re: frozen start menu and icons
Thursday, October 27, 2005 at 8:46 am
Windows XP Annoyances Discussion Forum
Posted by jcw
(5124 messages posted)
1) Returning to your paragraph 4 in your prior post, use regedit to see if you still
have any "style2" registry key at:
-- HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify
(where HKLM = HKEY_LOCAL_MACHINE)
-- HKEY_CURRENT_USER\Software\Microsoft
If you do, delete them. Don't reboot. Remain in safe mode.
1A) If you haven't already done so, delete these registry keys using regedit:
-- HKEY_CLASSES_ROOT\CLSID\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
-- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
(where HKLM = HKEY_LOCAL_MACHINE)
2) You mentioned looking for all of the files I had listed except: Q50502281.dll
If you didn't do so before, look for - and if found, delete - that file in the
following 4 folders:
--> Windows, Windows\system, Windows\system32, Program Files\Windows NT
and also in the registry editor (regedit).
In deleting that file from any of the above 4 folders, bypass the Recycle bin
by holding down the
keyboard Shift key while performing the deletion.
3) If I didn't ask you to do this before, review the entire Program Files directory
for any folders whose
names are unfamiliar or suspicious to you.
4) Open under Control Panel the Add or Remove Program applet to see if there are
listed any programs
that you don't recognize or appear suspicious.
5) Type MSCONFIG in the Run box of the Start box and press Enter.
Click on
its Startup tab, and review the list of things checked that are supposed to start
automatically when WXP
starts. Anything there look unfamiliar and suspicious to you?
-- Also look in Task Manager, on the Applications tab and the Processes tab,
anything there look unfamiliar and suspicious to you?
6) Try again to delete in safe mode this file (which I assume you uncovered as
being suspicious) that
you couldn't delete from the WINNT directory before: Q3683875.dll. Successful?
I'm concerned that your WINNT directory has become a haven for the malicious
files. You said you
have that directory because you installed XP over W2k (not a good practice, btw).
How big is that directory
at this point? To the best of your knowledge, is it being used at all? Do you recognize
everything in it, or
conversely are there things in it that appear suspicious? I'd really like to delete
the whole folder, and I would
think you wouldn't need or miss it, but . . . . And if it's too big, it will be difficult
to copy it to removable
media. Let me know the answers to my questions before proceeding with the next steps.
If you don't want
to wait, then at least first review the contents of the WINNT directory for anything
that looks suspicious to
you, and delete suspicious items; if really in doubt, you could copy such items to
a blank diskette first and
then delete them. (Note: if you make such a copy, when you are sure you don't need
to restore the copied
items, delete them from the diskette and then do a long format of the diskette.)
7) Open your hosts file with this command in the Run box on the Start menu (note
the space before the
first %): NOTEPAD %SYSTEMROOT%\SYSTEM32\DRIVERS\ETC\HOSTS
Hopefully all that you will see there are about 18 lines, each preceded by the
# sign, of introductory
explanatory material from Microsoft, followed by this line:
127.0.0.1 local host
If you find anything else there, let me know, e.g.:
127.0.0.1 www.website-name.com
0.0.0.0 www.website-name.com
8) From a past remark, I assume you don't have a 3rd-party firewall. So make
sure that the firewall
built-in WXP is activated. Also make sure that the Internet Connection Firewall
(ICF)/Internet Connections
Sharing (ICS) service is started and has its Startup type set for automatic, and
that the Network Location
Awareness service is started and has its Startup type set for either manual or automatic
(manual will suffice
for this service, unless the computer is on a local network, which I assume it isn't).
To access the WinXP services and their properties:
Control Panel --> Administrative Tools --> Services
Or you can type: SERVICES.MSC in the Run box on the Start menu and
press Enter.
9) Now reboot into safe mode with networking, and see if your system remains
unfrozen. If
yes, make sure that what I told you to check in steps 7 & 8 above remain true, and
if so, then try
connecting to the internet. The following steps assume you are OK at this point,
but if instead your system
is again frozen, then you'll need to reboot into safe mode with command prompt and
retrace your previous
steps to get unfrozen, and then reboot into safe mode with networking, and repeat
the steps above until you
again are at this point.
10) Once on the net, go immediately to the Trend Micro on-line AV scanner and
at least one of the other
on-line AV scanners below, and run scans:
-- http://housecall.trendmicro.com/
-- http://www.pandasoftware.com/activescan/com/activescan_principal.htm
-- http://us.mcafee.com/root/mfs/default.asp
-- http://www.bitdefender.com/scan/licence.php#
-- http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
In doing those scans, have them do full system scans (other than removable media
drives, which should be empty of removable media).
11) Download this tool: --> http://users.telenet.be/marcvn/tools/win32delfkil.exe
and save it to your desktop. Disconnect from the net. Double-click (or single
click - whatever you use
to open or run a file) on the saved executable (win32delfkil.exe) to create a new
folder (win32delfkil) on your
desktop. Close all windows. Then open the win32delfkil folder and double-click on
fix.bat. The computer
should reboot automatically when done.
This is the tool I mentioned to you before about having found on the net.
12) Run Ad-Aware and Spybot S&D again.
Run your on-board AV program, assuming it has up-to-date definitions.
Let us know how you made out.
|
All messages in this thread [show all]
 | | | | | | |  | | | | |  | re: frozen start menu and icons (jcw: Thu, Oct 27, 2005, 8:46 am) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
