Jump to content

"A program can't display a message on your desktop."


Recommended Posts

Hey I'm new here and I have a problem.

I have vista and I keep getting a message saying "A program can't display a message on your desktop."

Message title: Windows Internet Explorer

Program Path: C:\Windows\system32\IEFRAME.dll

Also I've been noticing that when I close Firefox it doesn't close in the task manager.

I don't know if I've got a virus or what's going on.

Any help would be appreciated.

Link to comment
Share on other sites


You have a service, or an app running as one, that is trying to pop-up a window from the SYSTEM (session 0) desktop to your logged-on

session. By default, this is NOT allowed anymore - it worked in XP/2003/downlevel OSes because in those OSes, you logged into session 0, but not so anymore in Vista / Server 2008.

The fact that it's ieframe.dll in IE trying to do it indicates some app or service running under system is suspicious (most apps use their own windows under their own apps to display windows, so some app using IE is definitely at least suspicious). I'd run autoruns to disable all non-Microsoft items, and perhaps shellexview to disable all non-Microsoft shell extensions, and msconfig to disable non-Microsoft services and see if the problem goes away.

Link to comment
Share on other sites

I've had the same exact problem (with that same file ext.) for about a week now. Dell help suckkkkks. and though I spent hundreds on warranties they won't touch it for free....

I've thought of tons of things it could be (recently had itunes update, vista update, downloaded bittorrent, and used a key gen). I uninstalled bittorrent and several other crappy peer to peer things I rarely used, and have added itunes and realplayer type stuff to my firewall protection in case they were accessing something... I am a novice a techy stuff, but since I'm born into the computer generation, and not totally mentally deficient, I've been googling things and taking some steps others have. I have looked into my services and found what could be a few odd things, but googled them and seems ok.

I downloaded hijack app. and will post my log here as well.

To reiterate and be very specific: I get the Interactive services dialog box-- which asks you to click to view the program... This flips me out of Windows and onto a "different screen" (if you will) which is ALL pop ups (plus the windows dialog (when did dialog drop the -ue at the end?) box to "return to system").

I can sometimes close all the popups at which point sometimes i can switch back, or have to use cntrl+alt+del to get back to windows.

I THOUGHT I fixed this after uninstalling BitTorrent today-- since it didn't come back for hours and hours... Then I restarted (after messing in msconfig, but not changing anything) and they started to come back right when the system rebooted.

I am worried it is a virus- although so many say it's a 'service' error problem.... This problem is common enough that at least 2 people on this site alone have experienced it. Hopefully it's not a virus, or is fixable; I'm not really experiencing any other problems (except my touchpad won't let me scroll down, which stupid dell remote access might have jacked up).

Sorry so long a post, but want to be detailed. PS NOTE the stllvr file near the end... I think this might not be good???? I can't find anything for sure on it by googling. PLUS, I don't know how to fix things if I even know their bad... I'm a quick learner though.

Please help!!! THANKS! :)

HIjackthis log::

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:43:16 AM, on 3/20/2008

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\system32\mmc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Jessica\Documents\Programs\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7186 bytes

Link to comment
Share on other sites

I'm moving this to the proper forum, as this does appear to be potentially malicious (I can't think of a valid app that would have been designed to act this way, but I've been wrong in the past - shoddy programmers do exist :)).

Link to comment
Share on other sites

ok; but I am new and do not know exactly how to track my post in order to review the answers... this question is preliminary to my checking out the site, so forgive me if it's totally obvious, I've yet to examine my options thoroughly. if you're not too busy, could you direct me on that via this post? sorry if i'm being one of those obnoxious folks here..... :(

EDIT: it appears it just "goes" to the new forum. told you i wasn't paying attention... thanks!!!!

Edited by jessicalbustos
Link to comment
Share on other sites

btw:

i've been looking at/examining that file (c:\windows\system32\IEFRAME.dll) by searching it, then right clicking, then properties... one thing i saw was the 'people' with access included ... i cannot for the life of me think of it now--- something like trusted_____ ((something- it's a windows/microsoft thing... but a new weird thing on vista-- read about here actually))..... anyway, all i did there was make myself-- the administrator-- the one who could change permissions (sorry this is so choppy-- i'm very much not familiar with this stuff)....

The IMPORTANT thing I just noticed while examing that file in properties, AND Internet Explorer in properties, is that A) the said .dll file was created on valentines day, Feb 14... B) Internet Explorer says it was created on Oct. 1 (when I got my new computer) and then says "modified" and "accessed" Feb 14...

This can't really be a coincidence, can it??? Something got me then, right??? Am I way off?

I am avoiding sleep to fix this problem... I suck! Might be noted that I NEVER use IE, but always mozilla--- in the event it is even opened it's usually because something else prompted it to (rare... something like ms outlook that i never use or something like that).

hope this gives a little more info...

Link to comment
Share on other sites

I may be wong, but didn't you say your running Vista, yet you have.

O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe

Firstly i've never seen svchost.exe running from anywhere other than system folder, and secondly, Outlook Express isn't on Vista, 3rdly why would a DNS service run from outlook express?

If it was me, thats where i would be looking.

I'm thinking it was designed for XP to hide itself and by calling it Window NET DNS it would be allowed by through firewalls by people, now its on vista its trying to access a .dll and vista is stopping it.

Link to comment
Share on other sites

And after a quick google for Window Net Dns (MyDNS) you get this

http://www.threatexpert.com/report.aspx?ui...a1-246acf70b258

it was from your keygen, and firstly before you do anythign else, at the bottom of the page

* The following port was open in the system:

Port Protocol Process

1039 UDP svchost.exe (%ProgramFiles%\Outlook Express\svchost.exe)

* The following Internet Connection was established:

Server Name Server Port Connect as User Connection Password

cpk.easy78.cn 80 (null) (null)

I would close that up NOW

Link to comment
Share on other sites

First of all, THANKS to all of you so much...

1. I deleted the said files in the hijackthis--- except i couldn't find C:\Windows\system32\SearchFilterHost.exe this in my log (I might have already deleted it after searching on it... I was up late last night.

2. Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe -- THIS will NOT delete/be repaired.

3. I looked at the link to ThreatExpert and that appears to be exactly what has happened, unfortunately. But, I do not know how to fix those problems, if it is possible... I think what I would do is find all those files created and delete them...

Can things just be deleted or will they have to be uninstalled? Is there a certain place I should go to find them/search them and delete them? Other than a windows search or "run"?

Will that work? Is there something less obvious I should be doing?

I"M glad to have met the acquaintances of so many fine computer peeps.

Link to comment
Share on other sites

Yeah, you need to go through the steps of using the list on threatexpert to delete the registry entries and files that were created, also check your firewall settings

to get rid of the service that is running, you might have to stop it first by using task manager, going to process view, then from the view -> select coloum menu, scroll down to command line and tick that box, then you should be able to sort the running processes by where they are executing from, (if you can't see C:\program files\Outlook Express\scvhost.exe in the list, make sure view all processes are running and go through the UAC dialogue. You can then right click on the process and click on end process. This will then allow you to disable it.

I would then advise running an anti-root kit tool aswell as spyware, as the initial problem seams to be this scvhost process which has then silently been downloading and installing other crap on your system which might be hiding. I would remove everything you can then run hijack this again to see if things have re-appeared in the list.

If your unsure on how to do anything just say and i or someone else will give you more detailed help.

Edited by fairyprincess
Link to comment
Share on other sites

I definitely might need more details: currently i've spent hours and hours and hours on it, and need to focus on some other things; what seems funny is that this doesn't really effect performance; just annoying pop ups.

What I have tried:

Was using the file extensions in the threat expert but couldn't find any of it... I searched via my computer and a few other ways... seems like i can't find temporary internet file folders or "local" folders-- i htink vista changes the way one writes them (for example, ms config use to be as written, now on vista it's msconfig (no space.... or at least that's what a friend told me as she tried ot find ms config on my machine).

At any rate, I will come back to this, likley tomorrow morning, as I am swamped the rest of the day, and fortunatelycan still fucntion on my machine... thanks for everything... I'll check back here in the a.m. asap!

:)

Link to comment
Share on other sites

fairy princess, et all:

i'm at a loss. I tried goign back to the threatalert page and couldn't find those directions again. Not to mention when I did try searching for the files, I found nothing, but I think this is due to my lack of tech-savyness.

After messing with various things, most of which were directions from here, the Interactive Services dialogue box would go away; however any time I re-start the system, the box continues to reappear.

The c:\program files\outlook express.svchost.exe will not be repaired/deleted using hijackthis, and I can't find it showing in the task manager or in services. there is another suspicious file: c:\windows\system32\IEFRAME.dll which I do not know what it is and/or what to do with it. The interactive services dialogue box shows it as one of the programs that cannot be accessed by vista, or whatever that s*** means.

I am a poor dumb american with warranties on my dell, but which dell still won't touch other than to restore the whole system. This problem doesn't seem that bad, considering everything functions fine, except that the dialogue box continues to pop up, and I know that this cannot really be a good thing.

I've thought about allowing someone to remote access my computer (like Dell does, but via windows... which I have no clue how to do, really), but am worried about frauds, etc.... Maybe I should cough up the dough (i.e. not pay a bill) to let dell on call handle this?

This is getting beyond my control and scope of knowledge. Plus I got too much homework to do to worry about this!!!

Help if you can.

Link to comment
Share on other sites

BTW: I am the one who put the Microsoft 2003 stuff on here... i thought my system didn't come with a word processor, but i just realized (by looking in my computer disc stuff from this computer) that it had microsoft works 8.0..

So, microsoft outlook 03 is on my computer; but has been since i got it, oct. 07.

Link to comment
Share on other sites

Hi, can you run an administrator cmd.exe (type cmd into the start menu then right click and do run as admin), then type sc query and scroll back up the list till you find the window dns service then run sc delete "SERVICE_NAME" (rather than the display name). if you scroll back and can find the service on the list as its been written over then run sc query > C:\services.txt, then open you c drive and run services.txt, (you can delete it after (note it will have admin rights, dont worry just acept UAC promt)), that should remove it the service properly.

Second thought, you might have to run net stop "SERVICE_NAME" to stop the service befor you delete it, cant remeber though)

After than, simply go to program files directory and delete the complete Outlook express folder as its all not sposed to be there.

Ignore IEFRAM.dll thats supposed to be there.

Just find the link in the post and the go through deleting everything it says has been created as you would with any normal file. (clean out recycling bin to save the space after)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...