Registry line

[Samiam]

I have a line in my registry (or key) reading "Unknown HTree\Reserved\0" Is this a legitimate entry? In my Bootlog.txt the line is started, enumerated, then later removed. Is it safe to delete this line, and will it stay deleted? tia

[AnnMarie]

Hi Samian - Is this where you found the Sub Key?

HKEY_LOCAL_MACHINE\Enum

The Enum key holds the information about hardware devices that are found during startup including the information for PNP (Plug N' Play) cards. HTREE\Reserved\0 holds the resources you have reserved in Device Manager. I am not sure what Unknown HTREE key is however I would not suggest removing it until you know exactly what it is. Just out of curiosity, have a look in Device Manager. Are there any Unknown or Other Devices there? If so, that may be your answer.

Are you having any problems with your computer?

[Samiam]

No Unknowns in Device Mgr.--everything there is as it should be. No problems with my computer other than it's slowed down over the past couple of months drastically, and for the life of me I can't remember anything I've installed that could have caused it. I removed the line in the registry, and the only noticeable change was that my computer sped up noticeably and there are now lines in my Bootlog.txt indicating quite a number of "failed" fonts. However, there doesn't seem to be any sort of problem using any of my fonts, including the ones that show failed in Bootlog.txt.

One other thing--I seem to be the target of a concerted effort to infect my system with the W32KLEZ.H@mm virus, since I've received over 200 of them in my email (Eudora) since the middle of June although for the previous several years I'd received none at all. Apparently my anti-virus program (Norton) has intercepted them all and quarrantined them, but they keep coming at the rate of from 0 to 7 each day. Could this have a bearing on my registry. Neither Norton scans or any of the available online virus scans I've tried have found anything, including the generic KLEZ removal tool provided by Symantec. My ISP tells me that so many indicates my system is infected.

[AnnMarie]

Hi Samiam - Klez H did not place that entry in the registry. Have a look at this link from symantec Klez H. Look toward the bottom of the page, you will see the keys and values added. If you would like to check, go to Start > Run and type regedit. Click on Edit > Find and run a search in your registry for "wink" (without the inverted commas). If it comes up clean, I would seriously doubt that you are infected. Post back and tell us the results.

[Samiam]

My apologies--I should have mentioned in the previous post that I've already done that. No entry of that sort (wink) in the registry that I could find. Any ideas about why I'm getting so many infected emails?

[AnnMarie]

It sounds as if someone who has you on their contact list is infected and hasnt picked it up yet. Klez H is detected by most, if not all AV's now and if you have scanned with several and have been given a clean bill of health, I think that you can rest easy.

If you are concerned about an email slipping through and you have a POP3 email account, have a look at this program Mailwasher. It allows you to view your mail while its still on your ISP's server and delete it, bounce it or download it, you choose. Its freeware and makes a great first line of defence.

*EDIT* Its not a substitute for an AV though, more of a filtering tool.

[Samiam]

I have Norton System Works 2002 installed, which supposedly scans my email before it gets to my Eudora account. Would MailWasher interfere with that? tia (I really appreciate your prompt replies and all the help)

[AnnMarie]

Hi again Samiam - I am aware that Mailwasher is being used on many different OS's in conjuction with a variety of AV's and I have not yet heard of any problems with it. I use it myself and find it invaluable. In fact I like it so much that I registered my version even though this is voluntary but I think its a great piece of software and I want to encourage its development.

[Samiam]

Very puzzling. I still have no idea whatsoever what the "Unknown" line was that I removed in the registry, and I still have the Failure of all the fonts (with no ill effects). The failure code is 0016 if that means anything. My browsing, however has sped up drastically, and the overall performance of my system is very, very smooth (if that makes any sense). It's pretty much back the way it used to be.

[AnnMarie]

Hi again Samiam - I'm sorry but I have no further information that will help you regarding the registry entry that you removed. I did find some more information that may answer you question regarding the font load failures though. Have a look at this article from Microsoft Load Failures Listed in the Bootlog.txt File.

[Samiam]

My system is still operating extremely well since the deletion of the "unknown" line in the registry. I also took your advice concerning MailWasher and it is now operating very effectively to end my inundation with the klez virus, as well as getting rid of 99% of the spam I receive. It's a terrific program (!!) and I registered my copy as well. Thank God for programmers such as this one, and thank you for putting me onto it. Also, I had a long "online chat" with Earthlink Tech Support concerning the astronomical number of infected emails I was receiving, and he educated me as to how to determine their origin, and provided options as to how to stop them(he also suggested MailWasher). As it turns out, about 90% of them were coming from the same person (whom I'd never heard of). Hopefully, my problems are over (for the time being). I expect something new to eventually pop up, but that's what makes these machines fun.

Again, let me express my appreciation for your usual expertise in pointing me in the right direction to solve my problems. I hope with all my being that you folks will always be here.

[AnnMarie]

Thank you for the update Samiam and I'm really pleased that Mailwasher is working well for you. Your information regarding that registry entry may help someone else so it is appreciated.