TechSpot

SHDOCLC.DLL Is ruining my IE and internet connection

By Linzshine
Mar 19, 2006
  1. I recently got Verizon DSL and when I tried to connect, my internet explorer flashes res://c:/windows/system32/shdoclc.dlll/dnserror.htm#http:www.google.com

    I can't get past the page cannot be displayed error, and I can't use instant messenger.

    I can't download anything from the internet because my connection to IE is obviously corrupted. I don't have my windows XP disk and I don't have anything for IE

    Is there a way to internally fix this?

    I just ran a hijack this scan and here are the results (I had to actually hand type these since i'm using my sister's computer and can't post it from mine)

    Logfile of Hijackthis v1.99.1
    scan saved at 5:13:42 pm, on 3/19/2006
    platform:windows xp sp1 (winNT 5.01.2600)
    MSIE: Internet explorer v6.00 sp1 (6.00.2800.1106)

    Running processes:
    c:\windows\system32\smss.exe
    c:\windows\system32\winlogon.exe
    c:\windows\system32\services.exe
    c:\windows\system32\lsass.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\spoolsv.exe
    c:\windows\system32\antievxx.exe
    c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
    c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
    c:\program files\ewido\security suite\ewidoctr1.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\wauaclt.exe
    c:\windows\explorer.exe
    c:\documents and settings\lindsey\desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, Proxyoverride = 64.136.29.30;64.136.29.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wutstat.windows.com;*.pogo.comm;*.worldwinner.com;*test-speed.com;liveupdate.symentecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>

    o2 - BHO: CExtension object - {0019c3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    o3 - Tollbar: &Radio - {8E718888-423F-11D2-876E-00A0c9082467} - C:\WINDOWS\system32\msdxm.ocx
    o3 - Toolbar: &Google - {2318c2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    o3 - Toolbar: Related Page - {9a9c9b68-f908-4aab-8doc-10ea8997f37e} - C:WINDOWS\system32\winNB57.dll
    o4 - HKLM\. . \Run: [bxxs5] RUNDLL.32.EXE C:\WINDOWS\bxxs5.dll, DllRUN
    o4 - HKLM\. . \Run: [windows system32] system32.exe
    o4 - HKLM\. . \Run: [QuickTime Task] "C:\Program Files\Quicktimme\qttask.exe" -atboottime
    o4 - HKLM\. . \Run: [q81g] "C:WINDOWS\System32\slk8x2peu.exe"
    o4 - HKLM\. . \Run: [keyboard] C:\\keyboard1.exe
    o3 - HKLM\. . \Run: [ituneshelper] "C:program files\itunes\ituneshelper.exe"
    o4 - HKLM\. . \Run: [BrowserUpdateSched] C:\windows\system32\twinorg.exe CORN001
    o4 - HKLM\. . \Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    o4 - HKLM\. . \Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe /STARTUP
    o4 - HKLM\. . \Runservices: [Windows System32] System32.exe
    o4 - HKCU\. . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    o4 - HKCU\. .\Runservices: [windows system32] system32.exe
    o4 - Startup: zeno.lnk = C:\WINDOWS\system32\twinorag.exe
    o4 - Global startup: Adobe Gamma Loader. lnk = C:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    o4 - Global startup: Microsoft office.lnk = C:\program files\Microsoft office\office\OSA9.EXE
    o8 - Extra context menu item: &Google search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
    o8 - Extra context menu item: &translate English word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
    o8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
    o8 - Extra context menu item: Cached snapshot of page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
    o8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
    o8 - Extra context menu item: Translate Page into English - res://C:\program filels\google\googletoolbar2.dll/cmtrans.html
    o10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
    o15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    o16 - DPF: {5F8469B4-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    o23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgansvr.exe
    o23 - Service: AVG7 Update Service (Avg7updsvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    o23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    o23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\program Files\common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    o23 - Service: ipodservice - Apple Computer, Inc. - C:\Program Files\ipod\bin\ipodservice\exe
    023 - Service: netconf32 - unknown owner - C:\WINDOWS\netconf32.exe (file missing)
    o23 - Service: sysmgr64 -Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing)
    o23 - Service: Windows overlay components - unknown owner - C:\WINDOWS\nmpmvyv.exe (file missing)
    o23 - Service: security centre (windows security centre) - unknown owner - C:\WINDOWS\wscntify.exe (file missing)


    any help would be greatly appreciated, thanks!
    -Linz
     
  2. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    hallmark sign of a trojan and/or adware.

    boot computer in safemode
    turn off system restore
    run your antivirus
    run several anti trojan horse programs.

    once removed, boot normal and turn on system restore
     
  3. Linzshine

    Linzshine TS Rookie Topic Starter

    reply

    I tried to do that before but my anti-virus and spyware programs aren't up to date cause i have no internet access

    will that make a difference?

    i'll try it in safe mode.

    - Linz
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  5. N3051M

    N3051M TS Evangelist Posts: 2,115

    you can download manual definition update files for your various anti-nasties programs via their websites, and instructions onhow to install it. put it on a usb stick or a cd and then transfer it to the infected pc. tehn you can do the posts above.

    also you can save the hjt.txt log/ other files etc into any removable medium (cds, usb drives, memory cards, ext hdds etc) to transfer files between pcs
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...