TechSpot

start page is res://shdocvn.dll/blank.html

By spooky
Aug 28, 2005
  1. :blackeye: First time with spyware on my computer. I've attached the HJT file. HelP!
     

    Attached Files:

    • hjt.txt
      File size:
      6.7 KB
      Views:
      17
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Follow these instructions EXACTLY
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Pay attention to
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocvn.dll/blank.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O16 - DPF: (all of them)
    O21 - SSODL: 82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - {4545658A-0B85-F3DC-C2E7-518FAB058986} - c:\program files\ea sports\ea sports online\winvvqad4.dll

    Then post a new Hijackthis log-files as an attachment.
     
  3. spooky

    spooky TS Rookie Topic Starter

    Aftermath

    I did all as instructed. Start page seems fine. I have attached the new HJT log file. Thanks~
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Sorry, I missed one:

    Boot in Safe mode
    Press ctrl/alt/del and stop the process svcnt32.exe

    Run HJT and fix
    O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home

    When done, delete svcnt32.exe
     
  5. spooky

    spooky TS Rookie Topic Starter

    Could not find that entry or running process. The start page is fine now. But I when I open inernet explorer, i see a lot of messages being sent i.e. i see umpteen "scanning messa 1 of 1" pop ups from symantec. This pop up usually occurs when I send email. I'm assuming this is due to a program sending emails in the background.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.