Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows NT, 2000, 2003
Reload this Page Windows is searching for {416651E4-9C3C-11D98BDE-F66BAD1E3F3A} to locate the file you
Register Blogs FAQ Calendar Search Today's Active Topics Mark Forums Read

Notices
If you are experiencing difficulties posting your question please read our FAQ, or visit our site help that has adobe flash tutorials illustrating the question/reply process.

Closed Topic
 
Topic Tools
  #1  
Old September 23rd, 2007, 11:05 PM
Danski Danski is offline
New Member
  
Join Date: Sep 2007
Posts: 4
Windows is searching for {416651E4-9C3C-11D98BDE-F66BAD1E3F3A} to locate the file you
I'm struggling with finding out why the following occurs on my PC and how to fix it.

Recently installed Microsoft Remote Desktop Connection which seemed to go perfectly ok, and when launched I get the following message.

Windows is searching for {416651E4-9C3C-11D98BDE-F66BAD1E3F3A} to locate the file yourself click browse.

I've googled this string and see it related to Nokia PC Suite amongst others which I do have installed. It seems to be working fine.

My Belkin USB 2 Bluetooth adaptor has also stopped working but I'm not sure if this is related or just coincidance

If I click browse I can't find this string in any folder.

If wait for it to stop searching I get the following:

The item ‘{416651E4-9C3C-11D98BDE-F66BAD1E3F3A}’ that this shortcut refers to has changed or moved, so this shortcut will no longer work properly Do you want to delete the shortcut?

I say no at this point.

Have searched the registry with registry first aid and found the 8 entries shown in the txt file extract below (also HijackThis log):

RFA has been run and keys deleted on several occasions, but I'm pretty confident I haven't deleted this key (since it seems to be there in abundance!). To check I looked through previous registry back-ups taken before deleting anything and strangely I can't find this entry in any of them!

Any bright ideas????

Windows 2000 SP4
5.00.21.2195
Many Applications


Registry First Aid 6.0.0 build 1376 *** www.registry-repair-software.com ***
Found invalid entries
Created: 23/09/2007 21:01:49

===============================================
*** String Matches *** Total found entries: 8
0 Key: "[HKEY_CURRENT_USER] Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU"
Match is in the value data: ""000"" = ""{416651e4-9c3c-11d9-8bde-f66bad1e3f3a}""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651e4-9c3c-11d9-8bde-f66bad1e3f3a""

1 Key: "[HKEY_CURRENT_USER] Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached"
Match is in the value name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} {00000000-0000-0000-C000-000000000046}""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

2 Key: "[HKEY_CURRENT_USER] Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached"
Match is in the value name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} {000214E6-0000-0000-C000-000000000046}""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

3 Key: "[HKEY_CURRENT_USER] Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached"
Match is in the value name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} {10DF43C8-1DBE-11D3-8B34-006097DF5BD4}""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

4 Key: "[HKEY_LOCAL_MACHINE] SOFTWARE\Classes\CLSID\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"
Match is in the key name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

5 Key: "[HKEY_LOCAL_MACHINE] SOFTWARE\Classes\Directory\shellex\CopyHookHandler s\Nokia"
Match is in the value data: ""(Default)"" = ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

6 Key: "[HKEY_LOCAL_MACHINE] SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \MyComputer\NameSpace\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"
Match is in the key name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

7 Key: "[HKEY_LOCAL_MACHINE] SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"
Match is in the value name: ""{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}""""
<Safe>
Correction: "Leave the entry without change"
Correction: [0] "Leave the entry without change"
Correction: [1] "Delete the entry"
Correction: [2] "Cut substring "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A""

and HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:54:46, on 23/09/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\MXOALDR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\DownloadsII\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://danbidgood.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/219a04f7...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171725458090
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
  #2  
Old September 24th, 2007, 07:51 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
  
Join Date: Oct 2001
Location: New Zealand
Posts: 48,422
Topic closed. Duplicate, see here.
__________________
Moderator: Vista Forum

Microsoft MVP - Windows Desktop Experience 2004-2008

If we have helped you, please consider supporting Cyber Tech Help with a subscription

Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you.

How to help prevent re-infection
Closed Topic

Bookmarks

« Previous Topic | Next Topic »
Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 02:20 AM.

[ RSS ]