i went on mscracks.com and find after problem of connection i have the following message:
://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm

i tried with hijackthis and getthe following log file:
Logfile of HijackThis v1.99.1
Scan saved at 12:31:46 PM, on 7/29/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\MICROS~1\MSSQL$EPROCESSHP\binn\sqlserv r.exe
C:\Program Files\Network Associates\MSSQL\Binn\sqlservr.exe
C:\Program Files\RBSServ\RBSPaymentd.exe
C:\Program Files\RBSServ\Webserver\Service\RBSAdmin.exe
C:\Program Files\RBSServ\Webserver\Service\RBSNewUsr.exe
C:\Program Files\RBSServ\Webserver\Service\RBSUser.exe
C:\Program Files\Network Associates\ePO\3.5.0\tomcat\bin\tomcat.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\MICROS~1\MSSQL$EPROCESSHP\binn\sqlagen t.exe
C:\Program Files\Network Associates\MSSQL\Binn\sqlagent.EXE
D:\SUS\wusync\WUSyncSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\Agnitum\Tauscan 1.7\taumon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\dplaysvr.exe
C:\Documents and Settings\Administrator\Desktop\hijack\HijackThis.e xe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.200.1.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SXBandMaster Catcher - {628CD0A4-60A0-47C8-838F-86318CCEFB9B} - C:\PROGRA~1\SXBandMaster\SXCatcher-0929.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download &All using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch1.htm
O8 - Extra context menu item: Download the &current page using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch3.htm
O8 - Extra context menu item: Download the current &site using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch6.htm
O8 - Extra context menu item: Download the current fol&der using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch5.htm
O8 - Extra context menu item: Download the linked &file using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch2.htm
O8 - Extra context menu item: Download the linked &page using SXBandMaster - C:\Program Files\SXBandMaster\data\system\sxbmcatch4.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rockstar.messenger.msn.com/rockstar.cab
O17 - HKLM\Software\..\Telephony: DomainName = ecobank.group
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EE99C70-444C-4012-B0DB-EE6C6109EE79}: NameServer = 206.82.130.195,212.52.155.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BF0C01C-A147-48E1-AF97-8BABF032FA40}: NameServer = 206.82.130.195,216.250.213.147,212.52.155.66,198.6 .1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F8499F-5896-4767-8576-046DE373A823}: NameServer = 206.82.130.195,212.52.155.66
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee ePolicy Orchestrator 3.5.0 Event Parser (EVENTPARSER350) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.5.0\EVENTPARSER.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee ePolicy Orchestrator 3.5.0 Server (NAIMSERV350) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.5.0\NAIMSERV.EXE
O23 - Service: Alepo RBS Payment Daemon (RBSPaymentd) - Alepo Technologies - C:\Program Files\RBSServ\RBSPaymentd.exe
O23 - Service: Alepo RBS Server (RBSServer) - Alepo - C:\Program Files\RBSServ\RBSServ.exe
O23 - Service: Alepo RBS Admin (RBSWebAdmin) - Alepo Technologies - C:\Program Files\RBSServ\Webserver\Service\RBSAdmin.exe
O23 - Service: Alepo RBS Web Registration (RBSWebNewUser) - Alepo - C:\Program Files\RBSServ\Webserver\Service\RBSNewUsr.exe
O23 - Service: Alepo RBS Web Self Care (RBSWebUser) - Alepo - C:\Program Files\RBSServ\Webserver\Service\RBSUser.exe
O23 - Service: McAfee ePolicy Orchestrator 3.5.0 Discovery & Notification services (RSDSERVER) - Alexandria Software Consulting - C:\Program Files\Network Associates\ePO\3.5.0\tomcat\bin\tomcat.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

thanks for help

What is the program SXBandMaster

Do you know what it is? Do you know if its Safe?

Before I tell you to delete it I want to make sure what it is. I never seen it before.


http://forums.designtechnica.com/showthread.php?t=5583

Download The Stand Alone Version of CW Shredder,Spybot, AdAware, (Links Above)

You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)

Open up Hijack This and Place a check next to each of these and click Fix Checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.200.1.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;<local>
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)


Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot,delete what they find , Empty recycle bin.

Plug the internet back in and Reboot to normal mode and post a new log..........Jim

the method that you give me don't work now the pc is rebooting by himself and i have the blue page error of windows

Can You post a new HijackThis Log, thanks.........Jim