New system already REMOTELY controlled

May 11, 2020 at 23:40:07
Specs: Windows , AMD Athlon 300U w/ Radeon Vega Mobile Gfx / 8 GB (5.93 usable)
New system setup- ALREADY under remote control PLEASE HELP
I just got New HP Touchscreen Desktop All in One. / seems connected/running Windows NT ?


sys info...
Installed Physical Memory (RAM) = 8.00 GB
Available Physical Memory = 1.19 GB
Total Virtual Memory = 9.68 GB
Available Virtual Memory = 2.32 GB
Page File Space 3.75 GB
Hardware Abstraction Layer= Version "10.0.18362.752"
SMBIOS version was changed
Hyper-V-VM Monitor Mode Extensions value = Yes
Hyper-V-Second Level address Translation Extensions value = Yes
Hyper-V- Virtualization Enabled in Firmware value = No
Hyper-V- Data Execution Protection value = Yes

**msg from manufacturer HP Assistant - says warning your firewall is not enabled. We recommend using one or at least turn on Windows Defender...so i go to turn on Windows Defender and it displays as if it is already on.

Feel dumb - I'm CompTIA Certified (for yrs not @ Expert level = just basic) but still cannot figure out how this happens everytime. I believe (may not be true) but at set up something must auto start..or maybe really i did hacked/controlled IMMEDIATELY upon going to the internet to do System Updates . How can that be avoided - need the many updates req'd even at initial set up.

I was so excited but whenever i get a new pc or laptop i start up do updates and SOON thereafter are issues. So i waited 2 yrs - tried again. Followed ALL recommended set up steps..yet here again. SAME ISSUES

I will notice small things here and there..so prompted me to search my PC files. Sure enough i discovered log files, when i try to view says I do not have access. (ie-1) PCR7 Config state & Device Encryption Support both state Elevation Req'd to view 2) BIOS Version date, SMBIOS Version & Embedded Controller date all appear w/ different font than everything else 3) Secure Boot State, Kernel DMA Protection, Virtualization-based Security turned off CANNOT enable, "But there were MANY Notepad documents that I was able to access.

So basically i think i became part of remote network. The overlay looks like Windows 10 but diff slightly.

There are logs for everything. So i believe they had logs provide details for my system then created scripts/programs whatever the term may be to change that.

User ACLS limits me to certain things.

Crazy BUT how to i set up correctly - there is no tower as All-in-One so wouldnt be able to get CMOS.. No recovery disks ,,,dont wanna pay $60 to get them.

Can ANYONE help & direct me? Even for a nominal fee - I WILL PAY I had rootkit on last laptop...went mad from 3 yrs trying to remove -while most thought in my head. I have the logs which show me everything..the more i search the more i discover has changed configurations. Microsoft Sevices, added many start up programs added & also MUCH has been stopped/disbled like the System Protect an the AuthLogon..I could go on and on.

Now i will not go through that...if i have to use my Brand New Desktop being remote controlled by someone I will. Im not giving years of my life away anymore..it wasnt worth the peace of mind i have from the fear that i cant control my system and that means someone else cam & has THAT QUICKLY after initial set up//how do they find me so fast? could be default apps/programs installed in default? I work as a Senior Sup & Tech Support At-Home- Advisor for 2 years..but this is above my skill level & paygrade. (is this type skill under a networking certification or Microsoft). Im lost
#Dumbfounded & Disgusted

[Not sure if the config details are correct, they are what is 'displayed' to me. 64 Bit Op Sys but EVERYTHING changed & runs under 32 bit duplicate file exe files, even Displayed Font looks slight diff (ie -in Control Panel> System and Security > System)

My network Internet set on Public network profile. i have one pc but nonetheless unable to change options to make a home network even if i wanted to. THIS IS BS. I think of the millions who set up a new pc and never even notice these small type changes / even typos in Bios...how would they if you dont know where to look or recognize if you did.

sys info...
Installed Physical Memory (RAM) = 8.00 GB
Available Physical Memory = 1.19 GB
Total Virtual Memory = 9.68 GB
Available Virtual Memory = 2.32 GB
Page File Space 3.75 GB
Hardware Abstraction Layer= Version "10.0.18362.752"
SMBIOS version was changed
Hyper-V-VM Monitor Mode Extensions value = Yes
Hyper-V-Second Level address Translation Extensions value = Yes
Hyper-V- Virtualization Enabled in Firmware value = No
Hyper-V- Data Execution Protection value = Yes

3 partitions
SCSI -Microsoft iSCSI Initator - PNP Device ID ROOT\ISCSIPRT\0000 (0000 in diff font)
Microsoft Storage Spaces Controller ROOT\SPACEPORT\0000
Modem - NO MODEM listed
Network Adapter - SOOO MANY CONFIGURATIONS ADDED, with Type as NOT AVAILABLE
Network Protocol SO MANY ADDED
BLUETOOTH DEVICE ADDED Personal Area Network
WAN Miniport - MANY MANY added
WinSock C:\windows\SysWOW64\wsock32.dll
many printers added & including Microsoft XPS Document Writer v4 PORTPROMPT: Local Server
OneNote for Windows 10 Microsoft Software Printer Driver Microsoft.Office.OneNote_16001.12730.20190.0_x64__8wekyb3d8bbwe_microsoft.onenoteim_S-1-5-21-945171952-243697559-165242251-1001 Local Server

HARDWARE Resources
Conflicts/Sharing
I/O Port 0x00000000-0x0000000F Direct memory access controller
I/O Port 0x00000000-0x0000000F PCI Express Root Complex

I/O Port 0x0000F000-0x0000FFFF PCI Express Root Port
I/O Port 0x0000F000-0x0000FFFF Realtek PCIe GbE Family Controller

Memory Address 0xFEE00000-0xFFFFFFFF PCI Express Root Complex
Memory Address 0xFEE00000-0xFFFFFFFF Motherboard resources

Memory Address 0xFE800000-0xFE8FFFFF PCI Express Root Port
Memory Address 0xFE800000-0xFE8FFFFF Standard SATA AHCI Controller

Memory Address 0xE0000000-0xEFFFFFFF AMD Radeon(TM) Vega 3 Graphics
Memory Address 0xE0000000-0xEFFFFFFF PCI Express Root Port
Memory Address 0xE0000000-0xEFFFFFFF PCI Express Root Complex

Memory Address 0xFE500000-0xFE7FFFFF PCI Express Root Port
Memory Address 0xFE500000-0xFE7FFFFF AMD USB 3.10 eXtensible Host Controller - 1.10 (Microsoft)

Memory Address 0xFEA00000-0xFEAFFFFF PCI Express Root Port
Memory Address 0xFEA00000-0xFEAFFFFF Realtek PCIe GbE Family Controller

IRQ 0 High precision event timer
IRQ 0 System timer

SOFTWARE ENVIRONMENT
System Drivers - A million listed

Environment Variables
ComSpec %SystemRoot%\system32\cmd.exe <SYSTEM>
DriverData C:\Windows\System32\Drivers\DriverData <SYSTEM>
NUMBER_OF_PROCESSORS 4 <SYSTEM>
OneDrive C:\Users\catlo\OneDrive DESKTOP-GL90HTS\catlo
OneDriveConsumer C:\Users\catlo\OneDrive DESKTOP-GL90HTS\catlo
OnlineServices Online Services <SYSTEM>
OS Windows_NT <SYSTEM>
Path C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ <SYSTEM>
Path %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; NT AUTHORITY\SYSTEM
Path %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; DESKTOP-GL90HTS\catlo
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC <SYSTEM>
platformcode 1M <SYSTEM>
PROCESSOR_ARCHITECTURE AMD64 <SYSTEM>
PROCESSOR_IDENTIFIER AMD64 Family 23 Model 24 Stepping 1, AuthenticAMD <SYSTEM>
PROCESSOR_LEVEL 23 <SYSTEM>
PROCESSOR_REVISION 1801 <SYSTEM>
PSModulePath %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules <SYSTEM>
RegionCode NA <SYSTEM>
TEMP %SystemRoot%\TEMP <SYSTEM>
TEMP %USERPROFILE%\AppData\Local\Temp NT AUTHORITY\SYSTEM
TEMP %USERPROFILE%\AppData\Local\Temp DESKTOP-GL90HTS\catlo
TMP %SystemRoot%\TEMP <SYSTEM>
TMP %USERPROFILE%\AppData\Local\Temp NT AUTHORITY\SYSTEM
TMP %USERPROFILE%\AppData\Local\Temp DESKTOP-GL90HTS\catlo
USERNAME SYSTEM <SYSTEM>
windir %SystemRoot% <SYSTEM>

Startup Programs
BtServer "c:\program files (x86)\realtek\realtek bluetooth\btserver.exe" Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HPSEU_Host_Launcher c:\system.sav\util\hpseuhostlauncher.exe DESKTOP-GL90HTS\catlo HKU\S-1-5-21-945171952-243697559-165242251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OneDrive "c:\users\catlo\appdata\local\microsoft\onedrive\onedrive.exe" /background DESKTOP-GL90HTS\catlo HKU\S-1-5-21-945171952-243697559-165242251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SecurityHealth %windir%\system32\securityhealthsystray.exe Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WindowsDefender "%programfiles%\windows defender\msascuil.exe" Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

No Network Connections - showing at all
a ZILLION Loaded Modules including
bridgecommunication 1.20.1790.0 444.27 KB (454,928 bytes) 3/27/2020 5:47 PM HP Inc. c:\windows\system32\driverstore\filerepository\hpcustomcapcomp.inf_amd64_79c5c41204d03777\x64\bridgecommunication.exe

startmenuexperiencehost Not Available 921.80 KB (943,928 bytes) 4/1/2020 10:12 AM Not Available c:\windows\systemapps\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\startmenuexperiencehost.exe
System.Runtime.InteropServices.WindowsRuntime.ni 4.8.3752.0 9.00 KB (9,216 bytes) 2/29/2020 7:42 PM Not Available c:\windows\assembly\nativeimages_v4.0.30319_64\system.runtbff93e24#\7fd43d0605b1366bc071e2bbdde312cf\system.runtime.interopservices.windowsruntime.ni.dll

virtualmonitormanager Not Available 92.50 KB (94,720 bytes) 3/18/2019 11:59 PM Not Available c:\windows\system32\virtualmonitormanager.dll
taskflowui Not Available 2.75 MB (2,880,000 bytes) 12/25/2019 9:31 AM Not Available c:\windows\shellcomponents\taskflowui.dll
RtkAudUService64 1.0.205.1 909.78 KB (931,616 bytes) 4/29/2019 3:20 PM Realtek Semiconductor c:\windows\system32\rtkauduservice64.exe

winsqlite3 3.25.3.0 854.41 KB (874,912 bytes) 3/18/2019 11:44 PM SQLite Development Team c:\windows\system32\winsqlite3.dll

icu 63.1.0.0 2.21 MB (2,321,408 bytes) 6/21/2019 2:55 PM The ICU Project c:\windows\system32\icu.dll

PLUS many many Windows Error Reporting

5/7/2020 5:25 PM Application Hang The program WindowsInternal.ComposableShell.Experiences.TextInput.InputApp. version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3f44 Start Time: 01d6241d299a8098 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe Report Id: 6c889094-50db-4849-8630-685445ef2bde Faulting package full name: InputApp_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce


5/7/2020 3:45 AM Application Error Faulting application name: svchost.exe_TokenBroker, version: 10.0.18362.1, time stamp: 0x32d6c210 Faulting module name: combase.dll, version: 10.0.18362.815, time stamp: 0x0611db4a Exception code: 0xc0000602 Fault offset: 0x000000000001e445 Faulting process id: 0x2654 Faulting application start time: 0x01d6227177dff4c7 Faulting application path: C:\windows\system32\svchost.exe Faulting module path: C:\windows\System32\combase.dll Report Id: 17426cfa-64ea-431d-aff6-52e38693b485 Faulting package full name: Faulting package-relative application ID:

5/7/2020 5:24 PM Application Error Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x5e708f15 Faulting module name: ucrtbase.dll, version: 10.0.18362.815, time stamp: 0x32a6df9a Exception code: 0xc0000409 Fault offset: 0x000000000006db9e Faulting process id: 0x2738 Faulting application start time: 0x01d62422db21742f Faulting application path: C:\windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Faulting module path: C:\windows\System32\ucrtbase.dll Report Id: a072e49c-db70-4b45-93d1-1934d10a80dc Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App



See More: New system already REMOTELY controlled

Reply ↓  Report •

#1
May 12, 2020 at 00:22:01
Way, way too many issues/complications.

Are you capable of doing a clean install?

If so, I will walk you through it.


Reply ↓  Report •

#2
May 12, 2020 at 00:41:12
Agree with Johnw, i would nuke and reinstall.

Reply ↓  Report •

#3
May 12, 2020 at 04:21:47
When I saw John's post I said out loud to myself:
"Very good! That's a really good reply!" Which is to
say, I agree too.

It isn't clear to me what your problems are, but when I
install anything, including an operating system, I always
physically disconnect from the network / Internet first.

-- Jeff, in Minneapolis


Reply ↓  Report •

Related Solutions

#4
May 12, 2020 at 04:29:37
Two things regarding the warning about your firewall not
being enabled: I think that by default, the firewall does not
load until a few minutes after Windows starts. You might
have got the message just after Windows booted. And
Windows Defender might show as not running if you have
not yet downloaded virus definitions for it. It isn't any use
without the definitions, which it wants to update frequently.

-- Jeff, in Minneapolis


Reply ↓  Report •

Ask Question