problem: IE6 custom explorer bars got lost

[sergey v]

Recently have found that all custom explorer bars in my IE6 got
lost/disabled.

In "View -> Explorer Bars" now I have only Search, Favorites, Hostory and
Folders.
I am missing the custom ones - like "Discuss", "Research" and especially
"HTTP Watch" (3rd party add-in).

What can be the reason? I do not remember I was doing something wrong on my
computer


Configuration

* IE Version: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
Update Versions: SP2; 3283

* Advanced Options -> Enable Third-party browser extendions: enabled

* Tools -> Manage Add-ons: all are enabled

 

[sergey v]

Yes, some more info - there are buttons in toolbar for some of them (like
"Research" and "Discuss"), but they do not work too

 

[Jan Il]

Hi sergey

Sometimes the Toobar menu can become corrupted. Sometimes it is due to
spyware or some other type of malware. Try the following and see if it
helps:

Toolbar Missing:

To restore your Toolbar, right click the mouse button on any open area of
the Toolbar. You should see a list of tool bars, click on Standard Buttons
and see if this restores your toolbar.



How to reset IE Toolbar Menu
http://toolbar.google.com/fixmenu


If that does not work for you, then try the following and see if it helps.
Even if you have already run some programs, run them again according to the
instructions in the information below to thoroughly clean you system. Some
variants of malware can replicate itself and return repeatedly if not
cleaned properly. It is best to read through all the information before you
start to know before hand what you need to do and how. Follow all
instructions to letter as much as possible.



WARNING>>>> Backup all documents and files before removing any spyware!!



Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
What you can do about spyware and other unwanted software
http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Also very important, be sure to use the HijackThis. Please DO NOT post your
log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also….. From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.



Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Ramesh, MS-MVP]

I think "Discuss" & "Research" are Office components. Did you remove Office
lately?

 

[sergey v]

Still have no solution for that problem.
It looks like smth was currupted in IE. I've traced how it looks for
components implementing 'explorer bar' interfaces - it queries the same
component for same implemented catogory -
00021493-0000-0000-C000-000000000046 = for a vertical Explorer Bar - but i
have the horizontal Explorer Bar and it does not try to find it

5961 3.73939206 iexplore.exe:3660 OpenKey
HKCU\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB} NOTFOUND
5962 3.73945893 iexplore.exe:3660 OpenKey
HKCR\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB} SUCCESS Access: 0x2000000
5963 3.73953517 iexplore.exe:3660 OpenKey
HKCU\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB}\Implemented
Categories\{00021493-0000-0000-C000-000000000046} NOTFOUND
5964 3.73958313 iexplore.exe:3660 OpenKey
HKCR\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB}\Implemented
Categories\{00021493-0000-0000-C000-000000000046} NOTFOUND
17622 5.05046073 iexplore.exe:3660 OpenKey
HKCU\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB} NOTFOUND
17623 5.05052669 iexplore.exe:3660 OpenKey
HKCR\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB} SUCCESS Access: 0x2000000
17624 5.05060303 iexplore.exe:3660 OpenKey
HKCU\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB}\Implemented
Categories\{00021493-0000-0000-C000-000000000046} NOTFOUND
17625 5.05076521 iexplore.exe:3660 OpenKey
HKCR\CLSID\{2B4C4770-27FD-4A09-B17D-33CA580965FB}\Implemented
Categories\{00021493-0000-0000-C000-000000000046} NOTFOUND

 

[Guest]

I had what sounds like the same problem. After banging my head against the
wall searching the web for a solution and trying different things on my
computer, I installed 2 spware removal software packages: Spy Sweeper 3.5 and
Spybot 1.2. I used Spy Sweeper first and it found and removed what it
identified as spyware (see list below). When it removed CWS-AboutBlank, I
briefly was able to access my custom explorer bar menu items (Tip of the Day,
Discuss, etc.). But when I rebooted, they were lost again. After running
Spybot (see list below for items fixed by Spybot), not only did I get back
the items that were in the "custom" lower portion of the explorer bar
submenu, I got additional items in the upper portion. In summary, before I
ran the spyware removal I had 5 items (Search, Favorites, Media, History,
Folders) in the explorer bar submenu and the lower portion of the submenu
(below where there had been a separator) was missing. After the spyware
removal I have 8 items in the upper portion and 4 in the lower.

Note: I am running win2000 service pak 4 and IE 6.0.2800.1106

Also, the post by Jan also targets spyware as the culprit. She seems to know
a great deal more about it than I. (note: the Google fixmenu did not help in
my case). Also, since Jan notes that there can be problems once spyware is
removed, remember to have a current backup or image of your disk, or GoBack
installed, before removing the spyware. Jan mentions the LSPFIX also. My
spyware removal seems to have gone without a hitch.

I hope this helps. Please post to let me know if it does. Best of luck.


SPY SWEEPER fixed these:

CWS-AboutBlank (Adware)
CWS-AboutBlank is a CoolWebSearch variant that may hijack Internet Explorer
settings.

Doubleclick Cookie (Cookie)
Doubleclick is a cookie capable of tracking Web site visitors and their
personal preferences.

Eacceleration (Adware)
Eacceleration collects information about webpages you visit as well as
delivers pop-up advertisements.

ICUSurf (System Monitor)
ICUSurf is a monitoring program that records all of your Web activity.

QuestionMarket Cookie (Cookie)
Questionmarket is a cookie capable of tracking Web site visitors and their
personal preferences.

SexList Cookie (Cookie)
Sexlist is a cookie capable of tracking Web site visitors and their personal
preferences.

SexTracker Cookie (Cookie)
SexTracker is a cookie capable of tracking Web site visitors and their
personal preferences.

SmartTags (Adware)
MSN SmartTags is a browser helper object that highlights relevant words and
redirects you to an MSN-owned site when you click on them.

Travelocity.com Cookie (Cookie)
Travelocity is a cookie capable of tracking Web site visitors and their
personal preferences.

Valueclick Cookie (Cookie)
Valueclick is a cookie capable of tracking Web site visitors and their
personal preferences.

x10 Cookie (Cookie)
X10 is a cookie capable of tracking Web site visitors and their personal
preferences.



SPYBOT fixed these:

Alexa Related: What's related link
C:\WINNT\Web\RELATED.HTM

DSO Exploit: Data source object exploit
HKEY_USERS\S-1-5-21-1708537768-1677128483-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3

DSO Exploit: Data source object exploit
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004=W=3

Gator: Tracking cookie or cookie of tracking site
C:\Documents and
settings\Administrator\Cookies\[email protected][2].txt