Jump to content

NoelC

Member
 View Profile  See their activity

  • Posts

    5,142

  • Joined

  • Last visited

  • Days Won

    9

  • Donations

    0.00 USD 

  • Country

    United States

 Content Type 

Posts posted by NoelC

    Windows XP is still king

    in Windows XP

    Posted · Edited by NoelC

    It's the case with any system that's not mainstream - a smaller collection of targets means the malware developers don't work as hard to attack.  The payoff is just not as large.

    It's also true that non-mainstream systems won't be compatible with as many current applications...  That's bad if "current" is generally considered "better"...

    However, this idea puts those of us refusing to run Windows 10 in maybe not such a bad position:  I for one find I don't WANT to run Modern Apps nor do I want any of the new "features" such as OneDrive/sync, cloud integration, constant updates, Edge, etc. - since there's nothing in that realm that I've been impressed by so far.  If the newest and latest malware concentrates more and more on Windows 10, voila, just using an older system that's no longer in the mainstream is a Good Thing a couple of different ways...

    -Noel

    2

    Gotcha / Glitch after December Windows 8.1 Updates

    in Windows 8

    Posted

    For my main workstation earlier this month I brought in the latest full set of Windows 8.1 patches (minus a few that were hidden months/years ago that are probably not even applicable/visible any more, such as the GWX update).  Note that there were no January updates, per se, for Windows 8.1, just those from December.  Yes, I waited a while before allowing them.

    My system seems to work with these updates in (it's been running solidly for weeks now) but one thing I noticed is that the December update broke System Protection (i.e., the System File Checker - SFC /VERIFYONLY and SFC /SCANNOW - would fail).

    I got to the bottom of it.  There was something wrong with the servicing database entry for, of all things, "Sound Recorder.lnk" - which showed up as "hash doesn't match actual file" messages for several different copies.  This was the key blob of messages in C:\Windows\Logs\CBS\CBS.log that revealed the problem: 

    2017-01-30 16:14:48, Info                  CSI    00000976 [SR] Verify complete

2017-01-30 16:14:48, Info                  CSI    00000977 [SR] Repairing 1 components

2017-01-30 16:14:48, Info                  CSI    00000978 [SR] Beginning Verify and Repair transaction

2017-01-30 16:14:48, Info                  CSI    00000979 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.3.9600.17415_none_9014408a06a0ccbb\Sound Recorder.lnk do not match actual file [l:36{18}]"Sound Recorder.lnk" :
  Found: {l:32 b:v0WEU04aXPq6p2n0N0VxZtp8AvDkGMPzXNwgdRtZRx0=} Expected: {l:32 b:lZzTQXwor5OIEqh3ok3qxjkPmzaWxMQ+XuQmVbN7wtk=}

2017-01-30 16:14:48, Info                  CSI    0000097a [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2017-01-30 16:14:48, Info                  CSI    0000097b Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.3.9600.17415_none_9014408a06a0ccbb\Sound Recorder.lnk do not match actual file [l:36{18}]"Sound Recorder.lnk" :
  Found: {l:32 b:v0WEU04aXPq6p2n0N0VxZtp8AvDkGMPzXNwgdRtZRx0=} Expected: {l:32 b:lZzTQXwor5OIEqh3ok3qxjkPmzaWxMQ+XuQmVbN7wtk=}

2017-01-30 16:14:48, Info                  CSI    0000097c [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2017-01-30 16:14:48, Info                  CSI    0000097d [SR] This component was referenced by [l:166{83}]"Package_1133_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3321_neutral_GDR"

2017-01-30 16:14:48, Info                  CSI    0000097e Hashes for file member \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk do not match actual file [l:36{18}]"Sound Recorder.lnk" :
  Found: {l:32 b:v0WEU04aXPq6p2n0N0VxZtp8AvDkGMPzXNwgdRtZRx0=} Expected: {l:32 b:lZzTQXwor5OIEqh3ok3qxjkPmzaWxMQ+XuQmVbN7wtk=}

2017-01-30 16:14:48, Info                  CSI    0000097f Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.3.9600.17415_none_9014408a06a0ccbb\Sound Recorder.lnk do not match actual file [l:36{18}]"Sound Recorder.lnk" :
  Found: {l:32 b:v0WEU04aXPq6p2n0N0VxZtp8AvDkGMPzXNwgdRtZRx0=} Expected: {l:32 b:lZzTQXwor5OIEqh3ok3qxjkPmzaWxMQ+XuQmVbN7wtk=}

2017-01-30 16:14:48, Info                  CSI    00000980 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:36{18}]"Sound Recorder.lnk"; source file in store is also corrupted

2017-01-30 16:14:48, Info                  CSI    00000981 [SR] Repair complete

    It's pretty clear it was Microsoft's fault, as implied by the last few words of the "Could not..." message near the end: 

    ...source file in store is also corrupted

    If this happens to you, or you have uncorrectable errors reported by SFC /SCANNOW, it's often a pretty easy fix.  The following commands will generally fix a system right up - they cleared the problem for me: 

    DISM /Online /Cleanup-Image /RestoreHealth

SFC /SCANNOW

    The first command updates the servicing database, the second corrects the detected problems with the newly updated data.  Note that these commands take a long while to run.  For more info:  https://technet.microsoft.com/en-us/library/hh824869.aspx

    Now I'm back to passing an SFC /VERIFYONLY check with flying colors and all is right with the Windows I choose to continue to use.

    -Noel

    1

    Official - Windows 10 Worst Crap Ever!

    in Windows 10

    Posted

    8 hours ago, kosamja said:

    Can you make a list of things that cannot be changed in windows 10 since I didnt encounter such problem. Metro still can be completely disabled (for now), start menu, explorer and taskbar can easily be made to look like windows 7 (thanks to 3rd party tools), open with dialog can easily be replaced... I didnt even encounter any problem even after disabling large number of services (I only have 37 services enabled).

    We're birds of a feather...  I have done a similar thing, to make Windows 10 ALMOST good enough to use (as I think xpclient has as well). 

    But Windows 10 is still just *not quite* as good when the dust settles as a similarly tweaked Windows 8.1 or 7 system.  There are just things that don't work - for example current display drivers being made by ATI are dumbed down to Windows 10's level and have fewer features, making using it on my multi-monitor setup impossible for me.

    But the worst of it is that Microsoft is asserting control.  They don't WANT you doing what you did.  Therefore, they're making it much harder to do it and you HAVE to do it over and over, up to a couple of times a year when they release a new "version".  I don't know about you, but I'm getting fricking tired of having to undo their crap over and over again to make Windows usable.  And you should know I was once a rabid tweaker who loved doing this stuff.  So for me it remains a well-understood curiosity in a virtual machine.  The physical computer I need to get work done on is still running Windows 8.1, heavily tweaked.

    -Noel

    0

    Disable services list/program?

    in Windows 10

    Posted

    As an extra layer of protection to shut out Microsoft's spying you could blacklist (via DNS) a list of Microsoft servers such as the following.

    (Bear in mind this list is accumulated from many sources over time, and I find it to work for me; since none of us does the same things it might block something that you find important or rely upon; be careful.  I offer no guarantees that it's complete, but it's a good start.)

    • ac3.msn.com
    • blu405-m.hotmail.com
    • bn2-s.gateway.messenger.live.com
    • bn2.skype.msnmessenger.msn.com.akadns.net
    • choice.microsoft.com
    • choice.microsoft.com.nstac.net
    • client-s.gateway.messenger.live.com
    • cm.ac3.msn.com
    • compatexchange.cloudapp.net
    • corp.sts.microsoft.com
    • corpext.msitadfs.glbdns2.microsoft.com
    • cs1.wpc.v0cdn.net
    • diagnostics.support.microsoft.com
    • feedback.search.microsoft.com
    • feedback.windows.com
    • i1.services.social.microsoft.com
    • i1.services.social.microsoft.com.nsatc.net
    • iecvlist.microsoft.com
    • ieonline.microsoft.com
    • m.hotmail.com
    • pre.footprintpredict.com
    • r20swj13mr.microsoft.com
    • s.gateway.messenger.live.com
    • settings-sandbox.data.microsoft.com
    • spynet2.microsoft.com
    • spynetalt.microsoft.com
    • statsfe2.update.microsoft.com
    • survey.watson.microsoft.com
    • watson.live.com
    • watson.microsoft.com
    • wdcp.microsoft.com
    • wdcpalt.microsoft.com
       
      (wildcarded entries follow; these cannot be done in hosts)
       
    • a-*.a-msedge.net
    • *settings-win.data.microsoft.com
    • *telemetry*microsoft*
    • *smartscreen*Microsoft*
    • *vo.msecnd.net
    • vortex*
    • *vortex.data.microsoft.com
    • *vortex-win.data.microsoft.com

    The above excludes Microsoft but isn't really a complete approach in the grander sense...  If you browse online, lots of people try to track your browsing, send you cookies, try to run things on your system...  Those are invasions of privacy too.

    I personally have, at the moment, 57,000+ blacklisted individual server names and 22,000+ blacklisted domains (wildcarded URLs) that no system on my premises is allowed to visit.  As a result, nobody tracks me or sends me ads and my browsers will simply not visit many bad sites.  My lists evolve daily based on online sources of anti-ad/anti-tracking/anti-malware blacklists.

    I use a specially crafted version of the open source package Dual DHCP/DNS Server to be able to override DNS requests locally.

    For more on blacklisting by locally resolving DNS see my posting at the following...

    http://win10epicfail.proboards.com/post/2284/thread

    -Noel

    0

    Official - Windows 10 Worst Crap Ever!

    in Windows 10

    Posted

    From the "Worst Crap Ever for Business Usage" department...

    As of now, though there's a fix in the works, a user with Windows 10 "Anniversary" can't actually create a folder on a network server (with indexing active) and name it what they want.

    Some threads by IT pros describing the problem...

    https://social.technet.microsoft.com/Forums/en-US/b72c763e-d029-4e65-a2dc-885a5aabf643/problem-creatingrenaming-a-folder-on-a-network-share-with-win10-anniversary-update-error?forum=win10itpronetworking

    https://social.technet.microsoft.com/Forums/en-US/276c3ef2-e58e-490c-9736-4fa39983ee2d/problem-creatingrenamingdeleting-a-folder-on-a-network-share-or-mapped-drive-w-win10-anniversary?forum=win10itpronetworking

    https://social.technet.microsoft.com/Forums/en-US/029b7a18-5759-4c32-ad8a-48fdbb77744c/problem-creatingrenaming-a-folder-on-a-network-share-with-win10-anniversary-update-error?forum=win10itpronetworking

    Oops, could it be that consumers testing pre-releases of an operating system for free don't actually cover all of the needs of serious business usage?

    -Noel

    0

    Official - Windows 10 Worst Crap Ever!

    in Windows 10

    Posted

    13 hours ago, vinifera said:

    lol wait wait

    does that screenshot show how a pinned icon now acts like ex-notification bar ?
    and even worse spams adverts on its own ?

    Heh heh heh, for decades get people used to looking at balloon pop-ups like they mean something important, then substitute ads.

    And worse, I doubt very much Chrome is putting up an ad for Microsoft's Shopping Assistant.  That's got to be the OS adding that.

    I can't help but think this is going to cause a pent up demand for an OS without ads that you can actually pay for.  But we can be sure they're planning to just lease it to you for a monthly charge instead of selling licenses again.

    -Noel

    0

    Windows XP is still king

    in Windows XP

    Posted

    5 hours ago, Mathwiz said:

    These are not mutually exclusive ideas.

    Certainly not.  And if only patching didn't come with any risk or downsides it'd be an easy choice.  We just need to be able to trust the people doing the patching.  That's not as easy as it once was.

    Never forget that patches could introduce other vulnerabilities, instability, or loss of efficiency.  Possibly more problems than were originally left in and exploited.  The authors caused the vulnerabilities and there's no guarantee they do perfect work when patching.  And let's not forget who laid off their testing staff.

    I'm not saying patching is bad.  It's been generally good; updated systems are generally better than those out of the loop.  It's just that it needs to be considered for what it really is, not some oversimplified ideal.

    -Noel

    1

    Windows XP is still king

    in Windows XP

    Posted

    Relying on patching is penny wise and pound foolish stuff, and it puts you under Microsoft's thumb.

    Experience has shown me that it's far better to configure systems to avoid visiting the places that present attempts to compromise your browser - whatever one, and however patched - than to trust that all the vulnerabilities have been found (by the Microsoft or OpenSSL teams).  And if you do happen somehow manage to visit a bad site (e.g., because your blacklist is imperfect), avoid downloading the components that will infect you.

    It's like getting bullet-proof glass for your car then driving through the worst neighborhood and hoping nothing gets through - opposed to just not driving there.

    Regarding security breaches through monitoring your communications, the hypothetical likelihood of a determined attacker monitoring and decrypting your comms - vs. discovering some other id*** user's password is still "123456" or "password" seems a bit remote.

    -Noel

    0

    Windows XP is still king

    in Windows XP

    Posted · Edited by NoelC

    6 hours ago, JodyT said:

    Of course, using Internet Explorer on Windows XP might be a no-no, since it's version 8 ...lol.  But yes, IE 11 gets the shaft for no good reason.  A good browser.

    :)

    Not to be argumentative here, but...

    I used IE exclusively back when I actively ran XP - from 2001 to 2006.  I never got infected.  Are you saying there are new threats that have been specifically crafted against IE8 since XP was in common use?

    I've just booted up my XP VM to take a look around and make sure I was remembering correctly......  IE8 has the same ability the modern IE releases have to do things like disable ActiveX in the Internet Zone.  I'm afraid I have to stick to my statement:  If you leave IE set to defaults, you're taking risks.  If you set it rationally, not so much.

    IESettings.png

    Thing is - security issues aside - I suspect many modern web sites use glitzy new features IE8 can't handle, such as HTML5, so the advice to run a modern version of one of the browsers that still support XP is probably a good one for that reason.

    I admit, it is kind of gratifying to see the XP Pro desktop sitting idly with 19 processes using a little over 100 MB of RAM total.  That miserly treatment of RAM certainly was welcome back when RAM was scarce and expensive, and address spaces were limited to 4 GB.  We've gotten used to the newer systems needing 1000 MB or more when idle, but honestly, 1 GB of RAM is now no more of an impact on a well-endowed system than 100 MB was back then, and there are undeniable advantages to 64 bit computing.  And yes, I do remember XP x64 (I ran it for a few years).

    -Noel

    P.S., a side note on security...  I've recently delved into the OpenSSL library because of some issues it caused with my products and I needed to find a bug in the startup code.  That's the security library many, many products rely on for encryption.  I hate to criticize others' code, but it's no panacea of grace and goodness.  The world's security essentially has been running on what I would call junkware code.  And the design decisions the current developers are making are questionable (for example, it's no longer possible to statically link OpenSSL 1.1 into a DLL and have it unload; they've created a setup where the process has to exit before things are uninitialized - ridiculous!).

    It could easily be said that proprietary code (such as is found in the underpinnings of Microsoft's browsers) might be better than what's in OpenSSL.

    1

    Windows XP is still king

    in Windows XP

    Posted

    On ‎1‎/‎17‎/‎2017 at 8:43 PM, sdfox7 said:

    Don't use Internet Explorer!

    I don't agree with that particular advice, because while IE seems insecure right out of the chute, it has a VERY GOOD security model under the covers - it's just set up badly by default.  All it takes is a little reconfiguration to be one of the most secure browsers you could run (take it from someone who's never been infected by anything). 

    And it's still plenty functional and fast.  I was just panning around that gigapixel CNN inauguration image earlier on my 30" monitor.  Smooth and seamless.

    IE gives you control over any number of features (such as running ActiveX, which you should NOT allow) and individual control over Add-ons (of which you should have very few), and zone-based site management (so, for example, you could promote a site you really, really trust to a more permissive zone if absolutely needed).

    Every browser could benefit from implementing a DNS blacklist, and IE is as happy as any to have ad sites, malware sites, tracking sites, etc. fail to resolve.  Frankly I don't know why everyone doesn't do it, though setting up a DNS proxy server is a little bit complex.

    I find IE works faster than the others.  For me, my home page is on screen literally a tiny fraction of a second after I double-click the IE11 icon on my desktop.  Opening the msfn home page takes about 1 second to display.

    I'd certainly agree with the above advice if it were "Don't use Internet Explorer in its default configuration".

    -Noel

    0

    UxTheme Signature Bypass

    in Aero Glass For Windows 8+

    Posted · Edited by NoelC

    That the minidump was in the AeroGlass folder implies it has to do with Aero Glass.  I haven't had it happen again.

    Yes, I do have "Launch folder windows in a separate process".  That has always given a better experience in my observations.

    -Noel

    0

    Official - Windows 10 Worst Crap Ever!

    in Windows 10

    Posted

    On ‎1‎/‎13‎/‎2017 at 10:42 AM, mikedigitize said:

    New see throu browser: opera neon!

    NCOGuBr.jpg

    Heh, massive empty desktop space, and at the same time icon bubbles running off the bottom to where you can't see some of them.  Yep, really seems to hold to the tenets of Windows 10. 

    Bravo, Opera, for embracing the fashion of the future, where all restaurants are Taco Bell!

    taco-bell.jpg

    -Noel

    3

    Windows XP is still king

    in Windows XP

    Posted · Edited by NoelC

    With care and intelligent application of protection (e.g., firewalls, blacklists, behind router, etc.), virtually any operating system can be safe online.  Whether it would be safe in the hands of someone who doesn't know their XP from an Android system is another story.  And at some level, we are all naïve.

    Define "King" in the context of this discussion.  Practically impossible.

    Some might say a 1969 Ford Mustang Boss 429 is still King.  It simply can't be refuted because it's a meaningless statement.

    Maybe "I like Windows xxx best because..." would be the best way to roll forward with this thread.

    Friday the 13th or no, in the wee hours I opted to install the latest Windows Updates for my Windows 8.1 workstation - the main system on which I do work.  Guess what?  It didn't release any magic smoke.  It still works perfectly, based on an entire day's work since.  It's still private and - according to the benchmarks I run after every system change - still efficient.  I don't believe in superstition.  I believe in facts, and I had vetted those updates for more than a month in a virtual machine, as well as read all about them and researched whether others have had any problems that could affect me, as well as having a full backup.  As payment for all that effort I have been rewarded with a system that continues to work fine.

    In my opinion, I prefer (a heavily tweaked and augmented) Windows 8.1, and an intelligently maintained system of any era is still King.

    Meanwhile, it's hard not to like Windows 7 too...  On my small business server humming in the corner, running Windows 7 x64 Ultimate, "trouble free" has literal meaning.  Note the uptime in Task Manager.

    Win7Reliability.png

    -Noel

    0

    Windows XP is still king

    in Windows XP

    Posted

    First and foremost, turn OFF the ability to control the router remotely.  Having the thing present a web interface to anyone in the world is just asking for trouble.

    Then protect it better from access on the LAN/wifi side using a custom account name, a strong password.  Disabling the broadcast of the SSID might discourage opportunists, though nowadays, with Software Defined Radio - based gear and sophisticated sotware, if someone wants to know what's happening on your wifi, a determined radio hacker can do quite a lot.  Then it really comes down to physical security - i.e., if you really don't want your wifi hacked, do/offer no radio comms at all.  You always trade convenience for security.

    -Noel

    0

    UxTheme Signature Bypass

    in Aero Glass For Windows 8+

    Posted · Edited by NoelC

    Here's a weird one...

    As of late last night my Win 10 test system, on which I'm running the Sagorpirbd Aero7 theme, stopped using my theme atlas replacement file for everything.  Thing is, I had been running the released 1.5.2 Aero Glass software for several days successfully. 

    The only change to my system is that I added a couple more disks to my RAID array that holds all my VMs so the disk access speed underpinning the VM might be a little different, changing the timing of the bootup.

    It seems the theme atlas is at least SOMEWHAT used because it's actually working for Modern windows (e.g., Settings, see the screen grab), and for title glow backing (which is dark colored in my theme atlas replacement).

    AfterBootup.png

    If I just add a space after the end of the theme atlas file then delete it, the replacement theme atlas is properly loaded everywhere.

    AfterReselectingAtlasName.png

    Here's the pertinent portion of debug.log, for which I upped the logging level...

    Spoiler 
    
[2017-01-11 12:04:11][0x764:0x768] Machine ID: <REDACTED>
[2017-01-11 12:04:11][0x764:0x768] Checking key <redacted> for ID <REDACTED>...
[2017-01-11 12:04:11][0x764:0x768] Installing DWM hook...
[2017-01-11 12:04:11][0x764:0x768] User: SYSTEM
[2017-01-11 12:04:11][0x764:0x768] Module: C:\AeroGlass\DWMGlass.dll
[2017-01-11 12:04:11][0x764:0x768] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-11 12:04:12][0x260:0x85C] Machine ID: <REDACTED>
[2017-01-11 12:04:12][0x260:0x85C] Checking key <redacted> for ID <REDACTED>...
[2017-01-11 12:04:12][0x260:0x85C] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-11 12:04:12][0x260:0x85C] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-11 12:04:12][0x260:0x85C] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-11 12:04:12][0x260:0x85C] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-11 12:04:12][0x764:0x768] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-11 12:04:12][0x260:0x87C] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-11 12:04:12][0x260:0x87C] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #1
[2017-01-11 12:04:12][0x260:0x87C] dwmcore.dll version 10.0.14393.479
[2017-01-11 12:04:12][0x260:0x87C] udwm.dll version 10.0.14393.0
[2017-01-11 12:04:16][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:16][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:16][0x260:0x33C] Message 0x46, wparam = 0, lparam = 820678490528
[2017-01-11 12:04:16][0x260:0x33C] Message 0x83, wparam = 1, lparam = 820678490480
[2017-01-11 12:04:16][0x260:0x33C] Message 0x47, wparam = 0, lparam = 820678490528
[2017-01-11 12:04:16][0x260:0x33C] Message 0x320, wparam = 723067187, lparam = 1
[2017-01-11 12:04:16][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:16][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:16][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:16][0x260:0x33C] Message 0x31B, wparam = 0, lparam = 0
[2017-01-11 12:04:16][0x260:0x33C] Message 0x31A, wparam = 27066370, lparam = 1
[2017-01-11 12:04:16][0x260:0x33C] Loading settings (flags = 0x4) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:16][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:16][0x260:0x33C] Atlas resource loaded (custom: C:\AeroGlass\RoundedCorners.png)
[2017-01-11 12:04:16][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:04:16][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:04:16][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:04:16][0x260:0x33C] Message 0x320, wparam = 723067187, lparam = 1
[2017-01-11 12:04:16][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:16][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:16][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:17][0x260:0x33C] Message 0x1A, wparam = 24, lparam = 820678490568
[2017-01-11 12:04:17][0x260:0x33C] Message 0x320, wparam = 3813895847, lparam = 1
[2017-01-11 12:04:17][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:17][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:17][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:17][0x260:0x33C] Message 0x1A, wparam = 0, lparam = 820678490536
[2017-01-11 12:04:17][0x260:0x33C] Message 0x320, wparam = 3813895847, lparam = 1
[2017-01-11 12:04:17][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:17][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:17][0x260:0x33C] Message 0x320, wparam = 7378145, lparam = 1
[2017-01-11 12:04:17][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:04:17][0x260:0x33C] Settings reloaded
[2017-01-11 12:04:17][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:17][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:17][0xF80:0xF98] Machine ID: <REDACTED>
[2017-01-11 12:04:17][0xF80:0xF98] Checking key <redacted> for ID <REDACTED>...
[2017-01-11 12:04:17][0xF80:0xF98] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-11 12:04:17][0xF80:0xF98] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-11 12:04:17][0xF80:0xF98] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-11 12:04:17][0xF80:0xF98] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-11 12:04:17][0x260:0x33C] Message 0xC0D1, wparam = 0, lparam = 0
[2017-01-11 12:04:17][0xF80:0xF98] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-11 12:04:19][0x260:0x33C] Message 0xC074, wparam = 0, lparam = 0
[2017-01-11 12:04:19][0x260:0x33C] Message 0x7E, wparam = 32, lparam = 78645120
[2017-01-11 12:04:19][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:04:19][0x260:0x33C] Message 0x1A, wparam = 0, lparam = 0
[2017-01-11 12:04:19][0x764:0x768] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-11 12:04:33][0x260:0x4A8] Allocating class CBlurEffect for D2D 0x000001F74FCDD640
[2017-01-11 12:04:33][0x260:0x4A8] Allocating blur buffer 192 x 192 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:33][0x260:0x4A8] Allocating class CGlassSafetyZoneLayer for D2D 0x000001F74FCDD640
[2017-01-11 12:04:33][0x260:0x4A8] Allocating glass safety zone 192 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:33][0x260:0x4A8] Allocating glass safety zone 8 x 192 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:33][0x260:0x4A8] Allocating glass safety zone 8 x 192 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:33][0x260:0x4A8] Allocating glass safety zone 192 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:34][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:34][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:39][0x260:0x4A8] Allocating blur buffer 294 x 192 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:39][0x260:0x4A8] Allocating glass safety zone 8 x 384 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:39][0x260:0x4A8] Allocating glass safety zone 8 x 384 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:39][0x260:0x4A8] Allocating blur buffer 384 x 192 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:41][0x260:0x4A8] Allocating blur buffer 614 x 554 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:41][0x260:0x4A8] Allocating glass safety zone 8 x 768 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:41][0x260:0x4A8] Allocating glass safety zone 8 x 768 (D2D 0x000001F74FCDD640)
[2017-01-11 12:04:41][0x260:0x4A8] Allocating blur buffer 768 x 576 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:18][0x308:0x304] Machine ID: <REDACTED>
[2017-01-11 12:05:18][0x308:0x304] Checking key <redacted> for ID <REDACTED>...
[2017-01-11 12:05:18][0x308:0x304] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-11 12:05:18][0x308:0x304] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-11 12:05:18][0x308:0x304] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-11 12:05:18][0x308:0x304] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-11 12:05:18][0x308:0x7A8] Loading settings (flags = 0x3) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:05:18][0x308:0x7A8] Settings reloaded
[2017-01-11 12:05:18][0x308:0x7A8] Loading settings (flags = 0x4) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:05:18][0x308:0x7A8] Settings reloaded
[2017-01-11 12:05:18][0x308:0x7A8] Message window 0x000000000005009C: 0
[2017-01-11 12:05:18][0x308:0x7A8] Atlas resource loaded (custom: C:\AeroGlass\RoundedCorners.png)
[2017-01-11 12:05:18][0x308:0x7A8] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-11 12:05:18][0x308:0x7A8] ApplicationFrame.dll version 10.0.14393.0
[2017-01-11 12:05:18][0x308:0x7A8] Symbols loaded from patterns: 0x7
[2017-01-11 12:05:18][0x308:0x7A8] Loading settings (flags = 0x6) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:05:18][0x308:0x7A8] Settings reloaded
[2017-01-11 12:05:18][0x260:0x4A8] Allocating blur buffer 808 x 811 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:18][0x260:0x4A8] Allocating glass safety zone 8 x 960 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:18][0x260:0x4A8] Allocating glass safety zone 8 x 960 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:18][0x260:0x4A8] Allocating blur buffer 960 x 960 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:27][0x260:0x4A8] Allocating class CGlassSafetyZoneLayer for D2D 0x000001F74FCDD640
[2017-01-11 12:05:27][0x260:0x4A8] Allocating glass safety zone 768 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:27][0x260:0x4A8] Allocating glass safety zone 8 x 768 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:27][0x260:0x4A8] Allocating glass safety zone 8 x 768 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:27][0x260:0x4A8] Allocating glass safety zone 768 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:28][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:28][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:51][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:05:51][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:10][0x260:0x33C] Message 0x219, wparam = 7, lparam = 0
[2017-01-11 12:06:10][0x260:0x33C] Message 0x219, wparam = 7, lparam = 0
[2017-01-11 12:06:11][0x260:0x33C] Message 0x1A, wparam = 0, lparam = 820678490568
[2017-01-11 12:06:11][0x260:0x33C] Message 0x219, wparam = 7, lparam = 0
[2017-01-11 12:06:11][0x260:0x33C] Message 0x219, wparam = 7, lparam = 0
[2017-01-11 12:06:11][0x260:0x33C] Message 0x1A, wparam = 0, lparam = 820678490568
[2017-01-11 12:06:19][0x260:0x4A8] Allocating glass safety zone 8 x 960 (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:19][0x260:0x4A8] Allocating glass safety zone 8 x 960 (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:45][0x260:0x4A8] Allocating blur buffer 808 x 1001 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:45][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:45][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:06:45][0x260:0x4A8] Allocating blur buffer 960 x 1152 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:07:00][0x260:0x4A8] Allocating glass safety zone 8 x 1200 (D2D 0x000001F74FCDD640)
[2017-01-11 12:07:00][0x260:0x4A8] Allocating glass safety zone 8 x 1200 (D2D 0x000001F74FCDD640)
[2017-01-11 12:07:29][0x764:0x768] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-11 12:07:30][0x260:0x33C] Message 0xC1C2, wparam = 0, lparam = 0
[2017-01-11 12:07:30][0x260:0x4A8] Allocating blur buffer 1653 x 1001 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:07:30][0x260:0x4A8] Allocating blur buffer 1728 x 1152 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:17][0x260:0x4A8] Allocating glass safety zone 8 x 1200 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:17][0x260:0x4A8] Allocating glass safety zone 8 x 1200 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating class CGlassSafetyZoneLayer for D2D 0x000001F74FCDD640
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 8 x 192 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 8 x 192 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 1920 x 8 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 8 x 576 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:19][0x260:0x4A8] Allocating glass safety zone 8 x 576 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:20][0x260:0x33C] Message 0x31A, wparam = 0, lparam = 0
[2017-01-11 12:14:20][0x260:0x33C] Loading settings (flags = 0x4) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:14:20][0x260:0x33C] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Atlas resource loaded (custom: C:\AeroGlass\RoundedCorners.png )
[2017-01-11 12:14:20][0x260:0x33C] Failed to load custom atlas layout (0x2 - The system cannot find the file specified.), using system theme layout...
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x308:0x7A8] Loading settings (flags = 0x6) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:14:20][0x308:0x7A8] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Message 0x320, wparam = 723067187, lparam = 1
[2017-01-11 12:14:20][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:14:20][0x260:0x33C] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:14:20][0x308:0x7A8] Loading settings (flags = 0x6) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:14:20][0x308:0x7A8] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Message 0x31A, wparam = 0, lparam = 0
[2017-01-11 12:14:20][0x260:0x33C] Loading settings (flags = 0x4) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:14:20][0x260:0x33C] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Atlas resource loaded (custom: C:\AeroGlass\RoundedCorners.png)
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x260:0x4A0] GetThemeStream 0,0,213
[2017-01-11 12:14:20][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:14:20][0x260:0x33C] Message 0x320, wparam = 723067187, lparam = 1
[2017-01-11 12:14:20][0x260:0x33C] Loading settings (flags = 0x2) from HKEY 0x0000000000000384 for session #1
[2017-01-11 12:14:20][0x260:0x33C] Settings reloaded
[2017-01-11 12:14:20][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:14:20][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:20][0x260:0x4A8] Allocating glass safety zone 8 x 1152 (D2D 0x000001F74FCDD640)
[2017-01-11 12:14:20][0x308:0x7A8] Loading settings (flags = 0x6) from HKEY 0x0000000000000228 for session #1
[2017-01-11 12:14:20][0x260:0x33C] Message 0x15, wparam = 0, lparam = 0
[2017-01-11 12:20:49][0x260:0x33C] Message 0x1E, wparam = 0, lparam = 0
[2017-01-11 12:20:49][0x260:0x33C] Message 0x1E, wparam = 0, lparam = 0
[2017-01-11 12:26:30][0x260:0x33C] Message 0xC1E3, wparam = 269484032, lparam = 1
[2017-01-11 12:26:31][0x260:0x33C] Message 0xC1E3, wparam = 269484032, lparam = 2
[2017-01-11 12:26:35][0x260:0x4A8] Allocating blur buffer 1859 x 1118 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:27:34][0x260:0x4A8] Allocating blur buffer 1859 x 1198 [pixelFormat: 87, 1]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:27:34][0x260:0x4A8] Allocating blur buffer 1920 x 1200 [pixelFormat: 87, 3]  (D2D 0x000001F74FCDD640)
[2017-01-11 12:28:03][0x260:0x33C] Message 0xC27A, wparam = 2, lparam = 0

    Edit:  Additional information...

    I restored the VM from a snapshot I took right after the cumulative update that brought Windows to 14393.576.  Then I reinstalled Aero Glass 1.5.2 from the "manual update" by replacing the various files (as I had done before).  Now it loads the theme and theme atlas successfully after reboot.  One thing I DIDN'T do was re-register the DLLs.

    I did notice that a minidump has shown up in the folder, though...  Not sure why, since I didn't really see any issue.  Here it is:

    http://Noel.ProDigitalSoftware.com/temp/minidump-01-11-13-29-55.zip

    -Noel

    0

    Aero Glass for Win8.1+ 1.5.1

    in Aero Glass For Windows 8+

    Posted · Edited by NoelC

    My system generally seems to be running normally.  The only anomalous thing I've seen - and I have no idea if it's Aero Glass-related - is that at one point during my testing I was repeatedly logging Windows 10 off then on.  I managed to lock it up on a black screen after logoff - twice - and had to reset the virtual machine.  After the resets the system booted up again okay.

    If it's at all helpful, here is the debug.log that covers the time I was doing those logoff/logon cycles.  I've inserted blank lines where I rebooted.  Unfortunately, I don't think it shows very much useful info regarding why the system black-screened.  But perhaps in what's not shown there is some info for you Big Muscle. 

    Spoiler 
    
[2017-01-10 05:20:52][0x5D0:0x5D4] Machine ID: <REDACTED>
[2017-01-10 05:20:52][0x5D0:0x5D4] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:20:52][0x5D0:0x5D4] Installing DWM hook...
[2017-01-10 05:20:52][0x5D0:0x5D4] User: SYSTEM
[2017-01-10 05:20:52][0x5D0:0x5D4] Module: C:\AeroGlass\DWMGlass.dll
[2017-01-10 05:20:52][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:20:52][0x4CC:0x7FC] Machine ID: <REDACTED>
[2017-01-10 05:20:52][0x4CC:0x7FC] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:20:52][0x4CC:0x7FC] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:20:52][0x4CC:0x7FC] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:20:52][0x4CC:0x7FC] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:20:52][0x4CC:0x7FC] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:20:52][0x5D0:0x5D4] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:20:53][0x4CC:0x41C] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:20:53][0x4CC:0x41C] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #1
[2017-01-10 05:20:54][0x4CC:0x41C] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:20:54][0x4CC:0x41C] udwm.dll version 10.0.14393.0
[2017-01-10 05:21:07][0xEBC:0xD08] Machine ID: <REDACTED>
[2017-01-10 05:21:07][0xEBC:0xD08] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:21:07][0xEBC:0xD08] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:21:07][0xEBC:0xD08] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:21:07][0xEBC:0xD08] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:21:07][0xEBC:0xD08] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:21:07][0xEBC:0xD08] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:21:08][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:24:43][0x4CC:0x4D0] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:24:45][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:24:49][0xD3C:0xFB4] Machine ID: <REDACTED>
[2017-01-10 05:24:49][0xD3C:0xFB4] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:24:49][0xD3C:0xFB4] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:24:49][0xD3C:0xFB4] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:24:49][0xD3C:0xFB4] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:24:49][0xD3C:0xFB4] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:24:49][0x5D0:0x5D4] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:24:50][0xD3C:0xFA4] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:24:50][0xD3C:0xFA4] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #2
[2017-01-10 05:24:50][0xD3C:0xFA4] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:24:50][0xD3C:0xFA4] udwm.dll version 10.0.14393.0
[2017-01-10 05:24:54][0x127C:0x1050] Machine ID: <REDACTED>
[2017-01-10 05:24:54][0x127C:0x1050] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:24:54][0x127C:0x1050] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:24:54][0x127C:0x1050] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:24:54][0x127C:0x1050] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:24:54][0x127C:0x1050] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:24:54][0x127C:0x1050] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:24:57][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:25:13][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:26:15][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:26:21][0xD3C:0xBF4] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:26:21][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:26:27][0x7C4:0x11A4] Machine ID: <REDACTED>
[2017-01-10 05:26:27][0x7C4:0x11A4] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:26:27][0x7C4:0x11A4] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:26:27][0x7C4:0x11A4] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:26:27][0x7C4:0x11A4] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:26:27][0x7C4:0x11A4] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:26:27][0x5D0:0x5D4] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:26:28][0x7C4:0x1300] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:26:28][0x7C4:0x1300] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #3
[2017-01-10 05:26:28][0x7C4:0x1300] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:26:28][0x7C4:0x1300] udwm.dll version 10.0.14393.0
[2017-01-10 05:26:38][0xE60:0xE00] Machine ID: <REDACTED>
[2017-01-10 05:26:38][0xE60:0xE00] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:26:38][0xE60:0xE00] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:26:38][0xE60:0xE00] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:26:38][0xE60:0xE00] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:26:38][0xE60:0xE00] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:26:38][0xE60:0xE00] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:26:39][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:26:59][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:28:36][0x7C4:0x7CC] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:28:37][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:28:40][0x3F8:0x10F8] Machine ID: <REDACTED>
[2017-01-10 05:28:40][0x3F8:0x10F8] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:28:40][0x3F8:0x10F8] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:28:40][0x3F8:0x10F8] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:28:40][0x3F8:0x10F8] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:28:40][0x3F8:0x10F8] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:28:40][0x5D0:0x5D4] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:28:41][0x3F8:0x11E4] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:28:41][0x3F8:0x11E4] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #4
[2017-01-10 05:28:41][0x3F8:0x11E4] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:28:41][0x3F8:0x11E4] udwm.dll version 10.0.14393.0
[2017-01-10 05:28:46][0xEE0:0xC14] Machine ID: <REDACTED>
[2017-01-10 05:28:46][0xEE0:0xC14] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:28:46][0xEE0:0xC14] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:28:46][0xEE0:0xC14] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:28:46][0xEE0:0xC14] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:28:46][0xEE0:0xC14] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:28:46][0xEE0:0xC14] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:28:48][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:29:55][0x3F8:0x74C] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:29:59][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:30:01][0x1244:0x1124] Machine ID: <REDACTED>
[2017-01-10 05:30:01][0x1244:0x1124] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:30:01][0x1244:0x1124] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:30:01][0x1244:0x1124] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:30:01][0x1244:0x1124] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:30:01][0x1244:0x1124] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:30:01][0x5D0:0x5D4] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:30:02][0x1244:0x1154] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:30:02][0x1244:0x1154] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #5
[2017-01-10 05:30:02][0x1244:0x1154] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:30:02][0x1244:0x1154] udwm.dll version 10.0.14393.0
[2017-01-10 05:30:16][0x11D8:0xFD0] Machine ID: <REDACTED>
[2017-01-10 05:30:16][0x11D8:0xFD0] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:30:16][0x11D8:0xFD0] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:30:16][0x11D8:0xFD0] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:30:16][0x11D8:0xFD0] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:30:16][0x11D8:0xFD0] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:30:16][0x11D8:0xFD0] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:30:17][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:30:55][0x1244:0xAF8] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:31:05][0x5D0:0x5D4] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.

Reboot after black screen

[2017-01-10 05:32:15][0x6A8:0x6AC] Machine ID: <REDACTED>
[2017-01-10 05:32:17][0x6A8:0x6AC] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:32:18][0x6A8:0x6AC] Installing DWM hook...
[2017-01-10 05:32:19][0x6A8:0x6AC] User: SYSTEM
[2017-01-10 05:32:20][0x6A8:0x6AC] Module: C:\AeroGlass\DWMGlass.dll
[2017-01-10 05:32:21][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:32:21][0x49C:0xCE8] Machine ID: <REDACTED>
[2017-01-10 05:32:21][0x49C:0xCE8] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:32:21][0x49C:0xCE8] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:32:21][0x49C:0xCE8] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:32:21][0x49C:0xCE8] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:32:21][0x49C:0xCE8] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:32:21][0x6A8:0x6AC] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:32:22][0x49C:0xCEC] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:32:22][0x49C:0xCEC] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #1
[2017-01-10 05:32:22][0x49C:0xCEC] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:32:22][0x49C:0xCEC] udwm.dll version 10.0.14393.0
[2017-01-10 05:32:55][0xE50:0x100C] Machine ID: <REDACTED>
[2017-01-10 05:32:55][0xE50:0x100C] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:32:55][0xE50:0x100C] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:32:55][0xE50:0x100C] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:32:55][0xE50:0x100C] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:32:55][0xE50:0x100C] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:32:55][0xE50:0x100C] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:32:57][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:33:38][0x49C:0x4A0] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:33:40][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:33:44][0x1544:0x163C] Machine ID: <REDACTED>
[2017-01-10 05:33:44][0x1544:0x163C] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:33:44][0x1544:0x163C] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:33:44][0x1544:0x163C] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:33:44][0x1544:0x163C] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:33:44][0x1544:0x163C] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:33:44][0x6A8:0x6AC] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:33:45][0x1544:0x1640] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:33:45][0x1544:0x1640] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #2
[2017-01-10 05:33:45][0x1544:0x1640] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:33:45][0x1544:0x1640] udwm.dll version 10.0.14393.0
[2017-01-10 05:34:22][0xEF8:0x1158] Machine ID: <REDACTED>
[2017-01-10 05:34:22][0xEF8:0x1158] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:34:22][0xEF8:0x1158] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:34:22][0xEF8:0x1158] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:34:22][0xEF8:0x1158] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:34:22][0xEF8:0x1158] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:34:22][0xEF8:0x1158] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:34:24][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:34:49][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 05:37:21][0x1544:0x1548] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 05:37:30][0x6A8:0x6AC] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.

Reboot after black screen

[2017-01-10 05:48:35][0x624:0x628] Machine ID: <REDACTED>
[2017-01-10 05:48:36][0x624:0x628] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:48:38][0x624:0x628] Installing DWM hook...
[2017-01-10 05:48:39][0x624:0x628] User: SYSTEM
[2017-01-10 05:48:40][0x624:0x628] Module: C:\AeroGlass\DWMGlass.dll
[2017-01-10 05:48:40][0x624:0x628] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 05:48:40][0x4C0:0xCF0] Machine ID: <REDACTED>
[2017-01-10 05:48:40][0x4C0:0xCF0] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:48:40][0x4C0:0xCF0] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 05:48:40][0x4C0:0xCF0] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 05:48:40][0x4C0:0xCF0] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 05:48:40][0x4C0:0xCF0] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 05:48:40][0x624:0x628] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 05:48:41][0x4C0:0xCF4] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 05:48:41][0x4C0:0xCF4] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #1
[2017-01-10 05:48:41][0x4C0:0xCF4] dwmcore.dll version 10.0.14393.479
[2017-01-10 05:48:41][0x4C0:0xCF4] udwm.dll version 10.0.14393.0
[2017-01-10 05:48:55][0xFF8:0x1018] Machine ID: <REDACTED>
[2017-01-10 05:48:55][0xFF8:0x1018] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 05:48:55][0xFF8:0x1018] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:48:55][0xFF8:0x1018] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 05:48:55][0xFF8:0x1018] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 05:48:55][0xFF8:0x1018] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 05:48:55][0xFF8:0x1018] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 05:48:56][0x624:0x628] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 06:00:32][0x10F8:0xD08] Machine ID: <REDACTED>
[2017-01-10 06:00:32][0x10F8:0xD08] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 06:00:32][0x10F8:0xD08] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 06:00:32][0x10F8:0xD08] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 06:00:32][0x10F8:0xD08] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 06:00:32][0x10F8:0xD08] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 06:00:32][0x10F8:0xFE8] Loading settings (flags = 0x3) from HKEY 0x0000000000000220 for session #1
[2017-01-10 06:00:32][0x10F8:0xFE8] Message window 0x0000000000050434: 0
[2017-01-10 06:00:32][0x10F8:0xFE8] ApplicationFrame.dll version 10.0.14393.0
[2017-01-10 06:02:45][0x4C0:0x4C4] Unloaded from C:\AeroGlass\DWMGlass.dll.[2017-01-10 06:02:47][0x624:0x628] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 06:02:49][0x7D8:0xB88] Machine ID: <REDACTED>
[2017-01-10 06:02:49][0x7D8:0xB88] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 06:02:49][0x7D8:0xB88] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 06:02:49][0x7D8:0xB88] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 06:02:49][0x7D8:0xB88] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 06:02:49][0x7D8:0xB88] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 06:02:49][0x624:0x628] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 06:02:50][0x7D8:0x1160] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 06:02:50][0x7D8:0x1160] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #2
[2017-01-10 06:02:50][0x7D8:0x1160] dwmcore.dll version 10.0.14393.479
[2017-01-10 06:02:50][0x7D8:0x1160] udwm.dll version 10.0.14393.0

Reboot after proper shutdown

[2017-01-10 06:27:17][0x748:0x74C] Machine ID: <REDACTED>
[2017-01-10 06:27:17][0x748:0x74C] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 06:27:17][0x748:0x74C] Installing DWM hook...
[2017-01-10 06:27:17][0x748:0x74C] User: SYSTEM
[2017-01-10 06:27:17][0x748:0x74C] Module: C:\AeroGlass\DWMGlass.dll
[2017-01-10 06:27:17][0x748:0x74C] C:\AeroGlass\UxTSB.dll has been injected into winlogon.exe.
[2017-01-10 06:27:17][0x408:0x658] Machine ID: <REDACTED>
[2017-01-10 06:27:17][0x408:0x658] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 06:27:17][0x408:0x658] Hook (USER32.dll!DrawTextW from udwm.dll) installed
[2017-01-10 06:27:17][0x408:0x658] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed
[2017-01-10 06:27:17][0x408:0x658] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed
[2017-01-10 06:27:17][0x408:0x658] Aero Glass for Win8.1+ 1.5.2.848 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll).
[2017-01-10 06:27:17][0x748:0x74C] C:\AeroGlass\DWMGlass.dll has been injected into dwm.exe.
[2017-01-10 06:27:19][0x408:0x81C] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols
[2017-01-10 06:27:19][0x408:0x81C] Loading settings (flags = 0x3) from HKEY 0x0000000000000000 for session #1
[2017-01-10 06:27:19][0x408:0x81C] dwmcore.dll version 10.0.14393.479
[2017-01-10 06:27:19][0x408:0x81C] udwm.dll version 10.0.14393.0
[2017-01-10 06:27:21][0xF74:0xF1C] Machine ID: <REDACTED>
[2017-01-10 06:27:21][0xF74:0xF1C] Checking key <redacted> for ID <REDACTED>...
[2017-01-10 06:27:21][0xF74:0xF1C] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 06:27:21][0xF74:0xF1C] Hook (USER32.dll!CreateWindowInBandEx from ApplicationFrame.dll) installed
[2017-01-10 06:27:21][0xF74:0xF1C] Delayed hook (ext-ms-win-ntuser-window-l1-1-1.dll!CreateWindowExW from ApplicationFrame.dll) installed
[2017-01-10 06:27:21][0xF74:0xF1C] Hook (GDI32.dll!StretchDIBits from ApplicationFrame.dll) installed
[2017-01-10 06:27:21][0xF74:0xF1C] DllGetClassObject CLSID {DDC05A5A-351A-4E06-8EAF-54EC1BC2DCEA}, IID {00000001-0000-0000-C000-000000000046}
[2017-01-10 06:27:23][0x748:0x74C] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.
[2017-01-10 06:27:47][0x748:0x74C] C:\AeroGlass\UxTSB.dll has been injected into explorer.exe.

    Edit:  Note that normally I see a black screen briefly between logging off and the reappearance of the logon prompt.

    I will try to remember how to increase the level of logging.  Edit:  Checked the box in the Aero Glass GUI, so if it happens again I'll have more info for you.

    -Noel

    0

    Windows XP is still king

    in Windows XP

    Posted

    What are you thinking about, dencorso?  That the router could be compromised?

    I always believe in and have multiple levels of protection, but I admit that I have long wondered whether common home routers, whose software rarely gets patches, could be compromised, and if so, how most folks could even tell.

    -Noel

    0

    Windows XP is still king

    in Windows XP

    Posted · Edited by NoelC

    My biggest problem with XP - back when it was current - was that I just couldn't use it as heavily as I needed and have it stay up for more than about a week on the same bootup before some resource or another was used up.

    Trouble is, I'm the kind of person who has things for my computers to do 24/7, so that's important to me.  And I truly do multitask.  Today, for example, I was building multiple solutions simultaneously in multiple Visual Studio instances, because I needed all the results quickly.

    The one big thing that NT technology brought to Microsoft was the concept that a computer operating system could actually be designed to be able to run virtually forever.  The problem with the early NT-based systems, XP included, was that the culture at Microsoft - that of "don't worry about it, it'll be rebooted daily" - was hard to dispel.  Overcoming that - finally - has led rise to being able to reliably do things like set up systems to do nightly builds, malware scans, backups, defrags, etc. etc., not to mention more modern long-winded things like mine for primes or other pursuits.

    I'm sure the resource exhaustion and gradual self-corruption problems have long since been resolved with updates since the XP flavor that I used.  And certainly the 64 bit systems have resolved some of the fragmentation worries the smaller 32 bit systems had.  I ran XP x64 for several years, and it truly was rid of many of the issues that plagued me with trying to do big things with XP Pro 32 bit.

    Windows XP x64 mostly, then Vista (after SP2 and a lot of bugfixes) were really the first systems I could work the hell out of and they would still run for months.  Windows 7 ran virtually forever right out of the box.  Windows 8.1 also does that for me now.

    I haven't actually tried to run Windows 10 for more than about a week straight, so I don't know whether they're reverting back to their sloppy programming habits where it will need rebooting every so often.  I suspect they probably are.  Sloppy and software just don't go together and produce anything good. 

    But - as configured by Microsoft - Windows 10 reboots itself every so often on purpose anyway, so who's gonna know?

    -Noel

    0
×
×
  • Create New...