Missing Shell.dll file + messenger pop-up ads, HSA and a couple trojans-please help-

Not open for further replies.
Hi everyone! This is my first post, but I need some major help. First, I'm trying to install a program and it fails to find shell.dll. But I know I have it and the should not be corrupt. (I have reinstalled them since the problem started) So that's my #1 prob. Then I've got those really annoying messenger service pop-ups- hopefully that's just an update I'm missing... then, I also had a couple trojans that wreaked havoc on my .dlls, but I may have gotten rid of it. Anyway, here's the real info. Any recommendations?



Posts: 6,452   +3

Welcome to TechSpot
Go here first and do exactly what it says:

Then reboot in Safe Mode and run HJT standalone and let it "fix":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\rlriv.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {83EB6065-85E2-7595-DFD5-A093986B0410} - C:\WINNT\system32\sdkkb.dll

O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [netcx.exe] C:\WINNT\system32\netcx.exe
O4 - HKLM\..\Run: [NwhA0O] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O4 - HKLM\..\Run: [NwhA0O.exe] C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp\NwhA0O.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://www.xpehbam.biz/be//T.CHM::/load.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\addsj.exe (file missing)

When finished, still in Safe Mode, delete the following:
Everything in, including the directory itself: C:\PROGRA~1\DESKMA~1
Clean out everything in: C:\documents and settings\administrator.vewx2x0royk13en\local settings\temp
C:\WINNT\addsj.exe (if still around)
C:\foo.mht (or whatever it is called there)
  • Thread Starter Thread Starter
  • #3
How does this look?

I'm sure this is much better, but I think I still have my shell.dll prob...

thankyou for the help with everything else, now I don't feel so dirty! But this program will not install. The setup page background shows up and a little box with "cannot find SHELL.DLL" pops up twice, then it says internal error. Any suggestions?
  • Thread Starter Thread Starter
  • #5
Missing Shell.dll

OKay, sorry I missed those. I'll do all that and get back to ya in a few. Thanks again! Oh, and do you know anything about the "messenger service buffer" that keeps giving me these extremely annoying pop-ups?

OKay, I did everything and my pc is running great. I replaced my shell.dll files, but the program still says the same thing. One difference I see it that the error message I'm getting says SHELL.DLL in all caps. Is there a difference?


Posts: 6,452   +3
In Safe Mode, uninstall anything to do with these:
C:\Program Files\PC MightyMax\pcmm.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
Then delete C:\Program Files\PC MightyMax with everything in it.

Then (still in safe mode) let HJT "fix" this resource-hogger (you don't need it):
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

What program do you want to install that needs shell.dll or SHELL.DLL?
As long as theye are the official MS-versions, there is no difference between small and CAPITAL named files.

You need to give specific information on those messenger-popups.
I never use any of those programs, so have not even a clue what you are talking about, but someone else might.


Posts: 89   +0
It sounds like you are talking about the built in messenger service. This isn't really an essential service if you aren't on a domain. It's for client/server net sends and alert messages.

Although there is more than likely a program or virus that is causing the messenger windows to pop up, you can stop them by stopping the messenger service.
  • Thread Starter Thread Starter
  • #8
shell.dll issue and messenger

thanks for the advice, guys. I found out that the problem was my RPC was disabled, so it couldn't find the file- even though it was there. SO fixed that and the messenger thing too. Yes, it was the windows messenger and I just disabled that. I'm going to do a little more work with HJT, please let me know if you see anything else I need to fix. Thanks again very much!!

I dont use symantec or Nero can I "fix" those too? And what about the PCTEL, I don't use that either. Are these safe to "fix"?


Posts: 6,452   +3
Symantec, Nero and PCTel are services, you have to stop and disable them first.
PCTel is part of your modem-software. See if you can uninstall it first, if you don't have a modem inside anymore.
Otherwise "fix" them and then delete.

I noticed you did not "immunise" your system with Spybot. You should really do that.
  • Thread Starter Thread Starter
  • #10
immunized now

oh, yea, forgot to do that, thanks! OK I disabled PCTel and Symantec, but I could not find nero, so I will boot in safe mode and fix those with hjt.
Not open for further replies.