TechSpot

start page is res://shdocvn.dll/blank.html

By spooky
Aug 28, 2005
  1. :blackeye: First time with spyware on my computer. I've attached the HJT file. HelP!
     

    Attached Files:

    • hjt.txt
      File size:
      6.7 KB
      Views:
      17
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Follow these instructions EXACTLY
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Pay attention to
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocvn.dll/blank.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O16 - DPF: (all of them)
    O21 - SSODL: 82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - {4545658A-0B85-F3DC-C2E7-518FAB058986} - c:\program files\ea sports\ea sports online\winvvqad4.dll

    Then post a new Hijackthis log-files as an attachment.
     
  3. spooky

    spooky TS Rookie Topic Starter

    Aftermath

    I did all as instructed. Start page seems fine. I have attached the new HJT log file. Thanks~
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Sorry, I missed one:

    Boot in Safe mode
    Press ctrl/alt/del and stop the process svcnt32.exe

    Run HJT and fix
    O4 - HKLM\..\Run: [Start Page] C:\WINDOWS\system32\svcnt32.exe home

    When done, delete svcnt32.exe
     
  5. spooky

    spooky TS Rookie Topic Starter

    Could not find that entry or running process. The start page is fine now. But I when I open inernet explorer, i see a lot of messages being sent i.e. i see umpteen "scanning messa 1 of 1" pop ups from symantec. This pop up usually occurs when I send email. I'm assuming this is due to a program sending emails in the background.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...