I do some volunteer work at a local museum. I don't have more exact specifications than I put in the header and I am doing this from another computer, so I can't check it now. First of all, I was called today and told that the shortcuts to MS Word and Excel no longer work on the museum's computer and that a message pops up (when the icons are double clicked) saying something like 'this is only valid for installed programs'. I checked the computer later in the day and, on each shortcut properties, found that the path was blank. I put another shortcut to Word on the desktop and confirmed that the proper path showed when I checked Properties. When I double clicked the new icon, the MS Word banner came up and I waited a little while for the program to finish booting. It never finished, instead the computer locked up - not even the mouse would work. I had to shut it down by holding the on/off button down. When I restarted it, Scan Disk started. 1 1/2 hours later I cancelled it and Win ME booted and appeared OK. I did some exploring looking for some clue. The person who called me initially, told me he had an email that morning that said something about 'joker'. So I started looking for the email. The best I can remember, OE would not work and a screen came up asking if we wanted to configure a mail program. I think this is where I found the following message. (It was either here or was in the email he told me about.) Here is the message: "The domain METRONET.COM was Successfully Registered with Joker.com". I do not know that this has anything to do with the problems, so please read on. At this point I figured the computer had been hit by a worm, virus, or a trojan. I ran Norton AV (definitions are current) and did a complete system scan, everything was OK. Next I started backing up every file I could to cds. The burner is an HP (9510 I think). It burned 3 cds successfully and then failed on the 4th and immediately a message popped up saying to insert a disk in the drive. and I couldn't eject the disk (except manually). I found that it had lost power to the drive. I removed the power cable from the drive and connected another. It went back to work only to have the same thing happen again. I gave up for today (Monday) and will try again tomorrow. I know that I can do a 'System Restore', at least I hope that will still work. Do you see that I have any other option? I am almost at my wit's end and could certainly use help. Do you think these problems are related? Do they have anything to do with the Joker.com message? Do you have any idea as to what deleted the path from the desktop shortcuts? Thanks for your help, maybe I can repay the favor some day.

W E B, SWAG, sounds to me like you have been attacked by a 'nasty'. (the Joker.com mail is a good guess). Here's what I would do in your shoes (some disagree). Be aware that ME and XP both have a feature called 'Restore'. A nasty (virus, spyware, etc) can hide there and since it is a 'Windows' file, Windows won't allow any alteration so long as it is active. The registry gets re-written on the next bootup and the last successful boot is used and since the boot appears to be sucessful, a 'nasty' gets replicated. The solution is simple (assuming that's the problem), TEMPORARILY disable Restore (in order to 'unprotect'), scan/clean, re-enable restore and try again. May have to reboot. May not solve your problem, but I think it's worth a try. Downside is that in the process, ALL your restore points will get eliminated (IMHO, they're bad anyway). HTH. Ed in Texas.

Thanks for the reply Ed. That makes some sense out of what is happening. Restore has been tried today, using dates all the way back to Feb. 04, but the effort failed. We had to exit with no changes made to the system. So, if what you suspect is actually the case, no matter how far back we try to go - it will never succeed. I did some searching last night, after I posted here, and found some information at http://www.emailaddresses.com/forum/showthread.php?s=&threadid=13660 that makes me think that Joker.com (or maybe Registryweb.com) has something to do with all the problems. The museum has a web site hosted by a firm unknown to me now. But the email account was set up through that web site, and one of the problems is that an email that was known to be coming didn't. Not only that, but an email account appeared not to be set up. (By then, it probably was hijacked.) I checked with the museum this afternoon to see if the registration fee had been paid this year and was told, yes. You wrote: "The solution is simple (assuming that's the problem), TEMPORARILY disable Restore (in order to 'unprotect'), scan/clean, re-enable restore and try again." Let me see if I understand what will take place here. When the computer boots 'unprotected', the 'nasty' does not get replicated in the rewritten registry. Am I correct so far? The following is with the assumption that the 'nasty' has control of the restore function. If I understand this correctly, it all depends upon whether the computer will successfully boot 'unprotected'. If it will, the registry will be cleared of the 'nasty' at which point it is safe to re-enable the restore function. Once this is done, restore might work? Is there a practical way to know in advance whether it will or not? Will I need a spyware removal program to clean the HD, or will scan disk do it? (I think I know, but I am in unfamiliar water here.) I guess the next thing I need is a good spyware removal tool. I've heard that Adaware is a good one, but I've never used it. Do you have a reccommendation? BTW, how long should it take to scandisk a HD of about 38 gig? Thanks for your help, maybe I can repay the favor some day.

ED, the saga continues and looks even worse than before. Temporarily disabling System Restore is now a moot point. I checked Tuesday evening and found that each selectable feature (7 of them) on the Troubleshooting window are un-checked. I wondered why I had to change some file names during the back ups I did. 'Long name preservation for old programs' is one that was disabled. I have no idea how long System Restore has been disabled, but I think you were correct in thinking that all our restore points were bad already. There is probably not a valid restore point in the system. I'm having serious doubts about rebuilding this system to the point of having it work reliably. The museum needs a second hard drive for extra storage. It may be less trouble to install the OS on a new one, scan and clean the old one, then connect it as a slave. Once done, I can back up the data to the CD-RW. (Or should I back up before scan and clean?) Then I can copy the data files to the new drive and re-format the old one. I think this is a workable solution, but is there a downside that makes it in-advisable? I know that I will have to load all the software on the new drive, but I've had to do worse. I hate to keep asking so many questions, but the data on this drive represents thousands of hours of entry. If this teaches me nothing more, it has taught me the value of scheduled backups and construction of restore points. Any advice is appreciated and will be given careful consideration. Thanks for your help, maybe I can repay the favor some day.