• Content Count

  • Joined

  • Last visited

Everything posted by wallmg

  1. This may or may not be related to an issue I reported here on 3/12/2012, but now when I get to the log in screen and type in my password, it doesn't recognize my password and won't let me log in. I tried as administrator as well, to no avail. I leave my computer on all the time, and sometimes I will come in to my office and find my computer at the log-in window, which means it had to have logged off on it's own. At the log-in screen, there will sometimes be two log-in options instead of the usual one: one option is as "Administrator," the other is my normal log-in as myself. When this happens, If I log in as Administrator, the desktop and icons look different than usual, and the files are not open that I had open originally. Sometimes when this happened in the past, it wouldn't let me log in as myself. But if I reboot the computer at this point, it usually takes me back to a normal log-in screen and let's me log in normally. This time, however, no matter what I do, it won't let me log in, either as administrator or myself. I've tried shorting the CMOS, and still no luck. Does this sound like some kind of virus, or some other problem? Any ideas for how to get back into my system? Thanks. Mark
  2. Your Java link pointed me to version 6, but I have version 7.2 installed. Are you saying I should install an older version? Is it more stable or something? Mark
  3. The only things I remember doing were running the MicrosoftFixit program in January, I think for networking problems, and then I had to update .NET Framework in an unconventional way, and I remember deleting a couple of entries in the registry that supposedly were leftover from an uninstalled program and were causing error message. Mark
  4. ComboFix log is attached. I meant to mention before that I've been experiencing some strange automatic log-offs on my computer system. This started happening before I noticed the SafeSurf/SurfGuard references. Sometimes I will come in to my office and find my computer at the log-in window, which means it had to have logged off on it's own. On this log-in screen, however, there sometimes two log-in options instead of the usual one: one option is as "Administrator," the other is my normal log-in as myself. It says something to the effect, that in order to keep the files I had open, I must log in as administrator. But when I log in as Administrator, the desktop and icons look different than usual, and the files are not open that I had open originally. And if I remember correctly, it won't let me log in as myself. I basically have to reboot the computer to get back to a normal log-in screen. Does this sound like some kind of malware doings, or some other problem? Thanks for your help! Mark
  5. Oops, sorry. I had skipped Step 4. Attached is the otl log. P.S. Why can't I see the log on my desktop? I have to hit save as when the log opens, and when I point to my desktop, it shows that it's already there, but I can't see it on my desktop unless I save it under a different name.
  6. Attached is the log that came up when the computer rebooted. It's not named otl.txt, so not sure if this is what you need. Couldn't find any other logs. Thanks. Mark
  7. Here is the url for the analysis results: https://www.virustotal.com/file/329b4c97ec3b558a31b5aee52c1a2b6edadca2a54212cc837865dd0f31e12f92/analysis/1331591848/ If this is legit, how did it get installed without my knowledge, and why isn't there a normal way to uninstall? Thanks. Mark
  8. First, I'm sorry for having to post again so soon since last time, but this install package just appeared on my desktop, and I never clicked it, but apparently it installed itself. I keep getting messages about Safesurf and Surfguard. I went to uninstall them but they didn't show up in Add/Remove Programs. But I found them under Processes in Task Manager and ended the processes. I'm sure they'll show up again when I restart my computer. I don't want them at all, but can't figure out how to uninstall them, so I'm assuming it's malware. Note: When I changed my Folder Options to Show Hidden Files and Folders, a folder titled "js" showed up on my C drive. In it are the safesurf.exe and surfguard.exe files, among some other files. There is also a SafeSurf ABUSE README.txt document that reads: ENGLISH VERSION BELOW Если вы обнаружили этот файл, на вашем копьютере установлена программа SafeSurf, предназначенная для просмотра сайтов пользователями системы JetSwap Если вы являетесь владельцем компьютера и программа была установлена без вашего согласия или ведома, перейдите по ссылке http://go.jetswap.co...4&authkey=98589 Пользователь будет заблокирован, а программа удалена с компьютера. Приносим Вам свои извинения за действия одного из наших пользователей, нарушающего правила системы. If you found this file on your computer installed SafeSurf, designed for browsing by users of the system JetSwap If you own a computer and the program was installed without your consent or knowledge, go to http://go.jetswap.co...4&authkey=98589 The user will be blocked and the program will be deleted from your computer. We apologize for the actions of one of our users who abuse the system. I don't know if I should trust it enough to go to that website to have it deleted from my computer???? I've attached the EEK and OTL reports. I couldn't find the OTL.txt or the Extras.txt documents anywhere, but when I tried to save to my desktop the OTL.txt report that opened when the scan finished, it asked me if I wanted to overwrite the existing file there, even though I could not find a file there. So I saved it as OTL2.txt instead of overwriting it. I'm sure the Extra.txt file is there somewhere hidden, but I can't find it or see it. Thanks. Mark
  9. Thank you so much for your time and assistance! Mark
  10. Regarding the above post: I meant to say things seem to be running OK now, except there are some errors that have been showing up in my Event Viewer, under System. Not sure if they are related to the virus/malware or not. EventIDs 7023, 7022, 7026, 7034, 7031 / Source: Service Control Manager. The latter two might have been one time events, but the first three seem to be happening more. Thanks. Mark
  11. In SafeMode, I couldn't find a way to turn off my antivirus program, but ComboFix seemed to run OK with it on. Attached is the log. Thanks. Mark
  12. I booted to safe mode same as before, and each time after selecting Boot to Safe Mode with Networking, it goes to a menu giving me an option to select the operating system to start: 1. MS Windows Recovery Console 2. MS Windows XP Pro I chose XP Pro each time. Then, at the sign in window, I can sign in as Administrator or as Me (which has administrator rights). First time, I chose Me. Screen says in Safe Mode, but you said it did not appear to be in safe mode. This time I chose Administrator. Desktop looks the same as when I chose Me. Anyway, the OTL files are attached. Thanks. Mark
  13. Virus won't let me run the Combo-Fix.exe. The fake XP Home Security 2012 alert comes up saying it has blocked a program from accessing the internet, and then says it is infected with a Trojan.
  14. Sorry, that computer wouldn't let me attach anything either. I'm working from my laptop now, so I've attached the file now, hopefully.
  15. I've attached the report from the EEK, but my computer would not allow me to run OTL. Thanks. Mark
  16. Quick question: When I was using IE, I was getting messages frequently when visiting websites saying something like, you are about to enter an unsecured site - do you want to continue? Now on Firefox, I'm still getting something similar. I get "the connection is untrusted" message, and it says: If you understand what's going on, you can tell Firefox to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection. Is that a product of the virus/malware I had before, or normal?
  17. I uninstalled Skype, rebooted computer, went into IE and there's still the lagging of usually 5-10 seconds. Not getting that with Firefox or Chrome. UPDATE: I went back into Manage Add-ons and noticed three entries related to DIV-X. I remember installing a DIV-X video codec recently, and it must have automatically loaded an IE add on. When I disable that add-on, IE works smoothly as normal. So I'm assuming that's been my lagging problem all along. Sorry for the wild goose chase on that one, but I sincerely appreciate all your help with this and the malware removal. Mark
  18. I'll try that out of curiosity sake, but I think I'm going to port over to Firefox anyway. I've always used it at work and prefer it. I'll let you know if Skype removal fixed IE8