• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Hoff

Internet Explorer

8 posts in this topic

I am unable to use Internet Explorer. After I log on the internet with my ISP and click on IE, it comes up with Page Cannot be Displayed". At the bottom is says Opening Page res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm

I am able to use my email and also use Netscape Navigator, so I know I am connected to my ISP ok. PLease let me know if you can help.

Share this post


Link to post
Share on other sites

Let's have a look - could be malware.

Please do this.

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

OK, Here is my hijackthis log. thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 8:20:00 AM, on 5/23/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\System32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Netscape\Communicator\Program\netscape.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://trexler.allencol.edu:8080/proxy.pac

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.enter.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Lookup_Sys] C:\WINDOWS\lookupsys.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\Aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7938.6389930556

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...swflash5r42.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{60647BD4-7E3B-4339-978C-24901804ADC6}: NameServer = 63.65.0.2 63.65.0.3

Share this post


Link to post
Share on other sites

You have what looks like just a small remnant of a trojan.

See http://securityresponse.symantec.com/avcen...ojan.norio.html

and http://www.pestpatrol.com/PestInfo/t/trojan_norio.asp for info about it.

 

You just need to do another scan, tick the box next to this, then close all browser and explorer windows, and tell HijackThis to "Fix checked". Then Reboot.

 

O4 - HKLM\..\Run: [Lookup_Sys] C:\WINDOWS\lookupsys.exe

 

After fix and reboot, delete C:\WINDOWS\lookupsys.exe

 

And it wouldn't hurt to do an online virus scan in case there are any other remnants we don't see. http://www.pandasoftware.com/activescan/co...n_principal.htm

or http://housecall.trendmicro.com/

Share this post


Link to post
Share on other sites

I fixed that file, but IE still will not work. I can't get either of those online virus scans to work. Anything else I can try?? HEre is an updated hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:44:39 PM, on 5/23/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\System32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Palm\Hotsync.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://trexler.allencol.edu:8080/proxy.pac

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.enter.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian Hoffman\Application Data\Mozilla\Profiles\default\epedhvpp.slt\prefs.js)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\Aim\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7938.6389930556

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...swflash5r42.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{60647BD4-7E3B-4339-978C-24901804ADC6}: NameServer = 63.65.0.2 63.65.0.3

Share this post


Link to post
Share on other sites

Try this.

Do Start->Run, enter cmd

then sfc /scannow

That will attempt to replace possibly corrupt system file(s)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0