Hi everyone! This is my first post, but I need some major help. First, I'm trying to install a program and it fails to find shell.dll. But I know I have it and the should not be corrupt. (I have reinstalled them since the problem started) So that's my #1 prob. Then I've got those really annoying messenger service pop-ups- hopefully that's just an update I'm missing... then, I also had a couple trojans that wreaked havoc on my .dlls, but I may have gotten rid of it. Anyway, here's the real info. Any recommendations?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Missing Shell.dll file + messenger pop-up ads, HSA and a couple trojans-please help-
- Thread starter INtuition21
- Start date
- Status
- Not open for further replies.
RealBlackStuff
Posts: 6,450 +3
Intuition21
Welcome to TechSpot
Go here first and do exactly what it says:
https://www.techspot.com/vb/topic17297.html
Then reboot in Safe Mode and run HJT standalone and let it "fix":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {83EB6065-85E2-7595-DFD5-A093986B0410} - C:\WINNT\system32\sdkkb.dll
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [netcx.exe] C:\WINNT\system32\netcx.exe
O4 - HKLM\..\Run: [NwhA0O] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O4 - HKLM\..\Run: [NwhA0O.exe] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://www.xpehbam.biz/be//T.CHM::/load.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\addsj.exe (file missing)
When finished, still in Safe Mode, delete the following:
C:\WINNT\rlriv.dll
C:\WINNT\system32\sdkkb.dll
Everything in, including the directory itself: C:\PROGRA~1\DESKMA~1
C:\WINNT\system32\netcx.exe
Clean out everything in: C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp
C:\WINNT\addsj.exe (if still around)
C:\foo.mht (or whatever it is called there)
Welcome to TechSpot
Go here first and do exactly what it says:
https://www.techspot.com/vb/topic17297.html
Then reboot in Safe Mode and run HJT standalone and let it "fix":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {83EB6065-85E2-7595-DFD5-A093986B0410} - C:\WINNT\system32\sdkkb.dll
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [netcx.exe] C:\WINNT\system32\netcx.exe
O4 - HKLM\..\Run: [NwhA0O] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O4 - HKLM\..\Run: [NwhA0O.exe] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://www.xpehbam.biz/be//T.CHM::/load.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\addsj.exe (file missing)
When finished, still in Safe Mode, delete the following:
C:\WINNT\rlriv.dll
C:\WINNT\system32\sdkkb.dll
Everything in, including the directory itself: C:\PROGRA~1\DESKMA~1
C:\WINNT\system32\netcx.exe
Clean out everything in: C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp
C:\WINNT\addsj.exe (if still around)
C:\foo.mht (or whatever it is called there)
How does this look?
I'm sure this is much better, but I think I still have my shell.dll prob...
thankyou for the help with everything else, now I don't feel so dirty! But this program will not install. The setup page background shows up and a little box with "cannot find SHELL.DLL" pops up twice, then it says internal error. Any suggestions?
I'm sure this is much better, but I think I still have my shell.dll prob...
thankyou for the help with everything else, now I don't feel so dirty! But this program will not install. The setup page background shows up and a little box with "cannot find SHELL.DLL" pops up twice, then it says internal error. Any suggestions?
RealBlackStuff
Posts: 6,450 +3
I told you to let HJT "fix" these:
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
In principle, you do not trust ANYTHING!
Download this file shell.dll http://www.dll-files.com/dllindex/dll-files.shtml?shell
Boot again into safe mode and copy it to both
c:\windows\system
and
c:\windows\system32
Then do a FULL antivirus-scan.
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
In principle, you do not trust ANYTHING!
Download this file shell.dll http://www.dll-files.com/dllindex/dll-files.shtml?shell
Boot again into safe mode and copy it to both
c:\windows\system
and
c:\windows\system32
Then do a FULL antivirus-scan.
Missing Shell.dll
OKay, sorry I missed those. I'll do all that and get back to ya in a few. Thanks again! Oh, and do you know anything about the "messenger service buffer" that keeps giving me these extremely annoying pop-ups?
OKay, I did everything and my pc is running great. I replaced my shell.dll files, but the program still says the same thing. One difference I see it that the error message I'm getting says SHELL.DLL in all caps. Is there a difference?
OKay, sorry I missed those. I'll do all that and get back to ya in a few. Thanks again! Oh, and do you know anything about the "messenger service buffer" that keeps giving me these extremely annoying pop-ups?
OKay, I did everything and my pc is running great. I replaced my shell.dll files, but the program still says the same thing. One difference I see it that the error message I'm getting says SHELL.DLL in all caps. Is there a difference?
RealBlackStuff
Posts: 6,450 +3
In Safe Mode, uninstall anything to do with these:
C:\Program Files\PC MightyMax\pcmm.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
Then delete C:\Program Files\PC MightyMax with everything in it.
Then (still in safe mode) let HJT "fix" this resource-hogger (you don't need it):
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
What program do you want to install that needs shell.dll or SHELL.DLL?
As long as theye are the official MS-versions, there is no difference between small and CAPITAL named files.
You need to give specific information on those messenger-popups.
I never use any of those programs, so have not even a clue what you are talking about, but someone else might.
C:\Program Files\PC MightyMax\pcmm.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
Then delete C:\Program Files\PC MightyMax with everything in it.
Then (still in safe mode) let HJT "fix" this resource-hogger (you don't need it):
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
What program do you want to install that needs shell.dll or SHELL.DLL?
As long as theye are the official MS-versions, there is no difference between small and CAPITAL named files.
You need to give specific information on those messenger-popups.
I never use any of those programs, so have not even a clue what you are talking about, but someone else might.
It sounds like you are talking about the built in messenger service. This isn't really an essential service if you aren't on a domain. It's for client/server net sends and alert messages.
Although there is more than likely a program or virus that is causing the messenger windows to pop up, you can stop them by stopping the messenger service.
Although there is more than likely a program or virus that is causing the messenger windows to pop up, you can stop them by stopping the messenger service.
shell.dll issue and messenger
thanks for the advice, guys. I found out that the problem was my RPC was disabled, so it couldn't find the file- even though it was there. SO fixed that and the messenger thing too. Yes, it was the windows messenger and I just disabled that. I'm going to do a little more work with HJT, please let me know if you see anything else I need to fix. Thanks again very much!!
I dont use symantec or Nero can I "fix" those too? And what about the PCTEL, I don't use that either. Are these safe to "fix"?
thanks for the advice, guys. I found out that the problem was my RPC was disabled, so it couldn't find the file- even though it was there. SO fixed that and the messenger thing too. Yes, it was the windows messenger and I just disabled that. I'm going to do a little more work with HJT, please let me know if you see anything else I need to fix. Thanks again very much!!
I dont use symantec or Nero can I "fix" those too? And what about the PCTEL, I don't use that either. Are these safe to "fix"?
RealBlackStuff
Posts: 6,450 +3
Symantec, Nero and PCTel are services, you have to stop and disable them first.
PCTel is part of your modem-software. See if you can uninstall it first, if you don't have a modem inside anymore.
Otherwise "fix" them and then delete.
I noticed you did not "immunise" your system with Spybot. You should really do that.
PCTel is part of your modem-software. See if you can uninstall it first, if you don't have a modem inside anymore.
Otherwise "fix" them and then delete.
I noticed you did not "immunise" your system with Spybot. You should really do that.
immunized now
oh, yea, forgot to do that, thanks! OK I disabled PCTel and Symantec, but I could not find nero, so I will boot in safe mode and fix those with hjt.
oh, yea, forgot to do that, thanks! OK I disabled PCTel and Symantec, but I could not find nero, so I will boot in safe mode and fix those with hjt.
RealBlackStuff
Posts: 6,450 +3
- Status
- Not open for further replies.
Similar threads
- Replies
- 37
- Views
- 7K
- Replies
- 4
- Views
- 3K
Latest posts
-
Apple is rolling out AirPlay support for TVs in hotel rooms
- Cal Jeffrey replied
-
Logitech thinks the computer mouse needs an AI upgrade
- EdmondRC replied
-
Fallout TV show secures second season after stellar debut- midian182 replied
-
The Best Phones: Top Picks for Every Price Range
- Ashford replied
-
Microsoft Xbox credit card is out of beta, available to all US residents
- DragonSlayer101 replied
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.