I have HT and other log files for you to look at

Please post the Hijack This log and the virus scan (Kaspersky or Panda} log.

Here are the logs for the HT and Kaspersky logs Logfile of HijackThis v1.99.1 Scan saved at 1:20:43 PM, on 6/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1126236094\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\atmclk.exe C:\Program Files\Common Files\AOL\1126236094\ee\AOLSoftware.exe C:\Program Files\mcafee.com\personal firewall\MPFTray.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\America Online 9.0a\waol.exe C:\WINDOWS\System32\svchost.exe c:\program files\common files\aol\1126236094\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0a\shellmon.exe c:\program files\common files\aol\1126236094\ee\aolssc.exe C:\Documents and Settings\Cheryl\Desktop\New Folder\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: PopupZeroIEDLL.CPopupZeroIEDLL - {A94EDD52-85B3-472F-8BC0-D651D760FBF8} - C:\Program Files\AdPopupFilter\PopupZeroIEDLL.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126236094\ee\AOLSoftware.exe O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.exe" -b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winantispyware.com/www/download/2006/WinAntiSpyware2006FreeInstall.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC05A6E-12D4-415C-BAED-129F5575FB17}: NameServer = 205.188.146.145 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1126236094\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe Sunday, June 18, 2006 11:16:33 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 18/06/2006 Kaspersky Anti-Virus database records: 201229 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 46775 Number of viruses found 13 Number of infected objects 41 Number of suspicious objects 0 Duration of the scan process 00:35:45 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\regperf.exe Infected: Trojan-Downloader.Win32.Zlob.sr skipped C:\WINDOWS\system32\atmclk.exe Infected: Trojan-Downloader.Win32.Zlob.ts skipped C:\WINDOWS\system32\hp100.tmp Infected: Trojan-Downloader.Win32.Zlob.tq skipped C:\WINDOWS\system32\dcomcfg.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\WFC38HIV\drsmartload100a[1].exe Infected: Trojan-Downloader.Win32.Adload.t skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0144527.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0145527.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0145551.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0145646.exe Infected: Trojan-Downloader.Win32.Zlob.ry skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0145658.dll Infected: Trojan-Downloader.Win32.Zlob.tj skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP227\A0145661.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145712.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145742.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145772.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145803.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145832.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0145956.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP228\A0146178.exe Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP229\A0146234.tlb Infected: Trojan-Downloader.Win32.Zlob.ne skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP229\A0146284.tlb Infected: Trojan-Downloader.Win32.Zlob.ne skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP229\A0146320.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP229\A0146345.exe Infected: Trojan-Downloader.Win32.Zlob.sr skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP229\A0147358.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148445.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe WiseSFX: infected - 7 skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148454.exe WiseSFX Dropper: infected - 7 skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148460.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148478.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148501.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP230\A0148540.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP231\A0148772.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP231\A0148896.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped C:\System Volume Information\_restore{31522B8B-F589-434F-BD88-DACF3F2877B9}\RP231\A0150895.tlb Infected: Trojan-Downloader.Win32.Zlob.tl skipped Scan process completed.

Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd" Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt Next Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode Be sure to update Ewido Reboot into safe mode Run Hijack This from safe mode, close all windows except HT, place a check to the left of the following items if found and press "fix checked": R3 - Default URLSearchHook is missing O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp Exit Hijack This Run Ewido from safe mode and let it delete all that it finds. Run ARF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Next empty the system restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore">apply (takes a minute)>ok. Go back and uncheck the box>apply>ok. Rboot into normal mode. For a double check, run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

SmitFraudFix v2.62 Scan done at 13:59:44.54, Sun 06/18/2006 Run from C:\Documents and Settings\Cheryl\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

here is the other two you asked for SmitFraudFix v2.62 Scan done at 13:59:44.54, Sun 06/18/2006 Run from C:\Documents and Settings\Cheryl\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Sunday, June 18, 2006 4:05:00 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 19/06/2006 Kaspersky Anti-Virus database records: 201255 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 33339 Number of viruses found 1 Number of infected objects 1 Number of suspicious objects 0 Duration of the scan process 00:28:31 Infected Object Name Virus Name Last Action C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\WFC38HIV\drsmartload100a[1].exe Infected: Trojan-Downloader.Win32.Adload.t skipped Scan process completed.

Download AlcanShorty from this link http://www.geekstogo.com/forum/index.php?act=dscript&CODE=showdetails&f_id=13 Click the download button below and agree to download the fix. Download Alcanshorty to your desktop. DoubleClick alcanshorty_en.exe and click install This will create a new folder on your desktop called alcanshorty_en Open that folder and doubleclick Run.bat Once the fix starts, your icons and desktop will disappear, this is normal. Make sure you have a working internet connection. In case your firewall gives an alert, don't block it, because alcanshorty needs to download some additional files to let the tool run properly. Wait for the complete script execution box to popup and press OK. Press exit to terminate the BFU program. Navigate to and delete the contents of this folder: C:\Documents and Settings\1\Local Settings\Temporary Internet Files.