Redirecting Yahoo Searches

Welcome to MGs!

You need to follow ALL the steps in the READ & RUN ME. You have not done them please run them all and attach ALL requested logs.


Part of your problem is a WareOut infection. After you complete ALL steps in the READ ME, we will be able to help you remove this.

Is your version of CounterSpy a paid version?

 

Yes it does take along time to run! But the purpose is to remove all malware from your PC and to help prevent (as much as possible) future malware problems. It is a require procedure so that we can help you fix your problems.

You should not use illegal software. It is of no use to you in the long run since you cannot get updates. If CounterSpy is not capable of fixing problems (i.e. it is the free trial version), you should uninstall it because it will not help you.

 

Have you install HijackThis properly yet per the directions in step 7 of the READ & RUN ME? If not, please do so before continuing.

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a.tribalfusion.com/p.media/VSNTJFJUIMYQRMXPSLGMKDQSTJKPPHLFCJSKMHEHGDYOTFMOOREQTKGRJOOEGQILMJMOKHCTHOOS/369876/pop.html
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [jbzqw.exe] C:\WINDOWS\system32\jbzqw.exe
O4 - HKLM\..\Run: [dmonz.exe] C:\WINDOWS\system32\dmonz.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F627916-857B-4517-BF83-A16DDB9342D1}: NameServer = 85.255.116.103,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CB990C-9DD4-48ED-A5FF-C89D66D31DD3}: NameServer = 85.255.116.103,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1C8BE85-A6F6-4350-84A0-093946090A77}: NameServer = 85.255.116.103,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F627916-857B-4517-BF83-A16DDB9342D1}: NameServer = 85.255.116.103,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F627916-857B-4517-BF83-A16DDB9342D1}: NameServer = 85.255.116.103,85.255.112.185


After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\WINDOWS\system32\jbzqw.exe
C:\WINDOWS\system32\dmonz.exe
C:\Program Files\UnSpyPC <--- delete the whole folder if found

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.