@A1 

 

Yes you are of course level headed and haven’t gone into total cynicism. I must admit I was altogether curmudgeonly in my ranting. But it’s still so frustrating to me to be made to be put in these positions when I own this device and it is for private use (no enterprise situation here). But I can’t seem to get the configurations just right to stop these intrusions and to give legit apps and services the latitude to do their thing. Plus I’m just sick of battling whoever this is daily!  Today on the more personal front it was one of my credit cards involved in an info leak and I have a good idea who did this. But can’t figure out how to fully identify the culprit so I can press charges. It’s not cool. AT ALL.

Ok. what version of Windows do you currently have that you are using?

Microsoft Safety Scanner Download | Microsoft Docs

Please download this scanner is a great tool - write if it detected a virus or other threats?

And this is an additional proposal for you:

New Blog Post | Making the world a safer place with Microsoft Defender for individuals - Microsoft T...

I have not been able to make progress as yet. I go through the same things with a slightly recalculated plan to avoid the problem nearly everyday. I try to find as much info as I can about what I can do as quickly as possible following a reinstall of Win10 that will provide the most protection. Today’s strategy was to enter power shell and enable as many security features as I could, and try to disable some things as well. The problem is many many commands would come back as if they are not real commands. I did Update-Help but it didn’t work saying that the files were incomplete and also a list of around 20 different modules weren’t updated. So I got out of there and went to MMC turned on Firewalls and rules as strictly as I knew how. And then I noticed I had no internet connection. So I jumped into trying to fix that. All the while I’m getting notifications bc I had turned on control folder access that power shell and command prompt we’re attempting unauthorized changes to my SSD and sys files. WiFi adapter driver that I installed had been replaced with an old built in windows driver that’s a .sys. Try to go into recovery environment and it does, but it doesn’t look exactly right. Some options from advanced recovery are missing and the restart into various safe modes etc is missing some of the normal options. I tried cloud reset, local reset, start up repair, boot into safe mode, the restore point, ALL OF THEM. And nothing works. I’m in blue screen boot loop unless I go to command prompt, and there’s where I find what I’ve see probably a dozen times now. In addition to the regular windows “stuff” there are dozens of .dll, .xml, .exe, .etl, and various other files just listed out in the open like a big F You right to my face!! I’m going to scan on my iPhone and paste into the next reply so you can tell me if this is a normal occurrence.

sIsystem32\ amd.exe
241,664 tcpipefg.dll
38,912 tepmib.d11
12,800 TCPSVCS. EXE
1,125,376 tdh.dll
697,344 TextShaping.dll
2,560 tier2punctuations.dll
35,328 TimeBrokerClient.dll
179,200 TimeBrokerServer.dll
57,856 tokenbinding.dll
3,584 TpmCertResources.dll
1,142,784 TpmCoreProvisioning.dll
18,432 TRACERT.EXE
20,992 tree.com
115,200 TrustedSignalCredProv.dll
87,040 TSSessionUX.d11
263,680 TtlsAuth.dll
224,256 TtlsCfg.dll
2,560 tzres.dll
1,044,880 ucrtbase.dll
56,632 ucsve.exe
111,104 uexfat.dll
152,064 ufat.dll
3,053,056 UIAutomationCore.dll
185,656 ulib.d11
64,760 umpdc.dll
133,120 umpnpmgr.dll
178,176 umpo.dll
206,352 unattend.dll
1,098,064 unbcl.d11
3,508 uninstall.xml
11,122 uninstall data.xml
42,496 unlodctr.exe
595,968 untfs.d11
3,143,992 upgradeagent.dll
70,907 upgradeagent.xml
208,513 upgrace bulk.xml
4.320 upprade comp. xml
4,320 upgrade comp. xml
41,108 upgrade_ data.xml
18,614 upgrade frmurk.xml
114,569 upgWow_bulk.xml
765,952 UReFS.dll
568,320 uReFSv1.dll
32,768 ureg.dll
1,951,744 urlmon.dll
1,700,856 user32. d11
175,128 userenv.dll
34,816 userinit.exe
21,504 userinitext.dll
1,474,560 usermgr.dll
80,776 usermgreli.dll
324,096 UserMgrProxy.dll
79,360 usp10.d11
104,960 utcutil.dll
48,056 utildll.dll
173,056 uudf.dll
93,696 UXInit.dll
629,760 uxtheme.dll
606,720 vbscript.dll
675,328 vds.exe
254,976 vdsbas.dll
603,136 vdsdyn.d11
27,136 vdsldr.exe
134,656 vdsutil.dl1
60,416 vdsvd.d11
109,056 vds_ps.d11
395,584 verifier.dll
177,976 verifier.exe
203,264 verifiergui.exe
31,496 version.dll
37,376 VhfUm.dll
68,112 virtdisk.dll
29,440 vmbuspipe.dil
696,832 vpnike.dll
54,784 vpnikeapi.dll
1,667,072 vssapi.dll
70,144 vsstrace.dil
1,472,512 VSSVC. exe
61,952 vss_ps.d11
478,208 w32time.dll

36,352 W32topl.dIl
23,552 WallpaperHost,exe
329,216 wbadmin. exe
518,144 wbemcomn.dll
1,586,176 wbengine,exe
139,776 WenApi.dll
483,328 wenesve.dll
39,936 WenEapAuthProxy,dll
37,376 WcnEapPeerProxy.dll
49,152 WenNetsh.dll
345,600 wenwiz.dll
223,232 wdigest.dll
259,584 wdmaud.drv
687,616 wdscapture.exe
365 wdscapture.inf
436,224 wdsclient.exe
258,576 wdscore.dll
62,264 wdscsl.dll
56,832 WdsDiag.dil
946,624 WdsImage.dil
1,286,144 wasmcast.exe
650,384 wdstptc.dll
303,952 wdsutil.dll
613,376 webio.dl1
1,233,408 webplatstorageserver.dll
1,389,560 webservices.d11
80,384 Websocket.dll
874,632 wer.dll
47,104 werdiagcontroller.dll
24,288 WerEnc.dll
253,016 weretw.dll
568,120 WerFault.exe
170,688 WerFaultSecure.exe
227,640 wermgr.exe
203, 208 weravrall"
403,368 wevtapi.dll
1,876,480 wevtsvc.dll
247,808 wevtutil.exe
25,088 wfapigp.dll
41,472 wfdprov.dll
41,984 WiFiConfigSP.d11
387,072 WiFiDisplay.dil
2,404 WimBootCompress.ini
759,312 wimgapi.dll
517,432 wimserv.exe

517,432 Namserv.exe
396,992 win32k. sys
2,972,672 win32kbase.sys
3,815,936 win32kfull.sys
132,728 win32u.dll
181,760 winbio.dll
204,256 winbrand.dll
436,736 wincorlib.dll
215,552 wincredui.dll
286,208 Windows.Devices.HumanInterfaceDevice.dll
434,688 Windows.Devices.Midi.dll
372,736 Windows. FileExplorer.Common.dil
265,216 Windows.Internal.UI.Logon.ProxyStub.dll
501,216 Windows.Media.Devices.dl1
7,945,296 windows. storage.dll
198,656 Windows. Storage.OneCore.dll
23,040 Windows. System. RemoteDesktop.dil
323,072 Windows.UI.CredDialogController.dll
1,784,696 WindowsCodecs.d11
1,208,832 windowsperformancerecordercontrol.dll
1,052,096 winhttp.dll
102,400 winhttpcom.dll
5,060,096 wininet.dll
418,608 wininit.exe
46,392 wininitext.dll
101,888 winipsec.dll
1,805,176 winload.efi
1,538,344 winload.exe
907,776 winlogon.exe
78,848 winlogonext.dll
147,192 winmm.dll
144,592 winmmbase.d11
19,968 winnlsres.dll
35,832 winnsi.dll
2,359,350 winpe.jpg
33,280 winpesnl.exe
53 winpeshl.ini
643 winre.jpg
1,394,032 winresume.efi
1,197,232 winresume.exe
251,904 WinSCard.dll
333,824 winsku.dll
97,792 winsockhc.dll
562,176 winspool.drv
893,856 winsqlite3.dll
62,976 winsrv.dll

62,976 wansrv.dll
103,424 vinsrvext.dll
350,680 winsta.dll
382,408 wintrust.dll
1,400,416 NinTypes.dil
82,648 Wkscli.dll
290,816 wkssve.dll
428,912 wlanapi.dll
310,272 wlancfg.dll
588,288 WLanConn.d11
201,728 wlandlg.dll
103,424 wlanext.exe
16,896 wlanhlp.dll
430,592 wlanmsm.dll
775,680 wlanpref.dll
475,136 wlansec.dll
2,647,552 wlansve.dll
36,352 wlansvepal.dil
421,888 wlanui.dil
3,584 wlanutil.dll
326,656 Widap32. dll
169,592 wldp.dll
1,819,624 WMALFXGFXDSP.d11
5,632 wmi.dll
49,152 wmiclnt.dil
359,224 wmicmiplugin.dil
176,128 wmidcom.dil
144,673 WmiMgmt.mse
31,232 wmiprop.dll
215,552 wmitomi.dll
19,968 wmsgapt.dil
36,352 WofUtil.d11
240,128 wosc. dil
17,920 wowreg32, exe
33,792 wpeinit.exe
127,488 wpeutil.dil
12,288 wpeutil.exe
724 wpr.config. xml
320,000 wpr. exe
1,327,416 wpx.d11
4,608 ws2help.d11
426,008 W52_32.d11
170,496 wscript.exe
25,008 wshcon.d11
23,040 wshelper.d11
18,792 wshhyperv.dil

X:I windows\system32\ amd. exe
PM
12,800 wship6.dll
PM
147 456 wshom.ocx
PM
12,800 WSHTCPIP.DLL
PM
18,944 wsock32.d11
PM
67,184 wtsapi32.dll
PM
3,584 XAudio2
8.dll
DM
623,104 XAudio2 9.dll
OM
50,688 xcopy.exe
OM
215,048 xmllite.dll
IM
M
M
M
M
<DIR>
‹DIR>
<DIR>
<DIR>
<DIR>
0409
AdvancedInstallers
ar-SA
bg-BG
Boot

 

And zero of those were on that SSD immediately after the install.

@J_T_Richter 

" The problem is many many commands would come back as if they are not real commands. I did Update-Help but it didn’t work saying that "

This is normal behavior (the system must automatically start the necessary processes)

If the antivirus or security scanner does not detect threats, it means that the DLL. are correct!

Best regards