1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I REALLY need you guys, someone been messing w/ my comp BIG TIME!!!

Discussion in 'Virus & Other Malware Removal' started by stbernardlov, Nov 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    Hi guys~
    I am so embarrased to say this but I recently caught my bf cheating. Well, come to find out he has been downloading hundreds of programs to flush my comp, rollback my comp, had uninstalled ALL of my anti-virus/firewall programs not to mention reaking complete havoc on my computer. I have found many of my items to be HIDDEN. Things are now re-directed to be downloaded onto some EZ_TEMP folder now, I am unable to unzip anything or open hardly anything on my computer. I am about 99% ready to kick this person to the curb but he swears up & down he didn't do ANYTHING to my computer. It was perfectly fine until this past month which he is supposed to be trying to win me back. I have found things labled LOVELETTER, Love Tests, Pics that were downlaoded that will no longer open.
    PLS, help an old buddy find some solid proof. All I can find are the SCARY programs that were downloaded to cover everything up. WHAT CAN I DO? It's been 6 weeks of hell & I want to move on... I m begging you guys to think of something to help me find proof on here. Should I do a system restore back to an earlier time?
    HIjack this does not pick up anything. He's been messing with cache files, changing keyes, ANYTHING you can imagine pretty much...
    PLS Help nice, honest girl get rid of this virus, not talking about computer either although, I have found those as well...
     
  2. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    ANY idea on why EVERYTHING I try to open comes up with an error like this? Should there be 3 slashes before C:/Program files or is this something that he has done as well?
    Also, a whole new folder in my MyspaceIM that contains the (2) behind it, never there before. PLS HELP ME!!!

    The XML page cannot be displayed
    Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.
    The operation completed successfully. Error processing resource 'file:///C:/Program Files/MySpace/IM(2)/Skins(2)/_Common(2)...
    <TopPos val="&WIN_MAIN_PADDING;" type="minimum" />
     
  3. Dr. Chauncey

    Dr. Chauncey

    Joined:
    Oct 25, 2007
    Messages:
    2,393
    Start > All Programs > Accessories > System Tools > System Restore
    Go back to a date before all this happened.

    If that doesn't work, backup all the files you want to keep to a CD/DVD/External Harddrive then format and reinstall Windows.

    It seems like your computer has been mangled beyond recognition. I'd be pissed.
     
  4. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    Very pissed... It is a new laptop that was in perfect condition before this loser got his hands on it. WOW, I am kicking him to the curb now. That's all I needed.
    Hey, is there anything that I can show you etc. that would see what he's been up to besides a hijack log??? Hmmm :confused:
     
  5. Dr. Chauncey

    Dr. Chauncey

    Joined:
    Oct 25, 2007
    Messages:
    2,393
    Well... People don't go through the trouble of hiding something, unless they have something to hide. With this is mind, you already know it's there, so why go through the trouble of finding whatever it is?
     
  6. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    Because he is swearing innocence & I have nothing to fall back on. I just wanted something to PROVE it, I guess...
     
  7. Dr. Chauncey

    Dr. Chauncey

    Joined:
    Oct 25, 2007
    Messages:
    2,393
    Well, you don't need proof to kick him out. You're free to date whoever you want (over 18.) It's not like you're going to take him to court to take half his stuff. If you're sure that he installed and ran a whole bunch of data-erasing and registry cleaning software, that's all the proof you need. Why would you want to take back someone who goes to such lengths to hide things from you?

    If you still want to know, what kind of data would you like to recover?
     
  8. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    Well, he wiped out my Microsoft Word, I see old files on Microsoft Works as well that are no longer retrieveable, pictures. ANYTHING, I can have as proof to kick him to the curb because he wont leave pretty much!
    Just want to move on but have no hard evidence of the destruction that he did to my comp. He just denies it over & over...
    I am a strong girl & have no problem doing what I know is right but like I said, if I had SOMETHING, it sure would make things a whole lot easier...
    Thx & sorry to bother you... I have spent weeks doing this & am seriously, ready to move on!!!
    Holly
     
  9. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,409
    You can simply restore it to the factory default configuration using the recovery partition or disks. Lose the boyfriend, and move on.
     
  10. Dr. Chauncey

    Dr. Chauncey

    Joined:
    Oct 25, 2007
    Messages:
    2,393
    It is a shame about that Microsoft Word though... Damn. I'm sure you'll miss that.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,607
    I'm afraid what you are asking is beyond the scope of the assistance we are prepared to give as an on-line tech support community.

    However, if you wish to post a HijackThis log, I will be happy to check it for malware. If you are running IE7, rolling back to IE6 may solve some of the problems, particularly the one described in your second post.

    Click here to download HJTsetup.exe.
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  12. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:08:12 AM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.HollysPC\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 4302 bytes
     
  13. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    I am uninstalling things that this person has out onto my comp. Never seen this before & can't find any info on it. Is this a program to block my pictures from me & should I uninstall it? Microsoft Digital Image Library 9 - Blocker
    It is right under Microsoft Digital Image Starter Edition 2006 that I have not installed either. These entrys are in the control panel & I don't remember downloading them. Would you uninstall them? Or at least, the blocker program?
    I am trying to get MY computer back to normal after being hijacked so if anyone has time for ANY advice today, I would really appreciate it. I am not going to do anything that I am unsure of but am pretty good when it comes to the comp.
    While, I am here can I have 4 other wierd entries in a row which are:
    MSXML 4.0 SP2KB927978
    MSXML 4.0 SP2KB936181
    MSXML 4.0 PARSER and SDK
    MSXML 6.0 PARSER KB933579
    Not sure what this is either but will go search now but can't I at least, delete the older versions of WHATEVER program this is?
    Thanks again guys ;)
    God Bless Our Troops & Veterans!!!
     
  14. stbernardlov

    stbernardlov Thread Starter

    Joined:
    Dec 12, 2003
    Messages:
    187
    This is what I found out about MSXML 4.0. It says that the software needs Microsoft® Visual Studio®, to run properly. That program WAS also a NEWLY installed program that I DID NOT INSTALL so it has been uninstalled already. Can I get rid of this MSXML stuff? My concern is that I have been unable to open .xml files as well. Could this program be the reason, I wonder???

    About (MSXML)
    The following system components are required for developing with Microsoft XML Core Services (MSXML).
    Windows-compatible computer
    A supported 32-bit version of a Microsoft Windows® operating system product.
    Microsoft Internet Explorer 5.0 or later.
    Microsoft Windows Script Host, if you want to view output without the web browser.
    Microsoft® Visual Studio®, if you create solutions with Visual Basic®.
    Sry, to keep posting, trying to figure this out as I go as well... Just thought that a little info to determine what this program is might help... Still readin' ;)
     
  15. emp813

    emp813

    Joined:
    Nov 9, 2007
    Messages:
    35
    i'm curious. if he messed up your laptop , how can u post here?

    anyway, all laptops have a recovery partition. reinstall your OS. but then again, he may have messed with that too. so what about that recovery CD/DVD that comes shipped with all laptops? use that to reinstall ur OS.

    i agree that he totally raped your laptop. be thankful it wasn't you.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650274