peter can u help me out tooo

Discussion in 'malware problems & news' started by mohitygupta, Nov 5, 2006.

Thread Status:
Not open for further replies.
  1. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    peter i have a broad band connection and dont know when the oolpix.com homepage hijacker got my comp,
    ever since the run in missing, i am not able to activate the tast manager, and also i am not able to remove the homepage as its been greyed out.....
    pll plplpl help


    i ran the combofix programme and the details are below...........:'(
    mohit - 06-11-05 21:39:30.06 Service Pack 2
    ComboFix 06.10.19 - Running from: "D:\Documents and Settings\mohit\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


    2006-11-05 07:28 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
    2006-11-05 07:14 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
    2006-11-05 07:14 4,960 --a------ D:\WINDOWS\system32\drivers\avgtdi.sys
    2006-11-05 07:14 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-11-05 07:14 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-11-05 07:14 23,424 --a------ D:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-11-04 21:55 155,648 --a------ D:\WINDOWS\system32\igfxres.dll
    2006-11-04 21:41 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
    2006-11-04 21:39 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll
    2006-11-04 21:39 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll
    2006-11-04 21:39 430,592 --a------ D:\WINDOWS\system32\wuapi.dll
    2006-11-04 21:39 36,864 --a------ D:\WINDOWS\system32\wups.dll
    2006-11-04 21:39 22,528 --a------ D:\WINDOWS\system32\fltMc.exe
    2006-11-04 21:39 183,296 --a------ D:\WINDOWS\system32\wuaueng1.dll
    2006-11-04 21:39 165,888 --a------ D:\WINDOWS\system32\wuauclt1.exe
    2006-11-04 21:39 16,896 --a------ D:\WINDOWS\system32\fltlib.dll
    2006-11-04 21:39 124,800 --a------ D:\WINDOWS\system32\drivers\fltMgr.sys
    2006-11-04 21:39 120,320 --a------ D:\WINDOWS\system32\wuweb.dll
    2006-11-04 21:39 112,640 --a------ D:\WINDOWS\system32\wucltui.dll
    2006-11-04 21:26 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
    2006-11-04 21:26 13,312 --a------ D:\WINDOWS\system32\irclass.dll
    2006-10-27 23:35 24,576 --a------ D:\WINDOWS\system32\STKIT432.DLL
    2006-10-26 23:51 281,600 --a------ D:\WINDOWS\system32\drivers\TM_CFW.sys
    2006-10-26 23:51 101,376 --a------ D:\WINDOWS\system32\drivers\tm_mbd_c.sys
    2006-10-26 23:03 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
    2006-10-12 09:18 216,064 --a------ D:\WINDOWS\iun3405.exe
    2006-10-11 22:51 53,760 --a------ D:\WINDOWS\system32\vfwwdm32.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-05 07:15 -------- d-------- D:\Documents and Settings\mohit\Application Data\AVG7
    2006-11-05 07:14 -------- d-------- D:\Program Files\Grisoft
    2006-10-28 18:46 -------- d-------- D:\Program Files\Star Defender 2
    2006-10-28 13:16 -------- d-------- D:\Program Files\Luxor Amun Rising
    2006-10-28 12:42 -------- d-------- D:\Program Files\ReflexiveArcade
    2006-10-28 12:42 -------- d-------- D:\Program Files\Air Strike II Gulf Thunder
    2006-10-27 23:35 -------- d-------- D:\Program Files\Registry Mechanic
    2006-10-26 23:36 -------- d-------- D:\Program Files\Trend Micro
    2006-10-18 22:04 -------- d-------- D:\Documents and Settings\mohit\Application Data\Avant Profiles
    2006-10-15 21:21 -------- d-------- D:\Documents and Settings\mohit\Application Data\DivX
    2006-10-12 09:18 -------- d-------- D:\Program Files\Snes9x
    2006-10-10 09:04 -------- d-------- D:\Documents and Settings\mohit\Application Data\Seven Zip
    2006-10-03 00:34 806912 --a------ D:\WINDOWS\system32\divx_xx0c.dll
    2006-10-03 00:34 806912 --a------ D:\WINDOWS\system32\divx_xx07.dll
    2006-10-03 00:34 790528 --a------ D:\WINDOWS\system32\divx_xx11.dll
    2006-10-03 00:34 635486 --a------ D:\WINDOWS\system32\DivX.dll
    2006-09-24 22:54 -------- d-------- D:\Program Files\SWiSH v2.0
    2006-09-24 21:48 -------- d-------- D:\Documents and Settings\mohit\Application Data\Publish Providers
    2006-09-24 21:44 -------- d-------- D:\Program Files\Sony
    2006-09-24 21:40 -------- d-------- D:\Program Files\Sony Setup
    2006-09-24 19:54 12464 --a------ D:\WINDOWS\system32\drivers\CDAC15BA.SYS
    2006-09-24 19:54 -------- d-------- D:\Program Files\Common Files\Macrovision Shared
    2006-09-16 22:56 -------- d-------- D:\Program Files\AudioCommander
    2006-09-06 20:27 31248 --a------ D:\WINDOWS\system32\drivers\tmpreflt.sys
    2006-09-06 20:27 197648 --a------ D:\WINDOWS\system32\drivers\tmxpflt.sys
    2006-09-06 20:09 1051456 --a------ D:\WINDOWS\system32\drivers\VsapiNT.sys
    2006-08-26 07:00 130048 --a------ D:\WINDOWS\system32\SpoonUninstall.exe
    2006-08-11 04:34 73728 --a------ D:\WINDOWS\system32\dpl100.dll
    2006-08-11 04:33 196608 --a------ D:\WINDOWS\system32\dtu100.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
    "Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "OE"="\"D:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "pccguide.exe"="\"D:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
    "UnlockerAssistant"="\"D:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
    "Task Manager"="D:\\WINDOWS\\system\\svchost32.exe"
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoRun"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
    "backup"="D:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="D:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
    "backup"="D:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ashDisp"
    "hkey"="HKLM"
    "command"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RunDll32 cmicnfg"
    "hkey"="HKLM"
    "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="D:\\WINDOWS\\System32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DataLayer"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="D:\\WINDOWS\\System32\\hkcmd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="D:\\WINDOWS\\System32\\igfxtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="D:\\WINDOWS\\System32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LaunchApplication"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YahooMessenger"
    "hkey"="HKCU"
    "command"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-11-05 21:43:01.26
    D:\ComboFix2.txt ... 06-11-05 21:21
    D:\ComboFix.txt ... 06-11-05 21:43
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi mohitygupta,

    Can you do something for me?
    Surf to:
    http://www.thespykiller.co.uk/forum/index.php?topic=5.0
    Follow the instructions there to upload:
    D:\WINDOWS\iun3405.exe


    Then copy the part in bold below into notepad and save it as coolpics.reg
    Set Filetype to "all files"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Task Manager"=-

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRun"=-


    Doubleclick that file and confirm you want to merge it with the registry.

    Then reboot and check if you have all your options back.
    Please do not delete the file before I have had a chance to look at it.

    Regards,

    Pieter
     
  3. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    peter and run option is working again, and i am able to acces task manager too
    but my homepage is still coolpics.com and i am not able to change it as its greys out in the internet option...


    can u help me out............

    and what file do u want to see??
     
  4. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    peter i tried to reset my internet settings.........
    now my home page is msn.com , but still the option to change the home page is greyed out.....!!!!!!!!!!!


    pl help!!!!!!!!!!!!!!!1
     
  5. dog

    dog Guest

    One post removed -- as the issue has been addressed to Pieter and Pieter is actively providing assistance, there is no need to interfer with the help being given by a spyware expert. Please refrain from posting any solutions - similar to the guideline/rules we had when we processed HJT logs. ;)

    Thanks for everyones understanding and cooperation;

    Steve

    Edit: To the member who posted, please don't C&P the same advice again -- it's now been removed twice.
     
  6. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    i am not a computer whiz...........
    sorry , but it would be great help if u can guide me through the steps..........
    how do i reach control panel stuff tats mentioned above!!!!!!
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Thank you for the file. :)

    I found something else interesting inside.

    Can you do this for me:
    Click Start > Run> and copy this command into the window:

    regedit.exe /e C:\shareddlls.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs"

    Click OK to execute that command. If done correctly this will create the file C:\shareddlls.txt
    Find that file and post the content please.

    Regards,

    Pieter
     
  8. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    the log created is too long...... where do i post ito_O
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    post it at spykiller in teh same topic as teh file you uploaded & Pieter will pick it up from there
     
  10. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    got it........... yeah.......... posted it pieter
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Thank you. You too Derek :)

    mohitygupta,

    Can you find and upload this file as well:
    D:\WINDOWS\system\svchost32.exe <= Note: the exact path and filename

    Now close all IE windows.
    Then copy the part in bold below into notepad and save it as ieblock.reg
    Set Filetype to "all files"

    REGEDIT4

    [-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

    [-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel]

    Doubleclick that file and confirm you want to merge it with the registry.

    Then reboot and check if you can change your Homepage again.

    The iun

    Regards,

    Pieter
     
    Last edited: Nov 5, 2006
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi mohitygupta,

    Never mind. Follow the instructions above.

    Pieter
     
    Last edited: Nov 5, 2006
  13. mohitygupta

    mohitygupta Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    7
    thanks a lot!!!

    hi peiter
    i did what u told me to do,
    the homepage was release and i am able to change it........
    right now the system is ok i guess........
    sorry for the delay in reply..
    anything else i need to do in the systemo_O
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    My pleasure. You can delete D:\WINDOWS\system\svchost32.exe if you still have it.
    I found it at TheSpykiller. :)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.