Please Help I am being spied on!

Page 2 of 2 FirstFirst 12

  1. Posts : 3,995
    Windows 7 HP 64 - Windows 10 Pro - Lubuntu
       #11

    What antivirus you have?
    Download and run superantispyware
      My Computers


  2. Posts : 27,523
    Windows 10 Pro x64 Version 21H1
       #12

    Agree with dalchina about two step.


    When you are in your Apple account please ensure you review / update recovery information. They may have changed info to direct recovery emails to their id's.


    are you using icloud.com as a mail account?


    I assume you have some apple devices, maybe an iphone. They may have authorized a device, open icloud on iphone, you should see a list of devices authorized to account. Remove any and all you don't recognize.


    Yesterday you said phone was hacked. If you believe that then you need to do a full reset. Might be worth your while to get assistance from shop to ensure you don't loose data.
      My Computer


  3. Posts : 27,523
    Windows 10 Pro x64 Version 21H1
       #13

    Are you running a password manager?


    Are you saving passwords in browser? If so remove for Apple accounts until you regain control.
      My Computer


  4. Posts : 5
    162299.1087
    Thread Starter
       #14

    Yes, I have an IPhone. They are entering my computer and phone. That's why I believe the are entering through my router.
      My Computer


  5. Posts : 6,917
    windows 10
       #15

    We need the two files from the frts scan so we can see what's going on
      My Computer


  6. Posts : 5
    162299.1087
    Thread Starter
       #16

    Code:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
    Ran by Lorett (administrator) on DESKTOP-O2DOVKP (Dell Inc. Inspiron 3180) (09-06-2020 13:39:38)
    Running from C:\Users\Lorett\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
    Loaded Profiles: Lorett
    Platform: Windows 10 Home Version 1709 16299.1087 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    
    ==================== Processes (Whitelisted) =================
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atieclxx.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atiesrxx.exe
    (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
    (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
    (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
    (McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <2>
    (McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_20_1\mcapexe.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\csp\3.4.105.0\McCSPServiceHost.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
    (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MQS\QcShm.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe <8>
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
    (NETGEAR TAIWAN CO., LTD -> ) C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
    (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
    (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_ad44b6183b6d4060\WavesSvc64.exe
    Failed to access process -> MicrosoftEdgeCP.exe
    Failed to access process -> MicrosoftEdgeCP.exe
    
    ==================== Registry (Whitelisted) ===================
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [485912 2017-12-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_ad44b6183b6d4060\WavesSvc64.exe [1219000 2017-12-01] (Waves Inc -> Waves Audio Ltd.)
    HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
    HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-06-01] (Support.com Inc -> SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [620032 2018-10-09] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
    
    ==================== Scheduled Tasks (Whitelisted) ============
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    Task: {04044607-629A-4502-93C0-F6431047685D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
    Task: {0C904116-17FC-4426-9114-3CA3E9C0282A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {2B27CE46-26D2-45F0-8471-235A98F62576} - System32\Tasks\Microsoft\Windows\rempl\LaunchLowDiskToast => C:\Program Files\rempl\disktoast.exe [92664 2019-08-22] (Microsoft Windows -> Microsoft Corporation)
    Task: {3F019F2E-7F18-4A6B-BC8E-4AA84629734A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
    Task: {5ABDC2DC-041D-48E8-A936-355860912CEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {5E17C2B3-0B61-448A-B956-CD43B97F0343} - System32\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
    Task: {61CEA9C1-96BC-403D-A16A-12AF34F314EF} - System32\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
    Task: {832AADA1-6A5C-4A18-A2E5-35C89CCE0680} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
    Task: {87CC71D5-825A-4C2F-8640-BC6EE4131C4C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {CFB606BC-5AD2-47AF-A876-03A7FD081FF7} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-03-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {D7EE1DF6-1C47-4CC6-BF55-37202CE62AFD} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-06-07] (McAfee, Inc. -> McAfee, LLC.)
    Task: {E6B8F9AD-559A-4848-A83A-05B49614081E} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
    Task: {F1BE9BD9-C845-4380-BC18-8E80802CCECF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {FB49E4D0-12A2-4F93-B380-D199CDA7F9AF} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4566248 2020-03-29] (McAfee, LLC -> McAfee, LLC)
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    
    ==================== Internet (Whitelisted) ====================
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{0d7e5264-5142-4b9f-a6df-deb3feba6779}: [DhcpNameServer] 172.8.1.171
    Tcpip\..\Interfaces\{f354a578-148f-4e5b-9d89-1ac50ec14e3c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3188823916-1160027679-4046352659-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> DefaultScope {B902496F-5E86-4528-88A6-443938808780} URL = 
    SearchScopes: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> {B902496F-5E86-4528-88A6-443938808780} URL = 
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-09] (McAfee, LLC -> McAfee, LLC)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-09] (McAfee, LLC -> McAfee, LLC)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
    
    Edge: 
    ======
    DownloadDir: C:\Users\Lorett\Downloads
    Edge Notifications: HKU\S-1-5-21-3188823916-1160027679-4046352659-1001 -> hxxps://www.tenforums.com
    
    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-06-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-06-08] [Legacy] [not signed]
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )
    
    Chrome: 
    =======
    CHR Profile: C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default [2020-06-09]
    CHR Extension: (Slides) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-09]
    CHR Extension: (Docs) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-09]
    CHR Extension: (Google Drive) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-09]
    CHR Extension: (Sheets) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-09]
    CHR Extension: (Gmail) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-09]
    CHR Extension: (Chrome Media Router) - C:\Users\Lorett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-09]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
    
    ==================== Services (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
    R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atiesrxx.exe [481144 2018-03-28] (Advanced Micro Devices, Inc. -> AMD)
    R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [416064 2018-04-23] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
    S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
    R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [939544 2020-06-09] (McAfee, LLC -> McAfee, LLC)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
    S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc. -> McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
    R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
    S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (Netgear Incorporated -> NETGEAR)
    R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    
    ===================== Drivers (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
    R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52680 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atikmdag.sys [40251256 2018-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0325522.inf_amd64_7c7820b00cc9d87c\B325480\atikmpag.sys [544632 2018-03-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
    R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [65856 2018-04-23] (Qualcomm Atheros -> Qualcomm)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
    R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22848 2017-10-13] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
    R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
    R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2020-06-08] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [401120 2020-06-09] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-09] (Microsoft Windows -> Microsoft Corporation)
    
    ==================== NetSvcs (Whitelisted) ===================
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    ==================== One month (created) ===================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-06-09 11:44 - 2020-06-09 12:34 - 000000000 ____D C:\Program Files (x86)\Google
    2020-06-09 11:44 - 2020-06-09 11:51 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Google
    2020-06-09 11:44 - 2020-06-09 11:44 - 000003802 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7
    2020-06-09 11:44 - 2020-06-09 11:44 - 000003720 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f
    2020-06-09 11:44 - 2020-06-09 11:44 - 000000552 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fb9865e9-aac1-4527-a4e8-5cbbff29205f.job
    2020-06-09 11:44 - 2020-06-09 11:44 - 000000552 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d4d1574d-2727-4952-bc36-52b50e4da6c7.job
    2020-06-09 11:44 - 2020-06-09 11:44 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\SUPERAntiSpyware.com
    2020-06-09 11:43 - 2020-06-09 11:44 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2020-06-09 11:43 - 2020-06-09 11:43 - 000001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2020-06-09 11:43 - 2020-06-09 11:43 - 000001851 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
    2020-06-09 11:43 - 2020-06-09 11:43 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2020-06-09 11:43 - 2020-06-09 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2020-06-09 11:37 - 2020-06-09 11:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2020-06-09 11:34 - 2020-06-09 11:34 - 000000000 ___HD C:\$WINDOWS.~BT
    2020-06-09 11:31 - 2020-06-09 11:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2020-06-09 10:41 - 2020-06-09 10:29 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2020-06-09 09:34 - 2020-06-09 13:41 - 000000000 ____D C:\FRST
    2020-06-08 13:03 - 2020-06-09 11:30 - 000000000 ___DC C:\Users\Lorett\AppData\Local\NETGEARGenie
    2020-06-08 13:02 - 2020-06-08 13:02 - 000369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
    2020-06-08 13:02 - 2020-06-08 13:02 - 000281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
    2020-06-08 13:02 - 2020-06-08 13:02 - 000106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
    2020-06-08 13:02 - 2020-06-08 13:02 - 000096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
    2020-06-08 13:02 - 2020-06-08 13:02 - 000035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
    2020-06-08 13:02 - 2020-06-08 13:02 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
    2020-06-08 13:01 - 2020-06-08 13:02 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
    2020-06-08 11:40 - 2020-06-08 11:40 - 000000000 ___HD C:\$SysReset
    2020-06-08 09:31 - 2020-06-08 09:31 - 000000000 ___DC C:\Users\Lorett\AppData\LocalLow\AMD
    2020-06-08 08:49 - 2020-06-08 10:28 - 000000000 ____D C:\WINDOWS\UpdateAssistant
    2020-06-07 11:28 - 2020-06-07 11:28 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3188823916-1160027679-4046352659-1001
    2020-06-07 11:28 - 2020-06-07 11:28 - 000002384 ____C C:\Users\Lorett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-06-07 11:25 - 2020-06-07 11:25 - 000000000 ___DC C:\Users\Lorett\AppData\Local\CEF
    2020-06-07 11:14 - 2020-06-07 11:14 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\PCDr
    2020-06-07 10:26 - 2020-06-08 09:57 - 000000000 ____D C:\ProgramData\Packages
    2020-06-07 10:25 - 2020-06-07 10:25 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Comms
    2020-06-07 10:20 - 2020-06-07 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
    2020-06-07 10:19 - 2020-06-07 10:19 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2020-06-07 10:19 - 2020-06-07 10:19 - 000000000 ____D C:\Program Files\rempl
    2020-06-07 10:19 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
    2020-06-07 10:10 - 2020-06-07 11:28 - 000000000 __RDC C:\Users\Lorett\OneDrive
    2020-06-07 10:09 - 2020-06-07 10:09 - 000000000 __HDC C:\Users\Lorett\MicrosoftEdgeBackups
    2020-06-07 10:09 - 2020-06-07 10:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2020-06-07 10:09 - 2020-06-07 07:56 - 000000000 ___DC C:\Users\Lorett\AppData\Local\MicrosoftEdge
    2020-06-07 10:08 - 2020-06-07 10:08 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Dell
    2020-06-07 10:07 - 2020-06-09 10:20 - 000000000 ___DC C:\Users\Lorett\AppData\Local\VirtualStore
    2020-06-07 10:07 - 2020-06-07 11:35 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Packages
    2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 __RDC C:\Users\Lorett\3D Objects
    2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\Adobe
    2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Local\Publishers
    2020-06-07 10:07 - 2020-06-07 10:07 - 000000000 ___DC C:\Users\Lorett\AppData\Local\AMD
    2020-06-07 10:06 - 2020-06-07 10:06 - 000000000 ___DC C:\Users\Lorett\AppData\Local\ConnectedDevicesPlatform
    2020-06-07 10:02 - 2020-06-09 11:27 - 000000000 ___DC C:\Users\Lorett
    2020-06-07 10:02 - 2020-06-07 10:02 - 000000020 __SHC C:\Users\Lorett\ntuser.ini
    2020-06-07 09:37 - 2020-06-07 09:37 - 000000000 ___DC C:\Users\Lorett\AppData\Local\DBG
    2020-06-07 09:20 - 2020-06-07 09:23 - 000000000 ____D C:\ProgramData\Temp
    2020-06-07 09:20 - 2020-06-07 09:20 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C}
    2020-06-07 07:56 - 2020-06-07 07:56 - 000000000 ___DC C:\Users\Lorett\AppData\Roaming\Macromedia
    2020-06-03 16:13 - 2020-06-03 16:13 - 000000000 ____D C:\WINDOWS\InfusedApps
    2020-06-03 16:11 - 2020-06-03 16:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2020-06-03 16:11 - 2020-06-03 16:11 - 000000000 ____D C:\WINDOWS\Setup
    2020-06-03 16:11 - 2020-06-03 16:11 - 000000000 ____D C:\WINDOWS\AMDTAs
    2020-06-03 16:10 - 2019-04-01 18:42 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2020-06-03 16:10 - 2019-04-01 18:42 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2020-06-03 15:58 - 2020-06-08 10:33 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2020-06-03 15:58 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\hi-IN
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\gl-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\eu-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\system32\ca-ES
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\OCR
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files\Reference Assemblies
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files\MSBuild
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2020-06-03 15:58 - 2020-06-03 15:58 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\winrm
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\WCN
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\slmgr
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\0409
    2020-06-03 15:57 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\DigitalLocker
    2020-06-03 15:54 - 2020-06-09 11:36 - 000982404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Users\Default User
    2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Users\All Users
    2020-06-03 15:53 - 2020-06-03 15:53 - 000000000 _SHDL C:\Documents and Settings
    2020-06-03 15:52 - 2020-06-09 13:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
    2020-06-03 15:52 - 2020-06-09 11:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-06-03 15:52 - 2020-06-08 13:04 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
    2020-06-03 15:52 - 2020-06-07 12:40 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
    2020-06-03 15:52 - 2020-06-03 15:52 - 000002146 _____ C:\WINDOWS\system32\Tasks\StartCN
    2020-06-03 15:52 - 2020-06-03 15:51 - 000026156 _____ C:\WINDOWS\system32\emptyregdb.dat
    2020-06-03 15:52 - 2020-06-03 15:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2020-06-03 15:52 - 2020-06-03 15:48 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2020-06-03 15:52 - 2020-06-03 15:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2020-06-03 15:52 - 2018-03-13 00:02 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2020-06-03 15:51 - 2020-06-09 12:09 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2020-06-03 15:51 - 2020-06-09 11:51 - 000000000 ___RD C:\Program Files (x86)
    2020-06-03 15:51 - 2020-06-09 11:37 - 000000000 ____D C:\Program Files\Windows Defender
    2020-06-03 15:51 - 2020-06-09 10:32 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-06-03 15:51 - 2020-06-09 09:58 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-06-03 15:51 - 2020-06-08 12:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2020-06-03 15:51 - 2020-06-08 10:22 - 000000000 ____D C:\WINDOWS\Registration
    2020-06-03 15:51 - 2020-06-08 08:57 - 000000000 ____D C:\WINDOWS\system32\NDF
    2020-06-03 15:51 - 2020-06-07 11:46 - 000000000 ____D C:\WINDOWS\rescache
    2020-06-03 15:51 - 2020-06-07 11:10 - 000000000 ____D C:\WINDOWS\appcompat
    2020-06-03 15:51 - 2020-06-03 16:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2020-06-03 15:51 - 2020-06-03 16:13 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\F12
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\TextInput
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\Dism
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\Provisioning
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\bcastdvr
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2020-06-03 15:51 - 2020-06-03 16:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2020-06-03 15:51 - 2020-06-03 15:58 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ___SD C:\WINDOWS\system32\dsc
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\com
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\setup
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\MUI
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\system32\com
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\IME
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\WINDOWS\Help
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\Program Files\Common Files\system
    2020-06-03 15:51 - 2020-06-03 15:57 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ___SD C:\WINDOWS\system32\Nui
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2020-06-03 15:51 - 2020-06-03 15:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __SHD C:\Program Files\Windows Sidebar
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __RSD C:\WINDOWS\media
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 __RHD C:\Users\Public\Libraries
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\system32\Configuration
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Web
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Vss
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\tracing
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\TAPI
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SystemResources
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SystemApps
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\winevt
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ras
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\PointOfService
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Ipmi
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\InputMethod
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\IME
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\icsxml
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\ias
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\hydrogen
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\downlevel
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\config\Journal
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\Bthprops
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\AppLocker
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\System
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SKB
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\security
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\schemas
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\SchCache
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Resources
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\PLA
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Performance
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\ModemLogs
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\L2Schemas
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\InputMethod
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Globalization
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Cursors
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\Branding
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\addins
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Security
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\windows nt
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files\Common Files\Services
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\windows nt
    2020-06-03 15:51 - 2020-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2020-06-03 15:51 - 2020-06-03 15:48 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2020-06-03 15:51 - 2020-06-03 15:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
    2020-06-03 15:51 - 2020-06-03 15:48 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2020-06-03 15:51 - 2020-06-03 15:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
    2020-06-03 15:51 - 2020-06-03 15:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2020-06-03 15:51 - 2020-06-03 15:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2020-06-03 15:51 - 2020-06-03 15:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2020-06-03 15:51 - 2020-06-03 15:47 - 000000000 ____D C:\WINDOWS\system32\spool
    2020-06-03 15:51 - 2020-06-03 15:47 - 000000000 ____D C:\ProgramData\USOPrivate
    2020-06-03 15:51 - 2020-06-03 15:44 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2020-06-03 15:51 - 2020-06-03 15:39 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2020-06-03 15:51 - 2020-06-03 15:39 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2020-06-03 15:51 - 2020-06-03 15:36 - 000000000 ____D C:\WINDOWS\system32\config\TxR
    2020-06-03 15:49 - 2020-06-07 11:43 - 000000000 ____D C:\WINDOWS\INF
    2020-06-03 15:48 - 2020-06-03 15:48 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2020-06-03 15:47 - 2020-06-03 15:47 - 000000000 ____D C:\ProgramData\USOShared
    2020-06-03 15:44 - 2020-06-07 11:33 - 000000000 ____D C:\WINDOWS\CbsTemp
    2020-06-03 15:42 - 2020-06-09 11:36 - 000000000 ____D C:\WINDOWS\Panther
    2020-06-03 15:42 - 2020-06-09 11:27 - 080216064 _____ C:\WINDOWS\system32\config\SOFTWARE
    2020-06-03 15:42 - 2020-06-09 11:27 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
    2020-06-03 15:42 - 2020-06-09 11:27 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
    2020-06-03 15:42 - 2020-06-09 11:27 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2020-06-03 15:42 - 2020-06-09 11:27 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
    2020-06-03 15:42 - 2020-06-09 10:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2020-06-03 15:42 - 2020-06-08 11:34 - 000065536 _____ C:\WINDOWS\system32\config\SAM
    2020-06-03 15:42 - 2020-06-03 16:09 - 000000000 ____D C:\WINDOWS\servicing
    2020-06-03 15:42 - 2020-06-03 15:51 - 000000000 ____D C:\WINDOWS\system32\SMI
    2020-06-03 15:39 - 2020-06-03 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
    2020-06-03 15:38 - 2020-06-09 11:27 - 000065536 _____ C:\WINDOWS\psp_storage.bin
    2020-06-03 15:38 - 2020-06-03 15:46 - 000000000 ____D C:\Program Files\AMD
    2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\ProgramData\Package Cache
    2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
    2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\Program Files (x86)\AMD
    2020-06-03 15:38 - 2020-06-03 15:38 - 000000000 ____D C:\AMD
    2020-06-03 15:36 - 2020-06-09 13:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-06-03 15:36 - 2020-06-03 15:50 - 000222864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-06-03 15:36 - 2020-06-03 15:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2020-06-02 16:16 - 2020-06-02 16:16 - 000772176 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
    2020-06-02 16:16 - 2020-06-02 16:16 - 000702400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
    2020-06-02 16:16 - 2020-06-02 16:16 - 000622832 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
    2020-06-02 16:16 - 2020-06-02 16:16 - 000433448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
    2020-06-02 16:16 - 2020-06-02 16:16 - 000087296 ____N (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
    2020-06-02 16:16 - 2020-06-02 16:16 - 000083768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
    2020-06-02 16:12 - 2020-06-02 16:12 - 000017968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
    2020-06-02 16:12 - 2020-06-02 16:12 - 000017968 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
    2020-06-02 16:07 - 2020-06-02 16:07 - 000032816 ____N (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2020-06-02 16:07 - 2020-06-02 16:07 - 000029232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    
    ==================== One month (modified) ==================
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    2020-06-09 10:18 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files (x86)\McAfee
    2020-06-09 08:48 - 2018-05-25 12:54 - 000000000 ____D C:\ProgramData\McAfee
    2020-06-09 08:38 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\mcafee
    2020-06-08 13:08 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\Common Files\mcafee
    2020-06-08 10:33 - 2018-05-25 12:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2020-06-08 10:23 - 2018-05-25 13:02 - 000000000 ____D C:\ProgramData\RivetNetworks
    2020-06-08 10:22 - 2018-05-25 12:45 - 000000000 ____D C:\ProgramData\Dell
    2020-06-08 10:22 - 2018-05-25 12:43 - 000000000 ____D C:\Program Files\Dell
    2020-06-07 11:25 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\SupportAssist
    2020-06-07 11:16 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2020-06-07 10:07 - 2018-05-25 12:57 - 000000000 __RHD C:\Users\Public\AccountPictures
    2020-06-03 15:55 - 2018-05-25 12:43 - 000000000 ____D C:\ProgramData\PCDr
    2020-06-03 15:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2020-06-03 15:47 - 2018-05-25 13:08 - 000000000 ____D C:\WINDOWS\{F32BF528-E298-4662-A0AC-7AAFF5D25CB7}
    2020-06-03 15:47 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\mcafee.com
    2020-06-03 15:47 - 2018-05-25 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
    2020-06-03 15:47 - 2018-05-25 12:49 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
    2020-06-03 15:47 - 2018-05-25 12:48 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2020-06-03 15:47 - 2018-05-25 12:45 - 000000000 ____D C:\ProgramData\Qualcomm
    2020-06-03 15:47 - 2018-05-25 12:44 - 000000000 ____D C:\Program Files (x86)\Realtek
    2020-06-03 15:46 - 2018-05-25 13:16 - 000000000 ____D C:\backup
    2020-06-03 15:46 - 2018-05-25 12:54 - 000000000 ____D C:\Program Files\Common Files\av
    2020-06-03 15:46 - 2017-10-06 13:11 - 000000000 ___DC C:\Dell
    2020-06-02 01:23 - 2019-10-13 11:57 - 000285696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2020-06-02 01:22 - 2017-09-29 08:43 - 000156160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrdc.dll
    2020-06-02 01:20 - 2017-09-29 08:41 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\system32\msrdc.dll
    2020-06-02 01:19 - 2017-09-29 08:41 - 000132608 ____N (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    
    ==================== SigCheck ============================
    
    (There is no automatic fix for files that do not pass verification.)
    
    ==================== End of FRST.txt ========================
    Last edited by Brink; 18 Dec 2020 at 10:39. Reason: code box
      My Computer


  7. Posts : 1
    Kali
       #17

    Unintentional Data Leaks


    You probably didn't realize when you posted your logs from the recovery scan tool that some of that data should have been omitted. Helpdesk forums and alike are constantly used as a tool to prey on users like yourself who accidentally or unknowingly post thier IP addresses, machine, account & profile info, applications & anti-malware used etc.. Just by looking at your IP address I was able to determine your internet service provider and location within a few hundred miles and given the fact that your IP is actually a very rare PPPoX pool(point-to-point protocol through secure layered tunnels in a pool(multiple IP addresses) to and from your ISP it wouldn't be too difficult to track down. I can imagine if your environment was already compromised before and you're still running your network through the same IP's, Subnets, SSID, Netgear router on DESKTOP-O2DO### as Lorett(a) then you've probably already been PwNeD without even realizing or knowing it.
    Most likely the contents&data of your machine is worthless to a would be blackhat. Your conversations or any video surveillance also worthless. Being "hacked" doesn't necessarily mean you're being spied on, although it's incredibly easy once you're compromised, blackhats aren't interested in what you're doing unless you are a specific target through law enforcement (this includes copyright, fraud, online presence & socials activities, ect..) financial vulnerabilities, private investigations or someone just hates you and has enough talent or expendable income to make life a living hell in a society where we(most) depend on our technology & devices for literally everything. With control of your devices comes control of your life. Theoretically I could controll your mood, sleep patterns, influence future purchases, subscriptions, social life, media & news, political affiliations, could even make you get into an argument with a close friend or family member. Most of these examples already happen but under the control of corporations, your ISP & content providers & the social networks you decide to be part of. If you take a step back and look at the euphemism "I got hacked" as a malicious business for profit with anonymous intent it would make NO sense to spy on you or anyone else for that matter. Unless the target is worth the squeeze it just isn't applicable from any stand point(rarely a curious neighbor or script kitty but possible I suppose).
    If you're(reader) still interested in what they are after and how they do it read next post. .

    - - - Updated - - -

    Hopefully you've since reset & reconfigured your machine/devices and network as recommended by previous post(know this still may not be enough). If you were changing your passwords and not only receiving duplicate request or reset links but also having them changed immediately & unknowingly to the point of not being able to use the one you've just created sounds like you may have been victim to a Botnet attack which uses a collection of internet connected devices that have already been compromised into an army of automated bots designed to perform specific types of malicious attacks. Sounds like your specific attack was unauthorized access and configuration of yet another device for it's Botnet army purely for the intent to instigate more types of attacks on larger and more valuable targets. Botnets account for more than 50% of internet traffic. That being said we can predict a hierarchy of what types of attacks are being performed on what types of devices and users these "hackers" are after. Once a Botnet has enough capable recourses and devices like the 2018 Botnet 3ve which had control of 1.7million devices creating over 5,000 counterfeit websites, 60,000 digital advertising accounts all profiting anonymously using your device & recourses. They will bring major targets down both government and corporations(ESPN, Twitter, Sony, FB etc.. ) As I'm typing this right now the news just reported that the U.S. State Department, Department of Homeland Security (DHS), Nuclear Energy Department which is in charge of nuclear inventory have all been hacked!! At this very moment they do not have control of their own network. How were these performed? BOTNET
    Remember a compromised device can be anything from a modem/router to smartwatch and everything in-between. For recommendations on how to detect and remove Botnets without having to run scan tools or post your data for billions to see just ask. .
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:46.
Find Us




Windows 10 Forums