SHDOCLC.dll/dnserror.htm

**Tybs** · 29-05-2005

I've heard about this problem on several other forums, but i have no idea what may be causing it, so i thought i would post my own HijackThis log and see if i can get some help from here...

I connect to a network to receive my internet access and the network can aparantly detect my PC, but i cannot connect to the internet with any application. And Internet Explorer gives the above message.

I would appreciate any assistance you could offer.

Logfile of HijackThis v1.99.1
Scan saved at 13:47:13, on 29/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 98\IOMON98.EXE
C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [shim error] C:\WINDOWS\APPLIC~1\DEFYWE~1\Junk Ace Mail.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

**HJThis** · 30-05-2005

Hello,Tybs & Welcome

Well there have been a # of others with this problem & so far
no fix that i know of but you do have some items that can go.

The application Messenger Plus is an add-on. It is not written by Microsoft. It installs spyware, LOP to be exact. Try and see if you can uninstall Messenger Plus via Add\remove Programs, and then if you still want to use it, reinstall it after we have cleaned your computer. Then choose not to install the Sponsor. If you are able to do this, then scan with HJt again in normal mode if possible, and post another log.

&

Please download LSPfix and save it to the Desktop and unzip it.
Run LSPfix and place a check against the I know what I am doing checkbox.
Highlight every instance of the following names and move them from the Keep to the Remove panel. Be sure to move nothing other than the files listed below!
10 - broken internet access because of lsp provider 'xfire_lsp_10650.dll' missing
When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

This item here any idea what it is did you install this if no fix it
O4 - HKCU\..\Run: [shim error] C:\WINDOWS\APPLIC~1\DEFYWE~1\Junk Ace Mail.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
C:\Program Files\MessengerPlus! 3\<---This folder if uninstalled as said above

Then do a reboot till us how it is

HGD

**Tybs** · 31-05-2005

Thanks I uninstalled Xfire before getting your reply and my internet came back up, but i have done all the other things you said here is my new log.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:31, on 31/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 98\IOMON98.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\BIN\ECHOCTRL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\RAR$EX01.073\HIJACKTHIS.EXE

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

**Tybs** · 31-05-2005

I have another problem...
I am running a Genius soundmaker 5.1 PCI sound card and i receive no sound effects in games and WMP 9 and Power dvd do not playback sound..
Winamp does, however play both sound and video but i cannot watch any dvds with sound.
Is there any way to fix this?

**HJThis** · 31-05-2005

Hey,Tybs

Great to hear it now for the problem with the sound sorry
i have no idea other then did you try an uninstall reinstall
i find that with problems of this type a reinstall has always
helped me out just something to think about.

now there somethings i need you to do right away

First you are using a way old IE so do this here

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.

& now some tools for you to download update them use them

SpywareBlaster - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
http://www.javacoolsoftware.com/spywareguard.html

IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

and this prog here will help keep your PC clean.

popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.

You should also think about using Firefox & Mozilla & us IE for updates

Get your Firefox here

Mo who

if you have a problem lit us know

HGD

**Tybs** · 06-06-2005

thanks i have firefox and my pc seems to be working properly.. if a little slowly (need new ram) i also have another logfile from another pc for you too look at. it doesnt have the same error and runs XP but it keeps getting messages sending me to different registryfix websites each time. i think this is spyware can you help?

**Tybs** · 06-06-2005

Logfile of HijackThis v1.99.1
Scan saved at 17:57:44, on 06/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cfmon.exe
C:\WINDOWS\System32\WinGmt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\unpak32.exe
C:\WINDOWS\System32\wincrs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\wuamkop.exe
C:\PROGRAM FILES\WINRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe
C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\Rar$EX0c.f70\Hi jackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BTFirstRun] C:\WINDOWS\Firstrun.exe /BT Yahoo Install
O4 - HKLM\..\Run: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKLM\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\Run: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunServices: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKLM\..\RunServices: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\RunOnce: [Internet Suspention] story.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKCU\..\Run: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKCU\..\Run: [Windows Network Controller] WinGmt.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] WinGmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: BT - {28990E5D-8621-486D-85E2-443994BF401E} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {A1220E01-4AAF-439A-9F40-9C7F5E788D80} - http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F566EFE-71AB-44C8-AA46-EAE61D9DEA2E}: NameServer = 62.6.40.162 194.74.65.69
O23 - Service: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINDOWS\System32\cfmon.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

**HJThis** · 06-06-2005

Hi,Tybs

Well 2 big problems i see right away is this
please place HijackThis in a folder in C:\Drive like so C:\HJT

& once they are all clean the need to run not walk to the
Windows update site & update both WinXP & IE but not
tell we have them all clean.

Press control-alt-delete to get into the task manager and end the follow processes if they exist:
WinGmt.exe
unpak32.exe
wincrs.exe
WinRAR.exe
story.exe
wuamkop.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
WinRAR.exe

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O4 - HKLM\..\Run: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\Run: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKLM\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\Run: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunServices: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKLM\..\RunServices: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] WinGmt.exe
O4 - HKLM\..\RunOnce: [Internet Suspention] story.exe
O4 - HKCU\..\Run: [Microsoft Crs Fix Serv] wincrs.exe
O4 - HKCU\..\Run: [MICROSOFT UNPACCKER SYSTEM] unpak32.exe
O4 - HKCU\..\Run: [Windows Network Controller] WinGmt.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] WinGmt.exe

O9 - Extra button: BT - {28990E5D-8621-486D-85E2-443994BF401E} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {A1220E01-4AAF-439A-9F40-9C7F5E788D80} - http://bt.yahoo.com (file missing) (HKCU)

O16 - DPF: Win32 Classes -

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
C:\PROGRAM FILES\WINRAR\<---This folder

& Stell in Safe Mode do a file Search for these here if found delete all of them

WinGmt.exe
unpak32.exe
wincrs.exe
story.exe
wuamkop.exe

Then once done do a reboot & do this right away

Go for free online Virus scans here:

http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Then tell us how it is & show us new logfile

HGD

**Tybs** · 08-07-2005

latest logfile guys... i upgraded to win xp home and iexplore 6 but still have modzilla while i'm at home from uni i'm usin btinternet broadband.
cheers
Tybs.

**Tybs** · 08-07-2005

Logfile of HijackThis v1.99.1
Scan saved at 20:30:53, on 08/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Netlib.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\winsci.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuinit.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\VFSWRA~1.EXE
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\YAHOO!\browser\ybrowser.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Registry Value Name] service.exe
O4 - HKLM\..\Run: [System Updates] winsci.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Update] winudx.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] wuinit.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\RunServices: [Registry Value Name] service.exe
O4 - HKLM\..\RunServices: [System Updates] winsci.exe
O4 - HKLM\..\RunServices: [Windows Update] winudx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] wuinit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Updates] winsci.exe
O4 - HKCU\..\Run: [Windows Update] winudx.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunServices: [System Updates] winsci.exe
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Homepage - {673B724A-552D-4EDA-A38F-DF7E5DD243E1} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {A7703BD8-FD84-4ECA-8FBB-D6294A4E54B4} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E43AA8FB-157C-4DAC-89A6-306993CB7930}: NameServer = 62.6.40.162 194.74.65.69
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

SHDOCLC.dll/dnserror.htm

SHDOCLC.dll/dnserror.htm

Similar Threads

res://shdoclc.dll/DNSERROR.HTM

res://shdoclc.dll/DNSERROR.HTM

shdoclc.dll\dnserror.htm

SHDOCLC.DLL dnserror

shdoclc.dll/dnserror - cannot get on at all now