Hi, I have a strange bunch of things going on in 3 systems ( on a wireless home network ). I can't get a handle on what type of 'nasty' is causing the mess, and how it is doing it; nothing has totally stopped 'it' so far. ( I am not certain that this is just 'one' problem at work, or if there is more than one, doing separate things. ) 1) I first noticed this problem with my husband's laptop, and the 'Uninstallation' of TweakUI. I installed TweakUI from the Microsoft official website. ( He wanted the laptop to open straight to desktop, in his User Account ( no logon screens of any kind ). ) I did some settings, and began to see strange behavior after installing and using TweakUI. I was suspicious of it, and decided to Uninstall. I got an odd window during the Uninstall process, and Norton Internet Security blocked a 'malicious script'. I could not Uninstall until I gave Norton permission to 'run once'. I did the Uninstall. Snowballing, weird stuff has been going on after the Uninstall. Messages about not being able to logon, slow startup to desktop, disconnects when online, mouse locks/total lockups. Laptop offline, turned off. 2) I also installed TweakIU in his desktop, and did some settings within the utility. Never did an Uninstall of TweakIU in this system; but it has just recently been completely redone ( on a new HDD, OS reload, etc. etc. ) I ran the following complete scans on Thurs. morning before we left for the weekend ( then shut down ): *Norton *SpyBot S&D ( all clear, saw no problems ) *Spyware Blaster set ( for its listed maximum protections ) Sat. night, my husband was online with this system. All was fine with startup. He opened his WinTV to watch tv ( onscreen ). This opened/loaded very slowly. He, then, tried to open TitanTV to get the channel listings, and it would not access his account to display this information ( there had not been a problem with either the program or the guide, previous to this ). System locked, he had to shut off from power button. Rebooted normally, but once at desktop, there was mouse movement, but mouse could not open anything. Shut off from power button again. Reboot. Desktop got 'User Environment' screen ( 2 screens in succession ). He shut down from power button and went to bed. I checked it this morning. His User Profile has been altered by a Hijacker ( I do not believe this to be the Windows Temporary Profile, which will sometimes activate when there is a logon problem ). It looks quite strange, and is specific to enable something to control operations. Screen looked different from usual Windows scheme: 'User Environment': Windows cannot load the local User Profile. Possible cause of the error include insufficient security rights or a corrupt logon. If problem persists, contact your network administrator.' ( 'ok' box. If not clicked, a 2nd box appears after a seconds countdown ) 2nd box: 'User Environment': Windows cannot find the local profile, so is logging you in with a temporary profile. Any changes you make in this profile, will be lost when you shutdown.' ( 'ok' box. If not clicked, disappears after seconds countdown. ) Proceeds to load Profile with my husband's name and the same User picture. Bliss background loads, with Start Programs Menu displaying ( on its own ), in the primary screen you would see if you clicked on 'Start'. The menus that I looked at in Control Panel/Internet Options, etc. are NOT the same as those of WinXP Pro ( I compared them to mine ). There is, for example, a Submenu entry called 'MS VM'; which has the following enabled: 'JIT Compiler for Virtual Machine enable ( requires restart ). Settings are Custom rather than the Default in some specific areas. Under this new Profile, scans with Norton, SpyBot S&D come out clear; but the programs open very slowly. I did HijackThis log, but am not sure if it is showing anything; although I suspect a few of the entries. I disabled the Network connections my wireless network uses, and took the system offline; ( in order to check MY system, which had also not been started since running scans ( all normal ) on Thurs. morning before we left for the weekend. ) I ran scans on his system again after disabling the adapter and removing the network connections: all clear again. I checked his email from my computer: he has gotten some SPAM email, where he is signed up for newsletters. He doesn't do email, and never signs up for anything; so this is interesting. 3) My System: Startup normal. * Found Ad-Aware tampered with: all records of removals, quarantines, and scans gone, settings changed. *SpyBot S&D had been downloaded and installed, and integrated into my original SpyBot installation somehow ( I did NOT download it;no one else has access to my system ). ( I Uninstalled AdAware, and SpyBot S&D, and downloaded both ( to a folder I made ); reinstalled both. AdAware will not allow updates; but did the most recent update from Online ( to folder I created ). Ran Fast Scan: showed 132 infections ( ad tracking cookies ). Removed only 10. Log shows quarantine of 6. Will not quarantine all, will not remove ( unless after shutdown/reboot ). Ran Complete Scan: 65 showed up, all removed *Ewido scan: 3 low-level ad cookies, removed *Norton scan: showed no infections ( Spyware Blaster is also installed ) *Ran HijackThis: not sure, but appears to be listing normal, identifiable things ) *Norton shows 36 items blocked under 'Privacy' today: things like: google analytics, pageAd2 google, a tribal fusion, pixel quantserv *Norton shows info sent by my computer today: edge.quantserv, google syndication, tribalfusion; and many 'Connection Redirects' with 'Aboutblank' *No Profile altering at this startup, no different SPAM emails Have not shutdown/rebooted yet, since I am still researching and investigating. *Both systems have only one User Profile with Administrator Rights ( which I set up ). *Neither system is able to run the following online scans: TrendMicro Windowsecurity.com/trojanscan ( adjusting security settings to lower, allowing ActiveX, did not help ) Does anyone have any idea what this is, and how I can correct it? Thanks, Ravenquille

Ravenquille

[Reply or follow-up to this message]

Re-install XP. A system that badly infested is a hopeless mess.
Next time be more concise, no one wants to read through that much detail.
And you need to change your inet habits.







On Sunday, April 27, 2008 at 7:10 pm, Ravenquille wrote:

>Hi,

>I have a strange bunch of things going on in 3 systems ( on a wireless home network 

>).  I can't get a handle on what type of 'nasty' is causing the mess, and how it 

>is doing it; nothing has totally stopped 'it' so far.

>( I am not certain that this is just 'one' problem at work, or if there is more 
than 

>one, doing separate things. )

>

>1)  I first noticed this problem with my husband's laptop, and the 'Uninstallation' 

>of TweakUI. 

>I installed TweakUI from the Microsoft official website.  ( He wanted the laptop 

>to open straight to desktop, in his User Account ( no logon screens of any kind 
). 

>)  I did some settings, and began to see strange behavior after installing and using 

>TweakUI.  I was suspicious of it, and decided to Uninstall.  I got an odd window 

>during the Uninstall process, and Norton Internet Security blocked a 'malicious 
script'. 

> I could not Uninstall until I gave Norton permission to 'run once'.  I did the 
Uninstall. 

> Snowballing, weird stuff has been going on after the Uninstall.  Messages about 

>not being able to logon, slow startup to desktop, disconnects when online, mouse 

>locks/total lockups.  

>Laptop offline, turned off.

>

>2)  I also installed TweakIU in his desktop, and did some settings within the utility. 

> Never did an Uninstall of TweakIU in this system; but it has just recently been 

>completely redone (  on a new HDD, OS reload, etc. etc. )  

>I ran the following complete scans on Thurs. morning before we left for the weekend 

>( then shut down ):

>

>*Norton

>*SpyBot S&D

>( all clear, saw no problems )

>*Spyware Blaster set ( for its listed maximum protections )

>

>Sat. night, my husband was online with this system.  All was fine with startup. 
He 

>opened his WinTV to watch tv ( onscreen ).  This opened/loaded very slowly.  He, 

>then, tried to open TitanTV to get the channel listings, and it would not access 

>his account to display this information ( there had not been a problem with either 

>the program or the guide, previous to this ).  System locked, he had to shut off 

>from power button.  Rebooted normally, but once at desktop, there was mouse movement, 

>but mouse could not open anything.  Shut off from power button again.  Reboot.  
Desktop 

>got 'User Environment' screen ( 2 screens in succession ).  He shut down from power 

>button and went to bed.  I checked it this morning.

>His User Profile has been altered by a Hijacker ( I do not believe this to be the 

>Windows Temporary Profile, which will sometimes activate when there is a logon problem 

>).  It looks quite strange, and is specific to enable something to control operations.

>Screen looked different from usual Windows scheme:

>'User Environment':  Windows cannot load the local User Profile.

>Possible cause of the error include insufficient security rights or a corrupt logon. 

> If problem persists, contact your network administrator.'

>( 'ok' box.  If not clicked, a 2nd box appears after a seconds countdown )

>

>2nd box:  'User Environment':  Windows cannot find the local profile, so is logging 

>you in with a temporary profile.  Any changes you make in this profile, will be 
lost 

>when you shutdown.'

>( 'ok' box.  If not clicked, disappears after seconds countdown. )

>Proceeds to load Profile with my husband's name and the same User picture.

>Bliss background loads, with Start Programs Menu displaying ( on its own ), in the 

>primary screen you would see if you clicked on 'Start'.

>

>The menus that I looked at in Control Panel/Internet Options, etc. are NOT the same 

>as those of WinXP Pro ( I compared them to mine ).

>There is, for example, a Submenu entry called 'MS VM'; which has the following enabled: 

> 'JIT Compiler for Virtual Machine enable ( requires restart ).  Settings are Custom 

>rather than the Default in some specific areas.

>

>Under this new Profile, scans with Norton, SpyBot S&D come out clear; but the programs 

>open very slowly.  

>I did HijackThis log, but am not sure if it is showing anything; although I suspect 

>a few of the entries.

>I disabled the Network connections my wireless network uses, and took the system 

>offline; ( in order to check MY system, which had also not been started since running 

>scans ( all normal ) on Thurs. morning before we left for the weekend. )

>I ran scans on his system again after disabling the adapter and removing the network 

>connections: all clear again.

>I checked his email from my computer:  he has gotten some SPAM email, where he is 

>signed up for newsletters.  He doesn't do email, and never signs up for anything; 

>so this is interesting.

>

>3) My System:

>Startup normal. 

>* Found Ad-Aware tampered with: all records of removals, quarantines, and scans 
gone, 

>settings changed.

>*SpyBot S&D had been downloaded and installed, and integrated into my original SpyBot 

>installation somehow ( I did NOT download it;no one else has access to my system 

>).  

>( I Uninstalled AdAware, and SpyBot S&D, and downloaded both ( to a folder I made 

>); reinstalled both.  AdAware will not allow updates; but did the most recent update 

>from Online ( to folder I created ). 

>Ran Fast Scan: showed 132 infections ( ad tracking cookies ).  Removed only 10. 
 

>Log shows quarantine of 6.  Will not quarantine all, will not remove ( unless after 

>shutdown/reboot ).

>Ran Complete Scan:  65 showed up, all removed

>*Ewido scan:  3 low-level ad cookies, removed

>*Norton scan:  showed no infections

>( Spyware Blaster is also installed )

>*Ran HijackThis:  not sure, but appears to be listing normal, identifiable things 

>)

>*Norton shows 36 items blocked under 'Privacy' today:

>things like:  google analytics, pageAd2 google, a tribal fusion, pixel quantserv

>*Norton shows info sent by my computer today:

>edge.quantserv, google syndication, tribalfusion; and many 'Connection Redirects' 

>with 'Aboutblank' 

>*No Profile altering at this startup, no different SPAM emails

>Have not shutdown/rebooted yet, since I am still researching and investigating.

>

>*Both systems have only one User Profile with Administrator Rights ( which I set 

>up ).

>*Neither system is able to run the following online scans:

>

>TrendMicro

>Windowsecurity.com/trojanscan

>( adjusting security settings to lower, allowing ActiveX, did not help )

>

>Does anyone have any idea what this is, and how I can correct it?

>

>

>Thanks, 

>Ravenquille

>

>

>

>

>
 

[Reply or follow-up to this message]

Your message is unreadable and far too long if you
want any meaningful responses.

For a start, some line breaks at the ends of paragraphs 
would be helpful, but you need to see if you can condense
the content also. People here are always as helpful as
possible but not many will bother to reply in full to a long
unbroken screed, if at all.









On Sunday, April 27, 2008 at 7:10 pm, Ravenquille wrote:

>Hi,

>I have a strange bunch of things going on in 3 systems ( on a wireless home network 

>).  I can't get a handle on what type of 'nasty' is causing the mess, and how it 

>is doing it; nothing has totally stopped 'it' so far.

>( I am not certain that this is just 'one' problem at work, or if there is more 
than 

>one, doing separate things. )

>

>1)  I first noticed this problem with my husband's laptop, and the 'Uninstallation' 

>of TweakUI. 

>I installed TweakUI from the Microsoft official website.  ( He wanted the laptop 

>to open straight to desktop, in his User Account ( no logon screens of any kind 
). 

>)  I did some settings, and began to see strange behavior after installing and using 

>TweakUI.  I was suspicious of it, and decided to Uninstall.  I got an odd window 

>during the Uninstall process, and Norton Internet Security blocked a 'malicious 
script'. 

> I could not Uninstall until I gave Norton permission to 'run once'.  I did the 
Uninstall. 

> Snowballing, weird stuff has been going on after the Uninstall.  Messages about 

>not being able to logon, slow startup to desktop, disconnects when online, mouse 

>locks/total lockups.  

>Laptop offline, turned off.

>

>2)  I also installed TweakIU in his desktop, and did some settings within the utility. 

> Never did an Uninstall of TweakIU in this system; but it has just recently been 

>completely redone (  on a new HDD, OS reload, etc. etc. )  

>I ran the following complete scans on Thurs. morning before we left for the weekend 

>( then shut down ):

>

>*Norton

>*SpyBot S&D

>( all clear, saw no problems )

>*Spyware Blaster set ( for its listed maximum protections )

>

>Sat. night, my husband was online with this system.  All was fine with startup. 
He 

>opened his WinTV to watch tv ( onscreen ).  This opened/loaded very slowly.  He, 

>then, tried to open TitanTV to get the channel listings, and it would not access 

>his account to display this information ( there had not been a problem with either 

>the program or the guide, previous to this ).  System locked, he had to shut off 

>from power button.  Rebooted normally, but once at desktop, there was mouse movement, 

>but mouse could not open anything.  Shut off from power button again.  Reboot.  
Desktop 

>got 'User Environment' screen ( 2 screens in succession ).  He shut down from power 

>button and went to bed.  I checked it this morning.

>His User Profile has been altered by a Hijacker ( I do not believe this to be the 

>Windows Temporary Profile, which will sometimes activate when there is a logon problem 

>).  It looks quite strange, and is specific to enable something to control operations.

>Screen looked different from usual Windows scheme:

>'User Environment':  Windows cannot load the local User Profile.

>Possible cause of the error include insufficient security rights or a corrupt logon. 

> If problem persists, contact your network administrator.'

>( 'ok' box.  If not clicked, a 2nd box appears after a seconds countdown )

>

>2nd box:  'User Environment':  Windows cannot find the local profile, so is logging 

>you in with a temporary profile.  Any changes you make in this profile, will be 
lost 

>when you shutdown.'

>( 'ok' box.  If not clicked, disappears after seconds countdown. )

>Proceeds to load Profile with my husband's name and the same User picture.

>Bliss background loads, with Start Programs Menu displaying ( on its own ), in the 

>primary screen you would see if you clicked on 'Start'.

>

>The menus that I looked at in Control Panel/Internet Options, etc. are NOT the same 

>as those of WinXP Pro ( I compared them to mine ).

>There is, for example, a Submenu entry called 'MS VM'; which has the following enabled: 

> 'JIT Compiler for Virtual Machine enable ( requires restart ).  Settings are Custom 

>rather than the Default in some specific areas.

>

>Under this new Profile, scans with Norton, SpyBot S&D come out clear; but the programs 

>open very slowly.  

>I did HijackThis log, but am not sure if it is showing anything; although I suspect 

>a few of the entries.

>I disabled the Network connections my wireless network uses, and took the system 

>offline; ( in order to check MY system, which had also not been started since running 

>scans ( all normal ) on Thurs. morning before we left for the weekend. )

>I ran scans on his system again after disabling the adapter and removing the network 

>connections: all clear again.

>I checked his email from my computer:  he has gotten some SPAM email, where he is 

>signed up for newsletters.  He doesn't do email, and never signs up for anything; 

>so this is interesting.

>

>3) My System:

>Startup normal. 

>* Found Ad-Aware tampered with: all records of removals, quarantines, and scans 
gone, 

>settings changed.

>*SpyBot S&D had been downloaded and installed, and integrated into my original SpyBot 

>installation somehow ( I did NOT download it;no one else has access to my system 

>).  

>( I Uninstalled AdAware, and SpyBot S&D, and downloaded both ( to a folder I made 

>); reinstalled both.  AdAware will not allow updates; but did the most recent update 

>from Online ( to folder I created ). 

>Ran Fast Scan: showed 132 infections ( ad tracking cookies ).  Removed only 10. 
 

>Log shows quarantine of 6.  Will not quarantine all, will not remove ( unless after 

>shutdown/reboot ).

>Ran Complete Scan:  65 showed up, all removed

>*Ewido scan:  3 low-level ad cookies, removed

>*Norton scan:  showed no infections

>( Spyware Blaster is also installed )

>*Ran HijackThis:  not sure, but appears to be listing normal, identifiable things 

>)

>*Norton shows 36 items blocked under 'Privacy' today:

>things like:  google analytics, pageAd2 google, a tribal fusion, pixel quantserv

>*Norton shows info sent by my computer today:

>edge.quantserv, google syndication, tribalfusion; and many 'Connection Redirects' 

>with 'Aboutblank' 

>*No Profile altering at this startup, no different SPAM emails

>Have not shutdown/rebooted yet, since I am still researching and investigating.

>

>*Both systems have only one User Profile with Administrator Rights ( which I set 

>up ).

>*Neither system is able to run the following online scans:

>

>TrendMicro

>Windowsecurity.com/trojanscan

>( adjusting security settings to lower, allowing ActiveX, did not help )

>

>Does anyone have any idea what this is, and how I can correct it?

>

>

>Thanks, 

>Ravenquille

>

>

>

>

>
 

[Reply or follow-up to this message]

1) My post was typed clearly with the appropriate line breaks, spacing, etc.  Formatting 
did not come over when posted.

2) The detail of my explanation is both clear and necessary; as I need to describe 
what is going on, so that someone might be able to recognize and identify WHAT specifically 
is causing the problem.  If it can be clearly described, someone who has experienced 
the same thing, or has knowledge of it, might be able to help.  This IS complex; 
and if 'concise' were possible or advantagous, I would have respectfully posted in 
that fashion.
If someone doesn't have time to read a post, then perhaps they should not be involved 
with a forum?
Is the goal to help others, or to insult them?

3) No, I don't intend to reinstall XP; because obviously, I don't have to.

4) Although I may not be an engineer or a programmer, I am a Computer Builder and 
Consultant; and, as such, am not even remotely close to being an unskilled, inexperienced 
computer 'newbie'.

I'm also not prone to silly panic, or wild unfounded accusations of software or download 
sites.  If I were not absolutely certain, or relatively so; I would not have pinpointed 
TWEAKUI and the Microsoft download site.

I have found some of the responses to my posts to be unnecessarily condescending 
and rude; and this has absolutely no place in a Computer Forum.

My apologies to those who have not reacted in this manner; but it is beginning to 
look like some of the forum participants are creating another of the 'annoyances' 
present on 'Annoyances.org'.

I can see that this is apparently a trend that will not be soon fading out, so I 
have decided to discuss my situation elsewhere.  Unfortunately, I do not feel that 
I will be able to recommend 'Annoyances.org' to my clients, who are computer newbies.


Ravenquille





Ravenquille




On Sunday, April 27, 2008 at 9:25 pm, normanw wrote:

>Your message is unreadable and far too long if you

>want any meaningful responses.

>

>For a start, some line breaks at the ends of paragraphs 

>would be helpful, but you need to see if you can condense

>the content also. People here are always as helpful as

>possible but not many will bother to reply in full to a long

>unbroken screed, if at all.

>

>

>

>

> 

[Reply or follow-up to this message]

All you had was two people stating the same thing. Do you want to know what it takes 
to get good responses on this forum? Apparently not.







On Monday, April 28, 2008 at 7:46 am, Ravenquille wrote:

>1) My post was typed clearly with the appropriate line breaks, spacing, etc.  Formatting 

>did not come over when posted.

>

>2) The detail of my explanation is both clear and necessary; as I need to describe 

>what is going on, so that someone might be able to recognize and identify WHAT specifically 

>is causing the problem.  If it can be clearly described, someone who has experienced 

>the same thing, or has knowledge of it, might be able to help.  This IS complex; 

>and if 'concise' were possible or advantagous, I would have respectfully posted 
in 

>that fashion.

>If someone doesn't have time to read a post, then perhaps they should not be involved 

>with a forum?

>Is the goal to help others, or to insult them?

>

>3) No, I don't intend to reinstall XP; because obviously, I don't have to.

>

>4) Although I may not be an engineer or a programmer, I am a Computer Builder and 

>Consultant; and, as such, am not even remotely close to being an unskilled, inexperienced 

>computer 'newbie'.

>

>I'm also not prone to silly panic, or wild unfounded accusations of software or 
download 

>sites.  If I were not absolutely certain, or relatively so; I would not have pinpointed 

>TWEAKUI and the Microsoft download site.

>

>I have found some of the responses to my posts to be unnecessarily condescending 

>and rude; and this has absolutely no place in a Computer Forum.

>

>My apologies to those who have not reacted in this manner; but it is beginning to 

>look like some of the forum participants are creating another of the 'annoyances' 

>present on 'Annoyances.org'.

>

>I can see that this is apparently a trend that will not be soon fading out, so I 

>have decided to discuss my situation elsewhere.  Unfortunately, I do not feel that 

>I will be able to recommend 'Annoyances.org' to my clients, who are computer newbies.

>

>

>Ravenquille

>

>

>

>

>

>
Ravenquille 

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum