Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of "add event reminder" on right click menu


  • Please log in to reply
12 replies to this topic

#1 v33n33m

v33n33m

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 10:10 AM

hello I just upgraded to windows 10 recently and it's great so far but I have some lingering issues from a Windows 7 malware program that was removed awhile back.

 

When I right click on my desktop there is this an obsolete option to "add event reminder" I've tried all kinds of third party software to try and remove with no success. even tried reg edit:

 

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers couldn't identify anything out the norm (screenshot attached)

 

if I click on   "add event reminder" I get an explorer.exe error

 

I cannot figure this out and it is bothering me so much!!! 

 

Please help!! thanks in advance

 

attached are some screenshots let me know if you need anything else


Edited by v33n33m, 30 May 2016 - 10:14 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 May 2016 - 10:18 AM

I would use ShellExView by NirSoft to identify what extension is adding that option, and disable it. If you can get its location in the Registry, you can delete it as well.

http://www.nirsoft.net/utils/shexview.html

Edited by Aura, 30 May 2016 - 10:18 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 10:21 AM

Thanks i'm going to try that right now and let you know



#4 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 10:26 AM

Ok I ran the software and I'm suspicious of the highlighted context menu extension

 

see anything else weird?

 

file attached

 

Thanks! 



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 May 2016 - 10:40 AM

I don't think that's it. Are you able to save that ShellExView file (using the File menu), and upload it somewhere so I can download it and check it out?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 10:47 AM

I saved it as a .txt file and uploaded here:

 

https://www.dropbox.com/s/uunn2lkxzlkpm99/shellexview.txt?dl=0



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 May 2016 - 10:58 AM

It's really hard to read in a .txt format, but it seems like you cannot save it in another format that can be opened with ShellExView. Let's try something else.

Open a command prompt with Admin Rights, and copy/paste the following command inside:
reg query "HKEY_CLASSES_ROOT\Directory\Background" > "%userprofile%\Desktop\Export.txt"
This should create a file on your desktop called Export.txt. Copy/paste its content here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 11:08 AM

doesn't say much:

 

HKEY_CLASSES_ROOT\Directory\Background\shell
HKEY_CLASSES_ROOT\Directory\Background\shellex


#9 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 11:10 AM

This is what I found in regedit in those locations

 

 



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 May 2016 - 11:22 AM

Sorry, it seems like I forgot a parameter. Try this one:
reg query "HKEY_CLASSES_ROOT\Directory\Background" /s > "%userprofile%\Desktop\Export.txt"

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 11:28 AM

No worries! you are helping me and I really appreciate it! 

 

 
HKEY_CLASSES_ROOT\Directory\Background\shell
 
HKEY_CLASSES_ROOT\Directory\Background\shell\Add event reminder
    Icon    REG_SZ    C:\Program Files (x86)\Note-up\Note-up.ico
 
HKEY_CLASSES_ROOT\Directory\Background\shell\Add event reminder\command
    (Default)    REG_SZ    C:\Program Files (x86)\Note-up\Note-up.exe /addnew
 
HKEY_CLASSES_ROOT\Directory\Background\shell\cmd
    (Default)    REG_SZ    @shell32.dll,-8506
    Extended    REG_SZ    
    NoWorkingDirectory    REG_SZ    
 
HKEY_CLASSES_ROOT\Directory\Background\shell\cmd\command
    (Default)    REG_SZ    cmd.exe /s /k pushd "%V"
 
HKEY_CLASSES_ROOT\Directory\Background\shellex
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx
    (Default)    REG_SZ    {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\DropboxExt
    (Default)    REG_SZ    {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Gadgets
    (Default)    REG_SZ    {6B9228DA-9C15-419e-856C-19E768A13BDC}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\igfxcui
    (Default)    REG_SZ    {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\igfxDTCM
    (Default)    REG_SZ    {9B5F5829-A529-4B12-814A-E81BCB8D93FC}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New
    (Default)    REG_SZ    {D969A300-E7FF-11d0-A93B-00A0C90F2719}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\NvCplDesktopContext
    (Default)    REG_SZ    {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\Sharing
    (Default)    REG_SZ    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
 
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\WorkFolders
    (Default)    REG_SZ    {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}

Edited by v33n33m, 30 May 2016 - 11:37 AM.


#12 v33n33m

v33n33m
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:01:16 PM

Posted 30 May 2016 - 11:35 AM

GOT IT!!! that was it!

 

Removed 

 

HKEY_CLASSES_ROOT\Directory\Background\shell\Add event reminder
    Icon    REG_SZ    C:\Program Files (x86)\Note-up\Note-up.ico
 
HKEY_CLASSES_ROOT\Directory\Background\shell\Add event reminder\command
    (Default)    REG_SZ    C:\Program Files (x86)\Note-up\Note-up.exe /addnew
 
 
via reg edit
 
Truly grateful! it was driving me nutz

Edited by v33n33m, 30 May 2016 - 11:37 AM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 30 May 2016 - 11:36 AM

No problem v33n33m, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users