1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE7 Error: res://shdoclc.dll/DNSERROR.HTM#

Discussion in 'Virus & Other Malware Removal' started by jamest777, Feb 7, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jamest777

    jamest777 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    3
    I am having trouble with using internet explorer 7. Everytime I try to go online I get this error in the URL before the web address. I am using a broadband connection and am using Windows XP. I have tried using many different spyware programs to fix the program such as Ad-aware, Avagas and as well ran WinSockxpfix but all have not fixed the problem. I have now ran HijackThis and it gave me a log. If someone could please look at it and let me know what I should do that would be great. thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:09:55 PM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\SYSTEM32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Norton\Norton Security\ISSVC.exe
    F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    F:\spyware\AVG Anti-Spyware 7.5\guard.exe
    F:\CFusion\cfam\program\ccmgr.exe
    F:\CFusion\Bin\cfserver.exe
    F:\CFusion\cfam\Program\dfp.exe
    F:\CFusion\cfam\Program\wsm.exe
    F:\CFusion\cfam\Program\wsprobe.exe
    F:\CFusion\Bin\cfexec.exe
    F:\CFusion\Bin\cfrdsservice.exe
    F:\CFusion\JRun\bin\JRun.exe
    F:\CFusion\jrun\bin\jrun.exe
    F:\CFusion\jre\bin\ntConsoleJava.exe
    F:\WINDOWS\System32\GEARSec.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Norton\Norton Security\Norton AntiVirus\navapsvc.exe
    F:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    F:\CFusion\jre\bin\ntConsoleJava.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    F:\WINDOWS\system32\hkcmd.exe
    F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    F:\WINDOWS\BCMSMMSG.exe
    F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    F:\Program Files\Microsoft IntelliType Pro\type32.exe
    F:\Program Files\Microsoft IntelliPoint\point32.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    F:\WINDOWS\system32\WDBtnMgr.exe
    F:\quicktime\quicktime 7 pro\qttask.exe
    F:\Program Files\iTunes\iTunesHelper.exe
    F:\Program Files\iPod\bin\iPodService.exe
    F:\spyware\AVG Anti-Spyware 7.5\avgas.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    F:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    F:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\spyware\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - F:\Popup\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: MSProxy Support Dll - {1920E150-5D27-4B95-B60B-D68B78928441} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\spyware\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - F:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton\Norton Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton\Norton Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - F:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB002" /M "Stylus CX7800"
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [\\DELL\EPSON Stylus Photo R340 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P37 "\\DELL\EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
    O4 - HKLM\..\Run: [type32] "F:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Norton Ghost 9.0] F:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\quicktime\quicktime 7 pro\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Explorer] F:\WINDOWS\system32\shellexp.exe en
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Run Google Web Accelerator.lnk = F:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/download/PerformerSetup.cab
    O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\spyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - F:\CFusion\cfam\program\ccmgr.exe
    O23 - Service: Cold Fusion Application Server - Macromedia Inc. - F:\CFusion\Bin\cfserver.exe
    O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - F:\CFusion\Bin\cfexec.exe
    O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - F:\CFusion\Bin\cfrdsservice.exe
    O23 - Service: ColdFusion Graphing Server - Unknown owner - F:\CFusion\JRun\bin\JRun.exe
    O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - F:\CFusion\jrun\bin\jrun.exe" -jrundir "F:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
    O23 - Service: ColdFusion Management Service - Unknown owner - F:\CFusion\cfam\bin\CANamingAdapter.exe
    O23 - Service: GEARSecurity - GEAR Software - F:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Norton\Norton Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Norton\Norton Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - F:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Norton\Norton Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. gurutech

    gurutech

    Joined:
    Apr 23, 2004
    Messages:
    2,960
    Try disabling your Google Web Accelerator, or browsing without the use of your proxy settings.
     
  3. jamest777

    jamest777 Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    3
    I figured it out it was a combination of norton antivirus and google web accelerator. Once i reinstalled both it works fine. Thanks for the advice
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, jamest777 :)

    Welcome to TSG.

    There is a trojan in your system and your JAVA is outdated. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542080

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice