Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

I REALLY need you guys, someone been messing w/ my comp BIG TIME!!!

(New)
(!)

stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
10-Nov-2007, 04:37 PM #1
I REALLY need you guys, someone been messing w/ my comp BIG TIME!!!
Hi guys~
I am so embarrased to say this but I recently caught my bf cheating. Well, come to find out he has been downloading hundreds of programs to flush my comp, rollback my comp, had uninstalled ALL of my anti-virus/firewall programs not to mention reaking complete havoc on my computer. I have found many of my items to be HIDDEN. Things are now re-directed to be downloaded onto some EZ_TEMP folder now, I am unable to unzip anything or open hardly anything on my computer. I am about 99% ready to kick this person to the curb but he swears up & down he didn't do ANYTHING to my computer. It was perfectly fine until this past month which he is supposed to be trying to win me back. I have found things labled LOVELETTER, Love Tests, Pics that were downlaoded that will no longer open.
PLS, help an old buddy find some solid proof. All I can find are the SCARY programs that were downloaded to cover everything up. WHAT CAN I DO? It's been 6 weeks of hell & I want to move on... I m begging you guys to think of something to help me find proof on here. Should I do a system restore back to an earlier time?
HIjack this does not pick up anything. He's been messing with cache files, changing keyes, ANYTHING you can imagine pretty much...
PLS Help nice, honest girl get rid of this virus, not talking about computer either although, I have found those as well...
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
10-Nov-2007, 06:03 PM #2
ANY idea on why EVERYTHING I try to open comes up with an error like this? Should there be 3 slashes before C:/Program files or is this something that he has done as well?
Also, a whole new folder in my MyspaceIM that contains the (2) behind it, never there before. PLS HELP ME!!!

The XML page cannot be displayed
Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.
The operation completed successfully. Error processing resource 'file:///C:/Program Files/MySpace/IM(2)/Skins(2)/_Common(2)...
<TopPos val="&WIN_MAIN_PADDING;" type="minimum" />
Dr. Chauncey's Avatar
Computer Specs
Senior Member with 2,393 posts.
 
Join Date: Oct 2007
Location: New Hampshire
Experience: Advanced
10-Nov-2007, 06:11 PM #3
Start > All Programs > Accessories > System Tools > System Restore
Go back to a date before all this happened.

If that doesn't work, backup all the files you want to keep to a CD/DVD/External Harddrive then format and reinstall Windows.

It seems like your computer has been mangled beyond recognition. I'd be pissed.
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
10-Nov-2007, 06:16 PM #4
Very P.O'd Laptop was perfect a month ago...
Very pissed... It is a new laptop that was in perfect condition before this loser got his hands on it. WOW, I am kicking him to the curb now. That's all I needed.
Hey, is there anything that I can show you etc. that would see what he's been up to besides a hijack log??? Hmmm
Dr. Chauncey's Avatar
Computer Specs
Senior Member with 2,393 posts.
 
Join Date: Oct 2007
Location: New Hampshire
Experience: Advanced
10-Nov-2007, 06:22 PM #5
Well... People don't go through the trouble of hiding something, unless they have something to hide. With this is mind, you already know it's there, so why go through the trouble of finding whatever it is?
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
10-Nov-2007, 06:31 PM #6
So, I know for sure, I guess...
Because he is swearing innocence & I have nothing to fall back on. I just wanted something to PROVE it, I guess...
Dr. Chauncey's Avatar
Computer Specs
Senior Member with 2,393 posts.
 
Join Date: Oct 2007
Location: New Hampshire
Experience: Advanced
10-Nov-2007, 06:52 PM #7
Well, you don't need proof to kick him out. You're free to date whoever you want (over 18.) It's not like you're going to take him to court to take half his stuff. If you're sure that he installed and ran a whole bunch of data-erasing and registry cleaning software, that's all the proof you need. Why would you want to take back someone who goes to such lengths to hide things from you?

If you still want to know, what kind of data would you like to recover?
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
10-Nov-2007, 07:00 PM #8
I Know that you are right, just wat something solid, retrieve pics, documents
Well, he wiped out my Microsoft Word, I see old files on Microsoft Works as well that are no longer retrieveable, pictures. ANYTHING, I can have as proof to kick him to the curb because he wont leave pretty much!
Just want to move on but have no hard evidence of the destruction that he did to my comp. He just denies it over & over...
I am a strong girl & have no problem doing what I know is right but like I said, if I had SOMETHING, it sure would make things a whole lot easier...
Thx & sorry to bother you... I have spent weeks doing this & am seriously, ready to move on!!!
Holly
JohnWill's Avatar
Computer Specs
Retired Moderator with 106,412 posts.
 
Join Date: Oct 2002
Location: South Eastern PA, USA
10-Nov-2007, 07:15 PM #9
You can simply restore it to the factory default configuration using the recovery partition or disks. Lose the boyfriend, and move on.
Dr. Chauncey's Avatar
Computer Specs
Senior Member with 2,393 posts.
 
Join Date: Oct 2007
Location: New Hampshire
Experience: Advanced
10-Nov-2007, 07:24 PM #10
It is a shame about that Microsoft Word though... Damn. I'm sure you'll miss that.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,240 posts.
 
Join Date: Aug 2003
11-Nov-2007, 10:17 AM #11
I'm afraid what you are asking is beyond the scope of the assistance we are prepared to give as an on-line tech support community.

However, if you wish to post a HijackThis log, I will be happy to check it for malware. If you are running IE7, rolling back to IE6 may solve some of the problems, particularly the one described in your second post.

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
11-Nov-2007, 12:09 PM #12
Hijack Log ~ Thank You!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:12 AM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.HollysPC\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4302 bytes
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
11-Nov-2007, 12:31 PM #13
Has anyone heard of Microsoft Digital Image Library 9 - Blocker
I am uninstalling things that this person has out onto my comp. Never seen this before & can't find any info on it. Is this a program to block my pictures from me & should I uninstall it? Microsoft Digital Image Library 9 - Blocker
It is right under Microsoft Digital Image Starter Edition 2006 that I have not installed either. These entrys are in the control panel & I don't remember downloading them. Would you uninstall them? Or at least, the blocker program?
I am trying to get MY computer back to normal after being hijacked so if anyone has time for ANY advice today, I would really appreciate it. I am not going to do anything that I am unsure of but am pretty good when it comes to the comp.
While, I am here can I have 4 other wierd entries in a row which are:
MSXML 4.0 SP2KB927978
MSXML 4.0 SP2KB936181
MSXML 4.0 PARSER and SDK
MSXML 6.0 PARSER KB933579
Not sure what this is either but will go search now but can't I at least, delete the older versions of WHATEVER program this is?
Thanks again guys
God Bless Our Troops & Veterans!!!
stbernardlov's Avatar
stbernardlov stbernardlov is offline
Member with 187 posts.
THREAD STARTER
 
Join Date: Dec 2003
11-Nov-2007, 01:13 PM #14
This is what I found out about MSXML 4.0. It says that the software needs Microsoft® Visual Studio®, to run properly. That program WAS also a NEWLY installed program that I DID NOT INSTALL so it has been uninstalled already. Can I get rid of this MSXML stuff? My concern is that I have been unable to open .xml files as well. Could this program be the reason, I wonder???

About (MSXML)
The following system components are required for developing with Microsoft XML Core Services (MSXML).
Windows-compatible computer
A supported 32-bit version of a Microsoft Windows® operating system product.
Microsoft Internet Explorer 5.0 or later.
Microsoft Windows Script Host, if you want to view output without the web browser.
Microsoft® Visual Studio®, if you create solutions with Visual Basic®.
Sry, to keep posting, trying to figure this out as I go as well... Just thought that a little info to determine what this program is might help... Still readin'
emp813's Avatar
emp813 emp813 is offline
Computer Specs
Member with 35 posts.
 
Join Date: Nov 2007
Location: Australia
Experience: Intermediate
11-Nov-2007, 01:23 PM #15
i'm curious. if he messed up your laptop , how can u post here?

anyway, all laptops have a recovery partition. reinstall your OS. but then again, he may have messed with that too. so what about that recovery CD/DVD that comes shipped with all laptops? use that to reinstall ur OS.

i agree that he totally raped your laptop. be thankful it wasn't you.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑