Hi,

I have the problem of able to log on using dial in connection but unable to browse in internet explore 6.0. The message that shows in the title area of the browser screen:
*******************************************
res://c:\windows\system32\shdoclc.dll/dnserror.htm
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.[/COLOR]Cannot find server or DNS Error
Internet Explorer
********************************************
I read other threads posted and tried the suggested (below)but still not able to access the internet.
1. Deleted all folders and files in the following Temp folders.
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\

2. Did a full Trojan-Hunter scan. Found one file in Recycle bin infected and fixed it.

3. Then run Symantec, Sypbot (1.3) and Ad-Aware (SE Personal 1.06r1). Removed 4 critical & 11 negligible files found by Ad-Aware

4. Restarted the computer in safe mode and run CWShredder. Removed file c:\Windows\erase_SR.exe

5. Did the HJT scan, below is the HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 10:22:59 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Systmesy] Systmesy.exe
O4 - HKLM\..\Run: [Dynamic DLL Injection] dyntopat32.exe
O4 - HKLM\..\Run: [Adobe Acrobat Reader CFG] mnaetwrplj.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Dynamic DLL Injection] dyntopat32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bit Torrent (Bt) - Unknown owner - C:\WINDOWS\system.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

6. Because I am not able to access internet, I was not able to run the Trend Micro’s housecall online scan program.

7. On Window Firewall exception tab, add an entry for Internet Explorer

8. Delete Temporary Internet files and all offline content again

9. Install and run CCleaner and cleaned the following

10. Reboot the system.

11 . Did Spynot & Ad-Aware can again, removed 1 critical file detected by Ad-Aware, still not able to access internet.

Any help would be greatly appreciated!

Below is my system configuration:
Windows XP Pro
IE 6.0 with sp2
Compaq P3 1.5 GHz

Best Regards,
r3n3310h

Any suggestion? PLEASE HELP.....

my guess is some setting is messed up in internet explorer...try resetting them all back to defaults...you are on dial up? Who do you use? Also, try clearing your dns ...To clear your cache, type in the following in the command prompt (hit start then run) then ipconfig /flushdns and then enter. Does this help?

I forgot to ask...can you browse with firefox? This tell us a lot thanks!

I am using Proxy:mystarhub.com.sg. Port:8080.

Tried cleaning the dns. Run ipconfig /flushdns command, system return message "Window IP configuration". Still not able to browse web, include firefox.

well i think you may have answered this one yourself...dont use the proxy! It may not be letting you in...just go with no proxy...there is no reason to go through a proxy anyways if you arent doing illegal or bad...especially if your on dial up. Doesnt it make your internet go slow? ...But anyways to fix it set your computers internet connections to auto settings and remove the proxy and it should work for you.
Hope this helps!

Hi, I have changed the internet connection to automatically detect settings and removed the proxy. But still doesn't work. PLEASE HELP.

These entries have been positively identified as malicious programs. In the HijackThis program, place a check mark next to the following entries.

R3 - Default URLSearchHook is missing
(Description: This will fix the search mechanism in IE.)

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
(Description: Added as a result of the DONK.B or DONK.C or DONK.L or DONK.M or DONK.O VIRUSES! )

O4 - HKLM\..\Run: [Systmesy] Systmesy.exe
(Description: Added as result of a W32/Rbot-KQ WORM! infection )

Suspicious

Suspicious entries have been found in your log. They might be spyware/malware. We advise that you follow all of the directions on this page, and then re-run HijackThis. If you are still seeing this "Suspicious" section, you should go to the Spyware Help section of our site and post your log in a new topic so that our experts can analyze it personally.

Suggestions

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

1) Press the "Fix checked" button. Then close HijackThis.

2) Then reboot your computer.

3) Delete the file Syslog32.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\

4) Delete the file Systmesy.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\

5) Empty your recycle bin.

6) Run Windows Update and install all critical updates.

7) Make sure your anti-virus program is up to date with the latest patches. If you do not have an anti-virus program, download and install AVG Personal Edition Anti-Virus, which is free.

8) Reboot one last time.

9) Some suspicious entries have been found in your log. The next step is to run HijackThis again and create another log file.

Hi, I did all you have suggested. Still unable to browse any website. Below is my new hijack log. PLEASE ADVISE.

Logfile of HijackThis v1.99.1
Scan saved at 8:46:34 PM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mystarhub.com.sg:8080
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Dynamic DLL Injection] dyntopat32.exe
O4 - HKLM\..\Run: [Adobe Acrobat Reader CFG] mnaetwrplj.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Dynamic DLL Injection] dyntopat32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bit Torrent (Bt) - Unknown owner - C:\WINDOWS\system.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

Try restoring your Winsock stack as it may be corrupt. Go to Start>> Run. Type in: netsh winsock reset [Enter]
Then reboot.


Or go here, and download the winsockxpfix.exe: http://www.cpaz.net/downloads.aspx