Funmoods In Temp Folder

amxyplx · September 18, 2012, 02:06:10 PM

I typed 'fun' into everything.exe on Computer #1 WXP Pro and to my surprise found this which I have typed exactly as they occurred.

FunmoodsLatest.exe C:\Docs&Set\Me\LocalSets\temp\is357113909
Also this now:
FUNMOODLATEST.EXE-12182548.PF C:\WINDOWS\Prefetch

Also a bunch (30) of MS Works files starting typically funxxx.wws C:\programFiles\MSWorks\1033\Wizards or 1033\Tasks (I think these are valid MSworks templates).

I googled >is357113909< but could make no sense of the hits xcpt evidently it is no damn good.

Using the View > Choose Details option and choosing Date Created I got 5-29-12 for the FunMoods file and that matches the Date Created with Nitrite uTorrent Installer which I used to download a linux distro iso file- don't remember which. So I think that's where it came from.

I don't find evidence Funmoods was installed but don't know what to look for either. I have not ran any full scans as reading other related posts indicates they won't fix this anyway.

1. That's one way to get FunMoods on your computer.

2. Do I dare merely delete the funmood file from comp #1 temp file? maybe rename it first?

amxyplx · September 18, 2012, 03:10:46 PM

Well there are a lot of restore points too so they'd all have to go.

R-C · September 18, 2012, 05:36:15 PM

don't do anything to your restore points. Just be patient and you will get instructions specifically for you.

Corrine · September 18, 2012, 06:07:14 PM

Hi, amxylx. Welcome to LandzDown Forum. R-C is correct about your System Restore points. It is best to clean your computer first, create a fresh restore point and then remove the old restore points.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Quote from: amxplxI have not ran any full scans as reading other related posts indicates they won't fix this anyway.

Would you like the lecture now or later about using P2P programs? :D The problem is, as you discovered, files downloaded with P2P programs often include undesirable extras. With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

In order to assist you, it is necessary to see some logs. Please download AdwCleaner by Xplode to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Click Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next response.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1

In addition, kindly provide the logs requested in the Log Posting Instructions.

Thank you.

amxyplx · September 18, 2012, 08:14:07 PM

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 13:01:59
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Milton Irwin - LINUXSPECIAL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milton Irwin\Desktop\INCOMING\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

***** [Registry] *****

Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\SweetIm

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Milton Irwin\Application Data\Mozilla\Firefox\Profiles\fr251mnl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Milton Irwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1458 octets] - [18/09/2012 13:01:59]

########## EOF - C:\AdwCleaner[R1].txt - [1518 octets] ##########

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Milton Irwin at 13:06:37 on 2012-09-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.486 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Privatefirewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Milton Irwin\Desktop\INCOMING\adwcleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341965022750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{ACAF3D4C-E201-4760-B04D-77A2695E1CB3} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milton irwin\application data\mozilla\firefox\profiles\fr251mnl.default\
FF - plugin: c:\documents and settings\milton irwin\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 MpKslba8da14e;MpKslba8da14e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f088b67-212c-4aaa-a82f-d58ce7539d05}\MpKslba8da14e.sys [2012-9-18 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2012-5-31 374160]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2010-4-6 2519040]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2012-7-23 135272]
S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-23 114144]
.
=============== Created Last 30 ================
.
2012-09-18 18:56:56   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f088b67-212c-4aaa-a82f-d58ce7539d05}\MpKslba8da14e.sys
2012-09-18 16:36:11   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3f088b67-212c-4aaa-a82f-d58ce7539d05}\mpengine.dll
2012-09-17 17:17:32   --------   d-----w-   c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-17 15:04:31   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-13 17:49:16   --------   dc----w-   c:\documents and settings\milton irwin\local settings\application data\MigWiz
2012-09-01 22:01:53   5504   ----a-w-   c:\windows\system32\drivers\StarOpen.sys
2012-09-01 21:33:56   --------   d-----w-   c:\documents and settings\all users\application data\Canneverbe Limited
2012-09-01 21:33:55   --------   d-----w-   c:\documents and settings\milton irwin\application data\Canneverbe Limited
.
==================== Find3M ====================
.
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ----a-w-   c:\windows\system32\html.iec
.
============= FINISH: 13:07:22.26 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2012 4:18:23 PM
System Uptime: 9/18/2012 12:36:32 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 09F8h
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 59.889 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 7/22/2012 12:46:10 PM - System Checkpoint
RP98: 7/23/2012 8:27:00 AM - Installed Privatefirewall 7.0
RP99: 7/23/2012 12:58:43 PM - Software Distribution Service 3.0
RP100: 7/24/2012 12:59:51 PM - System Checkpoint
RP101: 7/24/2012 9:39:29 PM - Software Distribution Service 3.0
RP102: 7/26/2012 7:59:42 AM - Software Distribution Service 3.0
RP103: 7/27/2012 10:48:48 AM - Software Distribution Service 3.0
RP104: 7/28/2012 11:15:48 AM - Software Distribution Service 3.0
RP105: 7/29/2012 6:05:54 PM - Software Distribution Service 3.0
RP106: 7/30/2012 1:46:45 PM - Installed Microsoft Fix it 50154
RP107: 7/30/2012 9:20:52 PM - Software Distribution Service 3.0
RP108: 7/31/2012 10:30:34 PM - Software Distribution Service 3.0
RP109: 8/2/2012 6:15:34 AM - Software Distribution Service 3.0
RP110: 8/3/2012 8:20:07 AM - Software Distribution Service 3.0
RP111: 8/4/2012 8:28:38 AM - Software Distribution Service 3.0
RP112: 8/5/2012 1:21:57 PM - Software Distribution Service 3.0
RP113: 8/6/2012 1:39:58 PM - System Checkpoint
RP114: 8/6/2012 5:40:56 PM - Software Distribution Service 3.0
RP115: 8/8/2012 8:01:44 AM - Software Distribution Service 3.0
RP116: 8/9/2012 8:40:41 AM - System Checkpoint
RP117: 8/9/2012 10:06:14 AM - Software Distribution Service 3.0
RP118: 8/10/2012 4:39:53 PM - Software Distribution Service 3.0
RP119: 8/11/2012 7:36:16 PM - Software Distribution Service 3.0
RP120: 8/12/2012 7:47:47 PM - Software Distribution Service 3.0
RP121: 8/13/2012 7:53:19 PM - Software Distribution Service 3.0
RP122: 8/15/2012 10:16:58 AM - Software Distribution Service 3.0
RP123: 8/16/2012 11:49:04 AM - Software Distribution Service 3.0
RP124: 8/17/2012 12:07:06 PM - System Checkpoint
RP125: 8/17/2012 12:10:19 PM - Software Distribution Service 3.0
RP126: 8/18/2012 12:39:21 PM - Software Distribution Service 3.0
RP127: 8/18/2012 3:31:25 PM - Software Distribution Service 3.0
RP128: 8/19/2012 12:53:14 PM - Software Distribution Service 3.0
RP129: 8/20/2012 1:20:36 PM - System Checkpoint
RP130: 8/20/2012 1:57:51 PM - Software Distribution Service 3.0
RP131: 8/22/2012 6:38:45 AM - Software Distribution Service 3.0
RP132: 8/23/2012 7:21:58 AM - System Checkpoint
RP133: 8/23/2012 10:26:16 AM - Software Distribution Service 3.0
RP134: 8/24/2012 12:21:41 PM - Software Distribution Service 3.0
RP135: 8/25/2012 12:41:56 PM - Software Distribution Service 3.0
RP136: 8/26/2012 1:04:55 PM - Software Distribution Service 3.0
RP137: 8/27/2012 6:04:41 PM - Software Distribution Service 3.0
RP138: 8/28/2012 6:16:48 PM - System Checkpoint
RP139: 8/28/2012 8:11:44 PM - Software Distribution Service 3.0
RP140: 8/30/2012 9:27:38 AM - Software Distribution Service 3.0
RP141: 9/1/2012 8:04:48 AM - Software Distribution Service 3.0
RP142: 9/1/2012 2:22:36 PM - Revo Uninstaller's restore point - Audio Converter
RP143: 9/1/2012 2:57:06 PM - Revo Uninstaller's restore point - CDBurnerXP
RP144: 9/3/2012 8:40:16 AM - Software Distribution Service 3.0
RP145: 9/4/2012 9:23:29 AM - System Checkpoint
RP146: 9/4/2012 9:28:52 AM - Software Distribution Service 3.0
RP147: 9/5/2012 9:54:57 AM - Software Distribution Service 3.0
RP148: 9/6/2012 10:52:37 AM - Software Distribution Service 3.0
RP149: 9/7/2012 11:33:16 AM - Software Distribution Service 3.0
RP150: 9/10/2012 8:56:15 AM - Software Distribution Service 3.0
RP151: 9/11/2012 9:27:08 AM - System Checkpoint
RP152: 9/11/2012 11:38:24 AM - Software Distribution Service 3.0
RP153: 9/12/2012 7:38:09 PM - Software Distribution Service 3.0
RP154: 9/13/2012 8:13:22 AM - Software Distribution Service 3.0
RP155: 9/13/2012 10:46:27 AM - Installed Windows Windows Easy Transfer for Windows 7.
RP156: 9/13/2012 8:24:31 PM - Software Distribution Service 3.0
RP157: 9/15/2012 6:16:35 AM - Software Distribution Service 3.0
RP158: 9/17/2012 8:01:46 AM - System Checkpoint
RP159: 9/17/2012 8:04:26 AM - Software Distribution Service 3.0
RP160: 9/17/2012 10:17:32 AM - Installed Windows 7 Upgrade Advisor
RP161: 9/18/2012 6:47:51 AM - Installed MSXML 4.0 SP3 Parser (KB973685)
RP162: 9/18/2012 9:36:08 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
CCleaner
CDBurnerXP
Embedded Security for HP ProtectTools Driver
ESET Online Scanner v3
Everything 1.2.1.371
FlashPeak SlimBrowser
Foxit Reader
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 (KB2418240)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
HP Softpaq SP46134
HP Softpaq SP46137
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel® Active Management Technology
IrfanView (remove only)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Privatefirewall 7.0
Rainlendar2 (remove only)
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
SoundMAX
SpywareBlaster 4.6
SUPERAntiSpyware
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/14/2012 7:57:28 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BERNARD-8F54636 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ACAF3D4C-E20. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

amxyplx · September 18, 2012, 08:32:57 PM

Anymore I buy the DVD or CD. Only a few bucks and much less time messing with the whole shebang. Just about as fast really.

Corrine · September 19, 2012, 12:25:18 AM

Hi, amxyplx.

QuoteAnymore I buy the DVD or CD. Only a few bucks and much less time messing with the whole shebang. Just about as fast really.

Sorry, I don't know what you mean by the above.

I'm seeing information for the Babylon toolbar which is just as frustrating or worse than Funmoods. Please do the following:

1. Please rescan with AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save and open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

2. Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

amxyplx · September 19, 2012, 02:22:46 PM

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 13:01:59
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Milton Irwin - LINUXSPECIAL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milton Irwin\Desktop\INCOMING\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

***** [Registry] *****

Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\SweetIm

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Milton Irwin\Application Data\Mozilla\Firefox\Profiles\fr251mnl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Milton Irwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1458 octets] - [18/09/2012 13:01:59]

########## EOF - C:\AdwCleaner[R1].txt - [1518 octets] ##########
ComboFix 12-09-18.07 - Milton Irwin 09/19/2012 7:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.516 [GMT -7:00]
Running from: c:\documents and settings\Milton Irwin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 13:52 . 2012-09-19 13:52   29904   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F088B67-212C-4AAA-A82F-D58CE7539D05}\MpKsl0b5854fb.sys
2012-09-18 16:36 . 2012-08-23 07:15   7022536   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F088B67-212C-4AAA-A82F-D58CE7539D05}\mpengine.dll
2012-09-17 17:17 . 2012-09-17 17:17   --------   d-----w-   c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-17 15:04 . 2012-08-23 07:15   7022536   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-13 17:49 . 2012-09-13 18:08   --------   dc----w-   c:\documents and settings\Milton Irwin\Local Settings\Application Data\MigWiz
2012-09-01 22:01 . 2012-06-03 17:44   5504   ----a-w-   c:\windows\system32\drivers\StarOpen.sys
2012-09-01 22:01 . 2012-09-01 22:01   --------   d-----w-   c:\program files\CDBurnerXP
2012-09-01 21:33 . 2012-09-01 21:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Canneverbe Limited
2012-09-01 21:33 . 2012-09-01 21:33   --------   d-----w-   c:\documents and settings\Milton Irwin\Application Data\Canneverbe Limited
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2008-08-21 12:00   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-04-06 14:11   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-08-21 12:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-08-21 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-08-21 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-08-21 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-08-21 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2012-09-10 17:20 . 2012-09-10 17:19   266720   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2012-06-01 3006840]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
devmgr.bat [2012-1-11 35]
Kill_SysPrep.bat [2012-1-11 160]
RPKDriverInstWinXP.lnk - c:\rpktools\RPKDriverInstwinxp.bat [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
devmgr.bat [2012-1-11 35]
Kill_SysPrep.bat [2012-1-11 160]
RPKDriverInstWinXP.lnk - c:\rpktools\RPKDriverInstwinxp.bat [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
devmgr.bat [2012-1-11 35]
Kill_SysPrep.bat [2012-1-11 160]
RPKDriverInstWinXP.lnk - c:\rpktools\RPKDriverInstwinxp.bat [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Milton Irwin^Start Menu^Programs^Startup^Kill_SysPrep.bat]
path=c:\documents and settings\Milton Irwin\Start Menu\Programs\Startup\Kill_SysPrep.bat
backup=c:\windows\pss\Kill_SysPrep.batStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Milton Irwin^Start Menu^Programs^Startup^RPKDriverInstWinXP.lnk]
path=c:\documents and settings\Milton Irwin\Start Menu\Programs\Startup\RPKDriverInstWinXP.lnk
backup=c:\windows\pss\RPKDriverInstWinXP.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-06-02 12:58   176128   ----a-w-   c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-18 22:02   116648   ----atw-   c:\documents and settings\Milton Irwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 16:32   77824   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32   77824   ----a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 16:35   94208   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 8:14 AM 24064]
R1 MpKsl0b5854fb;MpKsl0b5854fb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F088B67-212C-4AAA-A82F-D58CE7539D05}\MpKsl0b5854fb.sys [9/19/2012 6:52 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [5/31/2012 5:26 PM 374160]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 11:01 PM 994360]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [4/6/2010 3:31 PM 2519040]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [7/23/2012 8:27 AM 135272]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 8:31 AM 44800]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/23/2012 8:10 AM 114144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0B5854FB
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2987671442-3108307839-2666995008-1004Core.job
- c:\documents and settings\Milton Irwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-18 22:02]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2987671442-3108307839-2666995008-1004UA.job
- c:\documents and settings\Milton Irwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-18 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milton Irwin\Application Data\Mozilla\Firefox\Profiles\fr251mnl.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-19 07:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-19 07:12:22
ComboFix-quarantined-files.txt 2012-09-19 14:12
ComboFix2.txt 2012-07-21 12:00
.
Pre-Run: 64,810,250,240 bytes free
Post-Run: 64,835,428,352 bytes free
.
- - End Of File - - 6E918D067350ABE940BA707235BDB177

Corrine · September 19, 2012, 06:10:40 PM

Hi, amxyplx.

You posted the AdwCleaner log from the "Search". If you haven't done so, please rescan with AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save and open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.

If you already rescanned selecting Delete, you can find the lot at C:\AdwCleaner[S1].txt.

amxyplx · September 19, 2012, 08:21:32 PM

Sorry about that today seems to be a high point in my stress cycle. :-)
======================
# AdwCleaner v2.002 - Logfile created 09/19/2012 at 13:13:49
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Milton Irwin - LINUXSPECIAL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milton Irwin\Desktop\INCOMING\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Milton Irwin\Application Data\Mozilla\Firefox\Profiles\fr251mnl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Milton Irwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1587 octets] - [18/09/2012 13:01:59]
AdwCleaner[R2].txt - [1647 octets] - [19/09/2012 06:46:55]
AdwCleaner[S1].txt - [2098 octets] - [19/09/2012 06:48:28]
AdwCleaner[S2].txt - [1195 octets] - [19/09/2012 13:13:49]

########## EOF - C:\AdwCleaner[S2].txt - [1255 octets] ##########

Corrine · September 19, 2012, 08:42:08 PM

I know the feeling, amxyplx. :)

It appears from the log identifier that you did run the delete mode previously (AdwCleaner[S1].txt - [2098 octets] - [19/09/2012 06:48:28]) which apparently removed Babylon.

How is your computer now?

amxyplx · September 19, 2012, 11:53:33 PM

I ran siw and did not see funmood or babylon.

Corrine · September 20, 2012, 02:24:29 AM

Excellent!

Please do the following to uninstall AdwCleaner.

Double-click AdwCleaner.exe to run the tool.
Click Uninstall
Confirm with yes

Important --> I noticed you had previously run ComboFix on your own which is not advisable. Please do the following to implement cleanup procedures and also to reset System Restore points (discussed earlier in this topic):

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

amxyplx · September 20, 2012, 02:46:43 PM

Hi-
Uninstalled AdwCleaner.
Uninstalled ComboFix.
All restore pts are wiped.
No funmoods or babylon in siw.

======================
Running ComboFix on my own - You helped me with a problem in July (see my post July 23) and it was run then. Perhaps that is what showed up. I didn't knowingly/intentionally run ComboFix independently.
============================
Well, Corrine, thanx again. What would the rest of us poor old dubs do w/o you and RC and all the others to numerous to type in?

Corrine · September 20, 2012, 05:12:07 PM

Ah, ok. I'm glad you didn't run it on your own. We must have missed the uninstall part in the earlier thread. Thanks for letting me know.

I'm sure I speak for R-C and all the others that we are very happy to help.