Please Help I am being spied on!

Megahertz · 09 Jun 2020

What antivirus you have?
Download and run superantispyware

Caledon Ken · 09 Jun 2020

Agree with dalchina about two step.

When you are in your Apple account please ensure you review / update recovery information. They may have changed info to direct recovery emails to their id's.

are you using icloud.com as a mail account?

I assume you have some apple devices, maybe an iphone. They may have authorized a device, open icloud on iphone, you should see a list of devices authorized to account. Remove any and all you don't recognize.

Yesterday you said phone was hacked. If you believe that then you need to do a full reset. Might be worth your while to get assistance from shop to ensure you don't loose data.

Caledon Ken · 09 Jun 2020

Are you running a password manager?

Are you saving passwords in browser? If so remove for Apple accounts until you regain control.

lorett12 · 09 Jun 2020

Yes, I have an IPhone. They are entering my computer and phone. That's why I believe the are entering through my router.

Samuria · 09 Jun 2020

We need the two files from the frts scan so we can see what's going on

lorett12 · 09 Jun 2020

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Lorett (administrator) on DESKTOP-O2DOVKP (Dell Inc. Inspiron 3180) (09-06-2020 13:39:38)
Running from C:\Users\Lorett\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Lorett
Platform: Windows 10 Home Version 1709 16299.1087 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atiesrxx.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_20_1\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\csp\3.4.105.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MQS\QcShm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
(NETGEAR TAIWAN CO., LTD -> ) C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_ad44b6183b6d4060\WavesSvc64.exe
Failed to access process -> MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [485912 2017-12-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_ad44b6183b6d4060\WavesSvc64.exe [1219000 2017-12-01] (Waves Inc -> Waves Audio Ltd.)
HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-06-01] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [620032 2018-10-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04044607-629A-4502-93C0-F6431047685D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Task: {0C904116-17FC-4426-9114-3CA3E9C0282A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B27CE46-26D2-45F0-8471-235A98F62576} - System32\Tasks\Microsoft\Windows\rempl\LaunchLowDiskToast => C:\Program Files\rempl\disktoast.exe [92664 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
Task: {3F019F2E-7F18-4A6B-BC8E-4AA84629734A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
Task: {5ABDC2DC-041D-48E8-A936-355860912CEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E17C2B3-0B61-448A-B956-CD43B97F0343} - System32\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
Task: {61CEA9C1-96BC-403D-A16A-12AF34F314EF} - System32\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
Task: {832AADA1-6A5C-4A18-A2E5-35C89CCE0680} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {87CC71D5-825A-4C2F-8640-BC6EE4131C4C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CFB606BC-5AD2-47AF-A876-03A7FD081FF7} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D7EE1DF6-1C47-4CC6-BF55-37202CE62AFD} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-06-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {E6B8F9AD-559A-4848-A83A-05B49614081E} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {F1BE9BD9-C845-4380-BC18-8E80802CCECF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB49E4D0-12A2-4F93-B380-D199CDA7F9AF} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4566248 2020-03-29] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0d7e5264-5142-4b9f-a6df-deb3feba6779}: [DhcpNameServer] 172.8.1.171
Tcpip\..\Interfaces\{f354a578-148f-4e5b-9d89-1ac50ec14e3c}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> DefaultScope {B902496F-5E86-4528-88A6-443938808780} URL = 
SearchScopes: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> {B902496F-5E86-4528-88A6-443938808780} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-09] (McAfee, LLC -> McAfee, LLC)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)

Edge: 
======
DownloadDir: C:\Users\Lorett\Downloads
Edge Notifications: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> hxxps://www.tenforums.com

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-06-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-06-08] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )

Chrome: 
=======
CHR Profile: C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default [2020-06-09]
CHR Extension: (Slides) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-09]
CHR Extension: (Docs) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-09]
CHR Extension: (Google Drive) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-09]
CHR Extension: (Sheets) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-09]
CHR Extension: (Gmail) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atiesrxx.exe [481144 2018-03-28] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [416064 2018-04-23] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [939544 2020-06-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (Netgear Incorporated -> NETGEAR)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52680 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atikmdag.sys [40251256 2018-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atikmpag.sys [544632 2018-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [65856 2018-04-23] (Qualcomm Atheros -> Qualcomm)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22848 2017-10-13] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2020-06-08] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [401120 2020-06-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-09 11:44 - 2020-06-09 12:34 - 000000000 ____D C:\Program Files (x86)\Google
2020-06-09 11:44 - 2020-06-09 11:51 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Google
2020-06-09 11:44 - 2020-06-09 11:44 - 000003802 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7
2020-06-09 11:44 - 2020-06-09 11:44 - 000003720 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f
2020-06-09 11:44 - 2020-06-09 11:44 - 000000552 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f.job
2020-06-09 11:44 - 2020-06-09 11:44 - 000000552 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7.job
2020-06-09 11:44 - 2020-06-09 11:44 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\SUPERAntiSpyware.com
2020-06-09 11:43 - 2020-06-09 11:44 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-06-09 11:43 - 2020-06-09 11:43 - 000001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-06-09 11:43 - 2020-06-09 11:43 - 000001851 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-06-09 11:43 - 2020-06-09 11:43 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2020-06-09 11:43 - 2020-06-09 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2020-06-09 11:37 - 2020-06-09 11:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-09 11:34 - 2020-06-09 11:34 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-09 11:31 - 2020-06-09 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-06-09 10:41 - 2020-06-09 10:29 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-06-09 09:34 - 2020-06-09 13:41 - 000000000 ____D C:\FRST
2020-06-08 13:03 - 2020-06-09 11:30 - 000000000 ___DC C:\Users\Lorett\AppData\Local\NETGEARGenie
2020-06-08 13:02 - 2020-06-08 13:02 - 000369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2020-06-08 13:02 - 2020-06-08 13:02 - 000281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2020-06-08 13:02 - 2020-06-08 13:02 - 000106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2020-06-08 13:02 - 2020-06-08 13:02 - 000096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2020-06-08 13:02 - 2020-06-08 13:02 - 000035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2020-06-08 13:02 - 2020-06-08 13:02 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2020-06-08 13:01 - 2020-06-08 13:02 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
2020-06-08 11:40 - 2020-06-08 11:40 - 000000000 ___HD C:\$SysReset
2020-06-08 09:31 - 2020-06-08 09:31 - 000000000 ___DC C:\Users\Lorett\AppData\LocalLow\AMD
2020-06-08 08:49 - 2020-06-08 10:28 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2020-06-07 11:28 - 2020-06-07 11:28 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3188823916-1160027679-4046352659-1001
2020-06-07 11:28 - 2020-06-07 11:28 - 000002384 ____C C:\Users\Lorett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-07 11:25 - 2020-06-07 11:25 - 000000000 ___DC C:\Users\Lorett\AppData\Local\CEF
2020-06-07 11:14 - 2020-06-07 11:14 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\PCDr
2020-06-07 10:26 - 2020-06-08 09:57 - 000000000 ____D C:\ProgramData\Packages
2020-06-07 10:25 - 2020-06-07 10:25 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Comms
2020-06-07 10:20 - 2020-06-07 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-06-07 10:19 - 2020-06-07 10:19 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-06-07 10:19 - 2020-06-07 10:19 - 000000000 ____D C:\Program Files\rempl
2020-06-07 10:19 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2020-06-07 10:10 - 2020-06-07 11:28 - 000000000 __RDC C:\Users\Lorett\OneDrive
2020-06-07 10:09 - 2020-06-07 10:09 - 000000000 __HDC C:\Users\Lorett\MicrosoftEdgeBackups
2020-06-07 10:09 - 2020-06-07 10:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-06-07 10:09 - 2020-06-07 07:56 - 000000000 ___DC C:\Users\Lorett\AppData\Local\MicrosoftEdge
2020-06-07 10:08 - 2020-06-07 10:08 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Dell
2020-06-07 10:07 - 2020-06-09 10:20 - 000000000 ___DC C:\Users\Lorett\AppData\Local\VirtualStore
2020-06-07 10:07 - 2020-06-07 11:35 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Packages
2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 __RDC C:\Users\Lorett\3D Objects
2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\Adobe
2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Publishers
2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Local\AMD
2020-06-07 10:06 - 2020-06-07 10:06 - 000000000 ___DC C:\Users\Lorett\AppData\Local\ConnectedDevicesPlatform
2020-06-07 10:02 - 2020-06-09 11:27 - 000000000 ___DC C:\Users\Lorett
2020-06-07 10:02 - 2020-06-07 10:02 - 000000020 __SHC C:\Users\Lorett\ntuser.ini
2020-06-07 09:37 - 2020-06-07 09:37 - 000000000 ___DC C:\Users\Lorett\AppData\Local\DBG
2020-06-07 09:20 - 2020-06-07 09:23 - 000000000 ____D C:\ProgramData\Temp
2020-06-07 09:20 - 2020-06-07 09:20 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
2020-06-07 07:56 - 2020-06-07 07:56 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\Macromedia
2020-06-03 16:13 - 2020-06-03 16:13 - 000000000 ____D C:\WINDOWS\InfusedApps
2020-06-03 16:11 - 2020-06-03 16:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-06-03 16:11 - 2020-06-03 16:11 - 000000000 ____D C:\WINDOWS\Setup
2020-06-03 16:11 - 2020-06-03 16:11 - 000000000 ____D C:\WINDOWS\AMDTAs
2020-06-03 16:10 - 2019-04-01 18:42 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-03 16:10 - 2019-04-01 18:42 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-03 15:58 - 2020-06-08 10:33 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\te-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\si-LK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\or-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\km-KH
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\is-IS
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\be-BY
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\as-IN
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\am-ET
2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\OCR
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files\MSBuild
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\winrm
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\WCN
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\slmgr
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\0409
2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\DigitalLocker
2020-06-03 15:54 - 2020-06-09 11:36 - 000982404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Users\Default User
2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Users\All Users
2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Documents and Settings
2020-06-03 15:52 - 2020-06-09 13:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-06-03 15:52 - 2020-06-09 11:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-03 15:52 - 2020-06-08 13:04 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-06-03 15:52 - 2020-06-07 12:40 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-06-03 15:52 - 2020-06-03 15:52 - 000002146 _____ C:\WINDOWS\system32\Tasks\StartCN
2020-06-03 15:52 - 2020-06-03 15:51 - 000026156 _____ C:\WINDOWS\system32\emptyregdb.dat
2020-06-03 15:52 - 2020-06-03 15:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2020-06-03 15:52 - 2020-06-03 15:48 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2020-06-03 15:52 - 2020-06-03 15:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2020-06-03 15:52 - 2018-03-13 00:02 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-03 15:51 - 2020-06-09 12:09 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2020-06-03 15:51 - 2020-06-09 11:51 - 000000000 ___RD C:\Program Files (x86)
2020-06-03 15:51 - 2020-06-09 11:37 - 000000000 ____D C:\Program Files\Windows Defender
2020-06-03 15:51 - 2020-06-09 10:32 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-03 15:51 - 2020-06-09 09:58 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-03 15:51 - 2020-06-08 12:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-03 15:51 - 2020-06-08 10:22 - 000000000 ____D C:\WINDOWS\Registration
2020-06-03 15:51 - 2020-06-08 08:57 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-03 15:51 - 2020-06-07 11:46 - 000000000 ____D C:\WINDOWS\rescache
2020-06-03 15:51 - 2020-06-07 11:10 - 000000000 ____D C:\WINDOWS\appcompat
2020-06-03 15:51 - 2020-06-03 16:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-03 15:51 - 2020-06-03 16:13 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\TextInput
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\Provisioning
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-06-03 15:51 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ___SD C:\WINDOWS\system32\dsc
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\setup
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\MUI
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\com
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\IME
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\Help
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\Program Files\Common Files\system
2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ___SD C:\WINDOWS\system32\Nui
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __RSD C:\WINDOWS\media
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __RHD C:\Users\Public\Libraries
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Web
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Vss
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\tracing
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\TAPI
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SystemApps
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\winevt
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ras
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\IME
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\icsxml
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ias
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\downlevel
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\DDFs
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\System
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SKB
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\security
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\schemas
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SchCache
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Resources
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\PLA
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Performance
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\ModemLogs
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\L2Schemas
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\InputMethod
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Globalization
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Cursors
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Branding
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\addins
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Security
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\windows nt
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Common Files\Services
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\windows nt
2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-06-03 15:51 - 2020-06-03 15:48 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2020-06-03 15:51 - 2020-06-03 15:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2020-06-03 15:51 - 2020-06-03 15:48 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-06-03 15:51 - 2020-06-03 15:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2020-06-03 15:51 - 2020-06-03 15:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2020-06-03 15:51 - 2020-06-03 15:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2020-06-03 15:51 - 2020-06-03 15:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2020-06-03 15:51 - 2020-06-03 15:47 - 000000000 ____D C:\WINDOWS\system32\spool
2020-06-03 15:51 - 2020-06-03 15:47 - 000000000 ____D C:\ProgramData\USOPrivate
2020-06-03 15:51 - 2020-06-03 15:44 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-06-03 15:51 - 2020-06-03 15:39 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-06-03 15:51 - 2020-06-03 15:39 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-06-03 15:51 - 2020-06-03 15:36 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2020-06-03 15:49 - 2020-06-07 11:43 - 000000000 ____D C:\WINDOWS\INF
2020-06-03 15:48 - 2020-06-03 15:48 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2020-06-03 15:47 - 2020-06-03 15:47 - 000000000 ____D C:\ProgramData\USOShared
2020-06-03 15:44 - 2020-06-07 11:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-03 15:42 - 2020-06-09 11:36 - 000000000 ____D C:\WINDOWS\Panther
2020-06-03 15:42 - 2020-06-09 11:27 - 080216064 _____ C:\WINDOWS\system32\config\SOFTWARE
2020-06-03 15:42 - 2020-06-09 11:27 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
2020-06-03 15:42 - 2020-06-09 11:27 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2020-06-03 15:42 - 2020-06-09 11:27 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-03 15:42 - 2020-06-09 11:27 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2020-06-03 15:42 - 2020-06-09 10:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-06-03 15:42 - 2020-06-08 11:34 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2020-06-03 15:42 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\servicing
2020-06-03 15:42 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\SMI
2020-06-03 15:39 - 2020-06-03 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2020-06-03 15:38 - 2020-06-09 11:27 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-06-03 15:38 - 2020-06-03 15:46 - 000000000 ____D C:\Program Files\AMD
2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\Program Files (x86)\AMD
2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\AMD
2020-06-03 15:36 - 2020-06-09 13:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-03 15:36 - 2020-06-03 15:50 - 000222864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-03 15:36 - 2020-06-03 15:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-06-02 16:16 - 2020-06-02 16:16 - 000772176 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2020-06-02 16:16 - 2020-06-02 16:16 - 000702400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2020-06-02 16:16 - 2020-06-02 16:16 - 000622832 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2020-06-02 16:16 - 2020-06-02 16:16 - 000433448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2020-06-02 16:16 - 2020-06-02 16:16 - 000087296 ____N (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2020-06-02 16:16 - 2020-06-02 16:16 - 000083768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2020-06-02 16:12 - 2020-06-02 16:12 - 000017968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2020-06-02 16:12 - 2020-06-02 16:12 - 000017968 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2020-06-02 16:07 - 2020-06-02 16:07 - 000032816 ____N (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2020-06-02 16:07 - 2020-06-02 16:07 - 000029232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-09 10:18 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-06-09 08:48 - 2018-05-25 12:54 - 000000000 ____D C:\ProgramData\McAfee
2020-06-09 08:38 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\mcafee
2020-06-08 13:08 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\Common Files\mcafee
2020-06-08 10:33 - 2018-05-25 12:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-06-08 10:23 - 2018-05-25 13:02 - 000000000 ____D C:\ProgramData\RivetNetworks
2020-06-08 10:22 - 2018-05-25 12:45 - 000000000 ____D C:\ProgramData\Dell
2020-06-08 10:22 - 2018-05-25 12:43 - 000000000 ____D C:\Program Files\Dell
2020-06-07 11:25 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\SupportAssist
2020-06-07 11:16 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-06-07 10:07 - 2018-05-25 12:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-03 15:55 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\PCDr
2020-06-03 15:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-06-03 15:47 - 2018-05-25 13:08 - 000000000 ____D C:\WINDOWS\{F32BF528-E298-4662-A0AC-7AAFF5D25CB7}
2020-06-03 15:47 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\mcafee.com
2020-06-03 15:47 - 2018-05-25 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2020-06-03 15:47 - 2018-05-25 12:49 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2020-06-03 15:47 - 2018-05-25 12:48 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2020-06-03 15:47 - 2018-05-25 12:45 - 000000000 ____D C:\ProgramData\Qualcomm
2020-06-03 15:47 - 2018-05-25 12:44 - 000000000 ____D C:\Program Files (x86)\Realtek
2020-06-03 15:46 - 2018-05-25 13:16 - 000000000 ____D C:\backup
2020-06-03 15:46 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\Common Files\av
2020-06-03 15:46 - 2017-10-06 13:11 - 000000000 ___DC C:\Dell
2020-06-02 01:23 - 2019-10-13 11:57 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2020-06-02 01:22 - 2017-09-29 08:43 - 000156160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrdc.dll
2020-06-02 01:20 - 2017-09-29 08:41 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\system32\msrdc.dll
2020-06-02 01:19 - 2017-09-29 08:41 - 000132608 ____N (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Net4ums · 18 Dec 2020

You probably didn't realize when you posted your logs from the recovery scan tool that some of that data should have been omitted. Helpdesk forums and alike are constantly used as a tool to prey on users like yourself who accidentally or unknowingly post thier IP addresses, machine, account & profile info, applications & anti-malware used etc.. Just by looking at your IP address I was able to determine your internet service provider and location within a few hundred miles and given the fact that your IP is actually a very rare PPPoX pool(point-to-point protocol through secure layered tunnels in a pool(multiple IP addresses) to and from your ISP it wouldn't be too difficult to track down. I can imagine if your environment was already compromised before and you're still running your network through the same IP's, Subnets, SSID, Netgear router on DESKTOP-O2DO### as Lorett(a) then you've probably already been PwNeD without even realizing or knowing it.
Most likely the contents&data of your machine is worthless to a would be blackhat. Your conversations or any video surveillance also worthless. Being "hacked" doesn't necessarily mean you're being spied on, although it's incredibly easy once you're compromised, blackhats aren't interested in what you're doing unless you are a specific target through law enforcement (this includes copyright, fraud, online presence & socials activities, ect..) financial vulnerabilities, private investigations or someone just hates you and has enough talent or expendable income to make life a living hell in a society where we(most) depend on our technology & devices for literally everything. With control of your devices comes control of your life. Theoretically I could controll your mood, sleep patterns, influence future purchases, subscriptions, social life, media & news, political affiliations, could even make you get into an argument with a close friend or family member. Most of these examples already happen but under the control of corporations, your ISP & content providers & the social networks you decide to be part of. If you take a step back and look at the euphemism "I got hacked" as a malicious business for profit with anonymous intent it would make NO sense to spy on you or anyone else for that matter. Unless the target is worth the squeeze it just isn't applicable from any stand point(rarely a curious neighbor or script kitty but possible I suppose).
If you're(reader) still interested in what they are after and how they do it read next post. .

- - - Updated - - -

Hopefully you've since reset & reconfigured your machine/devices and network as recommended by previous post(know this still may not be enough). If you were changing your passwords and not only receiving duplicate request or reset links but also having them changed immediately & unknowingly to the point of not being able to use the one you've just created sounds like you may have been victim to a Botnet attack which uses a collection of internet connected devices that have already been compromised into an army of automated bots designed to perform specific types of malicious attacks. Sounds like your specific attack was unauthorized access and configuration of yet another device for it's Botnet army purely for the intent to instigate more types of attacks on larger and more valuable targets. Botnets account for more than 50% of internet traffic. That being said we can predict a hierarchy of what types of attacks are being performed on what types of devices and users these "hackers" are after. Once a Botnet has enough capable recourses and devices like the 2018 Botnet 3ve which had control of 1.7million devices creating over 5,000 counterfeit websites, 60,000 digital advertising accounts all profiting anonymously using your device & recourses. They will bring major targets down both government and corporations(ESPN, Twitter, Sony, FB etc.. ) As I'm typing this right now the news just reported that the U.S. State Department, Department of Homeland Security (DHS), Nuclear Energy Department which is in charge of nuclear inventory have all been hacked!! At this very moment they do not have control of their own network. How were these performed? BOTNET
Remember a compromised device can be anything from a modem/router to smartwatch and everything in-between. For recommendations on how to detect and remove Botnets without having to run scan tools or post your data for billions to see just ask. .

Please Help I am being spied on!

Unintentional Data Leaks