Fooled by Spyware Nuker 2004 -- how do I remove this software?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Pina

Thread Starter
Joined
Aug 12, 2004
Messages
9
Hi,

I downloaded Spyware Nuker 2005 to get rid of adware. To my chagrin, I later found out that the program itself is adware :mad:

To add insult to injury, it doesn't come with an uninstall feature, so I don't know how to get rid of it for good.

Can anyone kindly help me?

Thank you,

PINA
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,542
Go to the spyware tools section at http://www.majorgeeks.com and download and save the following:

Ad-Aware SE Personal 1.05

Spybot - Search & Destroy 1.3

HijackThis 1.99.0


Install Ad-Aware and Spybot. After you install them, run their update function and get the latest files installed. Once you've updated them, run a full system scan with Ad-Aware. Once the scan is finished, select and delete everything that it finds. Run a scan with Spybot. Once the scan is finished, select and delete everything in red that it finds.

HijackThis does not install, so you have to unzip it into a folder that you create for it. Do not unzip it into a folder in the C:\WINDOWS\TEMP folder. Once it's unzipped, double-click the HijackThis .exe file. Click "Scan" and allow the scan to finish. Click "Save Log" and save the log in text format with Notepad. Copy-and-paste the entire log here so we can view it.

----------------------------------------------------------------

If Spyware Nuker 2005 doesn't have an uninstall feature, you'll likely have to delete its files and registry entries manually.

Read here.

----------------------------------------------------------------

Before you openly download and install any program that claims to get rid of or fix something, do a little research on it first. If you post the program on this forum in the "All other software" or "Security" section, I'm sure that one or more persons will give you advice about using it.

----------------------------------------------------------------
 

Pina

Thread Starter
Joined
Aug 12, 2004
Messages
9
Ok, I ran adaware, spysweeper and spybot. Deleted all the junk and restarted the computer.

Here's the hijackthis scan:

Logfile of HijackThis v1.97.7
Scan saved at 20.14.11, on 29/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2277d088ab1134bc4f06/netzip/RdxIE601_it.cab


Also, spybot couldn't get rid of these of a bunch of HKEY_USERS (registry keys?)


What should I do next?

Thanks,

P.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,542
Where did you get HijackThis from? You're using version 1.97.7. The current version is 1.99.0. Get it here and replace the older HijackThis.exe file.

----------------------------------------------------------------

There are programs running in the background that don't need to be.

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Uncheck the following:

igfxtray.exe Read here.

hkcmd.exe Read here.
(THe above 2 should be disabled at the same time and just one of them)

realsched.exe Read here.

ypager.exe Read here.
(You can start this program manually when you're ready to chat)

click Apply - OK, then reboot.

----------------------------------------------------------------

Post another log after you've updated HijackThis and done the above.

-----------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top