Re: Information in Computer Management tool

Gary S. Terhune wrote:

matriloch wrote:
I basically just wanted to know if those NTentries belonged in there.
This is an un-networked PC. No one else should be on it.

From all you wrote, I see no evidence that anyone else is on it.


He's a hacker.

There is no hacker.

So many things have gone wrong that I don't know where to begin.
Right now, when I turn the computer on, I get the screen but without
any icons. I'm unable to turn the computer off normally. I have to
unplug it. When I plug it in again and reboot, I do see the icons.

I often have to open a window twice for it to work. I'll get a blank
screen or an error screen the first time.

None of that necessarily indicates intrusion. More likely hardware
problems or software that isn't behaving properly. More on this
further down.

I feel like someone is on the computer with me. It's very slow.
Granted, it's a dial-up connection, but I know from experience that
it's not supposed to be that slow.

Dial-up only makes your internet downloads slow. Nothing else should
be affected by the fact that you use Dial-up.

I'm afraid to put a password on Administrator. I put on an excellent
one, which I tested. I went out for a few hours. When I came back,
the password had been changed. I couldn't reformat the computer. I
couldn't get access to Administrator for almost a year. My son-in-law
finally got rid of the password somehow. (He's a systems
administrator, but they don't live nearby.)

First, how can the lack of a password possibly prevent you from
reformatting the computer? Are you trying to refotmat from *inside*
WIndows? That's not how it's done.

Anyway, those are just more symptoms, pointing even more towards
hardware issues. Like bad RAM or overheating. The password probably
didn't get changed, just corrupted Passwords are stored in the
Registry, a set of files that lives in RAM while Windows is running,
and which can easily become corrupted if RAM is bad, or more likely in
your case, if there is overheating or the RAM isn't properly seated or
has corrosion on the contacts... Or if some other circuit involved is
failing intermittently, though heat, again, is the usual final straw
in such cases. Have you put passwords on any other users? Have you
tried making one for the Administrator again? Since you say you
reformat and reinstall a couple of times a week, it shouldn't be too
onerous a task to do a few test runs. Just because you have something
like that happen once doesn't mean you should avoid it perm,anently.
Better to do what's proper, and if it doesn't work, try again, and
maybe once more, until you gather sufficient evidence to suggest that
there truly is a problem and to also suggest what that problem may be.
In Windows, something going wrong once does not a problem make.

When I download updates from Microsoft, he gets in and trashes my
computer. I wish they'd put Service Pack 3 on a disk.

*That* might be partly a matter of using Dial-up. It also, again,
suggests corruption and/or some 3rd-party application interfering with
your system. I suggest you try using a "clean boot" before installing
updates. Run MSCONFIG from the Start>Run box, choose Selective
Startup, uncheck the Load Startup Items, then click on Services tab.
Check Hide All Microsoft Services, then click Disable All. Click OK,
and restart when prompted. Note that this leaves you entirely without
AV protection, etc., so *only* go to Windows Updates while in this
state. (Don't worry about further intrusion that doesn't involve
visiting a "bad" site -- if "he" is there, he's there already and
can't do more harm than he already has.)

There's nothing I can do about this obsessed freak, so I have to
learn how to work around him. Basically, I have a Trojan that no
antivirus or antispyware program can find.

If you are getting this behavior on a freshly installed machine,
unless you are somehow reintroducing a virus via CD or floppy, or by
running a program that you'd saved and which is infected, there isn't
anything going on except bad hardware or some software that you
introduced post-setup.

As long as I don't try to password Administrator, he gives me access.
I've seen in the log that I shut down the computer while someone was
still working on it. I get the feeling that he's using Windows NT,
because when I reformat, I get a message that another OS is on the
partition and I'll be wiping it off. That, as well as all those NT
entries, leads me to believe that he's using Windows NT.

Have you actually tried giving Administrator a password since that one
incident Again, if it isn't repeatable, it isn't a problem, it's a
one-time anamoly.

The "other OS" that Setup is warning about is the Windows XP
installation that you are replacing by reformatting.

All those Windows NT entries are normal. Windows creates "users" with
those
names in order to give certain procedures a virtual identity so that
they have permissions to do certain things. I know this is probably a
bit beyond your comprehension, so please just take my word for it,
they're supposed to be there.

Speaking of your comprehension, my take on your problem is that you
*most* likely have hardware issues, *most* likely overheating, but
also possibly bad RAM or loose connections, or corrosion. Where do you
live? Is it warm? Is there any salt-water nearby?

Here's what I suggest: Reformat our machine using Windows Setup. In
fact, don't just reformat it, DELETE all existing partitions and then
create a new one and format it for the new installation. After Setup
finishes, and you've installed all hardware, set up DUN, etc., install
SP2 and then go get all Critical Windows Updates (but be sure to
deselect IE7 for now.) Finally, install your antivirus solution (out
of curiosity, what *is* your AV solution?)

Run your installation that way for a few days, give the Administrator
and your own User a password, etc. Don't install anything else, yet,
though. Do some internet surfing (but don't install any components
from sites that need them, just avoid going there for now.) Come here
and read the messages, or find a more interesting MS NG, like one or
more XP groups. Use Outlook Express for email and news reading, or get
them online. Again, don't install any other applications.

Come back with a report when you feel like you've given the system a
better-than-decent chance to misbehave. Feel free to report symptoms
you encounter, but be very specific and correct with your terminology
(don't paraphrase Windows, error messages, etc.) If nothing seems to
be going wrong, start installing things, ONE-BY-ONE, tsting for
several hours or a day between each installation. This includes
browser helpers like Java, Flash, Adobe Reader.

I have to say that if my suspicions are true, and this is a hardware
matter, you *really* need to break down and take it to a pro (not some
Big Box computer store -- those aren't pros.) I recommend that you get
references from whatever tech you choose and check out those
references thoroughly.

To the OP - What Gary and David said. I'm in complete agreement with
both of them. No one needs to reformat XP even once a week! I can't
remember the last time I reformatted and clean-installed XP on my
Windows machines and I've had XP on at least 4 computers since it came
out in 2001. Except for when I needed to replace a failed hard drive
I've never reinstalled and the OS just keeps chugging along dependably.

Here are my general hardware troubleshooting steps:
http://www.elephantboycomputers.com/page2.html#Hardware_Tshoot

Go through them thoroughly. I'm sorry that you can't afford to take the
machine to a shop but sometimes that's what is required. I can't really
afford to take my car into the mechanic but if it breaks, I'll have to
find the money to do it.

There really is no point in continuing the discussion in this thread
until such time as you have gone through Gary's suggestions and my
hardware troubleshooting in a methodical, careful way. Document your
steps. Make notes about every change. This is the only way to find out
what is really going on.

I'm sorry to hurt your feelings, but the hacker business is very
unlikely. Unless:

1. You have a physical keylogger installed without your knowledge;
2. and/or someone in your household is compromising your machine after
each clean install;
3. and/or you are not really deleting partitions, creating partitions,
and doing a clean install;
4. or you are doing a clean install and then reinfecting yourself with
something you install afterwards;

there is no mysterious hacker on your computer. Something else is
happening that you don't understand and/or you don't understand what
you are seeing. I'm very sorry if that offends you but there is no
other way to put it.

If you have questions after you do the meticulous troubleshooting that
Gary, David, and I have suggested, then please do post back. Make sure
you provide explicit details about what you have done. Follow the
information at this link to see what needs to be in any new posts:

http://www.dts-l.org/goodpost.htm

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.

Loading