Takitoes Posted January 14, 2008 Report Share Posted January 14, 2008 HelloAfter having some problems with malware, which i resolved with help from a best techie malware removal staff member, i am left with a strange error message when i start up Internet Explorer. Specifically:"Cannot find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}'. Make sure the path or internet address is correct."After i click "Ok" Internet Explorer starts up as normal and seems to work fine.Not a particuarly bad problem, nonetheless one i would like to fix if possible.I thought prahaps the best thing to do would be to un-install and re-install IE 7 and hope that worked, but since i am running Vista it seems this is impossible?Another interesting thing is that if i start IE with the Right-Click function "Start without Add-ons" I don't get the message.This is the link to the post i created in the Malware Removal section to deal with the problems that started all this:http://www.besttechie.net/forums/index.php...mp;#entry106645Any help is greatly appriciated!Thankyou Quote Link to post Share on other sites
JSKY Posted January 14, 2008 Report Share Posted January 14, 2008 Open up IE. On the top tool bar and click on "Tools". Choose "Manage Add-ons" > "Enable or Disable Add-ons". Choose "Add-ons currently Loaded in IE". Go through the list and disable one at a time, restart IE until the problem stops. (you can re-enable each one after each test). When you find the problem add-on, you might be able to reinstall the program associated with the said add-on.Seems the melware has messed with a registry file associated with a program that uses add-ons with IE. Quote Link to post Share on other sites
Takitoes Posted January 15, 2008 Author Report Share Posted January 15, 2008 Weird....There are only 2 add-ons listed as Enabled under "Add-ons Currently Loaded in IE" Adobe PDF reader and Sun Java console. I disabled both and restarted IE and i still get the error message.There is an add on listed there "IE Anti-Spyware" that i believe is assosiated with the Malware i removed, 2 programs called IE Saftey Features and IE custom tools, i remember one of the things they did was to open a pop-up about spyware removal tools. Anyway the add-on is said to be Disabled. I tried making it Enabled to see what would happen, but i still get the same error. Quote Link to post Share on other sites
Takitoes Posted January 17, 2008 Author Report Share Posted January 17, 2008 Okay, another wierd thing. I have just discovered that if i run IE from my desktop via a shortcut then i dont get the error message. I tried to make a new shortcut on the start menu list where i would normaly open IE from but that dosnt work.Make my problem any easier? Quote Link to post Share on other sites
JSKY Posted January 18, 2008 Report Share Posted January 18, 2008 Sound like the melware is corrupting a path.How were you making the short cut? You say a desktop icon for IE works OK. Did you drag and drop the icon into the start menu. Or are you creating a path to it. using the "Shortcut" command in the desktop r-click menu. Quote Link to post Share on other sites
Pete_C Posted January 18, 2008 Report Share Posted January 18, 2008 (edited) I am pretty sure this is the info tip / tool tip clsid (Although it may be one of those systray icons ).It is telling IE to show a tool tip which would have popped up when you open IE, but since you removed the malware which put it there the tooltip is not present but the call for it is.Basically it was added there to take advantage of the fact that windows executes instructions located in shell entries in the registry (amongst other places), so by putting an entry there, the nasty it referenced would autorun with windows thinking it had just run a tooltip balloon.http://www.theeldergeek.com/tool_tip_displays.htm[start] [Run] [Regedit]Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedData Type: REG_DWORD [Dword Value] // Value Name: ShowInfoTipModify/Create the Value Name [showInfoTip] according to the Value Data listed below.Value Data: [0 - ShowInfoTip Disabled / 1 - ShowInfoTip Enabled]Exit Registry and RebootSee if it is present there.I think that this is the most likely entry to cause the problem you are having[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"My suggestion here is to go to start/ run and type regedit.Locate this entry[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]Right click on the folder "approved" on the left side and choose export.Name it something you will remember Like ErrorBackup.reg and save it where you can find it. On the right side locate the entry"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"Right click and choose deleteClose regedit and restart computer and launch IE. If this solves it, you can delete the file ErrorBackup.reg(note if you it causes any problem, you can just double click the errorbackup.reg file to reinstall the entry. So you may want to wait until everything is finished before deleting this )I would say these may the source of your problem as they are located where smitfraud/virusprotect (mattsearch.dll) puts its entries.But the weird font makes it hard to positively identify them.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]; Contents of value:; Üâ€ÂwÃŒ Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,dc,94,07,77,cc,a0,c7,01; Contents of value:; Å“WwÃŒ Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,9c,57,0c,77,cc,a0,c7,01; Contents of value:; àó‹YªÇ"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,e0,f3,8b,59,0f,aa,c7,01I would be tempted to export the folder[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]and then delete them to see what they do if they remain after you run the smitfraud removal tool.But first I think you should check the event viewer and see if there is a log associated with this error and see if it contains any information which could enlighten us.Clarify , you did not have this error before you removed the malware (Trojan Fakealert or Virusprotect Win32.BHO); Backdoor.Bifrose.E., Trojan Zlob, I am wondering if they should have had you run the smitfraud fix and virusprotect fix; I would have based on the mattsearch.dll entry and ZLOB .http://www.bleepingcomputer.com/forums/topic98219.htmlReferences to have the malware expert review and see if they concurhttp://www.castlecops.com/tk38412-e404_v1_...ndsite_dll.htmlhttp://spyware-free.us/files/7-3-06/smitfraud-registry.htmlhttp://www.bleepingcomputer.com/forums/topic98219.html Edited January 19, 2008 by Pete_C Quote Link to post Share on other sites
Pete_C Posted January 19, 2008 Report Share Posted January 19, 2008 Since they say they finished the malware removal , I will see what I see.Reviewing your log I am not sure they did all the needed removal for trojan ZLOB, (I will look into that and get back)I will look into that later but you also have an outdated version of Java Runtime Environment.C:\Program Files\Java\jre1.5.0_11Please go to add/ remove programs in the control panel and uninstall all versions of Java Runtime Environment .When you have them all gone , restart your computer and go to http://www.java.com/en/download/manual.jspAnd get JRE 1.6.0_3C:/Windows/NECCUST/OWR/OWR_EN.HTMIs this your chosen start page? Did you create it??O4 - HKLM\..\RunOnce: [installShieldSetup] C:\PROGRA~1\INSTAL~1\{BEEFC~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{BEEFC~1\reboot.ini -l0x9Okay, do you remember installing anything starting with BEEFC ? O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)These two are definitely identified as smitfraud infection. http://www.castlecops.com/o9list-282.htmlYour analyst was remiss in not instructing you to run the proper smitfraud removal tool since it appears that the infection was only partially removed. These entries should also have been removed.So, run the smitfraud fix and virusprotect fix found here and post the logs http://www.bleepingcomputer.com/forums/topic98219.htmlThen run hijackthis, with all other windows closed, choose scan only and put a check by these entries and choose fix.O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)Were these dealt with?C:\Windows\System32\temp.000Adware.CashDeluxe.Process http://www.superadblocker.com/definition/temp/This folder C:\temp Did you create it? Or something else? What is in there?[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014}]2007-12-16 18:01 12800 --a------ C:\Program Files\Video Add-on\isfmdl.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{90222687-F593-4738-B738-FBEE9C7B26DF} *Smitfraud* entry, definitely should have run smitfraudfix*{F2BADA0D-FD61-45EF-A994-64A073FD6613} *Smitfraud* entry, definitely should have run smitfraudfix*[HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}] *Smitfraud* entry, definitely should have run smitfraudfix*[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{F2BADA0D-FD61-45EF-A994-64A073FD6613}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-12-16 18:01 74752][HKEY_CLASSES_ROOT\clsid\{f2bada0d-fd61-45ef-a994-64a073fd6613}]*Is E: an optical or hard drive??*[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cb7afee-e74f-11db-8600-806e6f6e6963}]\shell\AutoRun\command - E:\autorun.exe*Backdoor.Bifrose Trojan.Agent.gen*[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8482a04-4656-11dc-828e-0040d0a94343}]\shell\Auto\command - F:\Cn911.exe\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Cn911.exehttp://www.symantec.com/security_response/...-99&tabid=3contains the removal instructions. note the need to do some registry cleanup on non detected components Quote Link to post Share on other sites
Takitoes Posted January 21, 2008 Author Report Share Posted January 21, 2008 (edited) Okay, first thing:I think the shortcut on my desktop was there from the start, probably from vista was installed onto the computer, although im not sure.The link in my start menu is automatically created because i have set it as my browser in the start menu and taskbar properties options. It appears as one of the quick launch items in the list when i first click the start button (ie not listed under the "all programs" list).Answering a few of Pete's questions.The problem only started after the malware had been removed.The webpage that you mentioned is the default when i purchased the laptop. It is a site asking for registration of the NEC product and then a thankyou for registering, my current hompage is just a blank page.I don't speficicaly remember installing something called BEEFC, but if it was run through Install shield Setup like most other install files i can probably say i knew what it was at the time.I still have the temp.000 at that location, I will complete another virus scan with norton and spyware with adaware and see if they pick it up.The C:\temp has 2 small notepad files in it to do with GPGnet (Gas Powered Games Net) the online multiplayer program for Supreme Commander that i have on my computer.E:\ Is my DVD RW optical drive.I have also just updated my Java as per your advice Just going to finish these scans and I will post the new log reports.I also had a look through the Event logs, i couldnt find anything to do with the problem, but there is a big possibility i missed something, i have never used Event Viewer before and i have no idea how to use it properly.Think thats it for now new post with the logs soonBTW thanks for all the help Edited January 21, 2008 by Takitoes Quote Link to post Share on other sites
Takitoes Posted January 21, 2008 Author Report Share Posted January 21, 2008 (edited) Okay, I completed Norton and Ad-aware Scan's, restarted in safe mode and completed the smitfraud fix and HijackThis scan. Unfortunatly this dosnt seem to have changed th problem. Here are the logs anywaySmitFraud -----SmitFraudFix v2.274Scan done at 23:13:27,71, 2008-01-21Run from C:\Users\User\Desktop\SmitfraudFixOS: Microsoft Windows [Version 6.0.6000] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» hosts127.0.0.1 localhost::1 localhost»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 FixS!Ri's WS2Fix: LSP not Found.»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files»»»»»»»»»»»»»»»»»»»»»»»» IEDFixIEDFix.exe by S!Ri»»»»»»»»»»»»»»»»»»»»»»»» DNSHKLM\SYSTEM\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer=213.241.79.37 83.238.255.76»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» Registry CleaningRegistry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» EndHijackThis--------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:16:29, on 2008-01-21Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: Safe modeRunning processes:C:\Windows\explorer.exeC:\Users\User\HJT\HJTInstall.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -autoO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: Logitech SetPoint.lnk = ?O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLLO13 - Gopher Prefix: O17 - HKLM\System\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer = 213.241.79.37 83.238.255.76O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exeO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exeO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exeO23 - Service: SessionLauncher - Unknown owner - C:\Users\User\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 6924 bytesI also tried one of the first things you mentionedI think that this is the most likely entry to cause the problem you are having[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"My suggestion here is to go to start/ run and type regedit.Locate this entry[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]Right click on the folder "approved" on the left side and choose export.Name it something you will remember Like ErrorBackup.reg and save it where you can find it.On the right side locate the entry"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"Right click and choose deleteClose regedit and restart computer and launch IE. If this solves it, you can delete the file ErrorBackup.reg(note if you it causes any problem, you can just double click the errorbackup.reg file to reinstall the entry. So you may want to wait until everything is finished before deleting this )I found the the Showinfo Tip and changed the value data to 0, again to no avail should i change it back to 1? i have the backups you recommended aswell. I also couldnt find the "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" in this section? maybe im not looking in the write spot? I really have only a small understanding about what all this is, so probably it something im doing? I will wait and see what you have to say about what i have completed so far before i continue on with you other suggestions.Again thankyou for your time and effort [edit] PS i noticed the Java in my HJT log was still outdated i addressed that:O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllfrom the scan i just completed. Edited January 21, 2008 by Takitoes Quote Link to post Share on other sites
Pete_C Posted January 22, 2008 Report Share Posted January 22, 2008 (edited) Yes, change the value back to 1 since changing it to 0 had no effect.Have you manually run live update and then manually done a full system scan with Norton? If not do so. Likewise, if removing the key did not solve the problem use the backup to restore it so that whatever tooltip it happens to enable in whatever program those weird symbols refer to does not loose that ability. By thisLocate this entry[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]Right click on the folder "approved" on the left side and choose export.Name it something you will remember Like ErrorBackup.reg and save it where you can find it.On the right side locate the entry"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"I mean that when you select the folder Approved on the left side of regedit on the right side you will see an entry where under name you see 2559a1f4-21d7-11d4-bdaf-00c04f60b9f0 Further over under Data you would see InternetBut could you do thisIn regedit go to [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]Right click and choose export,(If it gives you the option to save as a text file .txt do so )Then go to the export and right click and choose edit and it should open in Notepad.Copy the contents and post them here.I think the problem may be in the value for "LocalizedString".Do you have firefox or another alternative browser? http://www.mozilla.com/firefox/http://www.opera.com/Both are free internet browsers which are not based on Internet Explorer and operate completely independently.I may have an alternative technique to fix this .I want you to try this approachhttp://windowshelp.microsoft.com/Windows/e...8d8af71033.mspxRight-click the Internet Explorer icon on the desktop, and then click Start Without Add-ons.If you do not have an Internet Explorer icon on the desktop, click Start, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).If disabling all add-ons solves the problem, you might want to use Add-on Manager to disable all add-ons and then turn on add-ons only as you need them. This will allow you to figure out which add-on is causing the problem.orTo open Add-on Manager 1. Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.2. Click the Tools button.3. Click Manage Add-ons, and then click Enable or Disable Add-ons.Next Update Internet ExplorerRunning Windows Update can often correct problems by replacing out-of-date files and fixing vulnerabilities.1. Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.2. Click the Tools button, and then click Windows Update.3. Follow instructions on the Windows Update pageI feel the following may pose risks so this is for reference only for nowReset Internet Explorer settingsIf disabling add-ons doesn't solve the problem, try resetting Internet Explorer back to its default settings. This removes all changes that have been made to Internet Explorer since it was installed, but it does not delete your favorites or feeds.1. Close all Internet Explorer or Windows Explorer windows.2. Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.3. Click the Tools button, and then click Internet Options.4. Click the Advanced tab, and then click Reset. 5. Click Reset.6. When you are done, click Close, and then click OK.7. Close Internet Explorer and reopen it for the changes to take effect. Edited January 22, 2008 by Pete_C Quote Link to post Share on other sites
Takitoes Posted January 22, 2008 Author Report Share Posted January 22, 2008 Okay, thats made it a little clearer, thankyou.Here is the txt copy of the file you were asking for:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]@="Internet""LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\ 6f,00,6f,00,74,00,25,00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\ 00,2e,00,65,00,78,00,65,00,2c,00,2d,00,37,00,30,00,32,00,34,00,00,00"InfoTip"="@explorer.exe,-7004"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 65,00,2c,00,2d,00,32,00,35,00,33,00,00,00[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00"ThreadingModel"="Apartment"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]"CLSID"="{25585dc7-4da0-438d-ad04-e42c8d2d64b9}"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]"Element"="{3c81e7fa-1f3b-464a-a350-114a25beb2a2}""InitString"="StartMenuInternet""opentext"="@shell32.dll,-12705""properties"="C:\\Windows\\system32\\inetcpl.cpl""propertiestext"="@shell32.dll,-12704"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]"Attributes"=dword:00000000If you look a the first few posts of the this thread you will see one of the BT staff already showed me the Add-on Manager. I have played around with it, enabeling and disabeling the different add ons, to no effect. The strange thing is, regarless if i run with or without add-ons, only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. I have also tried the reset Internet Explorer tool you talk about, again to no effect. I will try it again and post seperatly if it makes a difference. I always update Norton before a scan so there are no updates that i missed with that last scan, the same for the Ad-Aware. I have used both Opera and Firefox in the past, and i personaly preffer Internet Explorer. Maybe the best thing to do would just be to remove the Internet Explorer shortcut from the quick launch area of the start menu and use the desktop shortcut ? Anyway, i wil await your reply. Again my big thanks for your continued help. Quote Link to post Share on other sites
Pete_C Posted January 22, 2008 Report Share Posted January 22, 2008 If you look a the first few posts of the this thread you will see one of the BT staff already showed me the Add-on Manager. I have played around with it, enabeling and disabeling the different add ons, to no effect. The strange thing is, regarless if i run with or without add-ons, only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. I have also tried the reset Internet Explorer tool you talk about, again to no effect. I will try it again and post seperatly if it makes a difference. I always update Norton before a scan so there are no updates that i missed with that last scan, the same for the Ad-Aware. I have used both Opera and Firefox in the past, and i personaly preffer Internet Explorer. Maybe the best thing to do would just be to remove the Internet Explorer shortcut from the quick launch area of the start menu and use the desktop shortcut ? Anyway, i wil await your reply. Again my big thanks for your continued help. only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. Ahh, now we may be getting somewhere.So , if you go to the IE shortcut on the desktop it launches no problem?But the one in the quick launch does have a problem?I want you to go to the quicklaunch icon for IE and right click and choose properties.On the dialog box which pops up there will be several fields.I want you to copy and paste what you see in the Target boxAlso what you see in the start in box and comment box.For future reference this is the regsearch for the string {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} on a known clean Vista installWindows Registry Editor Version 5.00; Registry Search 2.0 by Bobbi Flekman © 2005; Version: 2.0.5.0; Results at 1/22/2008 10:35:01 AM for strings:; '2559a1f4-21d7-11d4-bdaf-00c04f60b9f0'; Strings excluded from search:; (None); Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]; Contents of value:; ¤®\–®·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\ 00,00,00,00,00,00,00,a4,ae,5c,96,ae,b7,c7,01; Contents of value:; ÄÒc–®·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\ 00,00,00,00,00,00,00,c4,d2,63,96,ae,b7,c7,01; Contents of value:; ð·±'D·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\ 00,00,00,00,00,00,00,f0,b7,b1,27,44,b7,c7,01; End Of The Log...This is for reference for others researching the problem and to compare to your log.Also, here is a comparison of the export of [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]saved as export.txtKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}Class Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: <NO NAME> Type: REG_SZ Data: InternetValue 1 Name: LocalizedString Type: REG_EXPAND_SZ Data: @%SystemRoot%\explorer.exe,-7024Value 2 Name: InfoTip Type: REG_SZ Data: @explorer.exe,-7004Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIconClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: <NO NAME> Type: REG_EXPAND_SZ Data: %SystemRoot%\explorer.exe,-253Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32Class Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: <NO NAME> Type: REG_EXPAND_SZ Data: %SystemRoot%\System32\shdocvw.dllValue 1 Name: ThreadingModel Type: REG_SZ Data: ApartmentKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InstanceClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: CLSID Type: REG_SZ Data: {25585dc7-4da0-438d-ad04-e42c8d2d64b9}Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBagClass Name: <NO CLASS>Last Write Time: 1/14/2007 - 3:34 AMValue 0 Name: Element Type: REG_SZ Data: {3c81e7fa-1f3b-464a-a350-114a25beb2a2}Value 1 Name: InitString Type: REG_SZ Data: StartMenuInternetValue 2 Name: opentext Type: REG_SZ Data: @shell32.dll,-12705Value 3 Name: properties Type: REG_SZ Data: C:\Windows\system32\inetcpl.cplValue 4 Name: propertiestext Type: REG_SZ Data: @shell32.dll,-12704Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellexClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlersClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}Class Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandlerClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: <NO NAME> Type: REG_SZ Data: {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}Key Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenuClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMKey Name: HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolderClass Name: <NO CLASS>Last Write Time: 11/2/2006 - 6:50 AMValue 0 Name: Attributes Type: REG_DWORD Data: 0Exported as a reg file export.reg and opened to edit with notepadWindows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]@="Internet""LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\ 6f,00,6f,00,74,00,25,00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\ 00,2e,00,65,00,78,00,65,00,2c,00,2d,00,37,00,30,00,32,00,34,00,00,00"InfoTip"="@explorer.exe,-7004"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 65,00,2c,00,2d,00,32,00,35,00,33,00,00,00[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00"ThreadingModel"="Apartment"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance]"CLSID"="{25585dc7-4da0-438d-ad04-e42c8d2d64b9}"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]"Element"="{3c81e7fa-1f3b-464a-a350-114a25beb2a2}""InitString"="StartMenuInternet""opentext"="@shell32.dll,-12705""properties"="C:\\Windows\\system32\\inetcpl.cpl""propertiestext"="@shell32.dll,-12704"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler]@="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"[HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu][HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]"Attributes"=dword:00000000Pardon all the redundancy, but we will get to the bottom of this and leave a record for others who are researching the problem. Quote Link to post Share on other sites
Pete_C Posted January 22, 2008 Report Share Posted January 22, 2008 Okay, in the regseeker report the only differences we have is the last section; this will take some more research to clarify.You have[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]; Contents of value:; Ãœâ€wÃŒ Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,dc,94,07,77,cc,a0,c7,01; Contents of value:; Å“WwÃŒ Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,9c,57,0c,77,cc,a0,c7,01; Contents of value:; àó‹YªÇ"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,e0,f3,8b,59,0f,aa,c7,01I have[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]; Contents of value:; ¤®\–®·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E6-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,a4,ae,5c,96,ae,b7,c7,01; Contents of value:; ÄÒc–®·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214FA-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,c4,d2,63,96,ae,b7,c7,01; Contents of value:; ð·±'D·Ç"{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0} {000214E4-0000-0000-C000-000000000046} 0x401"=hex:01,\00,00,00,00,00,00,00,f0,b7,b1,27,44,b7,c7,01NOTHING FOR YOU TO DO JUST YET.For [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}] export they match so this is not the source of the problem. Quote Link to post Share on other sites
JSKY Posted January 22, 2008 Report Share Posted January 22, 2008 Ahhhhh.How about deleting the IE icon in the Quick Launch toolbar, Dragging and dropping the IE Icon from the Desktop to the Quick Launch toolbar and making it either a copy of, or a shortcut. Quote Link to post Share on other sites
Pete_C Posted January 22, 2008 Report Share Posted January 22, 2008 Ahhhhh.How about deleting the IE icon in the Quick Launch toolbar, Dragging and dropping the IE Icon from the Desktop to the Quick Launch toolbar and making it either a copy of, or a shortcut.That was going to be my next suggestion but I really want to know what it says first so we can figure out what is causing this.I suspect there is an extra addition to the target like a shell extension virus does Quote Link to post Share on other sites
Takitoes Posted January 22, 2008 Author Report Share Posted January 22, 2008 I've thought of this, the problem is that i cant right click this icon, im sorry im not sure if quick launch is the correct name for this icon? The shortcut is controled by the "Taskbar and Start Menu Properties" option menu. I can't replace it with one of the good shortcuts, at least i dont know any way of doing it. I've attached a screenshot with the shortcut im talking about highlighted with my mouse. Quote Link to post Share on other sites
JSKY Posted January 22, 2008 Report Share Posted January 22, 2008 Try dragging and dropping the IE Icon from the desktop onto the Main "Start Menu". (The quick Launch is down on the taskbar next to your start menu). And place it under the old IE Icon. If it stays there. Then just go into the start menu properties and uncheck IE in the properties menu. Or see if you can drag and drop the bad icon out onto the desktop (you can L or R-Click to do this) and then see if you can r-click on it to open up properties. Sounds like either the "Target" Or the "Start In" command on the original IE Icon has been changed. Quote Link to post Share on other sites
Takitoes Posted January 22, 2008 Author Report Share Posted January 22, 2008 Unfortunatly I can't do either of those. Any other ideas? Quote Link to post Share on other sites
Pete_C Posted January 22, 2008 Report Share Posted January 22, 2008 I've thought of this, the problem is that i cant right click this icon, im sorry im not sure if quick launch is the correct name for this icon? The shortcut is controled by the "Taskbar and Start Menu Properties" option menu. I can't replace it with one of the good shortcuts, at least i dont know any way of doing it. I've attached a screenshot with the shortcut im talking about highlighted with my mouse.Ah, no that is not the quick launch. Quick launch is the one you get in the taskbar, by the start button .That would be the commonly used section of the start menu.I do not see offhand why the right click context is disabled there , delete is one of the options .Try right click on the start button and choose exploreThen in the folder C:\Documents and Settings\(Your user name here)\Start MenuSelect the programs folder.There should be a shortcut icon for IE there Check its properties.Do the same for C:\Documents and Settings\All Users\Start MenuIf your right click menu is still missing try in safe mode.If you can delete the shortcut, just right click the desktop IE icon and drag it there and release and choose create shortcut and see if that one works properly. Quote Link to post Share on other sites
Takitoes Posted January 22, 2008 Author Report Share Posted January 22, 2008 Okay, stupid mistake on my behalf, i had a setting disabled that allows me to right click in the start menu. So now i can right click Deleting and adding shortcuts is not possible though, at least not for IE. I am quiet sure that this is it is a windows option that controls this shortcut, not one that is determined by me or the common programs i am using. I will give you a screenshot of the options menu i use to control this short cut. You should see the Internet Link box ticked there, thats what controls this shortcut. Normaly with any other program I can right click and choose "Pin to Start menu" and have that program appear in that box without having to scroll through the "All Programs" list, but this is not the case for IE. Restarting in safe mode made no difference and for some reason apparently I dont have access to C:/Documents and Settings ??? but if i explore the start menu i can only find the shortcut in the "All programs" list which works fine anyway. Confusing... Quote Link to post Share on other sites
JSKY Posted January 22, 2008 Report Share Posted January 22, 2008 Mmmm.You should be able to drag and drop from the desktop to the start menu... I have, but I'll check the IE icon. Did you try unchecking IE in Customize, then restart and then recheck it to see if it clears. And can you r-click on the IE Icon and bring up it's properties now.Give me around an 2 hours and I'll be able to get home and get on Vista. Kinda hard to try things on XP. Quote Link to post Share on other sites
Takitoes Posted January 22, 2008 Author Report Share Posted January 22, 2008 I remember from when i had XP that you could drag it over the start menu and it would open up, it wont do that in vista now, apparetly...i tried unchecking the box and then re-checking it, but i didnt restart, ill try that now and if it makes a difference ill let you know straight away. Right clicking brings up 3 options, "browse the internet", "internet options" and "remove from this list" , non of which seem currently relevant. Quote Link to post Share on other sites
JSKY Posted January 22, 2008 Report Share Posted January 22, 2008 OK....Let's try this.Go to your Start Menu > All Programs > And you should have an IE Icon listed in all programs. R-click on it and drag it down and hold it over "Back" (lower part of the start menu). It should convert back to the main window. When your normal Start Menu opens move it up to where you want to put it. (you should see a black line where it will fit). Then just remove the old Icon from the start menu properties. I just did that on mine and it worked. Quote Link to post Share on other sites
Takitoes Posted January 23, 2008 Author Report Share Posted January 23, 2008 :D Thats seems to have done the trick. Thanks very much. Funny that such a simple soloution to a problem that has pestered me for weeks. I'm not sure if there were other things you wannted me to clean up Pete?Either way a big thankyou to both of you! I really do appriciate the time you guys gave Please let me know if there is something i can do in return?Thanks again, probably ill be back soon enough to BestTechie with more problems Quote Link to post Share on other sites
Pete_C Posted January 23, 2008 Report Share Posted January 23, 2008 (edited) :D Thats seems to have done the trick. Thanks very much. Funny that such a simple soloution to a problem that has pestered me for weeks. I'm not sure if there were other things you wannted me to clean up Pete?Either way a big thankyou to both of you! I really do appriciate the time you guys gave Please let me know if there is something i can do in return?Thanks again, probably ill be back soon enough to BestTechie with more problems Now we have a functional solution and generalized explanation of what was the cause of the error.My guess is that the IE icon you saw pinned there was an internet shortcut; if you could have checked its properties there would have been a link to a file ; C:/Windows/NECCUST/OWR/OWR_EN.HTM which showed in your original HJT log R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTMR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTMSince a google search finds you as the only person on the internet who has posted a hijackthis log file with that entry or the folderC:/Windows/NECCUSTI think you should run hijackthis , choose scan only and put a check by those two entries and choose fix if this is not your chosen start page.I do not see anything which removed it though.It could also be a problem with malware replacing your original about:blank file so I would also have hijackthis fix this lineR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSince you had a Zlob infection you probably need to do an online scan with panda or kaspersky online scanner .http://www.pandasecurity.com/homeusers/solutions/activescan/http://forums.majorgeeks.com/showthread.php?t=84939http://www.kaspersky.com/virusscannerAs there may be some files still remaining.Also, as you will see at Symantechttp://www.symantec.com/security_response/...-99&tabid=3The final step is to disable system restore, restart your computer and re enable system restore and create a new restore point since the existing restore points are most likely infected and will just reinstall the nasties you worked so hard to eliminate. Edited January 23, 2008 by Pete_C Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.