Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked--now remotely controlled


  • Please log in to reply
3 replies to this topic

#1 me44

me44

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Planet Earth
  • Local time:01:33 AM

Posted 13 July 2014 - 01:57 PM

This is first post after Intro.  The problem is with OS Vista Home Premium 32 and today I can't use the internet with it at all.  However, I have installed Linux 16 Petra Cinnamon 32 disk I've had for a while but not used, so was able to get online with Firefox (it is what I usually use anyway).  That for background.

 

The Vista problem is an old one that I thought I had fixed but no, it is not fixed :lmao:.  In the fixing I went so far as to try to use the Toshiba (this laptop) Factory Reset option, and that is disabled by the remote controller of my Windows system.

 

Next I thought I'll just buy another laptop (theey're lots cheaper these days).  It's an HP.  a mistake I think because it is tied to Microsoft,  Anyway, as I was working with it last night my ISP got changed and I actually saw iit happening on my modem.  [Note: I have only very slow DSL(I'm far from the box for it--very rural here) and live in a  Wi-Fi & cell phone dead zone.].

I was visiting a Youtube site because the HP had to be upgraded from 8 to 8.1.  Screen froze, odd action on modem lights.  was able to determin ISP= 192.168.254.1:524091.  After that, they turned on my webcam that I had turned off and covered with opaque bandage just to be sure.  I cannot access camera on programs list and my computer icon had disappeared from network list.

 

This am contact service provider, then HP tech support.  It was a go-ask-your-father/go-ask-your-mother situation--both said contact the other.

 

I want to recover use of Vista due to work I want to do that requires MSWord.  Please help!

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 AM

Posted 14 July 2014 - 09:11 AM

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 me44

me44
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Planet Earth
  • Local time:01:33 AM

Posted 15 July 2014 - 10:06 AM

I had gone ahead on my own yesterday.

Two computers involved here:  Toshiba Satellite (Vista Home Premium 32) and Brand new (Sat Jul 12) HP 15 notebook

 

Toshiba I am using now with Linux Petra Mint Cinnamon because Vista is hijacked and clearly has bootkit and has disabled Toshiba Factory Restore and I have no disks for that but can get later.

 

For now I want to focus on the new HP.  Though it comes with McAfee (grrr) preinstalled, the HP was hijacked by the remote controller while I was on a Youtube site.  Screen froze, weird light action on my DSL router, I unplugged cable, but too late.( I've not used that notebook on internet since hijacked.)  There are various signs this had happened and I have an XML file that I captured at the time:

XML file

<root><specVersion><major>1</major><minor>0</minor></specVersion><INMPR03>1.0</INMPR03><device><dlna:X_DLNADOC>DMS-1.50</dlna:X_DLNADOC><intel_nmpr:X_INTEL_NMPR>2.0</intel_nmpr:X_INTEL_NMPR><deviceType>urn:schemas-cyberlink-com:device:SparkDevice:1</deviceType><friendlyName>Woods</friendlyName><manufacturer>CyberLink Corporation</manufacturer><manufacturerURL>http://www.cyberlink.com</manufacturerURL><modelDescription>CyberLink UPnP Media Server</modelDescription><modelName>CyberLink Media Server</modelName><modelNumber>12.0</modelNumber><modelURL>http://www.cyberlink.com</modelURL><serialNumber>000001</serialNumber><UDN>uuid:a491c6fa-0b9f-75f5-08ca-74eb9b36c3de</UDN><presentationURL>/</presentationURL><iconList><icon><mimetype>image/jpeg</mimetype><width>48</width><height>48</height><depth>24</depth><url>Root_MediaServer_SML.JPG</url></icon><icon><mimetype>image/jpeg</mimetype><width>120</width><height>120</height><depth>24</depth><url>Root_MediaServer_LRG.JPG</url></icon><icon><mimetype>image/png</mimetype><width>48</width><height>48</height><depth>24</depth><url>Root_MediaServer_SML.PNG</url></icon><icon><mimetype>image/png</mimetype><width>120</width><height>120</height><depth>24</depth><url>Root_MediaServer_LRG.PNG</url></icon></iconList></device></root>

 

><>  ><>   ><> end of xml file <><   <><   <><

 

Yesterday I revisite here at  bleepin' and then downloaded:  MiniToolbox (hooray for that one); tdsskiller; malwarebytes; rkill; SUPERspy onto a jump drive.

 

Only MiniTool did anything, but it was wonderful!  The others found nothing. 

 

Log file:

 

MiniToolBox by Farbar  Version: 06-07-2014
Ran by Annie (administrator) on 14-07-2014 at 15:50:20
Running from "G:\"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================  
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================  
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188EE 802.11bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Woods
   Primary Dns Suffix  . . . . . . . :  
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 54-35-30-13-63-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 54-35-30-13-63-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.invalid
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : A0-1D-48-0C-D6-71
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :  
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...54 35 30 13 63 b4 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...54 35 30 13 63 b4 ......Realtek RTL8188EE 802.11bgn Wi-Fi Adapter
  3...a0 1d 48 0c d6 71 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/13/2014 00:27:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: Camera.exe, version: 6.3.9600.16384, time stamp: 0x5215f853
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.16384, time stamp: 0x5215e763
Exception code: 0xc0000005
Fault offset: 0x000000000063d95f
Faulting process id: 0x1da0
Faulting application start time: 0xCamera.exe0
Faulting application path: Camera.exe1
Faulting module path: Camera.exe2
Report Id: Camera.exe3
Faulting package full name: Camera.exe4
Faulting package-relative application ID: Camera.exe5
 
Error: (07/13/2014 00:25:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: Camera.exe, version: 6.3.9600.16384, time stamp: 0x5215f853
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.16384, time stamp: 0x5215e763
Exception code: 0xc0000005
Fault offset: 0x000000000063d95f
Faulting process id: 0x1ef4
Faulting application start time: 0xCamera.exe0
Faulting application path: Camera.exe1
Faulting module path: Camera.exe2
Report Id: Camera.exe3
Faulting package full name: Camera.exe4
Faulting package-relative application ID: Camera.exe5
 
Error: (07/13/2014 00:24:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: Camera.exe, version: 6.3.9600.16384, time stamp: 0x5215f853
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.16384, time stamp: 0x5215e763
Exception code: 0xc0000005
Fault offset: 0x000000000063d95f
Faulting process id: 0x1390
Faulting application start time: 0xCamera.exe0
Faulting application path: Camera.exe1
Faulting module path: Camera.exe2
Report Id: Camera.exe3
Faulting package full name: Camera.exe4
Faulting package-relative application ID: Camera.exe5
 
Error: (07/12/2014 11:40:19 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: 681f25f7-0a3f-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
Error: (07/12/2014 11:25:19 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: 4fc393d8-0a3d-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
Error: (07/12/2014 11:10:19 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: 37450c36-0a3b-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
Error: (07/12/2014 10:55:11 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: 19fcc2b6-0a39-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
Error: (07/12/2014 10:40:19 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: 065c45b4-0a37-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
Error: (07/12/2014 10:27:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.16384, time stamp: 0x5215d75e
Faulting module name: FileManagerApp.dll, version: 6.3.9600.16384, time stamp: 0x5215d6ba
Exception code: 0xc0000005
Fault offset: 0x00000000000dbe24
Faulting process id: 0x904
Faulting application start time: 0xPhotosApp.exe0
Faulting application path: PhotosApp.exe1
Faulting module path: PhotosApp.exe2
Report Id: PhotosApp.exe3
Faulting package full name: PhotosApp.exe4
Faulting package-relative application ID: PhotosApp.exe5
 
Error: (07/12/2014 10:25:19 PM) (Source: Application Hang) (User: )
Description: The program Box.exe version 1.6.3.1920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 19bc
 
Start Time: 01cf9e2ee7d722e0
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe
 
Report Id: edf563a4-0a34-11e4-825d-a01d480cd671
 
Faulting package full name: 134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee
 
Faulting package-relative application ID: Box
 
 
System errors:
=============
Error: (07/14/2014 03:03:42 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (07/13/2014 00:53:55 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (07/13/2014 00:52:41 AM) (Source: DCOM) (User: Woods)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (07/12/2014 07:34:35 PM) (Source: Schannel) (User: Woods)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (07/12/2014 07:34:35 PM) (Source: Schannel) (User: Woods)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
 
Error: (07/12/2014 07:34:07 PM) (Source: Schannel) (User: Woods)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (07/12/2014 07:34:07 PM) (Source: Schannel) (User: Woods)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
 
Error: (07/12/2014 07:06:18 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (07/13/2014 02:04:22 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2014 01:23:00 AM) (Source: DCOM) (User: Woods)
Description: {20966775-18A4-4299-B8E3-772C336B52A7}
 
 
Microsoft Office Sessions:
=========================
Error: (07/13/2014 00:27:00 AM) (Source: Application Error)(User: )
Description: Camera.exe6.3.9600.163845215f853Windows.UI.Xaml.dll6.3.9600.163845215e763c0000005000000000063d95f1da001cf9e52b050b0feC:\Windows\Camera\Camera.exeC:\Windows\System32\Windows.UI.Xaml.dllee2f4d50-0a45-11e4-825d-a01d480cd671
 
Error: (07/13/2014 00:25:24 AM) (Source: Application Error)(User: )
Description: Camera.exe6.3.9600.163845215f853Windows.UI.Xaml.dll6.3.9600.163845215e763c0000005000000000063d95f1ef401cf9e527720e474C:\Windows\Camera\Camera.exeC:\Windows\System32\Windows.UI.Xaml.dllb4ff81b2-0a45-11e4-825d-a01d480cd671
 
Error: (07/13/2014 00:24:59 AM) (Source: Application Error)(User: )
Description: Camera.exe6.3.9600.163845215f853Windows.UI.Xaml.dll6.3.9600.163845215e763c0000005000000000063d95f139001cf9e5267f26dffC:\Windows\Camera\Camera.exeC:\Windows\System32\Windows.UI.Xaml.dlla5fe58f4-0a45-11e4-825d-a01d480cd671
 
Error: (07/12/2014 11:40:19 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe681f25f7-0a3f-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
Error: (07/12/2014 11:25:19 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe4fc393d8-0a3d-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
Error: (07/12/2014 11:10:19 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe37450c36-0a3b-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
Error: (07/12/2014 10:55:11 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe19fcc2b6-0a39-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
Error: (07/12/2014 10:40:19 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exe065c45b4-0a37-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
Error: (07/12/2014 10:27:30 PM) (Source: Application Error)(User: )
Description: PhotosApp.exe6.3.9600.163845215d75eFileManagerApp.dll6.3.9600.163845215d6bac000000500000000000dbe2490401cf9e321db1aa78C:\Windows\FileManager\PhotosApp.exeC:\Windows\FileManager\FileManagerApp.dll3cdd2ec5-0a35-11e4-825d-a01d480cd671FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
Error: (07/12/2014 10:25:19 PM) (Source: Application Hang)(User: )
Description: Box.exe1.6.3.192019bc01cf9e2ee7d722e04294967295C:\Program Files\WindowsApps\134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmee\Box.exeedf563a4-0a34-11e4-825d-a01d480cd671134D4F5B.Box_1.6.3.1920_neutral__2qk4zy5s3qmeeBox
 
 
 
=========================== Installed Programs ============================
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30925 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{19C397A1-9C70-119F-E3BF-752C432FD217}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AMD Start Now (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3303 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3416 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3418 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.2.3302 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 12.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP SimplePass (Version: 8.00.57 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.414 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 3537.01 MB
Available physical RAM: 1787.93 MB
Total Pagefile: 4881.01 MB
Available Pagefile: 2623.76 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.65 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:446.78 GB) (Free:417.7 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:18.21 GB) (Free:1.82 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (CRUZER) (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\Woods
 
Administrator            Annie                    Guest                     
 
 
**** End of log ****

 

 

 

After that I did some checking in System Management.  Things I found:

 

Hijacker had installed on THEIR system:  my laptop (Woods), USB mouse-- plus fax, HP eprinter, MicroXPS Doc Writer

The only thing I had installed on my laptop by then was the USB mouse.  I've never had a fax machine and had not installed my HP printer, yet and still haven't.

 

In some logs I found after MiniTool had flushed these guys! ( I tried to copy/paste logs, but no good),  I did discover three remote computers in the various logs:  1.  WIN-FTEK701MUF  2.  WIN-LQ0GBT7T6AK  3.  WINHEWL-JF97156.

 

I discovered also an agent SID that had been disabled:  S-1-5-21-1723032184-891109090-3595711881-500

 

In Computer Management there are 2 sectors inserted before the Windows (C:) main harddrive:  1) 400MB  2)260MB on E:, theDVD drive.   Two partitions after Windows C:  1) Recovery Partition  2)  EFI System Partition, in that order.

 

Before this I had made the 4-disk Recovery disks that are available on that notebook. 

 

At this point, since there is nothing much I would miss loaded onto this HP-nothing much to back up, would it be best for me to just go ahead and use the recovery disks and start over?  But how to prevent getting hijacked again?

 

Oh, and this morning I reset my router just in case it was part of the problem.

 

Thank you and all for this site.



#4 me44

me44
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Planet Earth
  • Local time:01:33 AM

Posted 15 July 2014 - 07:39 PM

Alas, one cannot use recovery disks if dvd drive is included in hijack.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users