Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - CoolOliver

Pages: [1]
1
RogueKiller / Re: Hidden.ADS - explorer.exe:$CmdTcID / Right-Click Menu is gone!
« on: January 19, 2016, 07:01:18 AM »
Hi Curson and Tigzy!

I did a lot of research on the Internet, installed and used a bunch of Anti-Malware (yes, some files were suspicious and some real malware but not really dangerous.)
I finally used your tool, called "TasksRun". Please, take a look at this screen capture, guys. Do you see something suspicious here?

Again guys, I really appreciate your help!


2
RogueKiller / Re: Hidden.ADS - explorer.exe:$CmdTcID / Right-Click Menu is gone!
« on: January 11, 2016, 11:18:14 PM »
Hello, Curson!

I did it already few days ago but... it doesn't work... sorry.  :-[
So again, just in case, here is my problem:


As you can see, if I right-click on an icon, on the Windows 10 Taskbar... there is an empty box and um, yeah... that's it, really.
I really don't know what's going on... I'm lost to be honest with you. BUT... I have absolutely NO problem or whatsoever if I right-click
on the Windows Desktop or for example on folders, programs... everything is fine. The right-click menu works fine and there is no delay,
no nothing and of course, I can run a program with "Run as administrator" --- I have this problem with the Windows 10 Taskbar, only.

(I don't know why we can't see my mouse cursor on this Screen Capture for some strange reason but you get the idea anyway, I think...)

Any idea, guys?...  ???

Once again, thanks a lot for your help, guys... really!
CoolOliver

3
RogueKiller / Re: Hidden.ADS - explorer.exe:$CmdTcID / Right-Click Menu is gone!
« on: January 10, 2016, 05:39:07 PM »
Hello, guys.

Thank you very much for your responses and thank you for the information, Tigzy!
Unfortunately, nothing work. So just in case, I opened regedit.exe and exported the "runas" section... what do you guys think about this?

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
  00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
  32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
  00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]
"HasLUAShield"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser]
@="@shell32.dll,-50944"
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]
@="Compatibility"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\CmdLineExt]
@="{F0407C3D-349C-42B9-B83E-821E31623DF9}"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\NvAppShExt]
@="{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C}"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\OpenGLShExt]
@="{E97DEC16-A50D-49bb-AE24-CF682282E08D}"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\PintoStartScreen]
@="{470C0EBD-5D73-4d58-9CED-E91E22E23282}"

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}]
@=""

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]
@=""

Once again, thank you very much for your help,  I really appreciate it!  :(
CoolOliver

4
RogueKiller / Re: Hidden.ADS - explorer.exe:$CmdTcID / Right-Click Menu is gone!
« on: January 06, 2016, 09:38:21 PM »
Hello, Curson.

Thank you very much for your response and your help!

Yes, I do have COMODO FIREWALL (only) installed on my computer. I am not really sure about your solution because your suggestion was to use ShellMenuView or RegDllView? I used RegDllView, just in case and as you can see, there is four missing files on my Windows/System32 folder which is of course, really annoying and strange... What do you think about it? (By the way, I have still no right-click menu if I click on icons, on the Windows task-bar).



Again, I really thank you in advance, Curson.

5
RogueKiller / Hidden.ADS - explorer.exe:$CmdTcID / Right-Click Menu is gone!
« on: January 02, 2016, 09:53:19 PM »
Operating System: Windows 10 (10.0.10240) 64 bits version
Program used: RogueKillerX64
Anti-Virus: Bitdefender Anti-Virus Plus 2016

Hello,

I tried today your software on my computer because I have two really strange issues: The Right-Click menu when I try to Run as an Administrator on the Task-bar icons is literally empty. I can see the "menu" box but there is no more commands in it... just an empty box, expect Open or Run but that's all. And when I click on a picture, it says something like "photoviewer.dll is not a valid win32 application."

Your Software find some issues but if I click on the Delete button, at the end it says:
No replacement found | [Hidden.ADS][[[ADS]]] C:\Windows\explorer.exe:$CmdTcID
Honestly, I was like: Wait, what?... The heck?! :o ...  um, are you kidding me? Hmm... >:(

I did of course some research on the Internet before that but I'm still literally stuck with this "Hidden.ADS" crap. I can't do anything to remove this stuff anymore. I also tried Malwarebyte, HerdProtect and many other programs out there, I mean MANY other programs, even Windows Repair (as an administrator, indeed). What can I do now and most importantly; how can I recover my Right-Click menu when I click on icons, on the task-bar and how to fix the PhotoViewer.dll too because I tried the regsrv32 command and tried also the SFC/SCANNOW command... no nothing, no corrupted files, no issues or anything like that. Well, according to Windows 10 anyway. This is really weird, isn't?... :'(

OK, here is the report:

************************************

RogueKiller V11.0.5.0 (x64) [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : bob [Administrator]
Started from : C:\Users\bob\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 01/02/2016 20:35:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][[[ADS]]] C:\Windows\explorer.exe:$CmdTcID -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 38 (Driver: Loaded) ¤¤¤
[IAT:Addr(Hook.IEAT)] (explorer.exe) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ user32.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ole32.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ shlwapi.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ msctf.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ shell32.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ uxtheme.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ dwmapi.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ comctl32.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ explorerframe.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ twinui.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ApplicationFrame.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ntshrui.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ NetworkExplorer.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ GdiPlus.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ stobject.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ batmeter.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ InputSwitch.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ prnfldr.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ authui.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ hgcpl.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ duser.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ werconcpl.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ Windows.Internal.Shell.Broker.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ CoreSync_x64.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ DropboxExt64.28.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ bdshellext.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ fshredctx.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ RarExt.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ WDContextMenuHandler.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ comdlg32.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ cavshell.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ syncui.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ nvapi64.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ dui70.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ UIRibbon.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ Mp3tagShell64.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000
[IAT:Addr(Hook.IEAT)] (explorer.exe @ NppShell_06.dll) gdi32!DeleteDC : Unknown @ 0x7ff9d9a80000

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SiImage  SCSI Disk Device +++++
--- User ---
[MBR] 925393a67b854881010d785b3b10133a
[BSP] ce319fb6e48e010e77555d689865ec78 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 686809 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive1: WDC WD10EADS-00M2B0 +++++
--- User ---
[MBR] f3c4f4e4206427766d62e2997f5d46f4
[BSP] 78766fa964bb992566fb2a6d7431ab8a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 998dcfb892c750f736f4286512afafe8
[BSP] 33b5e3cd6006c1550d745345851f5d42 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953859 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: KINGSTON SV300S37A240G SCSI Disk Device +++++
--- User ---
[MBR] 371158cd48cfe19cd47b2d455f7b07e6
[BSP] cff4b84e072c9c9773d0b0bdddd5b409 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 228935 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: INTEL SSDSA2M160G2GC +++++
--- User ---
[MBR] 9c42c00b6f4eb62782cbbb7fc96776c0
[BSP] c2e1dc03f373daf4482a2591c847ae4e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: WDC WD20EZRX-00D8PB0 +++++
--- User ---
[MBR] dd0f6844155e5daa73be52440e546055
[BSP] 1357a024c95c3b5816bbf738c798c2e8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive6: WDC WD20EZRX-00D8PB0 +++++
--- User ---
[MBR] 416e1fe56091204aef411557c5b6531b
[BSP] 05b893730d48b75d3922b2b68422782c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
************************************

Thank you in advance for your help and I wish you an Happy New Year 2016! :P
CoolOliver.

Pages: [1]