Hello and welcome to Techspot.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode. See how HERE.
http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Spyware Nuker
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
swnxt.exe
Close task manager.
Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
O1 - Hosts: 199.202.83.162 ZENWSIMPORT
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O14 - IERESET.INF: START_PAGE_URL=http://www.intranet.muhc.mcgill.ca/
<Only fix this entry, if it doesn`t belong to your pc manufacturer or your ISP.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
Only fix the above 017 entries, if they don`t belong to your ISP.
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(if there).
C:\Program Files\
Spyware Nuker
Reboot into normal mode and turn system restore back on.
Regards Howard :wave: :wave:
