I run Windows XP Professional with SP2 and IE6.0
Since past 2-3 days, Address bar is missing in more than one application.
PROBLEM -1:
1. On my Internet Explorer 6.0
2. Explorer
3. Desktop Taskbar's Address Toolbar
PROBLEM-2:
Only once instance of Internet Explorer can run. If I have a pop up the originating instance dies automatically!!
I think some spyware has run havoc. How do I recover. I have checked most of the registry keys
HKCU/SOFTWARE/MICROSOFT/INTERNET EXPLORER
HKCU/SOFTWARE/POLICIES/MICROSOFT
HKCU
Any suggestions, what is the best way to restore stuff.
Thanks in advance.
Thanks Dan. I did try what that MSDN KB said and many other, like trying to re-register all the DLL's that iexplore.exe loads etc. No luck. Also I tried to remove and add IE as a windows component. But nope no luck.
Finally browsing through the thousands of registry keys did the trick.
Here is what which solved the problem:
The SPYWARE / HACKING made changes to the CLSID of the Addressbar ({01E04581-4EEE-11d0-BFE9-00AA005B4383} ):
Default value type of InProcServer32 from "hex(2)" to "hex".
Modified the dll that implemnts the CLSID from "%SystemRoot%\system32\browselc.dll" to "browseui.dll" without path.
An APPID was added to the Addressbar CLSID which interestingly points to the same GUID!!
**************************************** ORIGINAL AS SHIPPED MY MICROSOFT **************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}]
@="&Address"
"MenuTextPUI"="@browselc.dll,-13137"
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,62,\
00,72,00,6f,00,77,00,73,00,65,00,75,00,69,00,2e,00 ,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
************************************************** ************************************************** ************************************************** ***
**************************************** HACKED BY SPYWARE **************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}]
@="&Address"
"MenuTextPUI"="@browseui.dll,-13137"
"AppID"="{01E04581-4EEE-11D0-BFE9-00AA005B4383}"
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
[HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InProcServer32]
@=hex:25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52 ,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d ,00,33,00,32,00,5c,00,62,\
00,72,00,6f,00,77,00,73,00,65,00,75,00,69,00,2e,00 ,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
************************************************** ************************************************** ************************************************** ***
Since the default key type has been changed, if we have to reinstate the original state, delete [HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}] key and run the original piece of registry script given above. It will reset the system back to its original state.
Thanks and Best Reards,
Powered by vBulletin™ Version 4.1.0 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.