MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: shdock.dll/dnserror.htm
April 03, 2020, 06:34:50 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 03, 2020, 06:34:50 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: shdock.dll/dnserror.htm  (Read 2848 times)
maxlevine
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« on: May 22, 2005, 07:45:47 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:WinXP pack1
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:shdock.dll/dnserror.htm


Hi everyone,
OS: WinXP service pack1
Problem: Access to internet sporadically denied.
Error message: The page cannot be displayed
Related file: shdock.dll/dnserror.htm

I've seen this problem being described here and there but, so far, all solutions did not resolve my problem. I cannot access internet, whether through IE6 or Netscape 7.2, once in a while through some links or by typing an address. The problem ends up resolving itself 30 seconds to 20 minutes later for no apparent reason or after constantly clicking on the link or refresh or both (which allowed me to notice the shdock.dll/dnserror.htm mention in the status bar). ISP provider tech says it could be a static problem with the DSL Modem. I used Ad Aware and SpyBot in safe mode. Here's my HijackThis log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F0A377-58FB-4406-8B5B-44F9DB2F51DB}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F0A377-58FB-4406-8B5B-44F9DB2F51DB}: NameServer = 192.168.2.1
O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Any help would be appreciated.

Thank you,
Max

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 23, 2005, 01:56:52 AM »

Your log is fine.No problems.

Just out of interest,try changing your NameServer = 192.168.2.1 to 192.168.1.1
Logged

An Australian Member of

EDDY
maxlevine
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #2 on: May 24, 2005, 04:31:49 AM »

Hi Pancake,

Thank you for your response. Changing nameServer didn't correct the problem. ISP provider Tech Support insists it must be spyware related. Maybe there is something somewhere I didn't quite clean or I incorrectly uninstalled a program.

Max
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: May 24, 2005, 04:42:10 AM »

I cant see any spyware.We can try looking deeper....

 Download SILENT RUNNERS  to a new folder,... Unzip if Zipped, and run the Silent Runners.vbs file.
Open the "Startup Programs.txt" file it creates, and copy/paste the contents to this post, please.
The "Startup Programs.txt" file will be in the folder you ran the "Silent Runners.vbs" file from.
Logged

An Australian Member of

EDDY
mrglbtalk
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: May 24, 2005, 05:05:52 PM »

Hello I have the same IE problem, as my IE works intermittently, giving me 5-10 minutes blocks of dnserrors. I paste my silent runners log file here for your perusal and kind assistance, please. Both AdAware and SpyBot have found nothing. Thank you.

################################

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc.]
"ADUserMon" = "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation]
"Iomega Startup Options" = "C:\Program Files\Iomega\Common\ImgStart.exe" ["Iomega Corporation]
"Iomega Drive Icons" = "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega]
"Deskup" = "C:\Program Files\Iomega\DriveIcons\deskup.exe" ["Iomega]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc.]
"WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
"HPDJ Taskbar Utility" = "C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc.]
"ShowIcon_Vosonic_USB Media Device Driver v1.19r003" = ""C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"" ["MyComp]
"mswspl" = ** WARNING! empty or invalid data **
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o.]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation]
"QD FastAndSafe" = ** WARNING! empty or invalid data **
"AcctMgr" = "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup" ["Symantec Corporation]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Spybot\SDHelper.dll" ["Safer Networking Limited]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc.]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation]
{CE000992-A58C-4441-8938-744CD72AB27F}\(Default) = "i-Nav IDN Resolver"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc.]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc.]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp.]
"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp.]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{57A17733-E8D6-11D1-B1FF-99A7A7FEB94A}" = "IconFactTemp.IconHandlerFactory"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Corel\Gallery\Gallery\Programs\CNSFlt80.dll" ["Corel Corporation]
"{57A17730-E8D6-11D1-B1FF-99A7A7FEB94A}" = "NSFiltManDll.FiltManCom"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Corel\Gallery\Gallery\Programs\CNSFlt80.dll" ["Corel Corporation]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes]
"{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA}" = "NOMAD Explorer"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Creative\Nomad\NOMAD Explorer\CTJBNS.DLL" ["Creative Technology Ltd]
"{CE000992-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN Resolver"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc.]
"{CE000994-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN SearchHook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc.]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o.]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o.]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc.]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc.]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Administrator" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe  /CUSTOM /SCHEDULE" ["Symantec Corporation]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe  /CUSTOM /SCHEDULE" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {CLSID}\(Default) = "&Google"
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc.]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {CLSID}\(Default) = "&Google"
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc.]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {CLSID}\(Default) = "&Google"
  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc.]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
  -> {CLSID}\(Default) = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\msjava.dll" [MS]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AOL Instant Messenger (TM)"
"Exec" = "E:\AIM95\aim.exe" ["America Online, Inc.]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd.]

{CE000992-A58C-4441-8938-744CD72AB27F}\
"ButtonText" = "i-Nav Help"
"MenuText" = "i-Nav Help"
"Exec" = "http://idn.verisign-grs.com/plug-in/support/index.jsp" [file not found]

{CE000996-A58C-4441-8938-744CD72AB27F}\
"MenuText" = "i-Nav Options"
"CLSIDExtension" = "{CE000996-A58C-4441-8938-744CD72AB27F}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc.]

{F4FBA929-A891-492C-A0F6-5C79CC4F1742}\
"ButtonText" = "HiDownload"
"Exec" = "C:\Program Files\HiDownload\hidownload.exe" ["HiDownload Software]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o.]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o.]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINNT\system32\CTSvcCDA.EXE" ["Creative Technology Ltd]
GhostStartService, GhostStartService, "C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE" ["Symantec Corporation]
Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""C:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe"" ["Symantec Corporation]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE" ["Symantec Corporation]
PPPoE Service, PPPoEService, "C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe" [null data]
SAVScan, SAVScan, "C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe" ["Symantec Corporation]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation]
VeriSign Updater, navi, "C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate" ["VeriSign, Inc.]
ZipToA, ZipToA, "C:\WINNT\System32\ZipToA.exe /S" ["Iomega Corporation]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Logged

 
maxlevine
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #5 on: May 24, 2005, 08:41:33 PM »

Hi Pancake,

Thanks for the link. Happy to see Panda blocked the script; at least, some pgm is doing its job. Here's the result:


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s" ["Panda Software International]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc.]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc.]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc.]
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\CfShellFtpRds.dll" ["Macromedia, Inc.]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\ShellTit.DLL" ["Panda Software International]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Webshots for Sylvain.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\webshots.scr" ["Webshots.com]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavlsp.dll ["Panda Software ], 01 - 03, 19
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\
  -> {CLSID}\(Default) = "Real.com"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Do you see anything abnormal here with the Shdocvw.dll file?

HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%systemRoot%\System32\drivers\etc"
My hosts file had been tampered with last september after downloading a pgm. Had to get rid of a couple of lines.

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe"" ["Panda Software]
Panda Firewall Service, PAVFIRES, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe"" ["Panda Software]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"" ["Panda Software]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe"" ["Panda Software Internacional]
Panda Pavkre, Pavkre, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe"" ["Panda Software]
Panda PavProt, PavProt, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe"" ["Panda Software]
Panda Preventium+ Service, PREVSRV, ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe"" ["Panda Software]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software]
SmartLinkService, SLService, "slserv.exe" [" ]

There you have it. Thanks again.

Max
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: May 24, 2005, 11:55:45 PM »

Max.All looks ok in there so it looks like your problem lies elsewhere.Maybe ask the guys in the Operating Systems forum as it clear that its no longer malware related.
Logged

An Australian Member of

EDDY
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: May 25, 2005, 01:04:58 AM »

mrqlbtalk...
Please post your problem in its own thread,not here.
Logged

An Australian Member of

EDDY
maxlevine
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #8 on: May 26, 2005, 07:49:01 AM »

Very well, Pancake. Thanks a lot for your help.

I'm off to OS forum.

Max
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 29, 2020, 09:30:11 PM