I think I have a BIG problem, but I'm too noobish to know for sure.
1. I have 100s to 100s of thousands of files & folders with a unique footprint.
2. Each looks innocent ... at first.
3. Right-click > Properties > Security starts the intrigue
4. System, Adminstrators, and Users have Read & Execute permission; my account does not show up; while TrustedInstaller has Full control. I know -- TI comes from Microsoft (as do some rootkits).
5. Click Advanced > Owner & find that the owner is Administrators, but now I am there as a potential Owner.
6. Click Auditing > Continue to find that a new player (hidden until now) "Everyone" has "Special" access.
7. Double-click Special to learn that Special includes Take ownership & Change permissions (for both Successful & Failed)!
That sounds like an invitation to hackers. Particularly when 1 such file is efsui.exe -- with Encription connections that ransomware loves.
Meanwhile, there are several other unusual footprints that TrustedInstaller produces.
I've spent a full week on this and gained nothing but an acute case of paranoia.
Any advice would be appreciated.