TechSpot

Missing Shell.dll file + messenger pop-up ads, HSA and a couple trojans-please help-

By INtuition21
Dec 21, 2004
Topic Status:
Not open for further replies.
  1. Hi everyone! This is my first post, but I need some major help. First, I'm trying to install a program and it fails to find shell.dll. But I know I have it and the should not be corrupt. (I have reinstalled them since the problem started) So that's my #1 prob. Then I've got those really annoying messenger service pop-ups- hopefully that's just an update I'm missing... then, I also had a couple trojans that wreaked havoc on my .dlls, but I may have gotten rid of it. Anyway, here's the real info. Any recommendations?

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Intuition21

    Welcome to TechSpot
    Go here first and do exactly what it says:
    http://www.techspot.com/vb/topic17297.html

    Then reboot in Safe Mode and run HJT standalone and let it "fix":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {83EB6065-85E2-7595-DFD5-A093986B0410} - C:\WINNT\system32\sdkkb.dll

    O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
    O4 - HKLM\..\Run: [netcx.exe] C:\WINNT\system32\netcx.exe
    O4 - HKLM\..\Run: [NwhA0O] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
    O4 - HKLM\..\Run: [NwhA0O.exe] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://www.xpehbam.biz/be//T.CHM::/load.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\addsj.exe (file missing)

    When finished, still in Safe Mode, delete the following:
    C:\WINNT\rlriv.dll
    C:\WINNT\system32\sdkkb.dll
    Everything in, including the directory itself: C:\PROGRA~1\DESKMA~1
    C:\WINNT\system32\netcx.exe
    Clean out everything in: C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp
    C:\WINNT\addsj.exe (if still around)
    C:\foo.mht (or whatever it is called there)
  3. INtuition21

    INtuition21 TS Rookie Topic Starter

    How does this look?

    I'm sure this is much better, but I think I still have my shell.dll prob...

    thankyou for the help with everything else, now I don't feel so dirty! But this program will not install. The setup page background shows up and a little box with "cannot find SHELL.DLL" pops up twice, then it says internal error. Any suggestions?
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    I told you to let HJT "fix" these:
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)

    In principle, you do not trust ANYTHING!

    Download this file shell.dll http://www.dll-files.com/dllindex/dll-files.shtml?shell
    Boot again into safe mode and copy it to both
    c:\windows\system
    and
    c:\windows\system32

    Then do a FULL antivirus-scan.
  5. INtuition21

    INtuition21 TS Rookie Topic Starter

    Missing Shell.dll

    OKay, sorry I missed those. I'll do all that and get back to ya in a few. Thanks again! Oh, and do you know anything about the "messenger service buffer" that keeps giving me these extremely annoying pop-ups?

    OKay, I did everything and my pc is running great. I replaced my shell.dll files, but the program still says the same thing. One difference I see it that the error message I'm getting says SHELL.DLL in all caps. Is there a difference?
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    In Safe Mode, uninstall anything to do with these:
    C:\Program Files\PC MightyMax\pcmm.exe
    O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
    Then delete C:\Program Files\PC MightyMax with everything in it.

    Then (still in safe mode) let HJT "fix" this resource-hogger (you don't need it):
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    What program do you want to install that needs shell.dll or SHELL.DLL?
    As long as theye are the official MS-versions, there is no difference between small and CAPITAL named files.

    You need to give specific information on those messenger-popups.
    I never use any of those programs, so have not even a clue what you are talking about, but someone else might.
  7. HoopaJoop

    HoopaJoop TS Rookie Posts: 202

    It sounds like you are talking about the built in messenger service. This isn't really an essential service if you aren't on a domain. It's for client/server net sends and alert messages.

    Although there is more than likely a program or virus that is causing the messenger windows to pop up, you can stop them by stopping the messenger service.
  8. INtuition21

    INtuition21 TS Rookie Topic Starter

    shell.dll issue and messenger

    thanks for the advice, guys. I found out that the problem was my RPC was disabled, so it couldn't find the file- even though it was there. SO fixed that and the messenger thing too. Yes, it was the windows messenger and I just disabled that. I'm going to do a little more work with HJT, please let me know if you see anything else I need to fix. Thanks again very much!!

    I dont use symantec or Nero can I "fix" those too? And what about the PCTEL, I don't use that either. Are these safe to "fix"?
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Symantec, Nero and PCTel are services, you have to stop and disable them first.
    PCTel is part of your modem-software. See if you can uninstall it first, if you don't have a modem inside anymore.
    Otherwise "fix" them and then delete.

    I noticed you did not "immunise" your system with Spybot. You should really do that.
  10. INtuition21

    INtuition21 TS Rookie Topic Starter

    immunized now

    oh, yea, forgot to do that, thanks! OK I disabled PCTel and Symantec, but I could not find nero, so I will boot in safe mode and fix those with hjt.
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Verdict: clean
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.