Fun Moods Google re-direct problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rowdyrenegade, Apr 4, 2012.

  1. rowdyrenegade

    rowdyrenegade Private E-2

    We flushed the Java and Explorer chache.
    We ran the TDS Skiller which is attached.
    And ran the MBR check which is pasted in the message.
    And we are still being redirected only when typing an address in the tool bar and misspell it.
    Any advice?

    :eek Rowdyrenegade :banghead






    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: ECS
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: HP-Pavilion
    System Product Name: NC686AA-ABA a6700y
    Logical Drives Mask: 0x000003fc

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`26521600 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
    596 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     

    Attached Files:

    rowdyrenegade, Apr 4, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do you have your Vista install disc?
     
    TimW, Apr 4, 2012
    #2
  3. rowdyrenegade

    rowdyrenegade Private E-2

    yes i do
     
    rowdyrenegade, Apr 4, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Boot up and go into the bios and change the boot order to CD/DVD as first boot device. Insert the disc and reboot:

    To run the Bootrec.exe tool, you must start Windows RE. To do this, follow these steps:

    1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
    2. Press a key when you are prompted.
    3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
    4. Click Repair your computer.
    5. Click the operating system that you want to repair, and then click Next.
    6. In the System Recovery Options dialog box, click Command Prompt.
    7. Type Bootrec.exe /fixmbr, and then press ENTER.

    Reboot to normal mode and re-run MBRCheck. ATTACH the log.
     
    TimW, Apr 4, 2012
    #4
  5. rowdyrenegade

    rowdyrenegade Private E-2

    sorry i dont have the install disc.i have 3 recovery discs from when i bought the pc.
     
    rowdyrenegade, Apr 4, 2012
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Apr 4, 2012
    #6
  7. rowdyrenegade

    rowdyrenegade Private E-2

    i did attach the tddskiller log,you'er right didnt do the read me.sorry to waste your time.will do what you asked.thank you rowdy
     
    rowdyrenegade, Apr 4, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, you attached a log from MBRCheck.
     
    Kestrel13!, Apr 5, 2012
    #8
  9. rowdyrenegade

    rowdyrenegade Private E-2

    heres the logs thanks for the help your system found alot
     

    Attached Files:

    rowdyrenegade, Apr 5, 2012
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Apr 5, 2012
    #10
  11. rowdyrenegade

    rowdyrenegade Private E-2

    heres the combo and mg logs
     

    Attached Files:

    rowdyrenegade, Apr 5, 2012
    #11
  12. rowdyrenegade

    rowdyrenegade Private E-2

    heres the mbr log
     

    Attached Files:

    rowdyrenegade, Apr 5, 2012
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That fixed the MBR, so tell me what issues are remaining, if any.
     
    TimW, Apr 6, 2012
    #13
  14. rowdyrenegade

    rowdyrenegade Private E-2

    it still is re-directing to fun moods. I found some unknown ie9 add ons and they go to funmoods. I cant delete/uninstall/get rid of them. I went into tools, manage add-ons, downloaded controls to try and delete. We will paste what we found.

    Send to OneNote is tied to Discuss. If you disable Discuss it disables OneNote.


    Name Send to OneNote
    Publisher Not Available
    Status Disabled

    Name Research
    Publisher Not Available
    Status Disabled

    Name Spybot - Search & Destroy Configuration
    Publisher Not Available
    Status Enabled

    Name Discuss
    Publisher Not Available
    Status Disabled
    Version 6.0.6002.18392
     
    rowdyrenegade, Apr 7, 2012
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
     
    TimW, Apr 8, 2012
    #15
  16. rowdyrenegade

    rowdyrenegade Private E-2

    thank you heres the log
     

    Attached Files:

    rowdyrenegade, Apr 8, 2012
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTL to your desktop.

    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:otl
:files
C:/Users/User/AppData/Local/Temp/FNMD
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AFD2FD7-ECB2-41C0-9BB4-602EA506BEC0}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA8C8198-76D0-4F0C-BBF7-279D8BAB530E}]

:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 9, 2012
    #17
  18. rowdyrenegade

    rowdyrenegade Private E-2

    heres the logs for you.wanted to get them to you right away.
    the few times i have tried it. LOOKS LIKE IT'S GONE!i'll do some more looking and let you know.thank you
     

    Attached Files:

    rowdyrenegade, Apr 9, 2012
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good, let me know how things are working. ;)
     
    TimW, Apr 9, 2012
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds