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/05/10)
          nProtect (AV Def: 2017/05/10)          

LIBWAUTILS.dll 2017/05/02 08:49:47 PM 1/40
C:\Users\Rob\AppData\Roaming\Metadefender-Local\x64\LIBWAUTILS.dll
SHA256: A504310DCFAC00381766B65A7BDB188DF0CF1CD26E878763FF9ADB34FCD68A83
          Threat Name: TrojanSpy.Agent.bthp.ickd.mg
          AV Name: Filseclab
          AV Definition Date: 2017/05/02

Clean Engine Results:
          AVG (AV Def: 2017/05/02)                          AegisLab (AV Def: 2017/05/02)
          Agnitum (AV Def: 2017/04/28)                      Ahnlab (AV Def: 2017/05/02)
          Avira (AV Def: 2017/05/02)                        Baidu (AV Def: 2017/05/02)
          BitDefender (AV Def: 2017/05/02)                  ByteHero (AV Def: 2017/05/02)
          CYREN (AV Def: 2017/05/02)                        ClamAV (AV Def: 2017/05/02)
          DrWebGateway (AV Def: 2017/05/02)                 ESET (AV Def: 2017/05/02)
          Emsisoft (AV Def: 2017/05/02)                     F-prot (AV Def: 2017/05/02)
          F-secure (AV Def: 2017/05/02)                     Fortinet (AV Def: 2017/05/02)
          Hauri (AV Def: 2017/05/02)                        Ikarus (AV Def: 2017/05/02)
          Jiangmin (AV Def: 2017/05/02)                     K7 (AV Def: 2017/04/04)
          Lavasoft (AV Def: 2017/05/02)                     McAfee (AV Def: 2017/05/02)
          Microsoft (AV Def: 2017/05/02)                    NANOAV (AV Def: 2017/05/02)
          Preventon (AV Def: 2017/05/02)                    QuickHeal (AV Def: 2017/05/02)
          STOPzilla (AV Def: 2017/04/21)                    SUPERAntiSpyware (AV Def: 2017/05/01)
          Sophos (AV Def: 2017/05/02)                       ThreatTrack (AV Def: 2017/05/02)
          TotalDefense (AV Def: 2017/04/25)                 TrendMicro (AV Def: 2017/05/02)
          TrendMicroHouseCall (AV Def: 2017/05/01)          VirITeXplorer (AV Def: 2017/05/02)
          VirusBlokAda (AV Def: 2017/05/02)                 Xvirus (AV Def: 2017/05/02)
          Zillya! (AV Def: 2017/04/28)                      Zoner (AV Def: 2017/04/27)
          nProtect (AV Def: 2017/05/02)          

nvwgf2umx.dll 2017/05/11 05:24:44 AM 1/40
C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvwgf2umx.dll
SHA256: 557299FD8372CB08089D6544C686F97D940E82D989735A6045C2889B6D82DF85
          Threat Name: TrojanDldr.Mufanom.aafz.wgbk.dll.mg
          AV Name: Filseclab
          AV Definition Date: 2017/04/30

Clean Engine Results:
          AVG (AV Def: 2017/05/10)                          AegisLab (AV Def: 2017/05/10)
          Agnitum (AV Def: 2017/05/05)                      Ahnlab (AV Def: 2017/05/10)
          Avira (AV Def: 2017/05/10)                        Baidu (AV Def: 2017/05/11)
          BitDefender (AV Def: 2017/05/10)                  ByteHero (AV Def: 2017/05/10)
          CYREN (AV Def: 2017/05/10)                        ClamAV (AV Def: 2017/05/10)
          DrWebGateway (AV Def: 2017/05/11)                 ESET (AV Def: 2017/05/10)
          Emsisoft (AV Def: 2017/05/10)                     F-prot (AV Def: 2017/05/10)
          F-secure (AV Def: 2017/05/10)                     Fortinet (AV Def: 2017/05/10)
          Hauri (AV Def: 2017/05/10)                        Ikarus (AV Def: 2017/05/10)
          Jiangmin (AV Def: 2017/05/10)                     K7 (AV Def: 2017/05/10)
          Lavasoft (AV Def: 2017/05/10)                     McAfee (AV Def: 2017/05/10)
          Microsoft (AV Def: 2017/05/10)                    NANOAV (AV Def: 2017/05/10)
          Preventon (AV Def: 2017/05/10)                    QuickHeal (AV Def: 2017/05/10)
          STOPzilla (AV Def: 2017/05/10)                    SUPERAntiSpyware (AV Def: 2017/05/10)
          Sophos (AV Def: 2017/05/10)                       ThreatTrack (AV Def: 2017/05/10)
          TotalDefense (AV Def: 2017/05/10)                 TrendMicro (AV Def: 2017/05/10)
          TrendMicroHouseCall (AV Def: 2017/04/30)          VirITeXplorer (AV Def: 2017/05/10)
          VirusBlokAda (AV Def: 2017/05/10)                 Xvirus (AV Def: 2017/05/10)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/04/30)
          nProtect (AV Def: 2017/05/10)          

SHELL32.dll 2017/05/11 12:59:15 AM 1/40
C:\Windows\System32\SHELL32.dll
SHA256: 3F8D0E98ACD5AF445CEAAC03096AB9DF6A5F85EEDE128177F6F6B68ED23C8E59
          Threat Name: Packed.Katusha.o.kujg.mg
          AV Name: Filseclab
          AV Definition Date: 2017/04/30

Clean Engine Results:
          AVG (AV Def: 2017/05/10)                          AegisLab (AV Def: 2017/05/10)
          Agnitum (AV Def: 2017/05/05)                      Ahnlab (AV Def: 2017/05/10)
          Avira (AV Def: 2017/05/10)                        Baidu (AV Def: 2017/05/11)
          BitDefender (AV Def: 2017/05/10)                  ByteHero (AV Def: 2017/05/10)
          CYREN (AV Def: 2017/05/10)                        ClamAV (AV Def: 2017/05/10)
          DrWebGateway (AV Def: 2017/05/11)                 ESET (AV Def: 2017/05/10)
          Emsisoft (AV Def: 2017/05/10)                     F-prot (AV Def: 2017/05/10)
          F-secure (AV Def: 2017/05/10)                     Fortinet (AV Def: 2017/05/10)
          Hauri (AV Def: 2017/05/10)                        Ikarus (AV Def: 2017/05/10)
          Jiangmin (AV Def: 2017/05/10)                     K7 (AV Def: 2017/05/10)
          Lavasoft (AV Def: 2017/05/10)                     McAfee (AV Def: 2017/05/10)
          Microsoft (AV Def: 2017/04/30)                    NANOAV (AV Def: 2017/05/10)
          Preventon (AV Def: 2017/05/10)                    QuickHeal (AV Def: 2017/05/10)
          STOPzilla (AV Def: 2017/05/10)                    SUPERAntiSpyware (AV Def: 2017/05/10)
          Sophos (AV Def: 2017/05/10)                       ThreatTrack (AV Def: 2017/05/10)
          TotalDefense (AV Def: 2017/05/10)                 TrendMicro (AV Def: 2017/05/10)
          TrendMicroHouseCall (AV Def: 2017/04/30)          VirITeXplorer (AV Def: 2017/05/10)
          VirusBlokAda (AV Def: 2017/05/10)                 Xvirus (AV Def: 2017/05/10)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/04/30)
          nProtect (AV Def: 2017/05/10)          

svchost.exe 2017/05/11 04:00:32 AM 1/40
C:\Windows\System32\svchost.exe
SHA256: 438B6CCD84F4DD32D9684ED7D58FD7D1E5A75FE3F3D12AB6C788E6BB0FFAD5E7
          Threat Name: Packed.Katusha.o.kujg.mg
          AV Name: Filseclab
          AV Definition Date: 2017/04/30

Clean Engine Results:
          AVG (AV Def: 2017/05/10)                          AegisLab (AV Def: 2017/05/10)
          Agnitum (AV Def: 2017/05/05)                      Ahnlab (AV Def: 2017/05/10)
          Avira (AV Def: 2017/05/10)                        Baidu (AV Def: 2017/05/11)
          BitDefender (AV Def: 2017/05/11)                  ByteHero (AV Def: 2017/05/11)
          CYREN (AV Def: 2017/05/11)                        ClamAV (AV Def: 2017/05/10)
          DrWebGateway (AV Def: 2017/05/11)                 ESET (AV Def: 2017/05/10)
          Emsisoft (AV Def: 2017/05/11)                     F-prot (AV Def: 2017/05/11)
          F-secure (AV Def: 2017/05/11)                     Fortinet (AV Def: 2017/05/11)
          Hauri (AV Def: 2017/05/11)                        Ikarus (AV Def: 2017/05/10)
          Jiangmin (AV Def: 2017/05/10)                     K7 (AV Def: 2017/04/04)
          Lavasoft (AV Def: 2017/05/11)                     McAfee (AV Def: 2017/05/10)
          Microsoft (AV Def: 2017/05/10)                    NANOAV (AV Def: 2017/05/10)
          Preventon (AV Def: 2017/05/10)                    QuickHeal (AV Def: 2017/05/10)
          STOPzilla (AV Def: 2017/04/30)                    SUPERAntiSpyware (AV Def: 2017/05/10)
          Sophos (AV Def: 2017/05/10)                       ThreatTrack (AV Def: 2017/05/11)
          TotalDefense (AV Def: 2017/05/10)                 TrendMicro (AV Def: 2017/05/10)
          TrendMicroHouseCall (AV Def: 2017/04/30)          VirITeXplorer (AV Def: 2017/05/10)
          VirusBlokAda (AV Def: 2017/05/10)                 Xvirus (AV Def: 2017/05/11)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/05/10)
          nProtect (AV Def: 2017/05/10)          

WININET.dll 2017/05/11 01:00:50 AM 1/40
C:\Windows\System32\WININET.dll
SHA256: B800421A2D7FADC08A513E8FD343DB7BFA80A75A903740E48922E63FAAF8D4E2
          Threat Name: Suspicious:NewThreat.165
          AV Name: Xvirus
          AV Definition Date: 2017/05/10

Clean Engine Results:
          AVG (AV Def: 2017/04/30)                          AegisLab (AV Def: 2017/05/10)
          Agnitum (AV Def: 2017/05/04)                      Ahnlab (AV Def: 2017/05/10)
          Avira (AV Def: 2017/05/10)                        Baidu (AV Def: 2017/05/11)
          BitDefender (AV Def: 2017/05/10)                  ByteHero (AV Def: 2017/05/10)
          CYREN (AV Def: 2017/05/10)                        ClamAV (AV Def: 2017/05/10)
          DrWebGateway (AV Def: 2017/05/11)                 ESET (AV Def: 2017/05/10)
          Emsisoft (AV Def: 2017/05/10)                     F-prot (AV Def: 2017/05/10)
          F-secure (AV Def: 2017/05/10)                     Filseclab (AV Def: 2017/04/30)
          Fortinet (AV Def: 2017/05/10)                     Hauri (AV Def: 2017/05/10)
          Ikarus (AV Def: 2017/05/10)                       Jiangmin (AV Def: 2017/05/10)
          K7 (AV Def: 2017/05/10)                           Lavasoft (AV Def: 2017/05/10)
          McAfee (AV Def: 2017/05/10)                       Microsoft (AV Def: 2017/05/10)
          NANOAV (AV Def: 2017/05/10)                       Preventon (AV Def: 2017/05/10)
          QuickHeal (AV Def: 2017/05/10)                    STOPzilla (AV Def: 2017/05/10)
          SUPERAntiSpyware (AV Def: 2017/04/30)             Sophos (AV Def: 2017/05/10)
          ThreatTrack (AV Def: 2017/05/10)                  TotalDefense (AV Def: 2017/04/30)
          TrendMicro (AV Def: 2017/05/10)                   TrendMicroHouseCall (AV Def: 2017/04/30)
          VirITeXplorer (AV Def: 2017/05/10)                VirusBlokAda (AV Def: 2017/05/10)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/04/30)
          nProtect (AV Def: 2017/05/10)          

WININET.dll 2017/04/30 10:19:48 PM 1/40
C:\Windows\SysWOW64\WININET.dll
SHA256: B9E5DB3C2284D46FA717F29AD3A7B407A633D0C996C1C4369BFD5FF07DFA6925
          Threat Name: Suspicious:NewThreat.165
          AV Name: Xvirus
          AV Definition Date: 2017/04/30

Clean Engine Results:
          AVG (AV Def: 2017/04/30)                          AegisLab (AV Def: 2017/04/30)
          Agnitum (AV Def: 2017/05/04)                      Ahnlab (AV Def: 2017/04/30)
          Avira (AV Def: 2017/04/30)                        Baidu (AV Def: 2017/04/30)
          BitDefender (AV Def: 2017/04/30)                  ByteHero (AV Def: 2017/04/30)
          CYREN (AV Def: 2017/04/30)                        ClamAV (AV Def: 2017/04/30)
          DrWebGateway (AV Def: 2017/04/30)                 ESET (AV Def: 2017/04/30)
          Emsisoft (AV Def: 2017/04/30)                     F-prot (AV Def: 2017/04/30)
          F-secure (AV Def: 2017/04/30)                     Filseclab (AV Def: 2017/04/30)
          Fortinet (AV Def: 2017/04/30)                     Hauri (AV Def: 2017/04/30)
          Ikarus (AV Def: 2017/04/30)                       Jiangmin (AV Def: 2017/04/30)
          K7 (AV Def: 2017/04/04)                           Lavasoft (AV Def: 2017/04/30)
          McAfee (AV Def: 2017/04/30)                       Microsoft (AV Def: 2017/04/30)
          NANOAV (AV Def: 2017/04/30)                       Preventon (AV Def: 2017/04/30)
          QuickHeal (AV Def: 2017/04/30)                    STOPzilla (AV Def: 2017/05/06)
          SUPERAntiSpyware (AV Def: 2017/04/30)             Sophos (AV Def: 2017/04/30)
          ThreatTrack (AV Def: 2017/04/30)                  TotalDefense (AV Def: 2017/04/30)
          TrendMicro (AV Def: 2017/04/30)                   TrendMicroHouseCall (AV Def: 2017/04/30)
          VirITeXplorer (AV Def: 2017/04/30)                VirusBlokAda (AV Def: 2017/05/06)
          Zillya! (AV Def: 2017/05/05)                      Zoner (AV Def: 2017/04/30)
          nProtect (AV Def: 2017/04/30)          


----------Unknowns----------
C:\Users\Rob\Downloads\Metadefender-Client-Cloud_4.0.5.exe  Exceeded archive file number

----------Operating Memory----------
[Potential Infection] C:\Program Files\Kabuto\Kabuto.exe
[Potential Infection] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[Potential Infection] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[Potential Infection] C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[Potential Infection] C:\Users\Rob\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\MSVCP120.dll
[Potential Infection] C:\Users\Rob\AppData\Roaming\Metadefender-Local\x64\LIBWAUTILS.dll
[Potential Infection] C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvwgf2umx.dll
[Potential Infection] C:\Windows\System32\shell32.dll
[Potential Infection] C:\Windows\system32\svchost.exe
[Potential Infection] C:\Windows\SYSTEM32\WININET.dll
[Potential Infection] C:\Windows\SysWOW64\WININET.dll
[Potential Infection] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
[Potential Infection] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
[Potential Infection] C:\Program Files\Emsisoft Anti-Malware\a2service.exe
[Potential Infection] C:\Program Files\Emsisoft Anti-Malware\a2start.exe
[Potential Infection] C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
[Potential Infection] C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
[Potential Infection] C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
[Potential Infection] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
[Potential Infection] C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
[Potential Infection] C:\Users\Rob\AppData\Roaming\Metadefender-Local\MetadefenderApp.exe
[Potential Infection] C:\Users\Rob\AppData\Roaming\Metadefender-Local\x64\mdproxy.exe
[Potential Infection] C:\Windows\explorer.exe
[Potential Infection] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
[Potential Infection] C:\Windows\System32\ApplicationFrameHost.exe
[Potential Infection] C:\Windows\System32\conhost.exe
[Potential Infection] C:\Windows\System32\dasHost.exe
[Potential Infection] C:\Windows\System32\dllhost.exe
[Potential Infection] C:\Windows\System32\dwm.exe
[Potential Infection] C:\Windows\System32\fontdrvhost.exe
[Potential Infection] C:\Windows\System32\RuntimeBroker.exe
[Potential Infection] C:\Windows\System32\SearchIndexer.exe
[Potential Infection] C:\Windows\System32\SearchProtocolHost.exe
[Potential Infection] C:\Windows\System32\sihost.exe
[Potential Infection] C:\Windows\System32\smartscreen.exe
[Potential Infection] C:\Windows\System32\spoolsv.exe
[Potential Infection] C:\Windows\System32\taskhostw.exe
[Potential Infection] C:\Windows\System32\wbem\unsecapp.exe
[Potential Infection] C:\Windows\System32\wbem\WmiPrvSE.exe
[Potential Infection] C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
[Potential Infection] C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
[Potential Infection] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_148.exe

Archon Prime · May 11, 2017

Yikes...

Your PCMD · May 11, 2017

McFarland IT said:
Yikes...

I know right? I'm surprised that it just didn't tell me that Windows 10 itself is an infection, but we already knew that.

Archon Prime · May 11, 2017

Haha, wow.. you don't want to be using that if your a novice that's for damn sure.

fencepost · May 11, 2017

Seems like it might be a good way to identify AVs that you never ever ever want near your systems....

GTP · May 12, 2017

Yeah, definitely not for the novice!
But when you look at the names of the products that flagged the supposed infections??
Zillya, Jiangmin, ByteHero, Filesclab, and xVirus. Like @fencepost said, good way to identify AV's you don't want...

None of the mainstream AV's flagged anything, though.

Krynn72 · May 12, 2017

Your PCMD said:
I'm surprised that it just didn't tell me that Windows 10 itself is an infection,

... it basically did.

[Potential Infection] C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvwgf2umx.dll
[Potential Infection] C:\Windows\System32\shell32.dll
[Potential Infection] C:\Windows\system32\svchost.exe
[Potential Infection] C:\Windows\SYSTEM32\WININET.dll
[Potential Infection] C:\Windows\SysWOW64\WININET.dll
[Potential Infection] C:\Windows\explorer.exe
[Potential Infection] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
[Potential Infection] C:\Windows\System32\ApplicationFrameHost.exe
[Potential Infection] C:\Windows\System32\conhost.exe
[Potential Infection] C:\Windows\System32\dasHost.exe
[Potential Infection] C:\Windows\System32\dllhost.exe
[Potential Infection] C:\Windows\System32\dwm.exe
[Potential Infection] C:\Windows\System32\fontdrvhost.exe
[Potential Infection] C:\Windows\System32\RuntimeBroker.exe
[Potential Infection] C:\Windows\System32\SearchIndexer.exe
[Potential Infection] C:\Windows\System32\SearchProtocolHost.exe
[Potential Infection] C:\Windows\System32\sihost.exe
[Potential Infection] C:\Windows\System32\smartscreen.exe
[Potential Infection] C:\Windows\System32\spoolsv.exe
[Potential Infection] C:\Windows\System32\taskhostw.exe
[Potential Infection] C:\Windows\System32\wbem\unsecapp.exe
[Potential Infection] C:\Windows\System32\wbem\WmiPrvSE.exe

In fact, probably the most accurate it got was:

[Potential Infection] C:\Users\Rob\AppData\Roaming\Metadefender-Local\MetadefenderApp.exe
[Potential Infection] C:\Users\Rob\AppData\Roaming\Metadefender-Local\x64\mdproxy.exe

Desktop Icons Turning off on Windows 7 - After enabling them, the user STILL sees no icons

Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads