Correct Changes in Explorer Toolbar

Oops!! I tried one of those nifty "free" programs that let you put "smiley faces" on email, it comes with a search bar & pop-up ad swatter, called My Web SpeedBar & FunWebProducts. Maybe you've heard of it. Anyway, found that it was ad/spy-ware & tried to uninstall. The program would not uninstall all traces,
even after receiving an uninstall download from their customer support. One of the traces remaining is in Internet Explorer 6 Sp1. The Explorer Bar, the one with Search, Favorite, Media, etc.,
shows "My Way Speedbar Popswatter" in the View drop-down menu. Selecting the item only results in an error message, that the page is not found, but how do I get rid of the line in the menu? It does not show up as an icon like the magnifing glass or star for Search and Favorites, just aggravating that it is there in the drop-down menu. Does anyone know how to modify this particular part of IE? It is not really a big deal, not "safety-of-flight or anything, just want to get back the way it was. Thanks.

 

Perhaps try downloading and running adaware ? Put a check mark beside everything it finds...and let it rid you of the spyware it finds.

 

Thanks for the advice. I have Ad-aware & have used it to help find some of the remnants of the "offending" program(s). However, this line "My Web Speedbar Popswatter" in the Explorer Bar submenu of the "View" menu is what I cannot eliminate. Some of these adware programs are devilish in how they change things. Hard to clean up.

 

How comfortable are you editing your registry? See here.

 

With Internet Explorer closed Uninstall and fun-web products
via control panel addremove programs , editing the registry is not suggested at least for the uninitiated,, let the Uninstaller and perhaps a program do this for you perhaps a hijackthis Log
here the spiel

Post a log from HijackThis so our forum members can see
what's going on.The current version is 1.97.7 [created by merijn bellekom]

Get it here http://radiosplace.com/
choose save, NOT OPEN
Save it to a PERMANANT folder,(for example C:\hijackthis) double-click HijackThis.exe,
and hit "Scan ". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, load it in Notepad, and copy its contents here.
Most of what it lists will be harmless, even essential,DON'T fix anything yet please. Also If you've used it before please dont have anything excluded

Nice Link Daizy

 

Thanks for the replies. Looked in the registry, but did not find the same entries listed on the linked webpage, so I did not change anything. Very interesting page, but how do I learn everything about the registry in 10 or 15 minutes (yeah, right)
The Hijackthis results:
Logfile of HijackThis v1.97.7
Scan saved at 2:19:57 PM, on 3/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.provide.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1071351044421
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4FD766B4-F9F7-4922-A3A9-BE6E26E1E309} (CFileChk Object) - http://protect.microsoft.com/secure/controls/DoomChk.CAB
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37964.4653356482
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.uspsepm.com/crm/capicom.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Again, many thanks.

 

Only thing I see that needs fixing is But have IE closed beforehand >
>> If you dont want it >O9 - Extra button: Research (HKLM)
and
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm

The only thing I cant think of is if you custumized the toolbar and removed a button then its wouldnt show in a log and context menu item might be left behind ?
so put it back then fix it with hijackthis ?

Maybe the other's will have an idea given the description

 

In the right pane of Regedit, at the below Key, what do you see?

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar

Please note that in the right pane of Regedit there are two columns, with the headings of Name and Data.

 

Here are some registry entries of interest:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Name Type Data
Default REG_SZ (value not set)
{8E71888-423F-11D2-876E-00A0C(082467} Reg_BINARY 00


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars

Default REG_SZ (value not set)



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

Default REG_SZ (value not set)
Bar Size REG_BINARY 41 00 00 00 00 00 00 00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014DA6C1-189F-421a-88CD-07CFE51CFF10}

(Default) REG_SZ (value not set)
Compatibility Flags REG_DWORD 0x00000400 (1024)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014DA6C9-189F-421a-88CD-07CFE51CFF10}

(Default) REG_SZ (value not set)
Compatibility Flags REG_DWORD 0x00000400 (1024)

The last 2 entries relate to the link that Daizy suggested that had instructions for manually removing entries from the registry, although not exactly in the same branch, they relate to the same ActiveX control (I think, anyway).

Thanks Markp62, and Lonny, I'll try removing a button & see if that clears it up.

 

I have been successful in the past removing unwanted entries like yours just by scanning with RegSeeker. Since the program has been uninstalled, the registry key(s) pointing to various files will come up as 'obsolete entry' or 'invalid file or path'. If the 'clean registry' function doesn't find it, use the 'find in registry' function to locate and delete any references to it. May have to try different combinations of search words. Would probably have to close and reopen IE to see changes.

 

Have a look under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects and see what's there. Any {.....} keys listed can be found under HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID, and should give a clue to the intrusive menu item.

 

rambler: I looked at the registry key for browser helper objects and only found 1 reference, to my Adobe Acrobat Reader, which was listed in the CLSID section, like you said. I don't think that is the problem, the Reader works just fine. There are no problems with the MySpeedbar menu in that program. I just double-checked it
noahdfear: have installed & run the RegSeeker, but am amazed at what it found...all sorts of extensions and programs that I have not used; it will take a while to go through the list. There were only a few "orphaned" links, none with any literal connection to Fun Web Products or My Web Search or Popswatter.
I didn't know there were so many items in the registry & ways to foul up my new computer. All I wanted to do was use some "smiley faces" in my emails.
But thanks for all the help

 

Yes, RegSeeker finds alot. I have always run it, make sure backup is checked and deleted everything it finds. Then run again, and sometimes a third time before it comes up clean. I personally have never had any problems what-so-ever doing this with RegSeeker, although there have been others that have. Make sure to try the 'find in registry' feature to locate entries pertaining to the pesky critters.

If interested, there is a thread posted some time ago that was pretty detailed about some of the things RegSeeker tried to remove that were valid entries, and I could dig up a link for you.

 

Folks, thanks for all the help in trying to fix my problem, but I finally just did a clean re-install and by golly, got rid of that pesky varmit, as Elmer Fudd might have said. I am going to continue to use the Spybot-Search & Destroy, Ad-aware and Registry First Aid as my computer maintenance triad.
Sincere thanks, to all, for your time & effort.