New system setup- ALREADY under remote control PLEASE HELP
\nI just got New HP Touchscreen Desktop All in One. \/ seems connected\/running Windows NT ?<\/p>\n
sys info…
\nInstalled Physical Memory (RAM) = 8.00 GB
\nAvailable Physical Memory = 1.19 GB
\nTotal Virtual Memory = 9.68 GB
\nAvailable Virtual Memory = 2.32 GB
\nPage File Space 3.75 GB
\nHardware Abstraction Layer= Version “10.0.18362.752”
\nSMBIOS version was changed
\nHyper-V-VM Monitor Mode Extensions value = Yes
\nHyper-V-Second Level address Translation Extensions value = Yes
\nHyper-V- Virtualization Enabled in Firmware value = No
\nHyper-V- Data Execution Protection value = Yes<\/p>\n
**msg from manufacturer HP Assistant – says warning your firewall is not enabled. We recommend using one or at least turn on Windows Defender…so i go to turn on Windows Defender and it displays as if it is already on.<\/p>\n
Feel dumb – I’m CompTIA Certified (for yrs not @ Expert level = just basic) but still cannot figure out how this happens everytime. I believe (may not be true) but at set up something must auto start..or maybe really i did hacked\/controlled IMMEDIATELY upon going to the internet to do System Updates . How can that be avoided – need the many updates req’d even at initial set up.<\/p>\n
I was so excited but whenever i get a new pc or laptop i start up do updates and SOON thereafter are issues. So i waited 2 yrs – tried again. Followed ALL recommended set up steps..yet here again. SAME ISSUES<\/p>\n
I will notice small things here and there..so prompted me to search my PC files. Sure enough i discovered log files, when i try to view says I do not have access. (ie-1) PCR7 Config state & Device Encryption Support both state Elevation Req’d to view 2) BIOS Version date, SMBIOS Version & Embedded Controller date all appear w\/ different font than everything else 3) Secure Boot State, Kernel DMA Protection, Virtualization-based Security turned off CANNOT enable, “But there were MANY Notepad documents that I was able to access.<\/p>\n
So basically i think i became part of remote network. The overlay looks like Windows 10 but diff slightly.<\/p>\n
There are logs for everything. So i believe they had logs provide details for my system then created scripts\/programs whatever the term may be to change that.<\/p>\n
User ACLS limits me to certain things.<\/p>\n
Crazy BUT how to i set up correctly – there is no tower as All-in-One so wouldnt be able to get CMOS.. No recovery disks ,,,dont wanna pay $60 to get them.<\/p>\n
Can ANYONE help & direct me? Even for a nominal fee – I WILL PAY I had rootkit on last laptop…went mad from 3 yrs trying to remove -while most thought in my head. I have the logs which show me everything..the more i search the more i discover has changed configurations. Microsoft Sevices, added many start up programs added & also MUCH has been stopped\/disbled like the System Protect an the AuthLogon..I could go on and on.<\/p>\n
Now i will not go through that…if i have to use my Brand New Desktop being remote controlled by someone I will. Im not giving years of my life away anymore..it wasnt worth the peace of mind i have from the fear that i cant control my system and that means someone else cam & has THAT QUICKLY after initial set up\/\/how do they find me so fast? could be default apps\/programs installed in default? I work as a Senior Sup & Tech Support At-Home- Advisor for 2 years..but this is above my skill level & paygrade. (is this type skill under a networking certification or Microsoft). Im lost
\n#Dumbfounded & Disgusted<\/p>\n
[Not sure if the config details are correct, they are what is ‘displayed’ to me. 64 Bit Op Sys but EVERYTHING changed & runs under 32 bit duplicate file exe files, even Displayed Font looks slight diff (ie -in Control Panel> System and Security > System)<\/p>\n
My network Internet set on Public network profile. i have one pc but nonetheless unable to change options to make a home network even if i wanted to. THIS IS BS. I think of the millions who set up a new pc and never even notice these small type changes \/ even typos in Bios…how would they if you dont know where to look or recognize if you did.<\/p>\n
sys info…
\nInstalled Physical Memory (RAM) = 8.00 GB
\nAvailable Physical Memory = 1.19 GB
\nTotal Virtual Memory = 9.68 GB
\nAvailable Virtual Memory = 2.32 GB
\nPage File Space 3.75 GB
\nHardware Abstraction Layer= Version “10.0.18362.752”
\nSMBIOS version was changed
\nHyper-V-VM Monitor Mode Extensions value = Yes
\nHyper-V-Second Level address Translation Extensions value = Yes
\nHyper-V- Virtualization Enabled in Firmware value = No
\nHyper-V- Data Execution Protection value = Yes<\/p>\n
3 partitions
\nSCSI -Microsoft iSCSI Initator – PNP Device ID ROOT\\ISCSIPRT\\0000 (0000 in diff font)
\nMicrosoft Storage Spaces Controller ROOT\\SPACEPORT\\0000
\nModem – NO MODEM listed
\nNetwork Adapter – SOOO MANY CONFIGURATIONS ADDED, with Type as NOT AVAILABLE
\nNetwork Protocol SO MANY ADDED
\nBLUETOOTH DEVICE ADDED Personal Area Network
\nWAN Miniport – MANY MANY added
\nWinSock C:\\windows\\SysWOW64\\wsock32.dll
\nmany printers added & including Microsoft XPS Document Writer v4 PORTPROMPT: Local Server
\nOneNote for Windows 10 Microsoft Software Printer Driver Microsoft.Office.OneNote_16001.12730.20190.0_x64__8wekyb3d8bbwe_microsoft.onenoteim_S-1-5-21-945171952-243697559-165242251-1001 Local Server<\/p>\n
HARDWARE Resources
\nConflicts\/Sharing
\nI\/O Port 0x00000000-0x0000000F Direct memory access controller
\nI\/O Port 0x00000000-0x0000000F PCI Express Root Complex<\/p>\n
I\/O Port 0x0000F000-0x0000FFFF PCI Express Root Port
\nI\/O Port 0x0000F000-0x0000FFFF Realtek PCIe GbE Family Controller<\/p>\n
Memory Address 0xFEE00000-0xFFFFFFFF PCI Express Root Complex
\nMemory Address 0xFEE00000-0xFFFFFFFF Motherboard resources<\/p>\n
Memory Address 0xFE800000-0xFE8FFFFF PCI Express Root Port
\nMemory Address 0xFE800000-0xFE8FFFFF Standard SATA AHCI Controller<\/p>\n
Memory Address 0xE0000000-0xEFFFFFFF AMD Radeon(TM) Vega 3 Graphics
\nMemory Address 0xE0000000-0xEFFFFFFF PCI Express Root Port
\nMemory Address 0xE0000000-0xEFFFFFFF PCI Express Root Complex<\/p>\n
Memory Address 0xFE500000-0xFE7FFFFF PCI Express Root Port
\nMemory Address 0xFE500000-0xFE7FFFFF AMD USB 3.10 eXtensible Host Controller – 1.10 (Microsoft)<\/p>\n
Memory Address 0xFEA00000-0xFEAFFFFF PCI Express Root Port
\nMemory Address 0xFEA00000-0xFEAFFFFF Realtek PCIe GbE Family Controller<\/p>\n
IRQ 0 High precision event timer
\nIRQ 0 System timer<\/p>\n
SOFTWARE ENVIRONMENT
\nSystem Drivers – A million listed<\/p>\n
Environment Variables
\nComSpec %SystemRoot%\\system32\\cmd.exe <SYSTEM>
\nDriverData C:\\Windows\\System32\\Drivers\\DriverData <SYSTEM>
\nNUMBER_OF_PROCESSORS 4 <SYSTEM>
\nOneDrive C:\\Users\\catlo\\OneDrive DESKTOP-GL90HTS\\catlo
\nOneDriveConsumer C:\\Users\\catlo\\OneDrive DESKTOP-GL90HTS\\catlo
\nOnlineServices Online Services <SYSTEM>
\nOS Windows_NT <SYSTEM>
\nPath C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath;%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem;%SYSTEMROOT%\\System32\\WindowsPowerShell\\v1.0\\;%SYSTEMROOT%\\System32\\OpenSSH\\ <SYSTEM>
\nPath %USERPROFILE%\\AppData\\Local\\Microsoft\\WindowsApps; NT AUTHORITY\\SYSTEM
\nPath %USERPROFILE%\\AppData\\Local\\Microsoft\\WindowsApps; DESKTOP-GL90HTS\\catlo
\nPATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC <SYSTEM>
\nplatformcode 1M <SYSTEM>
\nPROCESSOR_ARCHITECTURE AMD64 <SYSTEM>
\nPROCESSOR_IDENTIFIER AMD64 Family 23 Model 24 Stepping 1, AuthenticAMD <SYSTEM>
\nPROCESSOR_LEVEL 23 <SYSTEM>
\nPROCESSOR_REVISION 1801 <SYSTEM>
\nPSModulePath %ProgramFiles%\\WindowsPowerShell\\Modules;%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules <SYSTEM>
\nRegionCode NA <SYSTEM>
\nTEMP %SystemRoot%\\TEMP <SYSTEM>
\nTEMP %USERPROFILE%\\AppData\\Local\\Temp NT AUTHORITY\\SYSTEM
\nTEMP %USERPROFILE%\\AppData\\Local\\Temp DESKTOP-GL90HTS\\catlo
\nTMP %SystemRoot%\\TEMP <SYSTEM>
\nTMP %USERPROFILE%\\AppData\\Local\\Temp NT AUTHORITY\\SYSTEM
\nTMP %USERPROFILE%\\AppData\\Local\\Temp DESKTOP-GL90HTS\\catlo
\nUSERNAME SYSTEM <SYSTEM>
\nwindir %SystemRoot% <SYSTEM><\/p>\n
Startup Programs
\nBtServer “c:\\program files (x86)\\realtek\\realtek bluetooth\\btserver.exe” Public HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
\nHPSEU_Host_Launcher c:\\system.sav\\util\\hpseuhostlauncher.exe DESKTOP-GL90HTS\\catlo HKU\\S-1-5-21-945171952-243697559-165242251-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
\nOneDrive “c:\\users\\catlo\\appdata\\local\\microsoft\\onedrive\\onedrive.exe” \/background DESKTOP-GL90HTS\\catlo HKU\\S-1-5-21-945171952-243697559-165242251-1001\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
\nSecurityHealth %windir%\\system32\\securityhealthsystray.exe Public HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
\nWindowsDefender “%programfiles%\\windows defender\\msascuil.exe” Public HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run<\/p>\n
No Network Connections – showing at all
\na ZILLION Loaded Modules including
\nbridgecommunication 1.20.1790.0 444.27 KB (454,928 bytes) 3\/27\/2020 5:47 PM HP Inc. c:\\windows\\system32\\driverstore\\filerepository\\hpcustomcapcomp.inf_amd64_79c5c41204d03777\\x64\\bridgecommunication.exe<\/p>\n
startmenuexperiencehost Not Available 921.80 KB (943,928 bytes) 4\/1\/2020 10:12 AM Not Available c:\\windows\\systemapps\\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\\startmenuexperiencehost.exe
\nSystem.Runtime.InteropServices.WindowsRuntime.ni 4.8.3752.0 9.00 KB (9,216 bytes) 2\/29\/2020 7:42 PM Not Available c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.runtbff93e24#\\7fd43d0605b1366bc071e2bbdde312cf\\system.runtime.interopservices.windowsruntime.ni.dll<\/p>\n
virtualmonitormanager Not Available 92.50 KB (94,720 bytes) 3\/18\/2019 11:59 PM Not Available c:\\windows\\system32\\virtualmonitormanager.dll
\ntaskflowui Not Available 2.75 MB (2,880,000 bytes) 12\/25\/2019 9:31 AM Not Available c:\\windows\\shellcomponents\\taskflowui.dll
\nRtkAudUService64 1.0.205.1 909.78 KB (931,616 bytes) 4\/29\/2019 3:20 PM Realtek Semiconductor c:\\windows\\system32\\rtkauduservice64.exe<\/p>\n
winsqlite3 3.25.3.0 854.41 KB (874,912 bytes) 3\/18\/2019 11:44 PM SQLite Development Team c:\\windows\\system32\\winsqlite3.dll<\/p>\n
icu 63.1.0.0 2.21 MB (2,321,408 bytes) 6\/21\/2019 2:55 PM The ICU Project c:\\windows\\system32\\icu.dll<\/p>\n
PLUS many many Windows Error Reporting<\/p>\n
5\/7\/2020 5:25 PM Application Hang The program WindowsInternal.ComposableShell.Experiences.TextInput.InputApp. version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3f44 Start Time: 01d6241d299a8098 Termination Time: 4294967295 Application Path: C:\\Windows\\SystemApps\\InputApp_cw5n1h2txyewy\\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe Report Id: 6c889094-50db-4849-8630-685445ef2bde Faulting package full name: InputApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce<\/p>\n
5\/7\/2020 3:45 AM Application Error Faulting application name: svchost.exe_TokenBroker, version: 10.0.18362.1, time stamp: 0x32d6c210 Faulting module name: combase.dll, version: 10.0.18362.815, time stamp: 0x0611db4a Exception code: 0xc0000602 Fault offset: 0x000000000001e445 Faulting process id: 0x2654 Faulting application start time: 0x01d6227177dff4c7 Faulting application path: C:\\windows\\system32\\svchost.exe Faulting module path: C:\\windows\\System32\\combase.dll Report Id: 17426cfa-64ea-431d-aff6-52e38693b485 Faulting package full name: Faulting package-relative application ID:<\/p>\n
5\/7\/2020 5:24 PM Application Error Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x5e708f15 Faulting module name: ucrtbase.dll, version: 10.0.18362.815, time stamp: 0x32a6df9a Exception code: 0xc0000409 Fault offset: 0x000000000006db9e Faulting process id: 0x2738 Faulting application start time: 0x01d62422db21742f Faulting application path: C:\\windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe Faulting module path: C:\\windows\\System32\\ucrtbase.dll Report Id: a072e49c-db70-4b45-93d1-1934d10a80dc Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"iawp_total_views":5},"question-category":[56],"question_tags":[],"class_list":["post-10276","question","type-question","status-publish","hentry","question-category-security"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question\/10276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question"}],"about":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/types\/question"}],"author":[{"embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/comments?post=10276"}],"wp:attachment":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/media?parent=10276"}],"wp:term":[{"taxonomy":"question-category","embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question-category?post=10276"},{"taxonomy":"question_tags","embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question_tags?post=10276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}