GT500

Emsisoft Employee
  • Content Count

    13534
  • Joined

  • Days Won

    423

Everything posted by GT500

  1. I'm pretty certain that they are clean. Looks like warning detections (CheatEngine can be used to hack games, so some vendors apparently detect it as a hacktool). Aside from some temp files, I think your computer is clean, so lets get those temp files cleaned up. Please download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
  2. OK, there are only two files in that log that I am actually concerned about: C:\Users\Owner\Documents\xfire_installer_43094.exe C:\Users\Owner\Downloads\CheatEngine561.exe Theoretically both of these are legitimate files, however there is always the possibility of an infection having been injected into them. Please upload both of those files to VirusTotal and then post the links to the analysis of each file for me.
  3. It looks like ComboFix cleaned up everything on its own, however lets get a third-party opinion just to be sure. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  4. Yes, we can do that. Please note, however, that you do get an automatic discount when you renew your licenses, so you may wish to verify that you will be getting a better deal from the Easter promo than from a normal renewal. I don't have the details in front of me, however you can send an e-mail to Davlat at da <at> emsisoft <dot> com and he will know a lot more about discounts, promotions, etc. than I do. If you decide to go ahead and go with the Easter promo, then send me a private message with all of the info (the key of your current 3-PC license, the three new keys that you want merged into it, and let me know if your e-mail address for your Customer Center account is different than the one you used on our forums).
  5. We are capable of merging and extending licenses. Just make sure that if you currently have a 3-PC license that you purchase a new 3-PC license during the promo, otherwise we may only extend you current 3-PC license by a third of a year.
  6. Well, lets try deleting it, and see if anything complains. Here's another ComboFix script with instructions: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7453-pc-infected-by-trojans/ KillAll:: FileLook:: C:\Program Files\Common Files\Microsoft Shared\ink\lpsPlugin.dll File:: C:\Program Files\Common Files\Microsoft Shared\ink\lpsPlugin.dll [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  7. My apologies for the slow response. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  8. You could try something such as System Repair Engineer (you can get it from the download page at this link) to perform a check on your system and repair common problems. I doubt it can fix everything, however it may help make your life a bit easier. When you run System Repair Engineer, go to System Repair on the left, and then go to the Advanced Repair tab. Make sure that it is set to Recommended Fix Level and click the Auto Repair button.
  9. You're quite welcome. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  10. Please start with the instructions at this link, and attach your logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply to this topic.
  11. Yes, that is a Realtek file. I do not believe it is necessary in order for your audio to work, and just gives you extra configuration options. You can read more at SystemLookup.
  12. It is possible that something was preventing it from being deleted. Assuming that the file was created by the Java interpreter, it could have still had a lock on the file. I can't say for certain, however, as I am not a researcher and do not have the technical details of the infection.
  13. Are you able to start Windows normally?
  14. OK, from your logs it looks like your system is clean now. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Uninstall a program . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  15. Quoting from the Java.com FAQ for Java 7: "The new release of Java is first made available to the developers to ensure no major problems are found before we make it available on the java.com website for end users to download the latest version. If you are interested in trying Java SE 7 it can be downloaded from Oracle.com" Feel free to use Java 7 if you want, however please make sure to keep it updated as a lot of exploits love to use Java these days (although from what I am hearing from researchers it sounds like the latest versions of the Blackhole exploit try to hit you with Java, Flash, and Adobe Acrobat vulnerabilities all at the same time in the hopes of finding something exploitable). That reminds me that I need to add Adobe Acrobat to my update instructions. If you haven't already done so, you may wish to uninstall any old versions of Adobe Acrobat Reader that you have installed, and download and install the latest version from Adobe at this link. You may also wish to use a third-party PDF viewer such as PDF-XChange Viewer (free and premium versions) and Foxit Reader (free).
  16. OK, here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it. Once it is loaded, click on the Express button. It will check for available updates, and once it is done you can click the Install Updates button. It may ask you to accept a license agreement before it installs, so make sure you say Yes . When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore . Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs . Go to Accessories . Go to System Tools . Click on System Restore . Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create . Click Close to finish the process.
  17. You're quite welcome. Please let us know if you continue to have trouble.
  18. OK, that log looks better. I take it that you are no longer having trouble with SafeSurf and that everything looks OK on your end?
  19. OK, that log is looking much better. Let me know if your computer is still showing any signs of an infection, and if you are still seeing that weird installer thing on startup then get me a fresh OTL log.
  20. OK, I have written a script that will tell ComboFix how to delete some stuff I saw in your log. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7588-is-this-malware-safesurf-surfguard/ KillAll:: FCopy:: c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys File:: c:\windows\$NtUninstallKB951748_0$\tcpip.sys c:\windows\ERDNT\cache\tcpip.sys c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  21. Have you made any modifications to your Windows System Files? There are certain files that people like to patch with third-party fixes for certain issues, and I just want to make sure that you haven't done something like that before I write a fix script.
  22. I'm sorry, that's my fault. I exported the NetScvs from Windows XP, and you're using Windows 7. Here's the proper script and instructions for Windows 7: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7520-please-help-with-trojancrypte2/ KillAll:: Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] "netsvcs"=hex(7):41,65,4c,6f,6f,6b,75,70,53,76,63,00,43,65,72,74,50,72,6f,70,\ 53,76,63,00,53,43,50,6f,6c,69,63,79,53,76,63,00,6c,61,6e,6d,61,6e,73,65,72,\ 76,65,72,00,67,70,73,76,63,00,49,4b,45,45,58,54,00,41,75,64,69,6f,53,72,76,\ 00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\ 62,69,6c,69,74,79,00,49,61,73,00,49,72,6d,6f,6e,00,4e,6c,61,00,4e,74,6d,73,\ 73,76,63,00,4e,57,43,57,6f,72,6b,73,74,61,74,69,6f,6e,00,4e,77,73,61,70,61,\ 67,65,6e,74,00,52,61,73,61,75,74,6f,00,52,61,73,6d,61,6e,00,52,65,6d,6f,74,\ 65,61,63,63,65,73,73,00,53,45,4e,53,00,53,68,61,72,65,64,61,63,63,65,73,73,\ 00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,57,6d,69,00,57,6d,\ 64,6d,50,6d,53,70,00,54,65,72,6d,53,65,72,76,69,63,65,00,77,75,61,75,73,65,\ 72,76,00,42,49,54,53,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,\ 4c,6f,67,6f,6e,48,6f,75,72,73,00,50,43,41,75,64,69,74,00,68,65,6c,70,73,76,\ 63,00,75,70,6c,6f,61,64,6d,67,72,00,69,70,68,6c,70,73,76,63,00,73,65,63,6c,\ 6f,67,6f,6e,00,41,70,70,49,6e,66,6f,00,6d,73,69,73,63,73,69,00,4d,4d,43,53,\ 53,00,77,65,72,63,70,6c,73,75,70,70,6f,72,74,00,45,61,70,48,6f,73,74,00,50,\ 72,6f,66,53,76,63,00,73,63,68,65,64,75,6c,65,00,68,6b,6d,73,76,63,00,53,65,\ 73,73,69,6f,6e,45,6e,76,00,77,69,6e,6d,67,6d,74,00,62,72,6f,77,73,65,72,00,\ 54,68,65,6d,65,73,00,42,44,45,53,56,43,00,41,70,70,4d,67,6d,74,00,00 [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  23. Are you sure there isn't already an OTL log saved on your desktop? The only way to save an OTL log with the same name as one that already exists would be to overwrite the old one. I am seeing some services in that log that are missing files. It may not be related to an infection, however it is best to repair them anyway. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  24. OK, it looks like we still need to fix some services, so here's another script. Here is another script with instructions on what to do again: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7520-please-help-with-trojancrypte2/ KillAll:: Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\ 76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\ 65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\ 00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\ 62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\ 49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\ 57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\ 6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\ 61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\ 52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\ 75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\ 63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\ 68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\ 56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\ 73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\ 6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\ 57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,57,6d,64,6d,50,6d,\ 53,4e,00,00 [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  25. Well, that shows that all of the files and folders (as well as the startup entry) related to SafeSurf have been deleted. It shouldn't be bothering you anymore. If you are satisfied with that, then I can leave my final recommendations and close the topic.