Solved trojan.zlob activity~shell32.dll icons have gone.

I've checked my wife's account and gone in to Safe Mode to check the admin account and they are unaffected so it restricted to my account.

Pasting that line into run only opened a search window so I right clicked and opened my way to the folder and deleted iconcache.db, the file was recreated after a reboot.

There has been no noticeable change to the situation.

Paul

 

If you're not opposed to it, I'd like to get a copy of your user hive for examination.

Logon to an account other than yours (make sure your's is not logged on), then open the Docs and Settings\yourusername folder. Right click the file ntuser.dat and send it to a zipped folder. Email the ntuser.zip file to me.

 

OK that's on it's way. The file folder behaviour, opening a search box, has now spread to the admin and my wife's account, I didn't check for this earlier, but the icons are still correct in both of the other accounts and wrong in my own.

The file folder thing appears to have been as a result of installing SP3 with VLC media player.

We'll see.

Thanks

Paul

 

Thanks! I'll let you know what I find, if anything.

I still suspect the opening search behavior is due to shell32.dll .... whether a result of installing/uninstalling SP3 or the previous update I'm unsure. While waiting on me to check the hive (not sure how long that will take), take another shot at installing SP3, now that the VLC player is out of the mix.

 

I've installed SP3 and apart from the original icon problem all seems well.

I've fixed the "clicking folder opens search" issue which was apparently caused by my attempt to fix the "clicking folder opens VLC Media Player" issue. I found the solution here:

http://www.windowsbbs.com/windows-x...r-opens-search-instead-containing-folder.html

There's a link there to the Microsoft article on the issue.

So the good news is we are only left with the original icon problem. If that's good news

Paul

PS: I just read that thread all the way down and found out there's a script available to fix it.

 

Glad you found that fix ..... I have that in my fixes folder too. For some reason, I was thinking the regsvr32 command would do the same thing. Guess I'll have to do some backtracking to see why I was under that impression. Maybe I was confusing it with an icon fix.

OK ........ back to the original icon problem you say. Does that mean they look just like they did in the image you posted? Or is it just the Other Places menu?

 

It's exactly the same as the screenshot.

Paul

 

Please, one more time now, go through the steps of setting a different display resolution and theme.

I would also like you to check the Default value located at the following registry keys.

HKEY_CLASSES_ROOT\Directory\DefaultIcon
HKEY_CLASSES_ROOT\Folder\DefaultIcon

They should both be %SystemRoot%\System32\shell32.dll,3


Now, at the following location, I'd like you to add a value.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

Click the Approved key to select it.
Right click in the right pane and select New>String Value
Copy the following bolded text and paste it into the value's name (you'll notice there's an Approved subkey with the same name as this value).

{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

Now click a blank space.
Now double click the new value and enter the following information.

Web Folders

Click OK.

Exit the registry and see if there's any change after restart.

 

You mentioned the recycle bin icon not being quite right. Navigate to the following key.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon

The values should be as follows.

Default = %SystemRoot%\SYSTEM32\shell32.dll,32
empty = %SystemRoot%\SYSTEM32\shell32.dll,31
full = %SystemRoot%\SYSTEM32\shell32.dll,32

A logoff might be required to see the effect.

 

In reply to your first post. The change of theme and resolution had no effect.

I checked the values for the directory and folder defaulticon. Directory had the expected value but folder was blank. I added the value to folder and rebooted but it's had no effect. Here are the current values to confirm:

I edited the approved key following your instructions and rebooted but no effect

I'll try the Recycle Bin key now. Back in a tick.

Paul

 

I need some guidance with the Recycle Bin key, this is what the exported key looks like ATM

I'm not sure where to edit.

Paul

 

Lets do it this way. Highlight and copy the contents of the code box below.

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
 "full "=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,59,53,54,45,4d,33,32,\
  5c,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,33,32,00
 "empty "=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,59,53,54,45,4d,33,32,\
  5c,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,33,31,00
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,59,53,54,45,4d,33,32,5c,73,\
  68,65,6c,6c,33,32,2e,64,6c,6c,2c,33,32,00

Open a blank notepad and paste the text into it.
Save it to your desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Double click the reg file to merge it with the registry.
Logoff/logon to see the effect.

Please export the HKEY_CLASSES_ROOT\Folder key for me and post it here.

 

The Recycle Bin is still the same after applying the fix. "Blank" when it's empty but the correct icon when I put something in it.

Here's the HKEY_CLASSES_ROOT\Folder key:

 

I've just sent you a zip file. Found a couple other items out of whack in your hive.

I'll look over the folder export now and let you know if I see anything.

 

Ok, the emailed file does not seem to have made any difference.

Paul

 

OK, you need to create another reg fix with the contents of the code box below and merge it into the registry.

Code:

REGEDIT4

[HKEY_CLASSES_ROOT\Folder]
 "BrowserFlags "=dword:00000008

[HKEY_CLASSES_ROOT\Folder\DefaultIcon]
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,\
  68,65,6c,6c,33,32,2e,64,6c,6c,2c,33,00

[HKEY_CLASSES_ROOT\Folder\shell]
@= "open "

Better get an export of the HKEY_CLASSES_ROOT\Directory key too.

 

That fix had no discernible effect. My computer is rebooting slicker than a greased weasel with all this cleaning though. Every cloud.....

Here's HKEY_CLASSES_ROOT\Directory, posted in CODE tags because of smilies.

Code:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory]
@= "File Folder "
 "AlwaysShowExt "=" "
 "EditFlags "=dword:000001d2
 "InfoTip "= "prop:DocComments "
 "BrowserFlags "=dword:00000008

[HKEY_CLASSES_ROOT\Directory\Background]

[HKEY_CLASSES_ROOT\Directory\Background\shellex]

[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\00nView]
@= "{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "

[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\InCDMenu]
@= "{950FF917-7A57-46BC-8017-59D9BF474000} "

[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New]
@= "{D969A300-E7FF-11d0-A93B-00A0C90F2719} "

[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\NvCplDesktopContext]
@= "{A70C977A-BF00-412C-90B7-034C51DA2439} "

[HKEY_CLASSES_ROOT\Directory\DefaultIcon]
@= "C:\\WINDOWS\\System32\\shell32.dll,3 "

[HKEY_CLASSES_ROOT\Directory\shell]
@= "none "

[HKEY_CLASSES_ROOT\Directory\shell\find]
 "SuppressionPolicy "=dword:00000080

[HKEY_CLASSES_ROOT\Directory\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,00,00

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec]
@= "[FindFolder(\ "%l\ ", %I)] "
 "NoActivateHandler "=" "

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application]
@= "Folders "

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic]
@= "AppProperties "

[HKEY_CLASSES_ROOT\Directory\shellex]

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\7-Zip]
@= "{23170F69-40C1-278A-1000-000100020000} "

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EncryptionMenu]
@= "{A470F8CF-A1E8-4f65-8335-227475AA5C46} "

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Offline Files]
@= "{750fdf0e-2a26-11d1-a3ea-080036587f03} "

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Sharing]
@= "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ShellExtension]

[HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinRAR]
@= "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers]

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF]
@= "{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
@= "{217FC9C0-3AEA-1069-A2DB-08002B30309D} "

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments]
@= "{ECF03A33-103D-11d2-854D-006008059367} "

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
@= "{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "

[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\VPCHostCopyHook]
@= "{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "

[HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers]

[HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\7-Zip]
@= "{23170F69-40C1-278A-1000-000100020000} "

[HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\WinRAR]
@= "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\Sharing]
@= "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}]

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
@=" "

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]

[HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}]
@=" "

 

Another reg file to create and merge.

Code:

REGEDIT4

[HKEY_CLASSES_ROOT\Directory\DefaultIcon]
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,\
  68,65,6c,6c,33,32,2e,64,6c,6c,2c,33,00

 

Done. Again it does not seem to have made a difference.

Paul

 

The reg fixes might allow the display settings trick to work. Please try toggling it again.

Check the Directory and Folder Default Icon keys again for the values I posted previously. They should have a Default setting of the type REG_EXPAND_SZ equal to %SystemRoot%\System32\shell32.dll,3