I've seen other threads about a similar or same problem but haven't managed to fix mine. I'm not convinced it's a nasty.

Symptoms: Control panel, IE, My Computer, Windows Explorer, and folders cannot be opened or browsed. Clicking (or double clicking) results in the desktop clearing then refreshing without opening the selected item.

Other Behavior: I managed to find a System Restore point that would fix the problem but... When using Fast User Switching to logon a second user the problem reappears. The problem does not show up if the first user is logged off, only if they are disconnected. I duplicated this several times but am now unable to use that Restore point (or earlier) anymore :rolleyes:.

Spybot and Adaware found nothing but cookies (deleted). PCcillin and Ewdio found nothing. Also checked system files.

Getting ready to reformat but really don't want to...I'd rather sleep at night than mess with my machines.


Logfile of HijackThis v1.99.1
Scan saved at 7:59:38 AM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\logonui.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Nhksrv.exe
H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
H:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
H:\Program Files\UPHClean\uphclean.exe
H:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
H:\WINDOWS\system32\logon.scr
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\rdpclip.exe
H:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
H:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
H:\WINDOWS\MMKeybd.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
H:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
H:\Program Files\ASUS\Probe\AsusProb.exe
H:\Program Files\Netropa\OSD.exe
H:\WINDOWS\explorer.exe
H:\Documents and Settings\Sam\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [pccguide.exe] "H:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Acronis True Image Monitor] "H:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DellTouch] H:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus C84 Series on DELL] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P36 "Auto EPSON Stylus C84 Series on DELL" /O15 "\\DELL\EPSONSty" /M "Stylus C84"
O4 - HKLM\..\Run: [\\DELL\EPSON Stylus C84 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P30 "\\DELL\EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (from DELL)] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P35 "EPSON Stylus C84 Series (from DELL)" /O5 "TS001" /M "Stylus C84"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (from ACCOUNTING)] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P41 "EPSON Stylus C84 Series (from ACCOUNTING)" /O5 "TS003" /M "Stylus C84"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "H:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [\\DELL\EPSON Stylus C84 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P30 "\\DELL\EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - Startup: Shortcut to AsusProb.lnk = H:\Program Files\ASUS\Probe\AsusProb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = H:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{187D1B01-ABA4-42C8-8BDF-ED8C493CBB8C}: NameServer = 66.75.164.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{187D1B01-ABA4-42C8-8BDF-ED8C493CBB8C}: NameServer = 66.75.164.90
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - H:\WINDOWS\Nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - H:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - H:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - H:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - H:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I looks like I solved it. By using a utility I found here: http://www.helpwithwindows.com/techfiles/explorer-crashes.html. I located something called sstqq.dll in my system32 folder along with several CLSID references to it. Luckily, I have a multiboot setup so was able to use an alternate XP installation to deal with the offender.

Everything seems good now but I wonder why this wasn't picked up by any of the nastyfinders. Apparently there are versions of this thing that can do some very nasty things. I'm still a bit worried about what may have been done.

Any comments about sstqq.dll?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.