Solved trojan.zlob activity~shell32.dll icons have gone.

Hi Geri

No change. "My Current Homepage" was the only thing listed and it wasn't checked.

 

Hi
Go back to kellys-korner, line 121, left column (increase icon cache .... download then double click iconcache.vbs and reboot).

http://www.kellys-korner-xp.com/xp_tweaks.htm

Let me know.
Geri

 

Hi Geri

A small amount of progress with that one. Icons for my HDs are back in My Computer but Folder Icons, My Documents, My Network Places and Recycle Bin are still missing.

Paul

 

Hi Paul
OK do this.

Click Start>Run; type this in the run box. hit enter.

regsvr32 shell32.dll

then toggle the display setting (change resolution, then change it back), then reboot.

Now check and let me know.

Geri

 

Hi Geri

A dialogue popped up saying regsvr32.exe in shell32.dll was successful. I toggled the display and rebooted but nothing has changed.

Paul

 

Hi Paul
I'm about out of ideas, But,
I've asked noahdfear to have a look here, He'll stop in ASAP.

He says he has more ideas and he's very good. so give him a chance.

Geri

 

Hi Paul,

I'll list a few things to try. Check after each thing is tried. A logoff or reboot might be necessary for the change to take effect.

1. Change your theme.


2. Paste the following bolded line in Start>Run then hit enter.

"%userprofile%\Local Settings\Application Data "

Delete the file IconCache.db (you will need hidden files and folders showing)
Reboot for the file to be recreated.

3. Rename shell32.dll to shell32.dll.old then hit F5 to refresh. It should be replaced with a copy from system32\dllcache.
Reboot.

4. Back to the display properties>Customize Desktop, select the icon for each item not properly displayed then click Restore Default. Not sure you previously selected any particular icon previously when Geri suggested it.

If none of this helps, we'll check some registry settings.

 

OK, since it's you recommending him. Thanks for all your help Geri.

Hi Noahdfear

OK here goes.

I normally just use the plain olive green theme so I got radical and switched to Plus! Nature. Everything but the problem icons changed to the new theme, The Recycle Bin etc. did not adopt the new theme so I rebooted, no change, and switched back to olive green. Again no change

No change with this one either.

I couldn't delete the file. I got a STOP dialogue with "Cannot Delete Shell32: Access is denied. Make sure that the disk is not full or write-protected and that the file is not currently in use "

The disk certainly isn't full or write-protected. I checked the file attributes and it wasn't set to read-only. I toggled the read-only attribute and tried again with the same result.

OK I went through them all and this got me a partial result! 'My Documents', 'My Computer' and 'My Network Places' now display the correct icon in the Start Menu. Bizarrely the 'My Documents' icon now shows correctly in the 'Other Places' section of the folder sidebar although it's still blank in the main window. 'My Network Places' and 'Shared Documents' still show the blank/placeholder icon though, in 'Other Places' and everywhere else but the Start Menu. I still have 'blank' folder icons although shared folders now have the little hand in front of the blank/placeholder icon.

That's it. I'll keep an eye out for your reply.

Thanks for your perseverance guys.

 

Please recheck my instructions regarding shell32.dll
I did not ask you to delete it.

I'll follow up this evening .... just a couple minutes for lunch break right now.

 

Oops, sorry, not concentrating.

Ok, I followed your instructions and the file was refreshed. Unfortunately there's been no change.

Paul

 

Something strange has happened.

I use Norton Internet Security 2008. The taskbar icon has changed to the 'at risk' version with a Red X superimposed. I opened Norton and it is saying that a virus and spyware scan has not been completed. I normally run a scheduled scan at 2am GMT every Thursday. This ran last week and is not yet due this week.

In the Norton window the 'Scan Now' option, in the menu on the left is not available, it is greyed out. I opened up the Norton Internet Security window and selected 'Run A Scan'. The options 'Run Quickscan' and 'Run A Scan' are both greyed out and cannot be selected even though it says 'Not Completed' next to these options.

I haven't been visiting any websites, except windowsBBS and fotothing.com, and the only program I've been running is an old game in Dosbox, Thunderbird & Firefox. Just when I thought we were sorting this out!

UPDATE: A reboot fixed this Norton now has the familiar green tick and the menu options are available.

 

Are there other user accounts on the machine (besides the Administrator account)? If so, please logon to each and toggle the theme and resloution setting. Let me know if those account icons are affected as well. Since you're using XP Home, the Administrator account is only available in Safe mode. Please go to safe mode and check the Admin account too.

If the behavior persists when back on your account in normal mode, open any explorer window (My Computer, My Documents, etc) and click Tools>Folder Options on the menu.
On the General tab, select Use Windows classic folders then click Apply.
On the View tab, deselect Display simple folder view in Explorer's Folders list then click Apply.
Now change them back and click Apply, then OK to exit (do NOT click cancel to exit).

Let me know if there's any change.

 

Yes, my wife has an account on this machine too. Neither her account or the Admin account are affected, they are displaying all icons as normal. Returning to my own account the problem persists.

Back in my account I followed your instructions and I'm afraid the only change is that the 'My Documents' icon in the 'Other Places' menu has returned to the 'blank' icon.

Paul

 

I'd like to look at a few registry settings. Please highlight and copy the contents of the code box below.

Code:

@echo off
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced >query.txt
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer >>query.txt
reg query  "HKCU\Control Panel\desktop\WindowMetrics" | findstr /i  "shell" >>query.txt
start notepad query.txt
exit
cls

Click Start>Run and type cmd then hit Enter to open a command window.
Right click on the command window and select Paste.
It will execute the commands rather quickly, open a text file and close the command window.
Please post the contents of the text file here.

 

OK here's the result:


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ServerAdminUI REG_DWORD 0x0
Hidden REG_DWORD 0x1
ShowCompColor REG_DWORD 0x1
HideFileExt REG_DWORD 0x0
DontPrettyPath REG_DWORD 0x0
ShowInfoTip REG_DWORD 0x0
HideIcons REG_DWORD 0x0
MapNetDrvBtn REG_DWORD 0x0
WebView REG_DWORD 0x1
Filter REG_DWORD 0x0
SuperHidden REG_DWORD 0x1
SeparateProcess REG_DWORD 0x0
ListviewAlphaSelect REG_DWORD 0x1
ListviewShadow REG_DWORD 0x1
ListviewWatermark REG_DWORD 0x1
TaskbarAnimations REG_DWORD 0x1
StartMenuInit REG_DWORD 0x2
StartButtonBalloonTip REG_DWORD 0x2
Start_ShowNetConn REG_DWORD 0x1
Start_LargeMFUIcons REG_DWORD 0x0
Start_MinMFU REG_DWORD 0x14
Start_EnableDragDrop REG_DWORD 0x1
Start_ShowPrinters REG_DWORD 0x0
Start_ScrollPrograms REG_DWORD 0x1
Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x0
Start_AutoCascade REG_DWORD 0x1
Start_NotifyNewApps REG_DWORD 0x0
Start_AdminToolsRoot REG_DWORD 0x0
TaskbarSizeMove REG_DWORD 0x1
NoNetCrawling REG_DWORD 0x0
FolderContentsInfoTip REG_DWORD 0x1
FriendlyTree REG_DWORD 0x1
WebViewBarricade REG_DWORD 0x1
DisableThumbnailCache REG_DWORD 0x0
ShowSuperHidden REG_DWORD 0x1
ClassicViewState REG_DWORD 0x0
PersistBrowsers REG_DWORD 0x1
TaskbarGlomming REG_DWORD 0x1
Start_ShowNetPlaces_ShouldShow REG_DWORD 0x41
Start_ShowControlPanel REG_DWORD 0x2
StartMenuFavorites REG_DWORD 0x0
Start_ShowHelp REG_DWORD 0x1
Start_ShowMyComputer REG_DWORD 0x2
Start_ShowMyDocs REG_DWORD 0x1
Start_ShowMyMusic REG_DWORD 0x1
Start_ShowMyPics REG_DWORD 0x1
Start_ShowRun REG_DWORD 0x1
Start_ShowSearch REG_DWORD 0x1
Start_ShowRecentDocs REG_DWORD 0x0
StartMenuAdminTools REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_BINARY 95000000
NoDrives REG_DWORD 0x0
NoBandCustomize REG_DWORD 0x0
NoMovingBands REG_DWORD 0x0
NoCloseDragDropBands REG_DWORD 0x0
NoSetTaskbar REG_DWORD 0x0
NoToolbarsOnTaskbar REG_DWORD 0x0
NoSaveSettings REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x0
ClassicShell REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run
Shell Icon BPP REG_SZ 16
Shell Icon Size REG_SZ 32

 

Lets see what effect this has. Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Double click fix.reg and allow it to merge with the registry.
Logoff and back on to see if there's any change.

 

Hi

I've applied the fix, logged off and back on and tried a reboot. sorry no effect.

Paul

 

I just noticed a space in that reg fix that should not have been there, due to the forum software. Please repeat with this one.

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
 "Start_LargeMFUIcons "=dword:00000001
 "Start_MinMFU "=dword:00000000

 

Ok, I ran the new one. The only change is that all the recently run programs on the left of the start menu have been cleared.

Paul

 

Ah yes, I see it now. MostFrequentlyUsed

I'm going to need to do some further research before I can recommend how to proceed. I need sleep too. Will get back with you tomorrow evening.