Thanks,
Panman
Full Version: Tech support for malfunctioning search feature
HI, I am trying to fix my computer. I thought I was done when all of a sudden, when I try to search via start menu or right click on start button, explorer.exe takes all cpu in taskmanager and I tracked a thread call shdocvw.dll (+0xd4a29) with process explorer that is the culprit. I looked up this dll and it is a windows file? The computer is xp sp3 and this only happens when I search. Also, the taskbar is disabled and all buttons on it as a result? If anyone has any experience with this sort of technical problem, your info will be invaluable. I have run ccleaner, symantec, avg, ad-aware. tI found some instructions on how to setup hijackthis and run in safe mode with hidden files, extentions, and os files SHOWN etc.. I refuse to do a clean reinstall. It's so much better when you solve the problem instead of a desparete last resort lol. Just for some extra info, the last thing I did was use the search function to find a bunch of random .bmp files in the windows folder. I cut and pasted them into another folder for later deletion. Not sure where they all came from but definetily from c:\windows. They were all random .bmp files from past program downloads. On one .bmp file, it said it was "read only, r u sure you want to move?" and I did. Why would that do anything? When I was done, I decided to get rid of all the .log files via the search feature and bam, this problem started. Are thier any HiJackThis log analysts that would be interested in taking a look??? Or, if you have had similar issues and know a fix or a round about troubleshoot, that would be awesome. Wish I was a registry guru but am not. Any help much appreciated.
Thanks,
Panman
Thanks,
Panman
Most .bmp files in the c:\windows are used for the screen saver or desktop wallpaper in Win XP but their are some third party programs you might have installed at one time that put some there also..Yes it would be a good idea to post a highjack this log in our fourm section set up to review them and help people that might be infected.
Is ths alsp your poting in another forum ..
HI, I am fixing a computer for my girls boss. I thought I was done when all of a sudden, when I try to search via start menu or right click on start button, explorer.exe takes all cpu in taskmanager and I tracked a thread call shdocvw.dll+0xd4a29 with process explorer that is the culprit. I looked up this dll and it is a windows file? The computer is xp sp3 and this only happens when I search. Also, the taskbar is disabled and all buttons on it? If anyone has suggestions that would be great.
http://www.chuonthis.com/tips/2006/01/12/e...-cpu-webcpldll/
among other things like hijackers... RealGuide can add extra buttons on the browser that is associated with a C:\WINDOWS\System32\Shdocvw.dll that can get corrupted and that file can also get hijacked by other things that want to attach to tool bars..or the user had download a program or P2P files and got whacked with something that they then could not completely uninstall and send the whole mess into a loop using most of the CPU.
BTW..
If it doesn`t happen in Safe Mode it could be a driver.
Have you updated any recently or added any new hardware? This would be where to start looking.
shdocvw.dll is a library used by Windows applications to add basic file and networking operations.
Bofra.A worm exploits SHDOCVW.DLL flaw. It exploits a vulnerability in certain versions of SHDOCVW.DLL, a Windows operating system file that renders the IFRAME, FRAME, and EMBED HTML tags. ...
In General...
Internet Explorer uses ActiveX controls and Active Document interfaces to connect components. Iexplore.exe is a small program that hosts Shdocvw.dll, which in turn hosts Mshtml.dll. Shdocvw.dll, the WebBrowser Control, supplies the functionality associated with HTML navigation, in-place hyperlinking, Favorites and History management, and PICS support. Many companies, such as America Online, use Shdocvw.dll within their programs to provide Internet browsing. Shdocvw.dll can be found in the C:\Windows\System folder.
Although Shdocvw.dll provides navigation, Favorites, and History functionality, it cannot open, interpret, or render HTML pages. For that functionality, Shdocvw.dll calls on the following components, each of which is needed to create a rich, Internet experience:
• Mshtml.dll renders HTML pages.
• Urlmon.dll provides HTTP connectivity by processing URLs.
• Wininet.dll provides the Internet connection.
• Java VM runs Java applets.
http://www.microsoft.com/technet/archive/i...c.mspx?mfr=true
Is ths alsp your poting in another forum ..
HI, I am fixing a computer for my girls boss. I thought I was done when all of a sudden, when I try to search via start menu or right click on start button, explorer.exe takes all cpu in taskmanager and I tracked a thread call shdocvw.dll+0xd4a29 with process explorer that is the culprit. I looked up this dll and it is a windows file? The computer is xp sp3 and this only happens when I search. Also, the taskbar is disabled and all buttons on it? If anyone has suggestions that would be great.
http://www.chuonthis.com/tips/2006/01/12/e...-cpu-webcpldll/
among other things like hijackers... RealGuide can add extra buttons on the browser that is associated with a C:\WINDOWS\System32\Shdocvw.dll that can get corrupted and that file can also get hijacked by other things that want to attach to tool bars..or the user had download a program or P2P files and got whacked with something that they then could not completely uninstall and send the whole mess into a loop using most of the CPU.
BTW..
If it doesn`t happen in Safe Mode it could be a driver.
Have you updated any recently or added any new hardware? This would be where to start looking.
shdocvw.dll is a library used by Windows applications to add basic file and networking operations.
Bofra.A worm exploits SHDOCVW.DLL flaw. It exploits a vulnerability in certain versions of SHDOCVW.DLL, a Windows operating system file that renders the IFRAME, FRAME, and EMBED HTML tags. ...
In General...
Internet Explorer uses ActiveX controls and Active Document interfaces to connect components. Iexplore.exe is a small program that hosts Shdocvw.dll, which in turn hosts Mshtml.dll. Shdocvw.dll, the WebBrowser Control, supplies the functionality associated with HTML navigation, in-place hyperlinking, Favorites and History management, and PICS support. Many companies, such as America Online, use Shdocvw.dll within their programs to provide Internet browsing. Shdocvw.dll can be found in the C:\Windows\System folder.
Although Shdocvw.dll provides navigation, Favorites, and History functionality, it cannot open, interpret, or render HTML pages. For that functionality, Shdocvw.dll calls on the following components, each of which is needed to create a rich, Internet experience:
• Mshtml.dll renders HTML pages.
• Urlmon.dll provides HTTP connectivity by processing URLs.
• Wininet.dll provides the Internet connection.
• Java VM runs Java applets.
http://www.microsoft.com/technet/archive/i...c.mspx?mfr=true
Another thought comes to mind..a few years back there was a program called web shots.. when installed it would help you down load .bmps and other photos one could use as background and wallpaper..work good most of the time..you have to subscribe to it at times..so some people then unistalled it and did it badly so the darn thing would go into a loop also...
and then there were also people who got whacked and were turned into bot nets after they were infected with a badboy..
http://www.ozzu.com/mswindows-forum/high-c...ing-t35847.html
So post that Hijackthis log in our forum and an expert will help you isolate the problem.
and then there were also people who got whacked and were turned into bot nets after they were infected with a badboy..
http://www.ozzu.com/mswindows-forum/high-c...ing-t35847.html
So post that Hijackthis log in our forum and an expert will help you isolate the problem.
You are so on the money with your theory! This computer had malware attached to AOL which started acting up right after this problem happened! I was able to (hopefully) remove the malware with "malwarebytes" in safemode and have since run spybot which found nada. The AOL malware was a trojan.clicker according to malwarebytes, however after said removal, upon reboot, the same symptoms were present. Ex--Once connected to the internet, AOL home page and sign on screen would popup endlessly, along with the search symptom issue I previously mentioned. Then I uninstalled AOL and at least the homepage loop stopped. But the search feature is still screwed.
No, this does not happen in safe mode! So you are dead on with this. I did update a cdrom driver and it worked for the cdrom. before it would open every cd as if a blank cd. I also did a bunch of other stuff to this pc as far as maintenance and cleanup, but nothing malicious. So my guess is that malware. It was still there when this started happening. Heck, it might still be! I have run every cleaner known to man at this point! Now I just have to mop up the wreckage, with your help of couse:) Thanks bunches for the info.
So is this the correct place to post a hijackthis log? RIGHT HERE>>>?
Thanks,
Panman
QUOTE
If it doesn`t happen in Safe Mode it could be a driver.
Have you updated any recently or added any new hardware? This would be where to start looking.
Have you updated any recently or added any new hardware? This would be where to start looking.
No, this does not happen in safe mode! So you are dead on with this. I did update a cdrom driver and it worked for the cdrom. before it would open every cd as if a blank cd. I also did a bunch of other stuff to this pc as far as maintenance and cleanup, but nothing malicious. So my guess is that malware. It was still there when this started happening. Heck, it might still be! I have run every cleaner known to man at this point! Now I just have to mop up the wreckage, with your help of couse:) Thanks bunches for the info.
QUOTE
Yes it would be a good idea to post a highjack this log in our fourm section set up
So is this the correct place to post a hijackthis log? RIGHT HERE>>>?
Thanks,
Panman
....
No.... there... like I adviced you days ago...
Regards
BU
QUOTE
So is this the correct place to post a hijackthis log? RIGHT HERE>>>?
No.... there... like I adviced you days ago...
Regards
BU
Ok , the logs have been posted as instructed in the guidelines 
http://gladiator-antivirus.com/forum/index...mp;#entry224788
http://gladiator-antivirus.com/forum/index...mp;#entry224788
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.