Internet Explorer 7 Startup Error Message


Recommended Posts

Hello

After having some problems with malware, which i resolved with help from a best techie malware removal staff member, i am left with a strange error message when i start up Internet Explorer. Specifically:

"Cannot find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}'. Make sure the path or internet address is correct."

After i click "Ok" Internet Explorer starts up as normal and seems to work fine.

Not a particuarly bad problem, nonetheless one i would like to fix if possible.

I thought prahaps the best thing to do would be to un-install and re-install IE 7 and hope that worked, but since i am running Vista it seems this is impossible?

Another interesting thing is that if i start IE with the Right-Click function "Start without Add-ons" I don't get the message.

This is the link to the post i created in the Malware Removal section to deal with the problems that started all this:

http://www.besttechie.net/forums/index.php...mp;#entry106645

Any help is greatly appriciated!

Thankyou

Link to post
Share on other sites

Open up IE. On the top tool bar and click on "Tools".

Choose "Manage Add-ons" > "Enable or Disable Add-ons". Choose "Add-ons currently Loaded in IE". Go through the list and disable one at a time, restart IE until the problem stops. (you can re-enable each one after each test). When you find the problem add-on, you might be able to reinstall the program associated with the said add-on.

Seems the melware has messed with a registry file associated with a program that uses add-ons with IE.

Link to post
Share on other sites

Weird....There are only 2 add-ons listed as Enabled under "Add-ons Currently Loaded in IE" Adobe PDF reader and Sun Java console. I disabled both and restarted IE and i still get the error message.

There is an add on listed there "IE Anti-Spyware" that i believe is assosiated with the Malware i removed, 2 programs called IE Saftey Features and IE custom tools, i remember one of the things they did was to open a pop-up about spyware removal tools. Anyway the add-on is said to be Disabled. I tried making it Enabled to see what would happen, but i still get the same error.

Link to post
Share on other sites

Okay, another wierd thing. I have just discovered that if i run IE from my desktop via a shortcut then i dont get the error message. I tried to make a new shortcut on the start menu list where i would normaly open IE from but that dosnt work.

Make my problem any easier? :wacko:

Link to post
Share on other sites

Sound like the melware is corrupting a path.

How were you making the short cut? You say a desktop icon for IE works OK. Did you drag and drop the icon into the start menu. Or are you creating a path to it. using the "Shortcut" command in the desktop r-click menu.

Link to post
Share on other sites

I am pretty sure this is the info tip / tool tip clsid (Although it may be one of those systray icons ).

It is telling IE to show a tool tip which would have popped up when you open IE, but since you removed the malware which put it there the tooltip is not present but the call for it is.

Basically it was added there to take advantage of the fact that windows executes instructions located in shell entries in the registry (amongst other places), so by putting an entry there, the nasty it referenced would autorun with windows thinking it had just run a tooltip balloon.

http://www.theeldergeek.com/tool_tip_displays.htm

[start] [Run] [Regedit]

Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Data Type: REG_DWORD [Dword Value] // Value Name: ShowInfoTip

Modify/Create the Value Name [showInfoTip] according to the Value Data listed below.

Value Data: [0 - ShowInfoTip Disabled / 1 - ShowInfoTip Enabled]

Exit Registry and Reboot

See if it is present there.

I think that this is the most likely entry to cause the problem you are having

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

My suggestion here is to go to start/ run and type regedit.

Locate this entry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

Right click on the folder "approved" on the left side and choose export.

Name it something you will remember Like ErrorBackup.reg and save it where you can find it.

On the right side locate the entry

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

Right click and choose delete

Close regedit and restart computer and launch IE.

If this solves it, you can delete the file ErrorBackup.reg

(note if you it causes any problem, you can just double click the errorbackup.reg file to reinstall the entry. So you may want to wait until everything is finished before deleting this )

I would say these may the source of your problem as they are located where smitfraud/virusprotect (mattsearch.dll) puts its entries.

But the weird font makes it hard to positively identify them.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

; Contents of value:

; Üâ€ÂwÃŒ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,dc,94,07,77,cc,a0,c7,01

; Contents of value:

; Å“WwÌ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,9c,57,0c,77,cc,a0,c7,01

; Contents of value:

; àó‹YªÇ

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,e0,f3,8b,59,0f,aa,c7,01

I would be tempted to export the folder

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

and then delete them to see what they do if they remain after you run the smitfraud removal tool.

But first I think you should check the event viewer and see if there is a log associated with this error and see if it contains any information which could enlighten us.

Clarify , you did not have this error before you removed the malware (Trojan Fakealert or Virusprotect Win32.BHO); Backdoor.Bifrose.E., Trojan Zlob,

I am wondering if they should have had you run the smitfraud fix and virusprotect fix; I would have based on the mattsearch.dll entry and ZLOB .

http://www.bleepingcomputer.com/forums/topic98219.html

References to have the malware expert review and see if they concur

http://www.castlecops.com/tk38412-e404_v1_...ndsite_dll.html

http://spyware-free.us/files/7-3-06/smitfraud-registry.html

http://www.bleepingcomputer.com/forums/topic98219.html

Edited by Pete_C
Link to post
Share on other sites

Since they say they finished the malware removal , I will see what I see.

Reviewing your log I am not sure they did all the needed removal for trojan ZLOB, (I will look into that and get back)

I will look into that later but you also have an outdated version of Java Runtime Environment.

C:\Program Files\Java\jre1.5.0_11

Please go to add/ remove programs in the control panel and uninstall all versions of Java Runtime Environment .

When you have them all gone , restart your computer and go to

http://www.java.com/en/download/manual.jsp

And get JRE 1.6.0_3

C:/Windows/NECCUST/OWR/OWR_EN.HTM

Is this your chosen start page? Did you create it??

O4 - HKLM\..\RunOnce: [installShieldSetup] C:\PROGRA~1\INSTAL~1\{BEEFC~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{BEEFC~1\reboot.ini -l0x9

Okay, do you remember installing anything starting with BEEFC ?

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

These two are definitely identified as smitfraud infection.

http://www.castlecops.com/o9list-282.html

Your analyst was remiss in not instructing you to run the proper smitfraud removal tool since it appears that the infection was only partially removed. These entries should also have been removed.

So, run the smitfraud fix and virusprotect fix found here and post the logs

http://www.bleepingcomputer.com/forums/topic98219.html

Then run hijackthis, with all other windows closed, choose scan only and put a check by these entries and choose fix.

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)

Were these dealt with?

C:\Windows\System32\temp.000

Adware.CashDeluxe.Process http://www.superadblocker.com/definition/temp/

This folder C:\temp

Did you create it? Or something else? What is in there?

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}]

2007-12-16 18:01 12800 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{90222687-F593-4738-B738-FBEE9C7B26DF} *Smitfraud* entry, definitely should have run smitfraudfix*

{F2BADA0D-FD61-45EF-A994-64A073FD6613} *Smitfraud* entry, definitely should have run smitfraudfix*

[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}] *Smitfraud* entry, definitely should have run smitfraudfix*

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-12-16 18:01 74752]

[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]

*Is E: an optical or hard drive??*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cb7afee-e74f-11db-8600-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

*Backdoor.Bifrose Trojan.Agent.gen*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8482a04-4656-11dc-828e-0040d0a94343}]

\shell\Auto\command - F:\Cn911.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exe

http://www.symantec.com/security_response/...-99&tabid=3

contains the removal instructions.

note the need to do some registry cleanup on non detected components

Link to post
Share on other sites

Okay, first thing:

I think the shortcut on my desktop was there from the start, probably from vista was installed onto the computer, although im not sure.

The link in my start menu is automatically created because i have set it as my browser in the start menu and taskbar properties options. It appears as one of the quick launch items in the list when i first click the start button (ie not listed under the "all programs" list).

Answering a few of Pete's questions.

The problem only started after the malware had been removed.

The webpage that you mentioned is the default when i purchased the laptop. It is a site asking for registration of the NEC product and then a thankyou for registering, my current hompage is just a blank page.

I don't speficicaly remember installing something called BEEFC, but if it was run through Install shield Setup like most other install files i can probably say i knew what it was at the time.

I still have the temp.000 at that location, I will complete another virus scan with norton and spyware with adaware and see if they pick it up.

The C:\temp has 2 small notepad files in it to do with GPGnet (Gas Powered Games Net) the online multiplayer program for Supreme Commander that i have on my computer.

E:\ Is my DVD RW optical drive.

I have also just updated my Java as per your advice :)

Just going to finish these scans and I will post the new log reports.

I also had a look through the Event logs, i couldnt find anything to do with the problem, but there is a big possibility i missed something, i have never used Event Viewer before and i have no idea how to use it properly.

Think thats it for now new post with the logs soon

BTW thanks for all the help :thumbsup:

Edited by Takitoes
Link to post
Share on other sites

Okay, I completed Norton and Ad-aware Scan's, restarted in safe mode and completed the smitfraud fix and HijackThis scan. Unfortunatly this dosnt seem to have changed th problem. Here are the logs anyway

SmitFraud -----

SmitFraudFix v2.274

Scan done at 23:13:27,71, 2008-01-21

Run from C:\Users\User\Desktop\SmitfraudFix

OS: Microsoft Windows [Version 6.0.6000] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer=213.241.79.37 83.238.255.76

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HijackThis--------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:16:29, on 2008-01-21

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Safe mode

Running processes:

C:\Windows\explorer.exe

C:\Users\User\HJT\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\Users\User\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6924 bytes

I also tried one of the first things you mentioned

I think that this is the most likely entry to cause the problem you are having

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

My suggestion here is to go to start/ run and type regedit.

Locate this entry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

Right click on the folder "approved" on the left side and choose export.

Name it something you will remember Like ErrorBackup.reg and save it where you can find it.

On the right side locate the entry

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

Right click and choose delete

Close regedit and restart computer and launch IE.

If this solves it, you can delete the file ErrorBackup.reg

(note if you it causes any problem, you can just double click the errorbackup.reg file to reinstall the entry. So you may want to wait until everything is finished before deleting this )

I found the the Showinfo Tip and changed the value data to 0, again to no avail <_< should i change it back to 1? i have the backups you recommended aswell. I also couldnt find the "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" in this section? maybe im not looking in the write spot? I really have only a small understanding about what all this is, so probably it something im doing? :wacko:

I will wait and see what you have to say about what i have completed so far before i continue on with you other suggestions.

Again thankyou for your time and effort :rolleyes:

[edit] PS i noticed the Java in my HJT log was still outdated i addressed that:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

from the scan i just completed.

Edited by Takitoes
Link to post
Share on other sites

Yes, change the value back to 1 since changing it to 0 had no effect.

Have you manually run live update and then manually done a full system scan with Norton? If not do so.

Likewise, if removing the key did not solve the problem use the backup to restore it so that whatever tooltip it happens to enable in whatever program those weird symbols refer to does not loose that ability.

By this

Locate this entry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

Right click on the folder "approved" on the left side and choose export.

Name it something you will remember Like ErrorBackup.reg and save it where you can find it.

On the right side locate the entry

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

I mean that when you select the folder Approved on the left side of regedit on the right side you will see an entry where under name you see 2559a1f4-21d7-11d4-bdaf-00c04f60b9f0

Further over under Data you would see Internet

But could you do this

In regedit go to

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

Right click and choose export,(If it gives you the option to save as a text file .txt do so )

Then go to the export and right click and choose edit and it should open in Notepad.

Copy the contents and post them here.

I think the problem may be in the value for "LocalizedString"

.

Do you have firefox or another alternative browser?

http://www.mozilla.com/firefox/

http://www.opera.com/

Both are free internet browsers which are not based on Internet Explorer and operate completely independently.

I may have an alternative technique to fix this .

I want you to try this approach

http://windowshelp.microsoft.com/Windows/e...8d8af71033.mspx

Right-click the Internet Explorer icon on the desktop, and then click Start Without Add-ons.

If you do not have an Internet Explorer icon on the desktop, click Start, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).

If disabling all add-ons solves the problem, you might want to use Add-on Manager to disable all add-ons and then turn on add-ons only as you need them. This will allow you to figure out which add-on is causing the problem.

or

To open Add-on Manager

1.

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.

2.

Click the Tools button.

3.

Click Manage Add-ons, and then click Enable or Disable Add-ons.

Next

Update Internet Explorer

Running Windows Update can often correct problems by replacing out-of-date files and fixing vulnerabilities.

1.

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.

2.

Click the Tools button, and then click Windows Update.

3.

Follow instructions on the Windows Update page

I feel the following may pose risks so this is for reference only for now

Reset Internet Explorer settings

If disabling add-ons doesn't solve the problem, try resetting Internet Explorer back to its default settings. This removes all changes that have been made to Internet Explorer since it was installed, but it does not delete your favorites or feeds.

1.

Close all Internet Explorer or Windows Explorer windows.

2.

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.

3.

Click the Tools button, and then click Internet Options.

4.

Click the Advanced tab, and then click Reset.

5.

Click Reset.

6.

When you are done, click Close, and then click OK.

7.

Close Internet Explorer and reopen it for the changes to take effect.

Edited by Pete_C
Link to post
Share on other sites

Okay, thats made it a little clearer, thankyou.

Here is the txt copy of the file you were asking for:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

@="Internet"

"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\

6f,00,6f,00,74,00,25,00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\

00,2e,00,65,00,78,00,65,00,2c,00,2d,00,37,00,30,00,32,00,34,00,00,00

"InfoTip"="@explorer.exe,-7004"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\

65,00,2c,00,2d,00,32,00,35,00,33,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\

64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00

"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]

"CLSID"="{25585dc7-4da0-438d-ad04-e42c8d2d64b9}"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]

"Element"="{3c81e7fa-1f3b-464a-a350-114a25beb2a2}"

"InitString"="StartMenuInternet"

"opentext"="@shell32.dll,-12705"

"properties"="C:\\Windows\\system32\\inetcpl.cpl"

"propertiestext"="@shell32.dll,-12704"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]

"Attributes"=dword:00000000

If you look a the first few posts of the this thread you will see one of the BT staff already showed me the Add-on Manager. I have played around with it, enabeling and disabeling the different add ons, to no effect. The strange thing is, regarless if i run with or without add-ons, only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. I have also tried the reset Internet Explorer tool you talk about, again to no effect. I will try it again and post seperatly if it makes a difference. I always update Norton before a scan so there are no updates that i missed with that last scan, the same for the Ad-Aware. I have used both Opera and Firefox in the past, and i personaly preffer Internet Explorer. Maybe the best thing to do would just be to remove the Internet Explorer shortcut from the quick launch area of the start menu and use the desktop shortcut ? :blink:

Anyway, i wil await your reply. Again my big thanks for your continued help.

Link to post
Share on other sites
If you look a the first few posts of the this thread you will see one of the BT staff already showed me the Add-on Manager. I have played around with it, enabeling and disabeling the different add ons, to no effect. The strange thing is, regarless if i run with or without add-ons, only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. I have also tried the reset Internet Explorer tool you talk about, again to no effect. I will try it again and post seperatly if it makes a difference. I always update Norton before a scan so there are no updates that i missed with that last scan, the same for the Ad-Aware. I have used both Opera and Firefox in the past, and i personaly preffer Internet Explorer. Maybe the best thing to do would just be to remove the Internet Explorer shortcut from the quick launch area of the start menu and use the desktop shortcut ? :blink:

Anyway, i wil await your reply. Again my big thanks for your continued help.

only the internet explorer in the quick launch area when i first click the start menu seems to have the problem.

Ahh, now we may be getting somewhere.

So , if you go to the IE shortcut on the desktop it launches no problem?

But the one in the quick launch does have a problem?

I want you to go to the quicklaunch icon for IE and right click and choose properties.

On the dialog box which pops up there will be several fields.

I want you to copy and paste what you see in the Target box

Also what you see in the start in box and comment box.

For future reference this is the regsearch for the string {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} on a known clean Vista install

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.5.0

; Results at 1/22/2008 10:35:01 AM for strings:

; '2559a1f4-21d7-11d4-bdaf-00c04f60b9f0'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

; Contents of value:

; ¤®\–®·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,a4,ae,5c,96,ae,b7,c7,01

; Contents of value:

; ÄÒc–®·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,c4,d2,63,96,ae,b7,c7,01

; Contents of value:

; ð·±'D·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,f0,b7,b1,27,44,b7,c7,01

; End Of The Log...

This is for reference for others researching the problem and to compare to your log.

Also, here is a comparison of the export of [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

saved as export.txt

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: <NO NAME>

Type: REG_SZ

Data: Internet

Value 1

Name: LocalizedString

Type: REG_EXPAND_SZ

Data: @%SystemRoot%\explorer.exe,-7024

Value 2

Name: InfoTip

Type: REG_SZ

Data: @explorer.exe,-7004

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: <NO NAME>

Type: REG_EXPAND_SZ

Data: %SystemRoot%\explorer.exe,-253

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: <NO NAME>

Type: REG_EXPAND_SZ

Data: %SystemRoot%\System32\shdocvw.dll

Value 1

Name: ThreadingModel

Type: REG_SZ

Data: Apartment

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: CLSID

Type: REG_SZ

Data: {25585dc7-4da0-438d-ad04-e42c8d2d64b9}

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag

Class Name: <NO CLASS>

Last Write Time: 1/14/2007 - 3:34 AM

Value 0

Name: Element

Type: REG_SZ

Data: {3c81e7fa-1f3b-464a-a350-114a25beb2a2}

Value 1

Name: InitString

Type: REG_SZ

Data: StartMenuInternet

Value 2

Name: opentext

Type: REG_SZ

Data: @shell32.dll,-12705

Value 3

Name: properties

Type: REG_SZ

Data: C:\Windows\system32\inetcpl.cpl

Value 4

Name: propertiestext

Type: REG_SZ

Data: @shell32.dll,-12704

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: <NO NAME>

Type: REG_SZ

Data: {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder

Class Name: <NO CLASS>

Last Write Time: 11/2/2006 - 6:50 AM

Value 0

Name: Attributes

Type: REG_DWORD

Data: 0

Exported as a reg file export.reg and opened to edit with notepad

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

@="Internet"

"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\

6f,00,6f,00,74,00,25,00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\

00,2e,00,65,00,78,00,65,00,2c,00,2d,00,37,00,30,00,32,00,34,00,00,00

"InfoTip"="@explorer.exe,-7004"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\

65,00,2c,00,2d,00,32,00,35,00,33,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\

64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00

"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]

"CLSID"="{25585dc7-4da0-438d-ad04-e42c8d2d64b9}"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]

"Element"="{3c81e7fa-1f3b-464a-a350-114a25beb2a2}"

"InitString"="StartMenuInternet"

"opentext"="@shell32.dll,-12705"

"properties"="C:\\Windows\\system32\\inetcpl.cpl"

"propertiestext"="@shell32.dll,-12704"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]

@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]

[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]

"Attributes"=dword:00000000

Pardon all the redundancy, but we will get to the bottom of this and leave a record for others who are researching the problem.

Link to post
Share on other sites

Okay, in the regseeker report the only differences we have is the last section; this will take some more research to clarify.

You have

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

; Contents of value:

; Ãœâ€wÃŒ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,dc,94,07,77,cc,a0,c7,01

; Contents of value:

; œWwÌ Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,9c,57,0c,77,cc,a0,c7,01

; Contents of value:

; àó‹YªÇ

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,e0,f3,8b,59,0f,aa,c7,01

I have

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]

; Contents of value:

; ¤®\–®·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,a4,ae,5c,96,ae,b7,c7,01

; Contents of value:

; ÄÒc–®·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,c4,d2,63,96,ae,b7,c7,01

; Contents of value:

; ð·±'D·Ç

"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\

00,00,00,00,00,00,00,f0,b7,b1,27,44,b7,c7,01

NOTHING FOR YOU TO DO JUST YET.

For [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}] export

they match so this is not the source of the problem.

Link to post
Share on other sites

Ahhhhh.

How about deleting the IE icon in the Quick Launch toolbar, Dragging and dropping the IE Icon from the Desktop to the Quick Launch toolbar and making it either a copy of, or a shortcut.

Link to post
Share on other sites
Ahhhhh.

How about deleting the IE icon in the Quick Launch toolbar, Dragging and dropping the IE Icon from the Desktop to the Quick Launch toolbar and making it either a copy of, or a shortcut.

That was going to be my next suggestion but I really want to know what it says first so we can figure out what is causing this.

I suspect there is an extra addition to the target like a shell extension virus does

Link to post
Share on other sites

I've thought of this, the problem is that i cant right click this icon, im sorry im not sure if quick launch is the correct name for this icon? The shortcut is controled by the "Taskbar and Start Menu Properties" option menu. I can't replace it with one of the good shortcuts, at least i dont know any way of doing it. I've attached a screenshot with the shortcut im talking about highlighted with my mouse.

post-2254-1201027760_thumb.jpg

Link to post
Share on other sites

Try dragging and dropping the IE Icon from the desktop onto the Main "Start Menu". (The quick Launch is down on the taskbar next to your start menu). And place it under the old IE Icon. If it stays there. Then just go into the start menu properties and uncheck IE in the properties menu.

Or see if you can drag and drop the bad icon out onto the desktop (you can L or R-Click to do this) and then see if you can r-click on it to open up properties. Sounds like either the "Target" Or the "Start In" command on the original IE Icon has been changed.

Link to post
Share on other sites
I've thought of this, the problem is that i cant right click this icon, im sorry im not sure if quick launch is the correct name for this icon? The shortcut is controled by the "Taskbar and Start Menu Properties" option menu. I can't replace it with one of the good shortcuts, at least i dont know any way of doing it. I've attached a screenshot with the shortcut im talking about highlighted with my mouse.

Ah, no that is not the quick launch. Quick launch is the one you get in the taskbar, by the start button .

That would be the commonly used section of the start menu.

I do not see offhand why the right click context is disabled there , delete is one of the options .

Try right click on the start button and choose explore

Then in the folder C:\Documents and Settings\(Your user name here)\Start Menu

Select the programs folder.

There should be a shortcut icon for IE there

Check its properties.

Do the same for C:\Documents and Settings\All Users\Start Menu

If your right click menu is still missing try in safe mode.

If you can delete the shortcut, just right click the desktop IE icon and drag it there and release and choose create shortcut and see if that one works properly.

Link to post
Share on other sites

Okay, stupid mistake on my behalf, i had a setting disabled that allows me to right click in the start menu. So now i can right click :) Deleting and adding shortcuts is not possible though, at least not for IE. I am quiet sure that this is it is a windows option that controls this shortcut, not one that is determined by me or the common programs i am using. I will give you a screenshot of the options menu i use to control this short cut. You should see the Internet Link box ticked there, thats what controls this shortcut. Normaly with any other program I can right click and choose "Pin to Start menu" and have that program appear in that box without having to scroll through the "All Programs" list, but this is not the case for IE. Restarting in safe mode made no difference and for some reason apparently I dont have access to C:/Documents and Settings ??? but if i explore the start menu i can only find the shortcut in the "All programs" list which works fine anyway. :wacko: Confusing...

post-2254-1201036057_thumb.jpg

Link to post
Share on other sites

Mmmm.

You should be able to drag and drop from the desktop to the start menu... I have, but I'll check the IE icon. Did you try unchecking IE in Customize, then restart and then recheck it to see if it clears. And can you r-click on the IE Icon and bring up it's properties now.

Give me around an 2 hours and I'll be able to get home and get on Vista. Kinda hard to try things on XP.

Link to post
Share on other sites

I remember from when i had XP that you could drag it over the start menu and it would open up, it wont do that in vista now, apparetly...i tried unchecking the box and then re-checking it, but i didnt restart, ill try that now and if it makes a difference ill let you know straight away. Right clicking brings up 3 options, "browse the internet", "internet options" and "remove from this list" , non of which seem currently relevant.

Link to post
Share on other sites

OK....

Let's try this.

Go to your Start Menu > All Programs > And you should have an IE Icon listed in all programs. R-click on it and drag it down and hold it over "Back" (lower part of the start menu). It should convert back to the main window. When your normal Start Menu opens move it up to where you want to put it. (you should see a black line where it will fit). Then just remove the old Icon from the start menu properties.

I just did that on mine and it worked.

Link to post
Share on other sites

:D :D :D Thats seems to have done the trick. Thanks very much. Funny that such a simple soloution to a problem that has pestered me for weeks. I'm not sure if there were other things you wannted me to clean up Pete?

Either way a big thankyou to both of you! I really do appriciate the time you guys gave :) Please let me know if there is something i can do in return?

Thanks again, probably ill be back soon enough to BestTechie with more problems :whistling:

Link to post
Share on other sites
:D :D :D Thats seems to have done the trick. Thanks very much. Funny that such a simple soloution to a problem that has pestered me for weeks. I'm not sure if there were other things you wannted me to clean up Pete?

Either way a big thankyou to both of you! I really do appriciate the time you guys gave :) Please let me know if there is something i can do in return?

Thanks again, probably ill be back soon enough to BestTechie with more problems :whistling:

Now we have a functional solution and generalized explanation of what was the cause of the error.

My guess is that the IE icon you saw pinned there was an internet shortcut; if you could have checked its properties there would have been a link to a file ; C:/Windows/NECCUST/OWR/OWR_EN.HTM which showed in your original HJT log

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM

Since a google search finds you as the only person on the internet who has posted a hijackthis log file with that entry or the folder

C:/Windows/NECCUST

I think you should run hijackthis , choose scan only and put a check by those two entries and choose fix if this is not your chosen start page.

I do not see anything which removed it though.

It could also be a problem with malware replacing your original about:blank file so I would also have hijackthis fix this line

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Since you had a Zlob infection you probably need to do an online scan with panda or kaspersky online scanner .

http://www.pandasecurity.com/homeusers/solutions/activescan/

http://forums.majorgeeks.com/showthread.php?t=84939

http://www.kaspersky.com/virusscanner

As there may be some files still remaining.

Also, as you will see at Symantec

http://www.symantec.com/security_response/...-99&tabid=3

The final step is to disable system restore, restart your computer and re enable system restore and create a new restore point since the existing restore points are most likely infected and will just reinstall the nasties you worked so hard to eliminate.

Edited by Pete_C
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...