Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: How did Funmoods return?

25 Apr 2013   #1

Windows 7 Home Premium x64
How did Funmoods return?

OK I'm baffled on this one. About 6 months ago I accidentally didn't uncheck the box for Funmoods toolbar when installing something, and long story short I decided to reinstall Win 7 (including deleting the original OS partition; I forget if I formatted it too) to make sure I killed it.

My computer has worked flawlessly since then. I have definitely not accidentally installed Funmoods since the reinstall - I've been hyper-vigilant about carefully reading what's being installed by default when installers run. There is no trace of it in Chrome or IE extensions/plugins etc. At all times I've had NOD32 running and updated, Windows (important) Updates immediately installed, and periodically scan with Malwarebytes. I only run Chrome unless IE is required for some random site.

So I was shocked today when I ran a Malwarebytes quick scan and it turned up Funmoods registry files. I pasted the log below. Again, my computer is working perfectly and there's never been any visible/noticeable funmoods crap in my browsers since my reinstall. My last MB quick scan a month or two ago (prior to recent MB update I installed) turned up nothing.

Any ideas how traces of Funmoods could be on my computer? Is it possible it survived the OS reinstall? Is it getting into my system without me installing anything when I visit an infected website? I want to figure out what I'm doing to allow it on my system because I thought I was being very careful. Thanks for any help!

MB quick scan log:


Malwarebytes Anti-Malware (PRO)
Malwarebytes : Free anti-malware download

Database version: v2013.04.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
********* [administrator]

Protection: Enabled

4/25/2013 12:04:25 PM
mbam-log-2013-04-25 (12-04-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254831
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (Funmoods Search) Good: (Google) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\****\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.


My System SpecsSystem Spec
25 Apr 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

Hi chorizo

Link AdwCleaner Download

Click on Download now

Save to the Desktop

Right-click on adwcleaner.exe and choose Run as administrator

Click the Delete button

Upload the AdwCleaner[Sn].txt in your reply.

Note   Note
The log file is at C:\AdwCleaner[Sn].txt
My System SpecsSystem Spec
25 Apr 2013   #3

Windows 7 Home Premium


Any ideas how traces of Funmoods could be on my computer?
You may have installed a program and it bundled Funmoods.

For a browser, do you use Internet Explorer, Firefox, or Chrome?
Browser extensions, homepage change and a change in search engine are master-minded by Funmoods.
You may need to reverse these changes, if you are affected.

Also, in Control Panel> Programs and Features, is Funmoods present there?
If so, click Uninstall.and follow the prompts.

Remove any Funmoods scheduled task:
Press Start, and in the Search Programs and Files box above it, copy paste the following:

In the window that appears, check for any Funmoods tasks
Updatetask.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name: \Funmoods

Scheduled tasks:
The job 'At1' runs weekly in the path 'C:\WINDOWS\Tasks\At1.job'
The job 'Funmoods' runs daily in the path '\Funmoods'
The job 'DSite' runs daily in the path '\DSite'
The job 'Searchya' runs daily in the path '\Searchya'
Entry path 'C:\WINDOWS\Tasks\At1.job'
Entry path '\DSite'
Entry path 'C:\WINDOWS\Tasks\At2.job'
Entry path '\Funmoods'

If you find any scheduled tasks for Funmoods, use the following tutorial to remove:
Task Scheduler - Create New Task

You may also want to clean your temporary internet files using a program like CCleaner - Download
My System SpecsSystem Spec


 How did Funmoods return?

Thread Tools

Similar help and support threads
Thread Forum
Removing Funmoods/Control Panel Question
Somehow Funmoods accidentally got installed on my PC. I know I removed the toolbar from my Mozilla Firefox browser, however I still see it lingering in chat. (i.e. Facebook.) I understand you go to the control panel to remove the program. However, mine does not look right to me or like anything...
System Security
I have funmoods on my computer. I have updated my malwarebytes Anti-Malware software and ran a full scan on my computer. Funmoods is identified and deleted as part of the scanning process. Unfortunately upon rebooting and opening up the second web page the file is always there. Any ideas on how...
System Security
how do i get rid of funmoods?
I accidently installed funmoods on my pc and i want it gone. I uninstalled from control panel but it's still there in the browser its a nuicence to me. How do i get rid of it?
NO URL address bar and some crappy funmoods icon
Not sure what has happened but if I open firefox I no longer get my URL address box and it goes to something being determined by funmoods! Cannot delete it as windows says nothing to find re funmoods, its damned annoying how do I get rid of it? Thanks
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:14.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App