Win2k - Drag and Drop Disabled
Falken
Milwuakee, WI
Hey everybody, new to the forum but not to the PC & OS repair world...
Background: So last week I thought I resolved this issue but apparently not. I was getting an active X security settings error everytime I would open any explorer window in Win2k (excluding Internet Explorer) After I closed the error message explorer.exe displayed none of the icons in any folder. Upon further inspection I found the backdoor.SDbot (file name was lsasser.exe) lurking inside my system. So I shut down, jumped into Safe Mode (where all the windows icons appeared) and removed the sucker and re-scanned and came up clean with both NAV and Mcafee. To be on the safe side I ran a complete spyware scan (SpyBot, AdAware, SpySweeper, Hijack) while I was in safe mode and came up with nothing worthy of mention, just a couple of cookies. Upon returning to normal mode, I reset all Internet security settings and all folder options to their default settings, and low and behold the icons in explorer reappeared!
Problem: So now all the icons are back, but drag and drop features are disabled (gives me the circle w/ the diagonal line through it even in Safe Mode) and everytime I try to launch any file/program from any window (except on the desktop or on the start menu), I get an "opening a file from this location may not be safe and is not allowed w/ your current security settings" security alert. So I checked Hijack This again and realized that some things that I don't recognize still remain (I included the logfile)
So did I miss something? I know my default settings allow drag and drop, so my only conclusion is that that there is spyware or another virus I'm overlooking.
Any help is greatly appreciated
Background: So last week I thought I resolved this issue but apparently not. I was getting an active X security settings error everytime I would open any explorer window in Win2k (excluding Internet Explorer) After I closed the error message explorer.exe displayed none of the icons in any folder. Upon further inspection I found the backdoor.SDbot (file name was lsasser.exe) lurking inside my system. So I shut down, jumped into Safe Mode (where all the windows icons appeared) and removed the sucker and re-scanned and came up clean with both NAV and Mcafee. To be on the safe side I ran a complete spyware scan (SpyBot, AdAware, SpySweeper, Hijack) while I was in safe mode and came up with nothing worthy of mention, just a couple of cookies. Upon returning to normal mode, I reset all Internet security settings and all folder options to their default settings, and low and behold the icons in explorer reappeared!
Problem: So now all the icons are back, but drag and drop features are disabled (gives me the circle w/ the diagonal line through it even in Safe Mode) and everytime I try to launch any file/program from any window (except on the desktop or on the start menu), I get an "opening a file from this location may not be safe and is not allowed w/ your current security settings" security alert. So I checked Hijack This again and realized that some things that I don't recognize still remain (I included the logfile)
So did I miss something? I know my default settings allow drag and drop, so my only conclusion is that that there is spyware or another virus I'm overlooking.
Any help is greatly appreciated
0
Comments
Logfile of HijackThis v1.99.0
Scan saved at 2:20:14 PM, on 3/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis-1.99.0.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvguide.com/listings/index.asp?
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\StopzillaBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-2.1.213.4\QOELoader.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O13 "LPT1:LK97E6D5" /M "Stylus CX6600"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk.disabled
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
Hoping to track down this problem, I terminated every program I could and turned off every system services on my Windows 2000 machine to no avail.
After rebooting, my ability to drag and drop was severely limited. I am never able to move a file on a network share with my mouse, while it is very rare that I am able to move a file with a mouse to any folder on my system.
Seeing your problem I wonder if you have found a solution to it, I’m tempted to format but I only did that a month ago.
P.S. I have run in depth virus and spyware checks and have found nothing out of the ordinary.