I booted my computer in safe mode with command prompt (DOS) and I followed the nine steps I mentioned in the last post. I then restarted my computer normally and the icons on the desktop showed normally as once before! Their names were changed back to .exe and everything. However, when I clicked on them, nothing happened. I wasn't even prompted to open them with another program. If I can find a way to open up the registry editor, I feel that I will be able to solve the problem. I checked out another post on this forum called "RE: Another HotOffers Hijack (HJT log inci)", and I felt like this info was vital to my computer's survival. Can you help me please?

Earlier I said that I had a system crash with MVP Baseball 2004/2005. I also had a warning message with the Ad-watch monitor/system protector. So, out of curiosity, I logged into the PC with my brother's user login and opened up Ad-Aware SE Plus. The Ad-watch featured was disabled so I opened it up (Ad-watch System Protector). When it loaded, the same exact warning popped up on his user login too; the Message read:

!Warning! 8:56:28 PM
An attempt to alter a protected object hasbeen detected.
(Attempt to delete a registry value)
Root: HKEY_LOCAL_MACHINE
Key: Software\Classes\.exe
Value: Content Type
Data: application/x-msdownload
New Data:
Please choose how to proceed.
Click here for Advice
Accept or block were the options.

When this happened to me a few days ago, I clicked the advice suggestion, but I did not feel like reading the advice info, so I just went back and chose "block" and I think that this may be a cause for my problems as well.

This time on my brother's login, however, I couldn't access the "Click here for Advice" option because it did not respond when I clicked it (my computer is jacked up). So I used CTRL + ALT + DEL to exit the program because I feared that I could've caused more of a problem if I clicked "Accept" this time. The program shut down, I opened it up again, and the same message showed up so I used CTRL + ALT + DEL again to get out safely. What do you think of this?

Walton i would suggest never USE Win2k or WinXP for gaming, Win98 is a best and recommended for playing Games

Ever since my computer has been acting up, I've noticed that just before my login screeen, where it ask which user I want to use, a box shows up. The box has some strange characters on it (looks like unicode nonsense) and sometimes directory paths are written in it. The box also has an "OK" button, so I just ignore the scribbles/characters in the box and click "OK" to continue to the log in screen. Recently, I did not click OK to proceed to the login window and eventually, the log in window just came up. So far, I've seen two legible directories in the box and they were:

1. C:\windows\system32\mui\041b\xpsp2res.dll
(5.1.2600.2180 Hlasenia Balika Service Pack 2)

2. C:\windows\system32\mui\0414\xpob2res.dll
(5.1.2600.2180 00B-meldinger for Service Pack 2)

After logging in, I scanned both of these files for viruses with Mcafee Virus Scan and Lavasoft Ad-aware, and they were found to be clean. Then, I deleted these files, but they just regenerated. Any suggestions?

By the way, here is my latest log report for HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 1:59:32 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130266793890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132318523125
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

OK- quite honestly, finding/borrowing/stealing the correct Windows install CD would be the quickest way to go right now. Being that many of the system/application errors you've posted are the result of other program errors (that is, the errors "cascade"), it makes is pretty difficult to sort out where the root of the problem lies. Also, I've got the feeling that you may have more than one thing wrong at the core of all of this.

But, working with what we've got:

1. I have never seen the box you describe, but the above files are valid Win XP files, not malicious files. Sorry I can't offer anything beyond that.


2. Although I can't tell what is causing the message to pop up, that Ad Aware warning might tell us something about your inability to run programs, as the particular ".exe" subkey is one of the Reg entries which tells Windows how to handle executable files. The warning also gives me an idea that may allow you to run the Registry Editor:

If you can open Windows Explorer in any way, locate the C:\Windows\regedit.exe file and rename it to regedit.com. Windows will barf warning messages regarding the filename change; tell Winodws to allow the change. Files with a .com extention are also executable (but are governed by different Registry keys than .exe files), so Windows will run regedit.com just as it would run regeidt.exe. If you can open the Registry Editor this way:

- Disable AdWatch so it doesn't interfere with any intentional changes you make.

- In RegEdit, verify that the values under HKEY_LOCAL_MACHINE\Software\Classes\.exe are as follows:

.exe
Name: (Default) Type: REG_SZ Data:exefile
Name: Content Type Type: REG_SZ Data:application/x-msdownload
In the PersistentHandler subkey:
Name: (Default) Type: REG_SZ Data:{098f2470-bae0-11cd-b579-08002b30bfeb}

If one of the entries is incorrect, double-click on it and edit the value accordingly. Make a backup of your entire Registry before making any changes to it!!:

- In the Registry Editor, click on "My Computer"
- On the File menu, click Export.
- In the Save in box, select a location where you want to save the Registration Entries (.reg) file, type a file name in the File name box, and then click Save.

* If you can't open Windows Explorer, rename regedit.exe by booting into Safe Mode (Command Prompt only) and typing the following command at the prompt:

ren C:\windows\regedit.exe C:\windows\regedit.com

PROBLEM SOLVED! Here's how.

I used these steps from another forum:

The specific locations for the files:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip

For the benefit of others:
When double clicking the xp_exe_fix.reg file, windows asks what to use to open it. Go to select from list, then browse and find C:\Windows\regedit.exe, select it and click ok, then double click xp_exe_fix.reg again and it'll ask you if you want to add the info to the registry. Click yes and reboot your computer. You should notice that by going Start->my computer->C:\ and opening any one of the folders, all of the programs appear normal again and will function correctly.

If your desktop icons still have the *.lnk extension, run the linkfile_fix.reg by double clicking it, then reboot again. make sure everything seems back to normal and your all done!

Note: if winzip/winrar or whatever isn't working on your machine, either extract the files on another computer or associate the zip files with the appropriate program exe (winzip/winrar) as done for the xp_exe_fix.reg file.

As you see, these files will restore icons back to .exe and programs should work again. I also rebooted my computer afterward and pressed F2. This took me to the screen where I could do a lot of configurations and I just selected the option of "restore my computer to defaults". I also used my Registry Mechanic Version 5.1 to clean my registry, which really helped.

Thanks for your time jaishankar and DMR.

Lol. I found that exact site just yesterday while looking for a solution to a similar problem, and I bookmarked that puppy right away. Those are some very handy reg files.