Author Topic: Re-Check Please  (Read 23922 times)

0 Members and 1 Guest are viewing this topic.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #15 on: October 21, 2020, 05:04:40 PM »
2020-10-14 12:50 - 2020-10-14 12:50 - 000068416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000067656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000063296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\PnPUnattend.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000051632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2020-10-14 12:50 - 2020-10-14 12:50 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscacheugc.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxstrace.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2020-10-14 12:50 - 2020-10-14 12:50 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbtugc.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidtel.exe
2020-10-14 12:50 - 2020-10-14 12:50 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EsdSip.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2020-10-14 12:50 - 2020-10-14 12:50 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-10-14 12:50 - 2020-10-14 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 017790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 004050944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 003728384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 003725824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 003581248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 003327776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 003143168 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 002556224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002485248 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002455928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002296832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002260832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002125392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 002074624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001833272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001618704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001614848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001150264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 001092608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001086784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001047040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2020-10-14 12:49 - 2020-10-14 12:49 - 001029952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 001026800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 001008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000916760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2020-10-14 12:49 - 2020-10-14 12:49 - 000875400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000874304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000805184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000722080 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000589392 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000522688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2020-10-14 12:49 - 2020-10-14 12:49 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000437056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000415816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000381656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialEnrollmentManager.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000363112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000343416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000222528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000214840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000183616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000180544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000180032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000174400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000141632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000089928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000088360 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000076952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialEnrollmentManagerForUser.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000058888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000056640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-10-14 12:49 - 2020-10-14 12:49 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000030016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000016704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-10-14 12:49 - 2020-10-14 12:49 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-10-14 12:49 - 2020-10-14 12:49 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2020-10-14 12:26 - 2020-09-09 21:14 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-10-14 12:26 - 2020-09-09 21:12 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-10-12 12:44 - 2020-10-20 16:18 - 000000012 _____ C:\ProgramData\oianbuax.xrl
2020-10-11 11:09 - 2020-10-11 11:09 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Icecream
2020-10-11 11:09 - 2020-10-11 11:09 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\Icecream
2020-10-11 11:09 - 2020-10-11 11:09 - 000000000 ____D C:\Users\Gordon & Nancy\.Icecream Video Editor
2020-10-11 11:07 - 2020-10-11 11:07 - 000001270 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Icecream.lnk
2020-10-11 11:06 - 2020-10-11 11:08 - 000000000 ____D C:\Program Files (x86)\Icecream Video Editor
2020-10-11 11:06 - 2020-10-11 11:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Video Editor
2020-10-09 11:45 - 2020-10-09 11:47 - 000000000 ____D C:\AdwCleaner
2020-10-07 14:09 - 2020-10-19 11:03 - 000000000 ____D C:\ProgramData\TinyWall
2020-10-07 14:09 - 2020-10-18 16:16 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\TinyWall
2020-10-07 14:09 - 2020-10-15 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
2020-10-06 11:22 - 2020-10-06 11:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-10-05 10:43 - 2020-10-05 10:43 - 000001259 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Shaper.lnk
2020-10-03 11:33 - 2020-10-20 11:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound
2020-10-02 17:47 - 2020-10-02 17:47 - 000001221 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\SpywareBlaster.lnk
2020-10-02 17:46 - 2020-10-18 10:39 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2020-10-02 17:46 - 2020-10-07 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2020-10-02 12:05 - 2020-10-07 16:18 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\simplewall
2020-10-02 11:52 - 2020-10-02 11:52 - 000001121 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Mp3tag.lnk
2020-10-02 11:31 - 2020-10-02 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2020-10-01 15:02 - 2020-10-01 15:02 - 000000000 ____D C:\Users\Gordon & Nancy\Documents\FlashIntegro
2020-10-01 15:01 - 2020-10-01 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2020-09-30 14:51 - 2020-09-30 14:53 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\glasswire
2020-09-29 12:05 - 2020-09-29 12:05 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\effectmatrix
2020-09-28 22:31 - 2015-05-29 00:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2020-09-28 22:31 - 2015-05-29 00:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2020-09-28 14:14 - 2020-09-28 14:14 - 000039048 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dfx12x64.sys
2020-09-28 12:35 - 2020-09-28 12:35 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Henry++
2020-09-26 13:49 - 2020-09-26 13:49 - 000461312 _____ (Open-Shell) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2020-09-26 13:48 - 2020-09-26 13:48 - 000562688 _____ (Open-Shell) C:\WINDOWS\system32\StartMenuHelper64.dll
2020-09-24 12:38 - 2020-09-24 12:38 - 000001217 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\FastStone.lnk
2020-09-24 11:59 - 2020-09-26 07:50 - 000000000 ____D C:\Program Files (x86)\PrivacyEraser Computing

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-21 10:05 - 2016-08-20 20:52 - 000000000 ___RD C:\Users\Gordon & Nancy\Desktop\Junk
2020-10-21 10:03 - 2020-09-20 09:50 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\OpenShell
2020-10-21 09:57 - 2020-01-16 02:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 09:49 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-21 09:44 - 2020-01-16 02:18 - 000935116 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-21 09:44 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-21 09:38 - 2020-01-16 02:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-20 16:19 - 2020-08-03 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2020-10-20 15:28 - 2020-01-16 02:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-20 15:13 - 2020-09-17 13:28 - 000000000 ____D C:\ProgramData\GlarySoft
2020-10-20 15:13 - 2020-06-28 09:54 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\GlarySoft
2020-10-20 11:01 - 2019-03-18 21:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-19 11:03 - 2020-07-14 10:13 - 000003253 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2020-10-18 13:07 - 2020-09-20 09:50 - 000000000 ____D C:\Program Files\Open-Shell
2020-10-18 10:39 - 2012-02-13 11:08 - 000000000 ____D C:\ProgramData\Temp
2020-10-16 13:38 - 2017-01-17 13:01 - 000000000 ____D C:\ProgramData\Package Cache
2020-10-16 13:15 - 2020-01-08 11:54 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Mp3tag
2020-10-16 09:24 - 2020-08-30 12:12 - 000000000 ____D C:\Program Files (x86)\Google
2020-10-15 21:34 - 2020-01-16 02:02 - 000870384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-10-15 21:33 - 2020-05-25 10:48 - 000000000 ____D C:\Program Files\Common Files\WebM Project
2020-10-15 11:21 - 2016-08-21 11:44 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\AIMP
2020-10-15 09:57 - 2019-03-18 21:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-10-15 09:35 - 2020-06-13 12:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2020-10-14 13:13 - 2020-01-16 02:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-10-14 13:13 - 2020-01-16 02:35 - 000000000 ___RD C:\Users\Gordon & Nancy\3D Objects
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-10-14 13:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-10-14 13:05 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-10-14 09:54 - 2020-07-10 14:44 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-10-13 10:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-10-13 10:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-10-12 23:57 - 2017-01-07 16:10 - 007250944 _____ (SereneScreen) C:\WINDOWS\SysWOW64\MarineAquarium3.scr
2020-10-12 23:57 - 2017-01-07 16:10 - 007250944 _____ (SereneScreen) C:\WINDOWS\system32\MarineAquarium3.scr
2020-10-11 11:09 - 2020-01-16 02:18 - 000000000 ____D C:\Users\Gordon & Nancy
2020-10-08 12:13 - 2016-08-21 11:44 - 000000000 ____D C:\Program Files (x86)\AIMP
2020-10-07 14:15 - 2020-04-26 22:48 - 000003678 _____ C:\WINDOWS\system32\Tasks\UninstallTool_SkipUAC_Gordon & Nancy
2020-10-06 14:29 - 2016-10-10 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional
2020-10-06 14:29 - 2016-09-08 11:26 - 000000000 ____D C:\Program Files (x86)\BurnAware Professional
2020-10-02 16:38 - 2018-08-16 14:17 - 000000000 ____D C:\Program Files\Pale Moon
2020-10-02 11:31 - 2016-10-01 16:29 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2020-10-01 15:21 - 2020-06-06 11:20 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\MPC-HC
2020-10-01 15:09 - 2020-05-29 15:25 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\FlashIntegro
2020-10-01 14:57 - 2016-09-08 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Professional
2020-10-01 14:57 - 2016-09-08 12:11 - 000000000 ____D C:\Program Files (x86)\PDF Shaper Professional
2020-09-26 07:50 - 2020-07-24 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft

==================== Files in the root of some directories ========

2020-01-29 10:02 - 2020-01-29 10:02 - 000000254 _____ () C:\ProgramData\fontcacheev1.dat
2016-12-27 17:21 - 2016-12-27 17:21 - 000000020 ___SH () C:\Users\Gordon & Nancy\AppData\Roaming\1816CA7466166.ind
2020-05-21 14:57 - 2020-05-21 14:57 - 000286604 _____ () C:\Users\Gordon & Nancy\AppData\Roaming\boo_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2016-08-21 17:07 - 2017-01-03 01:49 - 000000202 _____ () C:\Users\Gordon & Nancy\AppData\Roaming\burnaware.ini
2016-09-08 12:12 - 2017-02-07 11:08 - 000000122 _____ () C:\Users\Gordon & Nancy\AppData\Roaming\pdfshaper.ini
2016-12-27 17:21 - 2016-12-27 17:21 - 000000020 ___SH () C:\Users\Gordon & Nancy\AppData\Roaming\Programs8187ConfigDB.dat
2016-12-31 11:03 - 2017-01-03 01:56 - 000015098 _____ () C:\Users\Gordon & Nancy\AppData\Local\kritarc

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #16 on: October 21, 2020, 05:16:32 PM »
Log from MalwareBytes
===========
2020-10-21 11:07:59.820   --------LOGGING STARTED----------
2020-10-21 11:07:59.820   Tool Version: 1.7.0.827
2020-10-21 11:07:59.820   Dll Version: 1.0.0.226
2020-10-21 11:07:59.821   Log Path: C:\Users\GORDON~1\AppData\Local\Temp\mwb87D6.tmp\mbst-clean-results.txt
2020-10-21 11:07:59.882   User Account Type: Administrator
2020-10-21 11:07:59.882   Date/Time Log Created: 2020-10-21 11:07:59.882
2020-10-21 11:07:59.885   Operating System: Windows 10 (Build 18362.1139) x64
2020-10-21 11:07:59.885   
2020-10-21 11:07:59.886   ======================================================
2020-10-21 11:07:59.922   Pre-Reboot Cleanup
2020-10-21 11:07:59.923   ======================================================
2020-10-21 11:07:59.970   OpenService mbamchameleon failed (1060)
2020-10-21 11:08:00.053   Failed to delete REG:SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}, reason:(Access is denied.(error=5))
2020-10-21 11:08:00.054   Deleted registry key: (SOFTWARE\Malwarebytes)
2020-10-21 11:08:00.063   Deleted registry key: (SOFTWARE\Wow6432Node\Malwarebytes)
2020-10-21 11:08:04.700   LSP Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\######## Not Found
2020-10-21 11:08:04.971   Post reboot settings were configured successfully
2020-10-21 11:08:20.760   --------END OF LOG FILE----------
2020-10-21 11:11:52.103   --------LOGGING STARTED----------
2020-10-21 11:11:52.147   
2020-10-21 11:11:52.163   ======================================================
2020-10-21 11:11:52.183   Post-Reboot Cleanup
2020-10-21 11:11:52.198   ======================================================
2020-10-21 11:11:52.476   Deleted registry key: (SOFTWARE\Malwarebytes)
2020-10-21 11:11:52.548   Failed to delete REG:SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}, reason:(Access is denied.(error=5))
2020-10-21 11:13:35.888   
2020-10-21 11:13:35.909   ======================================================
2020-10-21 11:13:35.933   Install Malwarebytes for Windows
2020-10-21 11:13:35.949   ======================================================
2020-10-21 11:13:35.966   User choice for reinstall prompt (Yes clicked)
2020-10-21 11:13:48.015   downloads.malwarebytes.com
2020-10-21 11:13:48.044   Warning!!!!! Failed to download Malwarebytes for Windows.
2020-10-21 11:14:21.838   --------END OF LOG FILE----------

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #17 on: October 21, 2020, 05:57:45 PM »
I've see where others have had success by first removing the Program folder.  Try deleting C:\Program Files\Malwarebytes and then run the Support Tool again.  (Fingers crossed.) 

If that doesn't work, try Revo Uninstaller:
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Code: (auto:0) [Select]
Malwarebytes
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Malwarebytes items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.
Then try reinstalling Malwarebytes again and scanning as previously instructed.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #18 on: October 21, 2020, 07:00:25 PM »
No Go same issue as before.thank you Corrine

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #19 on: October 21, 2020, 08:55:45 PM »
Taking a closer look at the Log from MalwareBytes, I note a couple of issues.  It has been a busy day and I want to take a closer look at your logs, particularly with fresh eyes.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #20 on: October 21, 2020, 09:22:16 PM »
right on.sleep well

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #21 on: October 22, 2020, 01:25:09 PM »
Hi, G.  Thanks for you patience. 

1.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\MicrosoftEdge.exe: [Debugger] C:\WINDOWS\System32\taskkill.exe
IFEO\software_reporter_tool.exe: [Debugger] C:\WINDOWS\System32\taskkill.exe
GroupPolicy: Restriction ? <==== ATTENTION
U5 nvterp; C:\WINDOWS\system32\drivers\nvterp.sys [20088 2015-03-02] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)
2020-10-20 16:15 - 2020-10-20 16:19 - 000000000 ____D C:\Program Files\NoVirusThanks
2020-10-20 16:15 - 2020-10-20 16:18 - 000000012 _____ C:\ProgramData\nwckvbae.sbg
2020-10-20 16:15 - 2020-10-20 16:15 - 000000016 _____ C:\ProgramData\rtmeslt
2020-10-12 12:44 - 2020-10-20 16:18 - 000000012 _____ C:\ProgramData\oianbuax.xrl
2020-10-07 14:09 - 2020-10-19 11:03 - 000000000 ____D C:\ProgramData\TinyWall
2020-10-07 14:09 - 2020-10-18 16:16 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\TinyWall
2020-10-07 14:09 - 2020-10-15 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [274]
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
2.  Please do the following to ensure AV and Firewall have been enabled:
  • Open Settings > Update & Security > Windows Security >
  • Ensure that "Virus & threat protection", "Account protection" and "Firel and network protection" have been enabled.
3.  Download and reinstall Malwarebytes and then do the following:
  • Open Malwarebytes.
  • Press the little gear at the top right.
  • Choose the Security tab.
  • Enable the three options under the title Scan options.
  • Disable the option under the title Widows Security Center.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #22 on: October 22, 2020, 04:07:40 PM »
all security devices are on

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by Gordon & Nancy (22-10-2020 09:59:53) Run:2
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Loaded Profiles: Gordon & Nancy
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\MicrosoftEdge.exe: [Debugger] C:\WINDOWS\System32\taskkill.exe
IFEO\software_reporter_tool.exe: [Debugger] C:\WINDOWS\System32\taskkill.exe
GroupPolicy: Restriction ? <==== ATTENTION
U5 nvterp; C:\WINDOWS\system32\drivers\nvterp.sys [20088 2015-03-02] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)
2020-10-20 16:15 - 2020-10-20 16:19 - 000000000 ____D C:\Program Files\NoVirusThanks
2020-10-20 16:15 - 2020-10-20 16:18 - 000000012 _____ C:\ProgramData\nwckvbae.sbg
2020-10-20 16:15 - 2020-10-20 16:15 - 000000016 _____ C:\ProgramData\rtmeslt
2020-10-12 12:44 - 2020-10-20 16:18 - 000000012 _____ C:\ProgramData\oianbuax.xrl
2020-10-07 14:09 - 2020-10-19 11:03 - 000000000 ____D C:\ProgramData\TinyWall
2020-10-07 14:09 - 2020-10-18 16:16 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\TinyWall
2020-10-07 14:09 - 2020-10-15 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [274]
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CompatTelRunner.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MicrosoftEdge.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\software_reporter_tool.exe => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\nvterp => removed successfully
nvterp => service removed successfully
"C:\Program Files\NoVirusThanks" => not found
C:\ProgramData\nwckvbae.sbg => moved successfully
C:\ProgramData\rtmeslt => moved successfully
C:\ProgramData\oianbuax.xrl => moved successfully
C:\ProgramData\TinyWall => moved successfully
C:\Users\Gordon & Nancy\AppData\Roaming\TinyWall => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully

========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8581506 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 15864705 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 22338 B
Gordon & Nancy => 107572582 B

RecycleBin => 0 B
EmptyTemp: => 133.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:00:46 ====

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #23 on: October 22, 2020, 04:11:05 PM »
Let me know how you make out re-installing Malwarebytes.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #24 on: October 22, 2020, 04:14:56 PM »
and...no install of MalwareBytes..same freakin error...what a pain

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #25 on: October 22, 2020, 04:30:44 PM »
You've posted different errors.  Which one was it this time?

Seeing as how the computer was out of your hands for a time with Nancy's nephew, let's take a different look.  Please do a scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #26 on: October 22, 2020, 05:02:28 PM »
will do eset and here is the latest error

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #27 on: October 22, 2020, 05:09:12 PM »
that did not take long... wow weird
I can get everywhere on line but this is whack

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20770
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Re-Check Please
« Reply #28 on: October 22, 2020, 05:42:09 PM »
This issue may actually be a problem you had a couple years ago.  DR M just pointed out this thread where you solved the same issue with network connection:  NEED Help last Micro soft update took my wifi away!!:
Got my net gear wifi thingie and back on line with the laptop...yahoo


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1459
  • Gentleman
    • View Profile
Re: Re-Check Please
« Reply #29 on: October 22, 2020, 05:52:58 PM »
But I am not having those issues......

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'