last night my machine was bombarded with viruses/spyware; java_bytever.a, ab & ac also expl_wmf.gen & pe_generic. i think i was able to get rid of most of them but now i cannot choose any wallpaper for the desktop. when i right click on the desktop & choose properties - desktop tab, all choices are grayed out. i got all the patches & windows updates eventually & when i run adaware it doesn't find any critical objects. it does find 152 negligible objects though. i also noticed in my system restore i can't select any day except yesterday, i can't even choose a different month & i have monitoring on all the time so there should be other restore points. i am running winxp sp1 & trendmicro internet secutiry 2006. any help would be greatly appreciated. tia

Hello,

Those are just some policies set... To take a look at it, perform next:

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch should look afterwards:
Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.

thanks for the reply here is the information you requested

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
@=""
"CDRAutoRun"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"Wallpaper"="C:\\WINDOWS\\desktop.html"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,31,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

Hello,

Delete next file if still present:

C:\WINDOWS\desktop.html

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)



Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
In case you still are unsure how to create a reg file, take a look here with screenshots.

Let me know if that solved your problem.

thank you thank you thank you. that did the trick - is there a way i can be absolutely sure that i removed all that other nasty stuff from my machine? tia

Well, rescan with an updated Adaware SE to get rid of the leftovers if still present.
It's also a good idea to perform an online scan. You can try the Ewido online scan in case you don't have Ewido installed:

Run ewido anti-spyware's online malware scan and perform a full system scan (works only with MS Internet Explorer)

• Install the ActiveX control when prompted
• You will see a message that says "Please wait while the signature database is being downloaded..."
• When the scan is ready to start, you will see a list of options:
  • Cookies
  • Registry
  • Memory
  • A list of your drives
• Leave all the options checked, and click "Start Scan"
• When the scan finishes, if any infections are found, select "Remove Infections", and click OK in the window that pops up.

thank you, i ran the online scanner you provided & it did find a few other things & i removed them, but while the scan was running i got 5 notices from my virus protection that it had detected a virus; troj_clicker.cu in various locations on my c drive. trendmicro quaratined it each time it came up, but not sure my machine is not infected. can you advise on this matter? tia

Yes, that happens a lot when using an online scanner, that your scanner installed on your system finds the same during the online scan. So actually two scans are trying to delete the same file at that moment. So it's better to run the online scan again, but disable trendmicro during the online scan, so it can't interfere.
Then after the online scan, run trendmicro again.

thank you so much for your help. i have scanned & rescanned everything & i believe i'm free of everything now. if not for this forum & friendly, knowledgeable people like you, i would not have known how to fix this, so thank you!

Glad I could help
And when having problems again, you know where to find us now.