Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

shortcuts and some menu items do not work (XP pro) 1

Status
Not open for further replies.
chadroeder

chadroeder

Technical User
Feb 26, 2003
55
US
Hey gang, I'm not sure how common this problem is, but I've found numerous "solutions", none of which works. XP pro, desktop icons do not work. After clicking, all icons disappear, then reappear, but no "target" appears. Same with start menu. I smell a registry problem, and I've tried running sfc /scannow, but it prompts for a disc and of course i don't have one! I've heard about extracting a new Explorer.exe, but am not sure how to do this...any suggestions? I am grateful in advance,

Chad Roeder
 
Sort by date Sort by votes
Thanks, Carr, I'll check it out---by the way, I cannot do a simple "restore" because i wiped the restore points to get rid of a trojan!
 
Upvote 0 Downvote
The doug knox file extension fix doesn't seem to have helped, but thanks anyway.

CR
 
Upvote 0 Downvote
The trojan messed with something in the registry. Google on that trojan for specific fixes for it.

Jon

There is much pleasure to be gained from useless knowledge. (Bertrand Russell)
 
Upvote 0 Downvote
I am with Jon on this. I really think you need to investigate a lot more whether a trojan/worm is the root cause of your problem.

You did not get a clean install, and/or you have added problems with worms/trojans since.

Do at least two from smah's FAQ, (I recommend Trend Micro and Panda): faq760-3862

Do this no matter how up-to-date you believe your current virus scanner may be.

Then, if the problem persists, run Hijack This!, and do a scan, then Fix:
If the problem persists, run Hijack again and post the log file here.
 
Upvote 0 Downvote
ok...here is the log file...can you make heads or tails of it? thanks again! (and thanks for the tip on hijack this!)

CR

Logfile of HijackThis v1.97.3
Scan saved at 4:07:43 PM, on 10/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\hpnra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\BOB\Application Data\rara.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\system\Msm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\BOB\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSM Helper - {1E1B2879-88FF-11D2-8D96-000000000003} - C:\WINDOWS\system\SSocks5.dll
O2 - BHO: Socks5 Helper - {1E1B2879-88FF-11D2-8D96-D7ACAC95951A} - C:\WINDOWS\system\Lid.dll
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\BOB\LOCALS~1\Temp\resklih.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Scis] C:\Documents and Settings\BOB\Application Data\rara.exe
O4 - Global Startup: 2.bat
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O9 - Extra button: PopUp Inspector (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector (HKCU)
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O17 - HKLM\System\CCS\Services\Tcpip\..\{0E48DFE1-2AF0-4F43-8C61-8002DB2A2F49}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E48DFE1-2AF0-4F43-8C61-8002DB2A2F49}: NameServer = 4.2.2.1,4.2.2.2
O19 - User stylesheet: c:\windows\system.css
 
Upvote 0 Downvote
My comments, this is not an absolute kind of deal. Some of these are user choice. Some are not.

Not needed: (Mark for deletion)

C:\Documents and Settings\BOB\Application Data\rara.exe
C:\WINDOWS\system\Msm.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
O2 - BHO: Socks5 Helper - {1E1B2879-88FF-11D2-8D96-D7ACAC95951A} - C:\WINDOWS\system\Lid.dll
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\BOB\LOCALS~1\Temp\resklih.dll

Please remove these entries and then do a thorough virus/worm/trojan scan.
 
Upvote 0 Downvote
Thank you for the advice. I thought those entries looked a little "shady" after deleting them, the problem has ceased. Thank you again.

CR
 
Upvote 0 Downvote
Not laying claim to this mess huh? LOL

For sure your search page is hijacked.
I don't like this either:
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\BOB\LOCALS~1\Temp\resklih.dll

A BHO is a browser helper or add-on. What is this and why is it starting from your temp folder?

these either:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
But, these are not the big problem you have. What was the trojan you "fixed"? That is only half done, you need to get this finished first.

Jon

There is much pleasure to be gained from useless knowledge. (Bertrand Russell)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Locked
  • Question
DVD Player - FREE (keyboard shortcuts) 1
Replies
6
Views
989
Andrzejek
Andrzejek
Flinx
  • Locked
  • Question
backup fails with error code 0x81000019 and possible fix 1
Replies
5
Views
2K
Flinx
Flinx
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
900
pjw001
pjw001
Miluis
  • Locked
  • Question
What application do you use
Replies
8
Views
705
2ffat
2ffat
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
1K
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top