steveg297

Hi Guys, I posted my problem to another website at the same time as this one and I am going to continue troubleshooting with them. I'm sorry if I've wasted your time. I did find out from my IT guy at work that part of the problem was that the virius loaded some regestry keys in HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies Once I deleted the extraneous keys I was able to get my c: and d: drives back, My Computer, Logoff and Run command back. I still have some work to do to clean up the other registry key problems, but I may just move my data to another account. The Admin account doesn't have these issues. At least AVG got rid of the virus. I'm also working on cleaning up the extra software that I've got loaded. Thanks for the support! SteveG

All, I've been infected by the VIRUS ALERT! bug. I believe that I've removed the virus by running AVG. It now runs clean and my system is no longer trying to download malware. However, I still have VIRUS ALERT! in my system tray, the C: and D: drives are missing from Windows Explorer and there are several buttons on my Startup Menu that are missing. Does anyone have any ideas on how to recover? Thanks, SteveG Here is a copy of the Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35: VIRUS ALERT!, on 7/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\STOPzilla!\STOPzilla.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\VTTimer.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wltray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Yahoo!\Common\YMailAdvisor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Evidence Eliminator\ee.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Program Files\interMute\SpamSubtract\SpamSub.exe C:\WINDOWS\webshots.scr C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://red.clientapps.yahoo.com/cust...ch/search.html"]http://red.clientapps.yahoo.com/cust...ch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://my.netzero.net/s/sp?r=al&cf=s...000&N=PLHS&O=I"]http://my.netzero.net/s/sp?r=al&cf=s.....;N=PLHS&O=I[/url] O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {13B42F27-D7AB-48D2-B60B-DAF796DEAD28} - C:\WINDOWS\system32\cbXOFUoL.dll (file missing) O2 - BHO: (no name) - {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} - C:\WINDOWS\system32\qoMeEUOh.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: {88a2b195-7f4f-5808-ee84-9993f2fb6587} - {7856bf2f-3999-48ee-8085-f4f7591b2a88} - C:\WINDOWS\system32\jxwbmp.dll (file missing) O2 - BHO: QXK Olive - {923C5BC4-222D-4765-8B05-1DA745853776} - C:\WINDOWS\wbxdpgfekal.dll (file missing) O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: sqvgnrpx - {6A25115D-10F0-4897-9866-A8350EEEB16A} - C:\WINDOWS\sqvgnrpx.dll (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\tejvfwey.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe O4 - HKUS\S-1-5-21-2822928581-3459612616-898833586-1016\..\Run: [RecordNow!] (User 'Admin') O4 - HKUS\S-1-5-21-2822928581-3459612616-898833586-1016\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Admin') O4 - HKUS\S-1-5-21-2822928581-3459612616-898833586-1016\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Admin') O4 - S-1-5-21-2822928581-3459612616-898833586-1016 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Admin') O4 - S-1-5-21-2822928581-3459612616-898833586-1016 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Admin') O4 - S-1-5-21-2822928581-3459612616-898833586-1016 User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Admin') O4 - S-1-5-21-2822928581-3459612616-898833586-1016 User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Admin') O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user') O4 - .DEFAULT User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - [url="https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab"]https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab[/url] O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url="http://support.gateway.com/support/p.../PCPitStop.CAB"]http://support.gateway.com/support/p.....;/PCPitStop.CAB[/url] O16 - DPF: {1011E032-5CF3-4795-B751-3AA5E008CCA6} - [url="http://download.verizon.net/sfp/Cabs...date_1-0-0.cab"]http://download.verizon.net/sfp/Cabs...date_1-0-0.cab[/url] O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - [url="http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsof...?1120510998546"]http://update.microsoft.com/microsof...?1120510998546[/url] O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [url="https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx"]https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx[/url] O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url="http://us.dl1.yimg.com/download.yaho...tocomplete.cab"]http://us.dl1.yimg.com/download.yaho...tocomplete.cab[/url] O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - [url="http://www2.verizon.net/update/msnwe...s/vzWebIns.CAB"]http://www2.verizon.net/update/msnwe...s/vzWebIns.CAB[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://zone.msn.com/bingame/zuma/def...ploader_v5.cab"]http://zone.msn.com/bingame/zuma/def...ploader_v5.cab[/url] O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 10892 bytes

Thanks Cee-Kay!!! That did the trick!!! Apparently, I wasn't changing the permissions correctly. Once I replaced the permissions for the registry key the problem disappeared!! Thanks, SteveG

Hi kekk0, You said: First make sure you deleted the right reg key (run the attached reg file). you can try to run the batch attached which re-registers ie dlls and if it doesn't work try this script to reinstall ie6 (you'll need xp cd) and then restart. I ran the reg bat file and received these errors: ' Windows" is not recognized as and internal or external command, operable program or batch file. and The system cannot find the path specified. Reffering to the KEY in the batch file. I also ran the other batch file and re-registered the IE6 dlls. Still no luck. SteveG

Hi All, I've had the same issue, without any success. While troubleshooting a failed internet connection (Windows XP Home, SP 2) I installed Windows Internet Explorer 7.0 (probably a beta version) that wasn't downloaded from the windows website. I've since uninstalled it, so I am now running IE 6, but IE 7 (Beta) left something behind. Now, when I connect to the internet I get to my home page, but when I select a link I get a blank web page and the error message "Windows cannot find ‘(null)’. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search.”. Through research on the internet I've found that the registry key HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}needs to be deleted to fix my problem. I've tried with no success. I've tried adding "Everyone" to the registry users, changing the permissions so all users can access the registry and tried to delete the key, downloaded Registry Fix software, I've tried deleting it using regedit and regedt32 in Safe Mode and I've run the program IE7betakey.reg with no success. I've run the paid for version of Free Registry Fix 3.9 software and I would purchase another software version If I though It would fix the problem. I can temporarily delete the key, but it ALWAYS comes back. Any suggestions? SteveG297