newbie that has the hijacked funmoods redirect

Hi....newbie here,

I followed the instruction that i came across while researching this annoying PUP or Malware or whatever it is ...I got all the way down to the part of the GooredFix and I am posting the log....so far it seems to have worked but I am leary....

I will check back to see what your thoughts are...meanwhile I will check again for this pain.

reso

 

resoxcvb back again....

wel I went and closed all tabs and browsers....back to the desktop. Clicked back on Chrome....and it is back....funmoods, vGrabber, and whitesmoke....so I did the next step with the TDSS and here are the results

Interestingly, in the file folders I saw the file for conduit (vgrabber and whitesmoke) but it was empty....also when I first started TDSS it said Symantec...not Kapersky so I redid the process again....IDK what happened but I am impressed with the tenaciousness of this redirect...I mean gotta say that much...lol

back to the next on the list..

check back asap.

 

I now have another search bar added to funmoods, whitesmoke, and vGrabber....it is the AVG search bar....even after I checked not to install it, it did it anyway...I am going to run the MBRcheck because I want to follow orders...lol I will post the results in a new post.

resoxcvb

 

okay I ran the MBRcheck and added to the pile.... View attachment MBAM-log-2013-06-03 (20-42-52).txt

View attachment MBRCheck_06.04.13_18.22.03.txt I really do not know what I am doing at this point as this is beyond my understanding....I just need some help getting rid of this pest. I will check back tomorrow....gnite Geeks and thanks ahead of time.

resoxcvb

 

ah.. here's the TDSSKiller...sorry just tired...

 

Aloha Chasling,

I appreciate your time but I had to change computers.....I was first posting to you via my work laptop (Lenovo) but I got nervous with the Daemon thing....its my work laptop and they run Lotus notes and I saw that on there so I went to my PC.... which coincidentally has the same issue. :cry

So I re-did the process again for my windows 7 Home Premium, x64-bit based desktop and it is an eMachines

I also had STOPx000000 msgs that I think I fixed but still stalls once in a while. The re-direct is still omnipresent....I restore back to factory settings last week but the funmoods et al are still here.

Here are the uploads of the RR Me instructions

 

Awe crappola....I apologize.....here are the fix reports
reso

I am re-reading the RR Me and then I will check back as I begin this process.

Thanks for your patience.

 

ok here it is ....again...:-o
hmmm it kept saying "Invalid file" but I finally got them off and uploaded...



I wanted to say that I just finished the DNS router hijacking instructions because I can do it on this router and I reset it to default factory settings. I just powered back up 10 minutes ago and so far so good....

I will check back after I go all the way out and log on again to see if indeed the hijackers are gone....

a thanks ahead of time:major

brbs

 

ok...ok...yes sir :major

sorry. I got it ....I was doing the wrong posts first......I got excited.

Ok...here are the logs....:-o


thanks again,
resoxcvb

 

thanks major....I do not see the pesky tab horders...thanks and I will be running the junkware removal tool asap....meanwhile
just a quick update and to ask if you know of some answers or help for the other problem I'm having
I have a norton pop-up saying... I have a high memory usage
... the frequency is out of range then the
computer crashed Blue screen of death.... and system error message - 6.1.7601.2.1.0.768.3 ID 1033 BCCode:50 OS Version 6_1_7601 Service Pack 1_0 Product 768_1

got it to reboot....loaded the updates one at a time....and then crashed again
System error msg...Fltmgr.sys Address FFFFF 880011A6166 base at FFFFF880011A2000, Datesstamp 4ce7929c

This time the emachines no can start up....had to reboot with the OS disk....
it booted up and is currently in safe mode with networking

So what do you think I should do?

resoxcvb

 

Back again....here is the JRT.txt :major and Major thanks.

resoxcvb

 

back again and I wanted to say thanks for all your patience....i still do not see the redirect hijackers and I just completely finished reading the forum for the IE 7 crash site....and hmmm....so far so good.....I never would have thought it to be shell.exe

I will check back tomorrow to let you know if all is still good....I can still remain a member ....right.

resoxcvb