Hi Tim
Thank you, Jan and Alan for your knowledgeable advice... I'm getting
closer to a solution!
Alan's suggestion, which is also in one of Jan's links, was to check
the registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders
Although this appears to be the problem, changing the keys to the
correct value doesn't "stick".
By the way, when I'm logged onto another account, these keys appear
to be the correct values, whereas they are not correct when I'm
logged on to my usual account. That's why this does seem to be the
problem. The incorrect, existing value for "Shell Folders" is blank,
the existing value for "User Shell Folders" is "C:\WINNT\Favorites".
The correct values (on other accounts) are C:\Documents and
Settings\<account name>\Favorites and %USERPROFILE%\Favorites
One of Jan's links mentioned the problem of changes not "sticking":
"Sometimes, the Shell Folders path for Favorites may revert to the
previous setting. If so, disable any browser / favorites management
software provided by your ISP and reset the Shell Folders as above..."
BUT, I don't believe I have any "favorites management software", and
did close down IE while editing the registry. Puzzling...
Make a backup copy of the registry first (Export to another folder). After
you have made the change to the Registry try doing the following:
1. Save the new change
2. Export a copy of the new change to another folder and rename it.
3. Close the Registry and immediately reboot
4. Go back into the Registry and see if the change has stuck
5. If not, replace the registry with the one that you exported and renamed
6. Immediately reboot
7. Check to see if the change from the replacement Registry stuck
8. If not, then I suspect you have a 3rd party program, such as a parasite
or malware, causing it to fail, so do the following:
In addition to running your updated anti-virus program, you should do the
following to be sure none of these are present on your system. Although
you may have already run one or more of the programs, please do so again
according to the instructions below. Some variants of
malware can replicate themselves over and over if not removed properly.
Please follow all instructions carefully to be sure your system is
thoroughly cleaned:
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the About:Buster here
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
AdAware se (Free)
http://www.lavasoftusa.com/support/download/
the newest version of CWShredder (2.0) here:
http://www.majorgeeks.com/download3019.html
and the HijackThis. Please do not post your log to this
newsgroup, but to the SpywareInfo or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30, to allow the experts there to
evaluate your log and advise you of the necessary steps to clean your
system.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
Also, get a copy of WinsockFix Utility
http://www.dfwonline.net/files/WinsockFix.zip
or
WinsockXPFix available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
also ....
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
Also.........
Courtesy of Jim Byrd -
Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these:
http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough
and......
NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.
also...........
Additional information on how to protect your PC:
The Parasite Fight
http://www.aumha.org/a/quickfix.htm
More security tips at
http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups:
http://www.mvps.org/inetexplorer/Darnit.htm
So how did I get infected in the first place?
http://boards.cexx.org/viewtopic.ph...ghlight=&sid=53751d8ff5915261af727df08e66ce0d
or
http://snipurl.com/980t
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm