dnserror in IE6 (RESOLVED - User updated to IE7)
-
dnserror in IE6 (RESOLVED - User updated to IE7)
Hi,
I usually run Firefox but IE is sometimes needed , i.e when for Windows update. Now suddenly IE cant access ANY sites, Firefox ALL sites.
IE comes up with: "Page can not be displayed" and the message in the staus bar is: "res://c:\windows\system32\shdoclc.dll/dnserror.htm"
The computer is protected by ZoneAlarm and AVG Antivirus and Anti-Spyware. I also have scanned it with the software you usually recommend.
I am running XP Home on a laptop connect to the Internet thru a Belkin wireless router. On my desktop connected to the same router IE works fine.
Hope you can help me, here is my HijackThis report:
Logfile of HijackThis v1.99.1
Scan saved at 13:09, on 06-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\TRISNA~1\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\dns\bin\named.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\SPYWAREfighter\spftray.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\SPYWAREfighter\spfprc.exe
C:\Program\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\Program\PC-TV\TwinhanDTV\704A\Agent.exe
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\Program\PC-TV\WinManager\WinManager.exe
C:\Program\BHODemon 2\BHODemon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Outlook Express\msimn.exe
C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program\Screamer Radio\screamer.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\PROGRAM\WINZIP\winzip32.exe
C:\Documents and Settings\Sven\Skrivbord\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sven-dahlstrom.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sven-dahlstrom.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Svens Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 2a.exe" /runonce
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - Startup: BHODemon 2.0.lnk = C:\Program\BHODemon 2\BHODemon.exe
O4 - Global Startup: 704A.lnk = C:\Program\PC-TV\TwinhanDTV\704A\Agent.exe
O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinManager.lnk = C:\Program\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\IBM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://clients.playout.se
O15 - Trusted Zone: http://psswe.playout.se
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154691655531
O17 - HKLM\System\CCS\Services\Tcpip\..\{179AFC1C-ACFA-4B61-A143-D069FC6E6340}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FF4B445-EC1A-4F8A-A025-88B6094E55EC}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{304DD6DE-AA7E-4AE6-AAC1-F463A5BBF6D8}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5A04C6-0AF5-445B-A457-5E1D6751AD3D}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A1DE72-55FF-4056-B7DC-CFD5B4FA37DC}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A618D318-9774-4103-B03D-7105616FF075}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4DBE8BB-9B27-44FA-821A-5CE927486D05}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D546A90F-A35B-4632-AA98-ED2F6103D745}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{179AFC1C-ACFA-4B61-A143-D069FC6E6340}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{179AFC1C-ACFA-4B61-A143-D069FC6E6340}: NameServer = 127.0.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: MySql - Unknown owner - C:/Program/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Business 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Business 2007.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program\SPYWAREfighter\spfprc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: SysEnforce - Unknown owner - C:\Program\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
It looks like you have a Trojan on your system and hopefully not a rootkit infection.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Run AVG anti-spyware from safe mode and post the log it makes. Thanks. Quarantine everything it finds, very important.
-
Hi,
Ths is what AVG anti-spyware reported:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:06 06-11-01
+ Scan result:
:mozilla.62:C:\Documents and Settings\Sven\Application Data\Mozilla\Firefox\Profiles\fp0x0lnp.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
::Report end
-
Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
And post a new HJT log also..
-
I need Internet Explorer for the scan you are asking for but IE is the problem !!!
Instead I installed BitDefender, this is the log from the scan:
//-----------------------------------------------------------------
//
// Product BitDefender Antivirus Plus v10
// Product 10.0
//
// Created on: 03/11/2006 00:14:16
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
D:\
Folders : 13768
Files : 58159
Memory processes scanned : 54
Archives : 4
Runtime packers : 3469
Identified viruses : 2
Infected files : 2
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 2
Moved files : 2
I/O errors : 8
Scan time : 00:45:58
Scan speed (files/sec) : 21
Spyware Statistics
Registry keys scanned : 1975
Registry keys infected : 2
Cookies scanned : 8
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 2
Virus definitions : 511151
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[X] Programs
[ ] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[ ] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1 162509256.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET Detected: magne3t
<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET Deleted
<System> Update
<System>=>HKEY_CLASSES_ROOT\MAGNET Detected: magne2t
<System>=>HKEY_CLASSES_ROOT\MAGNET Deleted
<System> Update
C:\Program\Mozilla Firefox\plugins\NPMyWebS.dll Detected: Adware.Toolbar.MyWebSearch.AC
C:\Program\Mozilla Firefox\plugins\NPMyWebS.dll Disinfection failed
C:\Program\Mozilla Firefox\plugins\NPMyWebS.dll Moved
C:\WINDOWS\system32\instsrv.exe Detected: Application.Instsrv.C
C:\WINDOWS\system32\instsrv.exe Disinfection failed
C:\WINDOWS\system32\instsrv.exe Moved
-
Hi,
You can close this case. I solved the problem by updating to IE7.
Thanks anyway!
//Sven
Newbie
