# icons coverted to .lnk



## stormylin (Oct 22, 2004)

All the icons on our computer have converted to .lnk files. exe or com files won't run. Does anyone know how to fix this. We know several people in IT, specifically, desktop savy and noone has heard of this. We had A squared installed as an antivirus. My husband also ran Symantic and McAfee, nothing has worked. We are going nuts because we live on this thing. My husband is running for U.S. Senate; thus, we have a lot of work that needs to be done quick. Is there anyone out there that knows a fix for this?!!


----------



## JSntgRvr (Jul 1, 2003)

Download and run Hijackthis and post a copy of he log in a reply. Let us see the running processes in the computer.

http://www.majorgeeks.com/download3155.html

I am enclosing a file that may help you resolve the executable files problem. It is a text file, but upon dowloading the file, you must change the file extension from .txt to .inf. Once this is done, right click on the file and select "Install".

Let us know how it goes.


----------



## stormylin (Oct 22, 2004)

The textfile that you attached changes the HKEY_CLASSES entries that control .exe processing. I have also installed a file from Symantec that changes some CLASSES entries and a few entries in two other hives. None of this has solved the problem. Further, we cannot run .com files, either, and neither of these corrective files has addressed the .com problem.

The current solution for fixing this requires that you rename regedit.exe to regedit.com, but since this particular virus has also removed .com executability, there is no way to run regedit directly to inspect the registry or change it.

When I tried to run HijackThis, it associated the program with notepad and tried to open it. Thanks for getting back to me so quickly, and if you have any further suggestions we'll try it, and we appreciate your help.

Thanks again.


----------



## JSntgRvr (Jul 1, 2003)

The fix is identical as the .exe file. Check the enclosed file. Rename it as an .inf file for installation. Once installed, restart the computer and give it a try.


----------



## JSntgRvr (Jul 1, 2003)

OOOOPS!

I asked you before to rename the enclosed files as .inf. That's an error on my part. They should be renamed as .reg files, as they constitute Registry files. Once you have renamed these files as .reg files, just click on them and merge them into your registry. Sorry for the confusion on this. Thanks.


----------



## stormylin (Oct 22, 2004)

We'll try this one and let you know how it goes. Thanks for staying with us on this.


----------



## stormylin (Oct 22, 2004)

Thanks, just installed it into the registry. I should probably reboot now, right? Problem has been, that this particular virus appears to prevent the system from writing anything back to disk during shutdown. Even the "file list" in Word, for example, which we launch by double-clicking a doc file, will change during the session, but revert back to the original list after a reboot.

Just want to confirm that we should reboot now. Thanks.


----------



## stormylin (Oct 22, 2004)

Just saw in earlier message that you did say to restart, so we'll do that now.


----------



## JSntgRvr (Jul 1, 2003)

Restart and test


----------



## JSntgRvr (Jul 1, 2003)

If the issue continues, download Hijackthis as previously indicated (If the .exe issue is resolved after the registry fix) and post a copy of the log in a reply. Let us see the running processes in the computer.


----------



## stormylin (Oct 22, 2004)

Thanks - now we can execute programs from the Run command, which didn't work before. Desktop icons and start menu still won't execute programs, but at least we can now look at the registry to see what entries exist for execution of com and exe files. Do you have any further suggestions? Either way, thanks again, we received no response from McAfee in a week in spite of being subscribed.

Lenny & Linda


----------



## stormylin (Oct 22, 2004)

It appears you are offline now. He has to run out. He will post a copy of the log later this evening, or tomorrow latest. He is the intermediate. I am not at all savy when it comes to messing around in these files. I was quite excited when I changed the file name to .reg while he was busy (I watched while he worked through your fix). So, you will be much better off working with him on this.

He worked hrs and hrs, days into weeks on this with no fix in sight. I threw the problem, exe convert to lnk, into a search engine and you guys came up. Awesome find!!!!! You guys Rock!!! Thanks again. Stormylin -We'll call him Balmylen ! Choi


----------



## JSntgRvr (Jul 1, 2003)

Go to Start -> Run, type *Control Appwiz.cpl* click OK. The Application Wizard will be displayed. Scroll down to "Microsoft Internet Explorer and Internet Tools". Attempt to remove this program. You will be given an option to Repair the Internet Explorer. Select that option and follow the instructions on screen to repair the Explorer.

If that does not resolve the issue, search for the file *ie6setup.exe* for Internet Explorer 6.0, *ie5setup.exe* if Internet Explorer 5.0. Once found, double click on it. The Installation Wizard will engaged. Accept the EULA and click on Next. Reinstall all components.

The icons in the Desktop are .lnk files as they are links to other files in the computer. So it is normal that this appear as .lnk files.

If the above does not resolve the issue:

I am enclosing another .txt file that will restore the entries in the registry for the .lnk extension. Rename this file as before, .reg, and merge it into the registry. Test the computer after a restart.

Note:

Since we are dealing with Registry keys. Backup the registry just in case.


----------



## stormylin (Oct 22, 2004)

Thanks very much, the desktop and start menu are functional again after following all of the steps in the last e-mail. We were curious as to whether you know this basically from hands-on experience or if there is a good resource(s) for this information.

Major Geeks recommend a series of installations and scans prior to running HijackThis. Are you familiar with that list, and do you recommend following through with it? Also, what is your opiniion of TrendMicro? And how did this get through in the first place - is A-squared just not that great?

Finally, is it possible that I still have the virus lurking somewhere on my system. Should I follow the MajorGeeks proposals to find it, or do you have another suggestion?

When this problem occurred, I was running the paid for version of A-squared. When the problem occurred, I ran both McAfee and Symantec online scanners, but they only found the Trojan dropper, not the actual infection. It was similar to another virus that does not execute exe.s, but this one would not execute com.s either, thus denying my access to the registry program.

I am currently running McAfee now, instead of A-squared. I also run BHO Demon and Ad-Aware scans from time-to-time. (And I have a D-Link firewall) Any further suggestions about how to prevent this from happening again are much appreciated. Thanks again for all of your help, your are the bes!

This is a lot of questions, but hopefully the feedback on what I was running and what I have tried is useful to you, too.

Balmylen & Stormilin


----------



## JSntgRvr (Jul 1, 2003)

Many years in the business! Many shifts in the paradigm since the 70's. You learn as time goes by.

These utilities, now available to avoid access to your computer, are used only based on the problems you may encounter. You can't escape from these intrusions as they change as time goes by. An utility that may be effective today may not be effective tomorrow. So, having too many utilities to avoid intrusions in your computer is as bad as not having this type of protection at all.

If you have an antivirus protection that offers also a firewall, you shouldn't load a secondary firewall since they may conflict with each other. Also, running several utilities for the same purpose will affect the computer's performance. So you need to be careful.

I have two (2) programs that I find essential in every computer:

Adaware

http://www.lavasoftusa.com/support/download/

Spybot Search and Destroy

http://spybot.eon.net.au/en/download/index.html

These programs are user friendly and can be ran from time to time to eliminate potential threats to your system, as long as their definitions are continuously updated. The other utilities available such as, Hijackthis:

http://www.majorgeeks.com/download3155.html

Should be use only when you post in a forum, such as this one, as it requires expertise in the field. A regular customer shouldn't attempt to run this program on its own since the remedy could be worst than the infection. Whenever you need someone to check if your computer is infected with a virus, or any other threat, you may run Hijackthis and post a copy on the log in the forum. Someone with the experience will be able to determine if there is a threat in the running processes of the computer and will advise you as what to do..

Unless required by one of the forum members with the experience to do this, you should not run any other utility as they may cause problems in the system.

If McAfee does not detects a problem, you should give it the benefit of the doubt. However, if you feel the need for a second opinion, then you may Scan the computer on-line using several options such as Microtrends, McAfee and Symantec. In any case, nothing is guaranteed as the variants shift from time to time.

I am glad that most of the computer's problems are solved. Should you require any other assistance, do not hesitate to contact us.

Best wishes!


----------



## stormylin (Oct 22, 2004)

We got hit again. This time we ran your exe, com, and lnk fixes. The icons look alright onw on the desktop, but they still don't work.

This is a new development from the last fix. Last time, once the icon properties were re-installed properly, everything worked - we could launch programs from the menu and from the desktop.

This time we cannot launch either .com or .exe programs from the desktop, the run command, or from the start menu. I guess we'll download hijack and see if we can somehow execute that. 

Thanks.

Lenny & Linda


----------



## JSntgRvr (Jul 1, 2003)

Start the computer in MSDOS. At the prompt type the following:

Scanreg /Restore

Press Enter. Select the earliest date listed and press Enter. Restart the computer. If the problem is related to the previous issue, this should restore the registry.

Let us know how it goes. We may need to clean the computer. Run an Antivirus scan and fix anything found. Then post a Hijackthis log to check for problems.


----------



## rude (Mar 8, 2004)

Try this:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll to #12,click on it and when the File Download box opens up,select Open


----------



## stormylin (Oct 22, 2004)

This virus keeps reattacking. Mckaffe, adware etc all disabled. We ran them all again, it supposedly cleaned detected viruses. Adware detected over 160 'problems', my husband left without it supposedly clear. Crashed Again.

How can these viruses keep getting trough all this security?? I am running completely without protection at the moment. Explorer wont run-- all the icons on the desktop again have been converted.

This is insanity. Anyone have a clue if we are missing something here?? I am the novice at this, so I don't want to mess around. I will try to run McCaffe again, though, it really is a waste of time.

Thanks for all your help. My husband will not be happy when he gets home. This is weeks burnt on this problem. A squared let it through- and they never responded when we reported the issue. McCaffe doesn't seem to be much better. 

But, it could be us!!!!! I don't see the dude that is clenching his teeth. We need a new dude, this doesn't quite do it. :down: 

Thanks so much again for all your help. Anyone want a free pc???? It's about to get chucked in the can


----------



## stormylin (Oct 22, 2004)

My husband left and it 'was' supposedly cleared. Sorry, the shifting display, and bouncing cursor is really distracting. I'll bet these wacko virus writers watch these lists and get a kick out of this. If they do---you guys are twisted. There is absolutely no hope for anyone that chooses to do this with their time. I can't imagine how anyone as obviously capable of competence like this can't find away to channel this toward great things.

Thanks in advance to anyone can help with this most destructive problem.


----------



## JSntgRvr (Jul 1, 2003)

Reset you Security settings in Internet Explorer and get all Security Updates from Microsoft. Open the Internet Explorer. Select Tools from the menu, then Internet Options. Select The Privacy tab. Click on Advanced. Check "Overrride Automatic Cookie handling". Accept First Party cookies and block Third Party Cookies. Check the box "Always allow session cookies". Click Ok.

Select the Security tab. Click on each item such as "Internet", "Local Intranet", "Trusted sites" and "Restricted sites". Set each of these sites to their Default Value.

Log into Microsoft Updates site and download all Security Updates available for your computer.

http://v4.windowsupdate.microsoft.com/en/default.asp


----------



## stormylin (Oct 22, 2004)

I did all this and Explorer was restored thanks. Now all the icons are back to the lnk....can't get to word, outlook, nothing. I guess I can go back thru these fixes and see if anything was missed. We are undoing this mess everyday. I am quite tired of it. Currently, I got in through one desktop icon that allows me access. Other then that, McAffe is out again. Really, I'm going to work to use that pc. I have just had it with this.

Thanks so much for all your help.



JSntgRvr said:


> Reset you Security settings in Internet Explorer and get all Security Updates from Microsoft. Open the Internet Explorer. Select Tools from the menu, then Internet Options. Select The Privacy tab. Click on Advanced. Check "Overrride Automatic Cookie handling". Accept First Party cookies and block Third Party Cookies. Check the box "Always allow session cookies". Click Ok.
> 
> Select the Security tab. Click on each item such as "Internet", "Local Intranet", "Trusted sites" and "Restricted sites". Set each of these sites to their Default Value.
> 
> ...


----------



## JSntgRvr (Jul 1, 2003)

JSntgRvr said:


> Download and run Hijackthis and post a copy of he log in a reply. Let us see the running processes in the computer.
> 
> http://www.majorgeeks.com/download3155.html
> 
> ...


You never submitted a Hijackthis log. If you are able to do so, please do. Let us see if there is malware in your computer

Also click on Start, then Run, type *Scanregw.exe*, click Ok. This utiity will scan the registry. If prompted to save the Registry, select Yes.


----------



## stormylin (Oct 22, 2004)

I asked my husband to be sure to do give you a copy of the log.

Well, you can figure it out.

So, I'll will try to get through this. Best way to learn is to dive in I guess.

I'm just a little apprehensive about the registry file stuff. Though, you have clear directions on everything that needs to be done. So, I'll take a shot at it. Wish me luck

I tried to run Hijack this, it is already downloaded. It is asking me to purchase wipzip. It appears he had a free trial period that has lapsed. I will assume I need to do this. Though, I will try to check to see if someone is online to be sure I don't purchase something I don't really need.

Thanks again. Well we are stuck with me- the amateur. With your help, who knows I can be 'savvy' in no time.

Stormylin 



JSntgRvr said:


> You never submitted a Hijackthis log. If you are able to do so, please do. Let us see if there is malware in your computer
> 
> Also click on Start, then Run, type *Scanregw.exe*, click Ok. This utiity will scan the registry. If prompted to save the Registry, select Yes.


----------



## JSntgRvr (Jul 1, 2003)

There are various .zip utilities for free:

http://www.pcworld.com/downloads/file_description/0,fid,16821,00.asp


----------



## stormylin (Oct 22, 2004)

I'm going back through the thread because, as I said, I am muy stupido when it comes to this stuff. I tried to run hijack this, as it was already downloaded on our pc. It first asked me to buy winzip. Then I realized I could run it with the evalutaion version (or whatever that said). When I went to do this, I went through the steps and then I came to a halt.

It said, 'this file does not have a program association with it for performing this action. Create an association in the folder options control panel'

So, I have no idea, I went to control panel. (If this is even where I am supposed to be). No matter what I clicked on it said 'windows cannot access the specified device, path, or file. You may not have the appropriate permissios to access them'. So I am stuck.

I am wracking my brain trying to remember if 'folder options control panel' may mean something different then going to control panel. Unfortunately, having someone in the house that always does this stuff, so I never do, doesn't help my memory real well, when I just see it done but don't do it myself.

I am determined to fix this handicap. I depend Way too Much on these computers that keep biting the dust to depend on someone who will do it for me.

I will look around and drop you a line if I get anywhere. If not we can assume I am still in a rut.

Thanks again -the just begunner Stormylin



JSntgRvr said:


> Many years in the business! Many shifts in the paradigm since the 70's. You learn as time goes by.
> 
> These utilities, now available to avoid access to your computer, are used only based on the problems you may encounter. You can't escape from these intrusions as they change as time goes by. An utility that may be effective today may not be effective tomorrow. So, having too many utilities to avoid intrusions in your computer is as bad as not having this type of protection at all.
> 
> ...


----------



## stormylin (Oct 22, 2004)

Found my way in here duh! It was the one that said 'folder options' in control panel. This blonde is a keeper. So, I went to File types and winzip was there. You've got me why it says there is a program associated with it. Unless it is like everything that won't communicate with anything here--or it's just the blonde again. 

I'll try again. Hope I won't be sorry for this.

Whoops!! Time flys when you are having fun. I just burnt a half and hour --so now I am late picking up hubby


----------



## stormylin (Oct 22, 2004)

Well, it may be time to go read a book, cause I'm getting nowhere.
I implement the registry fixes that you gave us, and when I try to reboot, it appears ad watch takes it out. Meanwhile I got hit with two more viruses. Before them the desktop clicks resulted in nothing. Now all the icons are gone......been converted to blank boxes of some sort. It appears I can't run winzip because this virus has disabled everything. so unless I am missing something I can't run hijack this and copy the the log for you. 

Pretty aggressive attack huh? Have you seen attacks like this? Is this something that alot of people are getting hit with? I asked Bassetman if this could be a targeted attack because it all started during campaign season (my husband and I ran for office). Likewise, I have very radical positions posted to the threads on this site. Bassetman seemed to think these are just random hits. Do you think they are as well??

Thanks again. I am stuck for now. (But I will be looking around to find a way out of this)
Stormylin


----------



## JSntgRvr (Jul 1, 2003)

Uninstall Winzip. It is possible that is not giving you access due to the end of the trial period.

Download Zipitfast 3.0:

http://www.zipitfast.com/

The file downloaded is an .exe file. Upon installation Zipitfast will establish a file association with the .zip files. Once this is done, create a folder in the computer for Hijackthis. Open Zipitfast and browse to the location where the Hijackthis.zip file is saved. Open Hijackthis.zip. Highlight the Hijackthis.exe file within the Hijackthis.zip file and extract the file to the newly created folder for Hijackthis. Once this is done, close Zipitfast and navigate to the HijackThis folder. Being an .exe file, by double clicking on it the application will be loaded. Click on Scan, and after the Scan, click on Save. A notepad document will be created. Right click on the Notepad document containing the log and select "Select All". Right click on the highlighted text and select "Copy". Point to the text box in a reply here. Right click and select "Paste", submit the reply.


----------



## stormylin (Oct 22, 2004)

JSntgRvr said:


> Uninstall Winzip. It is possible that is not giving you access due to the end of the trial period.
> 
> Download Zipitfast 3.0:
> 
> ...


----------



## stormylin (Oct 22, 2004)

Thanks, I'll try this. I can't get into DOS, because when my husband set up this pc he intended it to be used as a server. He added bootmagic. I think at this point you should be able to hit f8 and get to DOS. It doesn't work. We can't even get into safe mode.

What a fine mess!! I will try your suggestion for zipitfast.com and let you know.

Thanks yet again.


----------



## stormylin (Oct 22, 2004)

I think I am getting to be a pain. Sorry :/ Though I thouroughly appreciate your patience  !

Zipitfast won't open. Is it because it is an exe file, and exe files won't open due to this virus? I don't know. Stuck again. My other half is so aggravated, I don't even want to ask him anymore.

This is the third pc (out of 4) that is down. One is at my business, so we are pretty much shut down at home. (The mother board went on the downstairs pc, and he spilled water on his dell laptop that was less then a year old). Like I said, What a mess!


----------



## stormylin (Oct 22, 2004)

It appears this has been done. Yahoo!!!!!!! However, it is dated 11/11 as you can see. If anything has altered since then, this log doesn't display this of course. I sure hope you can see what is going on here!! I have been trying for a few hours to open hijackthis and can't figure it out. Could it be because I must uninstall winzip. And if I do the new zip software is an exe. Exe files won't run.

Let me know. THANKS SO MUCH AGAIN!!!!! I look forward to your reply
Stormylin

Logfile of HijackThis v1.98.2
Scan saved at 1:49:11 AM, on 11/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\180AX.EXE
C:\WINDOWS\NKZEF.EXE
C:\PROGRAM FILES\SED\SED.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [nkzef] C:\WINDOWS\nkzef.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra button: Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\PROGRA~1\LIFEFX\LIFEFXTB.DLL
O9 - Extra 'Tools' menuitem: LifeFX Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\PROGRA~1\LIFEFX\LIFEFXTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL


----------



## JSntgRvr (Jul 1, 2003)

Its gonna take some time to cleanup this mess. The computer is infected with the Huntbar and Cool web spyware. In addition there is Malware in your Winsock files.

First go to the add/Remove programs icon in the control panel and click on it. Scroll down and remove any program related to Wintools or Toolbar, if exists.

Then download and run the following programs is the order they appear below:

CWShreder

http://www.majorgeeks.com/download4086.html

Adwaware (Update this program online)

http://www.lavasoftusa.com/support/download/

Spybot Search and Destroy (Update this program online)

http://spybot.eon.net.au/en/download/index.html

LSPFix

http://www.cexx.org/lspfix.htm

The last program you will run is the LSPFix application. Open this program. Click on the box labeled "I know what Iam doing". Highlight the aklsp.dll file and click on the arrow pointing to the right to remove this file from your Winsock. Click on Finish.

After doing all these and cleaning all spyware and malware from your computer, restart the computer and run Hijackthis again. Post a new log. We will continue after you have posted this log.


----------



## stormylin (Oct 22, 2004)

Thanks so much, I will work on this. I am tired thinking about it.

I am just really glad to have you here, we are expecially challanged, because I am learning. Sorry to drop all this mess on you, though I sure appreciate your help!!!!!!!!

I am pledging the $30 bucks I saved on this winzip garbage to this tech guys site. Don't let me forget!!!


----------



## stormylin (Oct 22, 2004)

Hi,

I've been out for a bit. I did the updates to Adware and Spybot. I went to the cexx.org site on your last recommendation and it does not have a choice for aklsp.dll

It does have lspfix.org . How do I proceed? Also, we have added CW shredder in the past. Do we need to do this again? Thanks, Linda


----------



## JSntgRvr (Jul 1, 2003)

At the cexx.org all you have to do is to download the lspfix.zip file. Once downloaded, open the file and click on the lspfix.exe. That will open the application. Click on the box labeled "I know what Iam doing". Highlight the aklsp.dll file and click on the arrow pointing to the right to remove this file from your Winsock. Click on Finish. This process is done in the computer not in the web site.


----------



## stormylin (Oct 22, 2004)

OK, so this has been a challange. For whatever reason I COULD NOT run lspfix.exe. Though, I have a high suspicion it is because I couldn't run Any exe file. I tried 3 registry fixes that you have helped us implement. For several hours, after I tried to run them, nothing changed.

I messed around everywhere, and I have no idea why, but the reg fixes seemed to work. The lspfix.exe finally ran And Did What You Said it would.

I removed the whatever it was you said now, that ended in .dll. I rebooted, and Man Was It Great To See My Actual Desktop!!!!!!!!!!!!!

I ran McAffe
Then I ran Ad-Watch SE

When I ran Ad-Watch is stated it displayed :

Windows RegData Vulnerability Hkey_classes_root:re possible virus infection reg file extension comprimised

Then:

Possible RegData Vulnerability Hkey_users:defaults possible brower hijack attempt.

The rest were all cookies.

So, as a dumb user, am I supposed to do something with these two entries???
I see the quanartine button. But since I have no idea, I don't want to touch a thing.

I am not touching a thing until I hear from you. Or if my husband gets around to it, he probably knows what to do with Ad-Aware.

One more thing, I have teenagers forever downloading 'crap' on my desktop. One desktop icon says: UndoReg, which makes me very nervous.

I just rearranged and cleaned up this desktop and this wasn't there. Is this a virus. Now I don't on a typical basis download Anything to my desktop. Though with all this fooling around who knows what I did. I am wondering if this came in with junk my kids downloaded??

Should I delete it?? Like I said, I don't want to touch a thing. The log is below.

Many Thanks!!!!

Logfile of HijackThis v1.98.2
Scan saved at 3:35:45 AM, on 11/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
E:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-AWARE.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ZIPITPRO\ZIPITFAST.EXE
E:\WINDOWS\TEMP\ZTV1313\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKCU\..\Run: [AIM] E:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\PROGRA~1\LIFEFX\LIFEFXTB.DLL
O9 - Extra 'Tools' menuitem: LifeFX Facemail - {E88D3D6B-BA62-11D4-A211-00B0D021F6DD} - C:\PROGRA~1\LIFEFX\LIFEFXTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab


----------



## JSntgRvr (Jul 1, 2003)

In Adaware it is safe to remove all items found.

You have certain programs considered Adware:

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "Web Search Toolbar", "Weatherbug" and "Win-Tools Easy Installer (By Web Search)" in the list of installed programs and click on Remove to uninstall these programs.

Have Hijackthis fix this:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downloa...abasetup152.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Delete the folders:

C:\Programs Files\Toolbar
C:\Programs Files\AWS

Now, checking your Statup Programs I dont see the main required programs to run Windows. These are Systemtray and ScanRegistry.

Go to Start->Run, type Msconfig and click Ok. Select The Startup tab.

As a general rule, the only programs needed to run Windows are Systemtray, ScanRegistry, Antivirus and Firewall programs.

If under the Startup tab you see these programs check boxes, put a check mark on these. (Expand the window so you can see the command lines. Every entry coming from a McAfee folder should be selected, as well as Systemtray and ScanRegistry.)

You can actually deselect all entries in this tab except for Systemtray, ScanRegistry, Antivirus and Firewall programs.

If Systemtray and ScanRegistry boxes do not appear in the startup tab, after making sure that only the Anti Virus and Firewall entries, if any, are selected, click on Apply, then Ok, restart the computer and follow the steps below:

Once back in Windows go to Start->Run, type Sysedit and click Ok.

1. Select the Win.ini file.

2. Under [Windows] add the following lines:

Load=C:\Windows\System\Systray.exe
Load=C:\Windows\Scanregw.exe /autorun

3. Click on File and save the changes.
4. Restart the computer.

I believe that part of the reasons you are experiencing problems with your registry is due to the lack of these startup programs.

Systray is used to display the time and icons for applications running in the background.

Scanregistry makes a backup copy of the registry each time the system is started. This is helpful if a software installation corrupts the registry.

One last thing:

Open Internet Explorer. Select Tools from the Menu, then Internet Options. Select the Programs tab. Click on Reset Web Settings and reset Internet Explorer to Default.

Well, that's it for now. Let me know how it goes and how the computer behaves after these changes. Best wishes!


----------



## stormylin (Oct 22, 2004)

Oh great!!! I copied this to word and went to print the doc. But now the printer won't run.

It is just too much of a pain to flip through all these windows.
I didn't want to take a chance at rebooting anything before fixing with some of your suggestions. 
If I reboot and and end up with this mess again, You will hear me scream from your house. 
Really it took me forever to try to get the fixes to run. And I really am not sure I know what I did. I hope it was just as simple as renaming hijackthis.exe to just hijackthis

Wish me luck.


----------



## stormylin (Oct 22, 2004)

OK I went to Control panel and you said find:

Weatherbug
Web Search Tool Bar
Win Tools Easy Installer

The only thing in this list was Weatherbug. I deleted it. (I liked that program darnit!)
Web Search and Win Tools were not there. I don't get it

So, now we are working with the dummy
I went to hijackthis......oh boy....I really wish my husband sat with me through this....

I got the typical log box, here is where we might have a little trouble 
You said have hijack fix this.....oh man
SoI am really looking at this thing like I have NO IDEA!!! So I hit fix checked (I checked the box for IE Search Bar= blah blah........
then there was a trick!!!! 

It said something like ...this will be fixed or deleted so back it up. Since I thought, I remember my hubby doing a backup and it seemed easy enough, but I am clueless at the moment... I will cross my fingers for the gamble of fix....guess what!!!
Ah Carumba!!! It isn't there anymore.
That looks like a delete to me!!!! OK, I'm laughing here but when hubby said, I just don't know where all this software is or if we still have it....cause we have about a million of them in this room.....oh well. I sure hope he has this backed up. If I deleted it.

I think before I touch another thing, can you explain how to "have Hijackthis fix this". Hubby is an IT genius. He has 25 certifications (I think I said this on another string), MCSE, Microsoft Certified Instructor or something, Citrix, Citrix Metaframe, Client/Server, NT....I have no idea. The problem is he was a server guy that got chucked from a 30 year career and a healthy salary. Now he is working Mega hours selling appliances ......and this is nuts for about a fifth of what he made. (And that is at the top of the scale)......so he is working beucoup d'hours to make up for the d'argent .....so it's french.

Thus, we are unfortunately stuck with me. 

See I knew it  I am stopping until I delete All my files. I just hope I am not hosed here by deleting IE. brother..........

I will stand by until you advise. By the way, I destinctly know when we started to have all these problems systray was here as well as Scan Registry. 


How could this have happened????? Before talking to you, honest, I would never touch this stuff. In fact I looked up all the shopping crap on line, and deleted this. Though I reseached them all and I know systray and scan registry was a legit file. I guess we can't know ......but this is baffling.

I will wait for your next response. (I don't want to tell hubby--hopefully we can get out of this mess)

I will try MS config and search for the systemtray and scan registry.......hubby says ms config takes about a half an hour to run. What a MESS!!!!!!!!!


----------



## JSntgRvr (Jul 1, 2003)

Using Windows Explorer, delete the folder TOOLBAR located in C:\PROGRAMS FILES.


When you run Hijackthis, just put a check mark on those lines I asked you to fix, then click on "Fix Checked". Everything else is done automatically.

In regard to the printer, reinstall the printer's software.

Is the registry still causing problems?


----------

