also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

start page is res://shdocvn.dll/blank.html

Discussion in 'Virus and Malware Removal' started by spooky, Aug 28, 2005.

Thread Status:
Not open for further replies.

  1. spooky Newcomer, in training

    :blackeye: First time with spyware on my computer. I've attached the HJT file. HelP!

    Attached Files:

    • hjt.txt
      File size:
      6.7 KB
      Views:
      17
    spooky, Aug 28, 2005
    #1

  2. RealBlackStuff Newcomer, in training

    Follow these instructions EXACTLY
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Pay attention to
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocvn.dll/blank.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O16 - DPF: (all of them)
    O21 - SSODL: 82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - {4545658A-0B85-F3DC-C2E7-518FAB058986} - c:\program files\ea sports\ea sports online\winvvqad4.dll

    Then post a new Hijackthis log-files as an attachment.
    RealBlackStuff, Aug 28, 2005
    #2

  3. spooky Newcomer, in training

    Aftermath

    I did all as instructed. Start page seems fine. I have attached the new HJT log file. Thanks~
    spooky, Aug 28, 2005
    #3

  4. RealBlackStuff Newcomer, in training

    Sorry, I missed one:

    Boot in Safe mode
    Press ctrl/alt/del and stop the process svcnt32.exe

    Run HJT and fix
    O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home

    When done, delete svcnt32.exe
    RealBlackStuff, Aug 28, 2005
    #4

  5. spooky Newcomer, in training

    Could not find that entry or running process. The start page is fine now. But I when I open inernet explorer, i see a lot of messages being sent i.e. i see umpteen "scanning messa 1 of 1" pop ups from symantec. This pop up usually occurs when I send email. I'm assuming this is due to a program sending emails in the background.
    spooky, Aug 30, 2005
    #5

  6. RealBlackStuff Newcomer, in training

    RealBlackStuff, Aug 30, 2005
    #6
Thread Status:
Not open for further replies.