Several registry entries hijacked

[Skandranon]

My computer recently picked up some kind of virus that went by vrta.tmp. This virus is gone, thank to several searches and sweeps of my hard drive. However, it left me with and odd problem. It seems to have gone into my registry and changed the ImagePath data entries to several important services to C:\WINDOWS\TEMP\VRTA.tmp. The result is I no longer have sound, internet, and a few other things, those being the two most important. I figured I could simply change them back to the correct targets, for example audiosrv.dll for the Audio Service, but I get a ERROR 193: 0xc1 message.This applies to everything but the Plug and Play service, which worked fine when I changed it. I suspect this may have something to do with it being an .exe file, and most of the rest being .dll. I've tried downloading and replacing the files, I've tried moving them to the desktop and retargetting the ImagePath data entry there, and tried looking for a file on my C drive called 'program' which many online sources suggested may be the problem, but no luck. I'm still soundless, internetless, can't access the Event Log, System Restore, or many, many other services...help?
Thanks in advance.
Oh, and I'm running Windows Xp Pro on a Dell Inspiron 1100.

[Geek-9pm]

So does that mean the system restore does not work at all?
And you do not have a backup of your registry?
Are the lost services just for a specific user?
If so, you can find the right values in the registry for another user.

[Skandranon]

System restore may work, but I seem to be lacking in restore points, possibly something else the virus did before I killed it. No backup of my registry, and I just tried logging on to another user and oddly enough got nothing but a blank screen, like when Explorer shuts down.
I don't think it's a case of the right registry values either. If I point the Imagepath data entry at the wrong thing it actually say Error: file not found. It's when I actually match it to the correct file it gives me Error 193.

[ale52]

Sounds like a wipe and reinstall to me 

Might try using this...instead of the unreliable System Restore.

http://www.snapfiles.com/get/erunt.html
 
Alan <>< 

[JJ 3000]

Run the system file checker. Click Start then Run and type in  sfc /scannow
Have you XP CD ready - it will ask for it.

If that doesn't work, and you are hesitant to do a clean install, then you can boot to the recovery console to build a new registry. You will have to boot to the XP disk and  press R to enter the recovery console. Then select the installation of XP you want to repair. If you only have one installation of XP on your computer type 1 and press enter. You will then be prompted for the password. If you don't have a password, just press enter here. We want to get to the root directory here so type in: cd\
You should now just see a standard C prompt.

Now use these command to restore a registry. This will build a new registry. Your registry is corrupted so we will have to build a new one.

Code: [Select]

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
Good Luck