Remove funmoods [Closed] Options

[solo58]

One of the kids was playing Wizards 101, in trying to purchase an option, we inadvertently downloaded funmoods. A tool bar was set up on Chrome.
I ran malwarebytes and removed 55 objects...all funmoods related.
I restarted, removed the toolbar, reran MSE after updating.
How can I confirm that the malware has been removed completely?

[mrp]

Hello and welcome to What the Tech.

My name is Michael and I will be helping you with your computer problems.

Be aware that I am currently in training, which means that my replies must first be approved by one of my teachers. This may cause a slight delay in my responses, but keep in mind that this process is only to ensure you are receiving advice of the utmost accuracy.

Please keep the following points in mind:

• Malware research is often a time consuming process and sometimes multiple tools/methods will have to be employed before an infection is completely dealt with. Please be patient during the process of removal.
• Read my instructions carefully before carrying them out. Also, consider printing out any instructions in case you lose your Internet connection.
• If you have any questions, please ask before carrying out a fix. Clearing up any confusion beforehand will save time in the long run. That said, I will try to post instructions as clearly and concisely as possible.
• Please reply to this thread. Do not start a new topic, and do not request help on other forums during the course of the cleaning process.
• If you do not reply after three (3) days, your thread will be closed.

IMPORTANT NOTE: Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

I will be back as soon as possible with a response.

[mrp]

1. OTL
   
   Download OTL to your desktop.
   
   
   • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
   • Select All Users
   • Under the Custom Scan box paste this in
     netsvcs
     %SYSTEMDRIVE%\*.exe
     /md5start
     explorer.exe
     winlogon.exe
     Userinit.exe
     svchost.exe
     /md5stop
     %systemroot%\*. /rp /s
     DRIVES
     CREATERESTOREPOINT
   • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
     
     • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
     • Post both logs
   
   
2. aswMBR
   
   Please download aswMBR and save it to your desktop.
   
   
   • Double click aswMBR.exe to start the tool.
   • When prompted to download virus definitions, please do so.
   • Click Scan. Note: Do NOT attempt any Fix yet.
   • When the scan completes, click Save log, save it to your desktop and post it in your next reply.
   • There should also be another file that is created on your desktop named MBR.dat. Please right-click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

[mrp]

Hi solo58,

Do you still need help?

[solo58]

sorry about that, have been out of town.

[mrp]

Hi solo58,

The instructions you need to carry out if you want my help are located in post #3 of this thread if you did not see them.

[CatByte]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatthetech.com/you_Infected_t106388.html and start a new topic