res://c:\windows\system32\shdoclc.dll/dnserror.htm

Discussion in 'Desktop & Laptop Computers Forum' started by welshboy, Feb 2, 2005.

  1. welshboy

    welshboy
    Standard Member

    Joined:
    Jan 6, 2005
    Messages:
    620
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Swansea
    Ratings:
    +2
    Hello all,
    I am having a problem with the internet i can connect fine but when i click on IE i get a page saying "the page cannot be displayed" and under properties it says "res://c:\windows\system32\shdoclc.dll/dnserror.htm please can someone help because i cant live without the net my log for hijack this is

    Logfile of HijackThis v1.99.0
    Scan saved at 20:42:31, on 02/02/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\msvc32.exe
    C:\WINDOWS\System32\mcafeshield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\msnms.exe
    C:\Documents and Settings\Dylan\Desktop\hijackthis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Windows TM] rundlI32.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\sjbzxsa.exe
    O4 - HKLM\..\Run: [Spool] C:\WINDOWS\system32\msvc32.exe
    O4 - HKLM\..\Run: [MSN Updater] msnms.exe
    O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [Windows TM] rundlI32.exe
    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [MSN Updater] msnms.exe
    O4 - HKLM\..\RunOnce: [MSN Updater] msnms.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKCU\..\Run: [MSN Updater] msnms.exe
    O4 - HKCU\..\RunOnce: [MSN Updater] msnms.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra button: BT - {040BEAF8-E808-4BAA-93C0-C6C0F03F3BBC} - http://www.bt.com (file missing) (HKCU)
    O9 - Extra button: Homepage - {86076693-51C6-4659-87A5-C71BDC2B07BC} - http://bt.yahoo.com (file missing) (HKCU)
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107265959481
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
     
  2. Calpolaholic

    Calpolaholic
    Active Member

    Joined:
    May 19, 2004
    Messages:
    546
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    46
    Ratings:
    +103
    almost impossible to say what caused it. Doesnt look like you got much spyware on there. I had this a few weeks ago and it was a combination of things but mostly spyware. I used CounterSpy to get rid of all the crap but also restored the system to the point I knew everything worked. You might want to try those things
     
  3. Derek22

    Derek22
    Active Member

    Joined:
    Jan 25, 2005
    Messages:
    246
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +18
    hi,

    if you choose start -- run and type in cmd you should get a command window. type in ipconfig /all <press return>.

    amoung the output it should tell you an ip address for your dns server, if not that is your problem and contact isp. if you have an ip address for the dns server then try a ping command. if you get a response then let us know if not your dns server is down or unreachable. post some results and i will take a look.

    ipconfig /all should have a line that looks like, aaa.bbb.ccc.ddd is the adress you are looking for.

    DNS Servers . . . . . . . . . . . : aaa.bbb.ccc.ddd

    ping aaa.bbb.ccc.ddd should get a response like below, if you get response timed out that is bad.


    ping aaa.bbb.ccc.ddd

    Pinging aaa.bbb.ccc.ddd with 32 bytes of data:

    Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=128
    Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=128
    Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=128
    Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=128

    Ping statistics for aaa.bbb.ccc.ddd:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
     
  4. Berwhale

    Berwhale
    Standard Member

    Joined:
    Jan 31, 2005
    Messages:
    23
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    1
    Location:
    London
    Ratings:
    +0
    You may have a virus...

    "When first run, W32/Rbot-UH copies itself to the Windows system folder as MCAFESHIELD.EXE and runs this copy of the worm. The copy will then attempt to delete the original file. In order to run each time a user logs in, W32/Rbot-UH will set the following registry entries: "

    See the Advanced tab: http://www.sophos.com/virusinfo/analyses/w32rbotuh.html

    I noticed this in your trace because McAfee AV normally uses 'mcshield.exe'.
     
  5. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    This nearly always means that it can not find the site. Does your home page actually exist ?? if you type in a URL does it work ??
     
  6. mjn

    mjn
    Distinguished Member

    Joined:
    May 24, 2001
    Messages:
    23,925
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Herts, England
    Ratings:
    +12,481
    i would say this is the most common resolution
     
  7. welshboy

    welshboy
    Standard Member

    Joined:
    Jan 6, 2005
    Messages:
    620
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Swansea
    Ratings:
    +2
    No it comes up on every page i type in.
     
  8. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    The problem is that your machine can not figure out where a site is on the net. This normally occurs when you are not actually connected.

    Are you sure you are connected ?? Have you tried to ping a site as shown above ?? Try and ping www.bbc.co.uk and see what happens.

    If that is ok, I would hazard a guess that a firewall might be blocking IE from connecting to the net. Do you have a firewall installed and if so, is it set to allow IE to connect ??
     
  9. welshboy

    welshboy
    Standard Member

    Joined:
    Jan 6, 2005
    Messages:
    620
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Swansea
    Ratings:
    +2
    I have pinged sites and they show no losses and of course im connected like the title of this thread says under properties it says res://c:\windows\system32\shdoclc.dll/dnserror.htm
     
  10. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    I would not wory about the file. This is simply the file windows uses to display those error messages in IE. (If you are not connected to the net you would get the same message).

    Anyway, it would appear that there is some dodgy spyware on your machine. Having a quick look
    does not look good and is often linked to the LADE worm (googling should give details of this)
    does not look too healthy either.

    ... there are quite a few others starting ms... which appear dodgy

    I see you have Spybot installed, is it updated ?? I am not sure but I guess you are using McAfee or AVG but are they up to date ?? most of this appears to be worm related and I would have thought up to date virus checkers would pick this up.

    Also do you have a firewall installed ??
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice