Was my computer compromised locally?


Thread Starter
Aug 7, 2020
Long story short, I ended up in jail for a few days over false accusations. Thereafter, I felt as though one may have continued to try to further my problems by whatever route. I was gone for a period of 4 days and come back to look at my logs. I know what I see and I believe I am deciphering as all of this was done locally, not remotely. Looking for some additional insight. I'll post several of the log entries:

Event 740, Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.

Event 9027, Windows Desktop Manager
The Desktop Window Manager has registered the session port.

Event 5, Search-ProfileNotify
Windows Search Service has created default configuration for new user 'DESKTOP-NOTTODA\defaultuser1' .

Event 4270
A user account was created.
A user account was enabled.
A user account was changed.

Lots of other key migration and cryptographic operations.

Also the showing of a connected USB device. Thoughts?
Aug 8, 2008
The Desktop Window Manager has registered the session port.
To me that would seem to be a remote session.

If this were my situation.....I would change all my passwords for everything on a mobile phone using the data plan and not the wifi connection. Then I would clean install the OS.
Sep 21, 2007
Win 10 has a 'Default' account but not a defaultuser1, which version of Windows are you using ?

I agree with bassfisher6522, reinstall your Windows.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online