Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unresponsive Computer and will not do Windows Updates


  • Please log in to reply
7 replies to this topic

#1 ppd_2001

ppd_2001

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 30 September 2016 - 03:39 PM

Hi,

 

My computer has become very unresponsive when I use it and keeps hanging it also will not allow me to do any Windows Updates. IE11 keeps saying it needs to close down and the CPU processer seems to be running very fast even though I don't have many things open.

 

When I try to shut the computer down it says it can't shut down as something is still running but it doesn't say what it is.

 

I also notice in the log below that it has Firefox on the list but I haven't had this installed for ages?!?!

 

Any help or guidance with this would be greatly appreciated as I am struggling to get this sorted out and the computer is running really badly.

 

FRST Log: -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2016
Ran by Marta & Peter (administrator) on MARTAPETER-PC (30-09-2016 20:46:18)
Running from C:\Users\Marta & Peter\Desktop
Loaded Profiles: Marta & Peter (Available Profiles: Marta & Peter)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd.) C:\Windows\OEM07Mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OEM07Mon.exe] => C:\Windows\OEM07Mon.exe [36864 2007-07-19] (Creative Technology Ltd.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295072 2012-12-24] (RealNetworks, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-03] (Wondershare)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2728472 2014-12-16] (Sony Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-816525853-1855857107-3829641083-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [2093856 2016-07-18] (TomTom)
HKU\S-1-5-21-816525853-1855857107-3829641083-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-816525853-1855857107-3829641083-1001] =>
AutoConfigURL: [S-1-5-21-816525853-1855857107-3829641083-1001] =>
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{39E2750D-D619-42D5-8DCE-624247A81C53}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D281C9CC-F566-4C8E-A316-7B6B69CB76C7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-816525853-1855857107-3829641083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-816525853-1855857107-3829641083-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-816525853-1855857107-3829641083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-10] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-10] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Marta & Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7t02s4dy.default
FF Homepage: hxxp://www.quidco.com/
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDJ67jFfFbVMfug_IrPdAB5t0DkE3lrgSRBH2GE7xWmN0hrI1nKvKLmcTV4-SkADuQOCwcxq3FWyZS9dp4ZKVMqpnwSHeOwzqJJzjUVPU_uP9DFczQi0nsXGgKcLUrDvlQa21ZMcFyDzFqtrQBAVaBpVskA8xTwqyYUUKBGpTbOFe4ivhb-sE6lmIzsQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-12-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-12-24] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-816525853-1855857107-3829641083-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marta & Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-816525853-1855857107-3829641083-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll [2012-08-30] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Marta & Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7t02s4dy.default\user.js [2014-11-29]
FF SearchPlugin: C:\Users\Marta & Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7t02s4dy.default\searchplugins\Web Search.xml [2014-05-16]
FF Extension: (Google Translator for Firefox) - C:\Users\Marta & Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7t02s4dy.default\extensions\translator@zoli.bod.xpi [2013-02-15] [not signed]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [not found]
FF Extension: (No Name) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [not found]
FF Extension: (TopArcadeHits) - C:\Users\Marta & Peter\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-05-26] [not signed]
FF Extension: (Anti-Banner) - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-11-16] [not signed]
FF Extension: (Kaspersky URL Advisor) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-11-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-24]
FF HKLM\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-17]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.quidco.com/home/"
CHR Profile: C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default [2016-08-15]
CHR Extension: (Google Slides) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]
CHR Extension: (Rapport) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-18]
CHR Extension: (YouTube) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-10]
CHR Extension: (Google Sheets) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (RealDownloader) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-12-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Marta & Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-15]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-816525853-1855857107-3829641083-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-10] (Kaspersky Lab ZAO)
R2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-09-12] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [290304 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2013-08-09] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R3 CXSONORA; C:\Windows\System32\drivers\A885VCap.sys [733824 2007-09-07] (AVerMedia TECHNOLOGIES, Inc.)
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14656 2007-05-17] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [51032 2016-08-17] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-09-30] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [778584 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [94040 2016-08-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
R3 OEM07Vfx; C:\Windows\System32\DRIVERS\OEM07Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM07Vid; C:\Windows\System32\DRIVERS\OEM07Vid.sys [235552 2007-07-19] (Creative Technology Ltd.)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609053.sys [775592 2016-09-16] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [328808 2016-09-12] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [101992 2016-09-12] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [257608 2016-09-12] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [407880 2016-09-12] (IBM Corp.)
S3 scusbvip; C:\Windows\System32\DRIVERS\scusbvip.sys [610976 2009-11-17] ( ) [File not signed]
S3 SLVAD_simple; C:\Windows\System32\drivers\slvad.sys [79072 2009-11-17] ( ) [File not signed]
R0 TLRecAgent; C:\Windows\System32\DRIVERS\TLRecAgent.sys [30400 2009-11-17] ( ) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-03-29] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MARTA&~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Users\MARTA&~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-30 20:46 - 2016-09-30 20:49 - 00024480 _____ C:\Users\Marta & Peter\Desktop\FRST.txt
2016-09-30 20:45 - 2016-09-30 20:46 - 00000000 ____D C:\FRST
2016-09-30 20:44 - 2016-09-30 20:44 - 01754624 _____ (Farbar) C:\Users\Marta & Peter\Desktop\FRST.exe
2016-09-30 19:28 - 2016-09-30 19:28 - 00012802 _____ C:\ComboFix.txt
2016-09-30 18:55 - 2016-09-30 19:28 - 00000000 ____D C:\Qoobox
2016-09-25 21:32 - 2016-09-25 21:32 - 00168124 _____ C:\Users\Marta & Peter\Desktop\yjaZui3C6J_sheet.jpeg
2016-09-25 21:26 - 2016-09-25 21:26 - 00134354 _____ C:\Users\Marta & Peter\Desktop\2b9gA1ZNIc_sheet.jpeg
2016-09-12 20:21 - 2016-09-12 20:21 - 00257608 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-09-12 20:21 - 2016-09-12 20:21 - 00101992 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-30 20:29 - 2011-06-26 15:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-30 19:56 - 2012-02-07 21:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-30 19:51 - 2014-04-29 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-30 19:43 - 2009-07-14 05:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-30 19:43 - 2009-07-14 05:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-30 19:36 - 2012-02-07 21:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-30 19:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-30 19:23 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-09-30 13:56 - 2011-07-03 13:38 - 00000256 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2016-09-25 21:35 - 2011-06-26 15:24 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-25 21:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-09-25 21:32 - 2013-12-28 19:23 - 02336768 ___SH C:\Users\Marta & Peter\Desktop\Thumbs.db
2016-09-25 21:27 - 2011-08-04 17:39 - 00000000 ____D C:\Users\Marta & Peter\Desktop\Marta
2016-09-25 19:24 - 2015-01-22 21:47 - 00000000 __SHD C:\Users\Marta & Peter\AppData\LocalLow\EmieUserList
2016-09-25 19:24 - 2015-01-22 21:47 - 00000000 __SHD C:\Users\Marta & Peter\AppData\LocalLow\EmieSiteList
2016-09-19 19:09 - 2014-12-27 12:15 - 00002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 09:21 - 2013-09-18 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-09-13 10:51 - 2012-04-08 10:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-13 10:51 - 2011-06-27 20:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 10:51 - 2011-06-27 20:03 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 10:35 - 2012-07-02 13:07 - 00000000 ____D C:\Users\Marta & Peter\Desktop\to compres pictures
2016-09-13 10:14 - 2014-04-13 21:04 - 00000000 ____D C:\Users\Marta & Peter\Desktop\facebook
2016-09-03 13:48 - 2016-01-17 10:01 - 00000000 ____D C:\Users\Marta & Peter\Desktop\Otters

==================== Files in the root of some directories =======

2013-09-11 20:28 - 2013-09-13 15:52 - 0000154 _____ () C:\Users\Marta & Peter\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-11 20:13 - 2014-01-03 12:56 - 0002009 _____ () C:\Users\Marta & Peter\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-09-11 20:28 - 2013-09-13 15:49 - 0000154 _____ () C:\Users\Marta & Peter\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-27 16:30 - 2012-07-27 16:30 - 0002055 ____H () C:\Users\Marta & Peter\AppData\Local\recently-used.xbel
2016-07-10 11:23 - 2016-07-10 11:23 - 0007601 _____ () C:\Users\Marta & Peter\AppData\Local\Resmon.ResmonCfg
2011-06-26 15:43 - 2011-06-26 15:43 - 0017408 ____H () C:\Users\Marta & Peter\AppData\Local\WebpageIcons.db
2011-06-28 18:11 - 2011-06-28 18:11 - 0000032 _____ () C:\ProgramData\ezsid.dat

Files to move or delete:
====================
C:\ProgramData\ezsid.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-23 10:24

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 02 October 2016 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
===

Also, please run the Farbar tool and post the FRST and Addition.txt files for my review.

Let me know what problem persists.

#3 ppd_2001

ppd_2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 05 October 2016 - 04:17 PM

Hi nasdaq,

 

Thank you for your help with this.

 

When I run the zoek results file never opened and I left it running all night as I wasn't sure it was finished. I have looked on my C drive and I have found this but not sure if was completed properly.

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marta & Peter\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

02/10/2016 18:42:12 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Aimersoft deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\TomTom DesktopSuite deleted successfully
C:\Program Files\Zoom deleted successfully
C:\Program Files\Common Files\XCPCSync.OEM deleted successfully
C:\PROGRA~2\AMD deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~2\xml_param deleted successfully

 

It seem to hang when it got to this line: -  --- C:\Users\Public\Desktop DB Check

 

Please let me know if this is right and then I will run the FRST again.

 

I am able to run Windows Updates now but programs still seem to hang.

 

Thanks once again for your help.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 06 October 2016 - 08:40 AM


Check the properties of this folder in bold.

C:\Users\Public\Desktop DB Check

What is it for?

Any files in the folder?

#5 ppd_2001

ppd_2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 06 October 2016 - 12:57 PM

Hi nasdaq,

 

I can't find the folder mentioned above. I have attached a screenshot of the folders in C:\Users\Public\

 

Attached File  Screenshot.jpg   114.38KB   0 downloads

 

Thanks for your help,

 

P



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 07 October 2016 - 08:25 AM


Ensure that you can see all folders.

Unhide files/folders Windows 7.
How To:
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7
<<<>>>

SystemLook.exe
SystemLook_x64.exe
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :folderfind
    *Desktop*
    *DB Check*
    :regfind
    DB Check
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    • The log can also be found on your Desktop entitled SystemLook.txt.
    ===



#7 ppd_2001

ppd_2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 09 October 2016 - 11:46 AM

Hi nasdaq,

 

Here is the SystemLook Log: -

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:27 on 09/10/2016 by Marta & Peter
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Desktop*"
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files d------ [19:08 27/07/2016]
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select d------ [19:08 27/07/2016]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\Desktop d------ [20:50 10/12/2015]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\Desktop d------ [19:50 28/06/2016]
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop d------ [04:52 14/07/2009]
C:\ProgramData\Desktop d--hs-- [04:53 14/07/2009]
C:\Users\All Users\Desktop d--hs-- [04:53 14/07/2009]
C:\Users\Default\Desktop dr----- [02:37 14/07/2009]
C:\Users\Marta & Peter\Desktop dr----- [14:15 26/06/2011]
C:\Users\Public\Desktop dr-h--- [02:37 14/07/2009]
C:\Windows\ServiceProfiles\LocalService\Desktop dr----- [04:34 14/07/2009]
C:\Windows\ServiceProfiles\NetworkService\Desktop dr----- [04:34 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3c3cefa73b2cf8e4 d------ [04:56 14/07/2009]
C:\Windows\winsxs\x86_desktop_shell-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_fece51ebea01731d d------ [04:49 14/07/2009]
C:\Windows\winsxs\x86_desktop_shell-gettingstarted_31bf3856ad364e35_6.1.7601.17514_none_00ff65b3e6eff6b7 d------ [17:04 26/06/2011]
C:\Windows\winsxs\x86_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_en-us_243bfe440a88169f d------ [04:56 14/07/2009]
C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7600.16385_none_4ba0fc29fa2e668c d------ [04:50 14/07/2009]
C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7601.17514_none_4dd20ff1f71cea26 d------ [17:04 26/06/2011]
C:\Windows\winsxs\x86_microsoft-windows-desktop-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_68c1ae72539e68c5 d------ [04:56 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-desktop-adm_31bf3856ad364e35_6.1.7600.16385_none_36b849c4ec77984c d------ [04:49 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3 d------ [04:49 14/07/2009]

Searching for "*DB Check*"
No folders found.

========== regfind ==========

Searching for "DB Check"
No data found.

-= EOF =-

 

Thanks,

 

P


Edited by ppd_2001, 09 October 2016 - 01:14 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 10 October 2016 - 10:00 AM

The Public\Desktop exists. It's Read only and is Hidden.

C:\Users\Public\Desktop dr-h--- [02:37 14/07/2009]

If you have executed this instruction:

Unhide files/folders Windows 7.
How To:
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7
<<<>>>


You should be able to find out if that Desktop folder is empty or not.
Let me know.

p.s
Make sure you are looking at the Desktop folder in the Public folder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users