Technical, ran102 post a topic in “virus and worms”!:wink:

Please fix the following entries in safe mode(!).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prdhy.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://prdhy.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://prdhy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prdhy.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://prdhy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\prdhy.dll/sp.html#96676
O2 - BHO: (no name) - {372EF314-6508-92AB-732E-258B08992A73} - C:\WINDOWS\d3uc.dll

Rename these files:

C:\WINDOWS\d3uc.dll
C:\WINDOWS\apiid32.exe

and send them packed and passordprotected to virus(at)asw.cz