Solved trojan.zlob activity~shell32.dll icons have gone.

OK Dave, thanks for everything. Sleep well.

Paul

 

Highlight and copy the contents of the code box below, then paste it into a command window.

Code:

reg query HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103} /s >peek.txt
reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103} /s >>peek.txt
echo. >>peek.txt
echo HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache >>peek.txt
reg query HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache /s | findstr /i  "shell32.dll" >>peek.txt
start notepad peek.txt
exit
cls

Post the contents of the text file that opens.

Paste the following command in the Run dialog then hit Enter.

regsvr32 mydocs.dll

See if there's any change after logoff or reboot.

Please right click on shell32.dll and select Send To>Compressed (Zipped) Folder
It will create shell32.zip in the same folder.
Please attach that zip file to an email and send it to me please. I'd like to check it for corruption.

 

Hi

Sorry, I've been away from the computer for a while. Here's the results of your first request:

Logging off to do the other stuff now.

Paul

 

Ok

I got the dialogue that regsvr32 in mydocs.dll succeeded but there is no change after a reboot. I'll zip up the dll and email it to you now.

Thanks

Paul

 

Something not right with that output. See mine here.

Lets make sure it's not just notepad's formatting. Please open any existing text file with notepad, click Format on the menu, then deselect Word Wrap.
Close the text file and save the changes, if prompted.
Reopen it and see if Word Wrap remains deselected.
Once done, please repeat the procedure to produce the log again, then post it here in the same fashion (in a quote box).

 

OK, word wrap deselected:

 

That looks better.

I only see one value there that doesn't seem to fit. I've checked three other machines and none of them have it. It's the following entry under the MUICache section.

C:\WINDOWS\system32\shell32.dll REG_SZ Windows Shell Common Dll

I frankly don't know if it will correct the situation, but it's certainly worth a try. Are you comfortable editing the registry, or would you prefer I write a script to export the key for backup, then remove the value with the script?

I thought I had maybe stumbled onto another possibility and did some testing, without results, though your results might differ from mine due to configuration, installed software, etc etc. So, we'll explore that possibility anyway.

Please open Add/Remove programs and check the box labled Show Updates.
Close Add/Remove, then re-open.
See if you have installed KB943460

 

I'm happy editing the registry. I don't know how to export an individual key but I exported the whole thing and removed the value. After a reboot there was no noticeable effect. Should I restore the value?

I do have this update, it was installed on 28 February 2008.

Paul

 

I wouldn't worry about restoring that entry. Again, 3 other machines I've checked don't have it.

FYI, to export an individual key, select the key, right click on it, then select Export.

The update in question replaced shell32.dll with the version you have now. I found a number of issues reported with it in relation to icons, though not matching yours exactly. I installed the update on another machine with no ill effect. I also replaced the shell32.dll with your copy, again, with no ill effect. That's still no guarantee it isn't the culprit on your own machine. It might be worth a shot to uninstall the update and see if it gains any favorable result.

Another option would be to install Service Pack 3, which should update shell32.dll to yet another version.

I'll do some more digging too.

 

Ok I'll uninstall the update and see what I get.

I was actually holding off installing SP3 until this was sorted out but I think I will go ahead. I'll let you know any results.

Paul

EDIT: Removing the security update had no noticeable effect. I'm going to take the plunge and install SP3 now.

 

Hi Dave

That took a while because I made myself a couple of Bootable, slipstreamed XP3 Cds, following the instructions on Helpwithwindows.com, before I installed SP3.

I installed SP3 directly from the downloaded executable. At first nothing seemed to have changed but unfortunately things are worse. I tried to open a folder and VLC Media Player launched. I have checked the file types tab in Folder Options and the entry under File Folder has the following:

When I highlight these the Edit & Remove buttons remain greyed out. "Confirm open after download" and "Always show extension" are checked. "Browse in same window" is greyed out.

HEEEELLLLLPPP!!!

Paul

 

I don't know anything about the VLC Media Player. Suggest you go to Add/Remove and uninstall SP3. Let me know how things are after reboot.

 

Ok, I uninstalled SP3, rebooted and the VLC Media Player association is still in place. I'm happy to uninstall VLC if you recommend it. I only used it once to watch a German movie with English subtitles from a separate file.

paul

 

Well, if you never use it .........

Did you happen to notice if there was any change in the icons after installing SP3?

Please re-iterate for me, exactly which icons are not diplaying properly.

 

I got rid of it. Now if I left click on a folder it opens a search window. If I right click and choose "Open" it opens as normal.

"My Documents" and "My Computer" have their correct icon in the "Other Places" section of the folder sidebar. This was the only change I noticed.

Empty Recycle Bin (If I put something in it I get the correct icon), Microsoft Virtual PC on the Start Menu, Folders on the Desktop, in windows and on the taskbar (they show correctly in save dialogues etc.) My Network places. Here is a screenshot, the 'blank' icon in Quick Launch is "Recycle Bin ".

I think that's all of them.

Paul

 

Enter the following command in the Start>Run dialog and press enter, then reboot.

regsvr32 shell32.dll

 

Done.

I got the dialogue "DLLRegisterServer in Shell32.DLL Succeeded" and rebooted.

No noticeable change.

Paul

 

Does left clicking folders still open Search?

Open My Computer and select Tools>Folder options on the menu.
Select the File types tab.
Select File Folder in the list and click Advanced.
Click Change icon.
It should open shell32.dll .... browse to and select the proper icon and click OK all the way out.

 

Yes, left click still opens search.

Choosing the correct icon for File Folder has no effect, even after a reboot.

Paul

 

Please verify for me again that this is restricted to your user account only.

Lets do the iconcache.db routine once more too. Paste the following bolded line in Start>Run then hit enter.

"%userprofile%\Local Settings\Application Data "

Delete the file IconCache.db (you will need hidden files and folders showing)
Reboot for the file to be recreated (verify it is indeed recreated).