rundll32.exe missing

[v3rtige]

The operating system is Windows XP Pro w/ SP1
Hijackthis wont run, it does the same as the .bat file.
When I tried to run the file from Dougknox i got "Windows cannot open this file: File: xp_exe_fix.reg
To open this file Windows needs to know what program created it. etc...."

Housecall did not work
Panda's worked and found + repaired some viruses' but i still have the same problem

[Guest]

basically, Panda's did not solve the issue and i still have the problem

[v3rtige/Guest]

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Download this removal tool to desktop and try running it, if it won't run try running it in safe mode
Let me know if it helps, if it does please post a Hijackthis log
http://www.sarc.com/avcenter/FixSirc.com

[Guest]

didnt work....going to safemode

do u have aim or msn or anything that u wouldnt mind givin me to try to solve this? my msn is qmncEmail Removed

[v3rtige]

same thing happened in safemode...it does what the .bat file did
and when i run it through start > run and run it through there i get the message "windows cannot open this file....", the same one =[

[Guest]

Does this help you out
http://windowsxp.mvps.org/exefile.htm

[v3rtige]

rather than saying .exe it says .ink for every exe file

[Guest]

i take that back...it only says it cannot run .ink when i use a shortcut or start menu option

[guestolo]

What did Panda find?
Did you keep not of the infections if any

Try one more Online Virus scan, then we can look in your folders for anything that was renamed
We can try a system restore from a command line, but try this first

Do a free Online AV scan at RAV's
http://www.ravantivirus.com/scan/
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files

Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan
Then click the 'Scan my PC button'
Let it completely finish scanning
When it's complete, copy and paste the results back here

[queenshawtii]

I'm having this same problem also, I can start a new thread if you would like but i'll post what i have so far because i have to leave for work soon.

i scanned with RavAV and here is the log.. it could not remove these viruses..

Scan started at 12/3/2004 2:27:00 PM
 
Scanning memory...
C:\pack3_exe.vir->(RARSfx)->40124.exe->(UPXW) - Backdoor:Win32/MoSucker.0_6 -> Infected
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\-indianv[1].htm->(SCRIPT0000) - JS/Exploit.ActiveXComponent* -> Suspicious
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\-indianv[1].htm->(SCRIPT0001) - JS/Seeker-based.gen* -> Infected
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\dtop[1].htm->(SCRIPT0000) - JS/Exploit.ActiveXComponent* -> Suspicious
C:\Documents and Settings\Fam\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3I3IXUR\dtop[1].htm->(SCRIPT0001) - JS/Seeker-based.gen* -> Infected
C:\Documents and Settings\Fam\Application Data\hsap.exe - TrojanDownloader:Win32/PurityScan.O -> Infected

Scanned
============================
   Objects: 38998
   Directories: 2475
   Archives: 951
   Size(Kb): -218294
   Infected files: 4

Found
============================
   Viruses found: 3
   Suspicious files: 2
   Disinfected files: 0
   Mail files: 82

and Here is the  HJT log

Logfile of HijackThis v1.98.2
Scan saved at 5:54:30 PM, on 12/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Compaq\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Documents and Settings\Fam\Desktop\fo-wss3spysweep\patched\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O20 - AppInit_DLLs: PAVWAIT.DLL

thanks..

[guestolo]

Exactly what problem are you having, you seem to be able to run .exe files
Let me know the exact error message

You must also post you Whole hijackthis log from Top to Bottom
Are you posting it all?

Includes all running processes and Operating system and date scanned
Include everything

If you can't view your task manager download this small utility
Process Viewer by SysInternals
http://www.sysinternals.com/ntw2k/freeware...e/procexp.shtml

Open Process Viewer and click File>>Save as
Save the file and post it back here
along with a fresh hijackthis log

[queenshawtii]

My problem is that when i try to run certain applications from thier shortcut i get the "open with.." window.. and also when i try to run anything from the Control Panel i get this error" rundll32.exe not found"..but i just tried to run add/remove programs and it worked! i don't know what happened but i'm still gonna post this because i don't know if it's gonna come back or not. Here you go..


Here is a fresh HJT log.. this is the entire log.
----------------------------------------------------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 10:09:14 AM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Compaq\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [SpySweeper] "C:\Documents and Settings\Fam\Desktop\fo-wss3spysweep\patched\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
-----------------------------------------------------------------
And here is the Process Explorer log

-----------------------------------------------------------
Process   PID   CPU   Description   Company Name
System Idle Process   0   96      
 Interrupts   n/a      Hardware Interrupts   
 DPCs   n/a      Deferred Procedure Calls   
 System   4         
  SMSS.EXE   300      Windows NT Session Manager   Microsoft Corporation
   CSRSS.EXE   404      Client Server Runtime Process   Microsoft Corporation
   WINLOGON.EXE   432      Windows NT Logon Application   Microsoft Corporation
    SERVICES.EXE   480   2   Services and Controller app   Microsoft Corporation
     SVCHOST.EXE   652      Generic Host Process for Win32 Services   Microsoft Corporation
      ycommon.exe   1448      YCommon Exe Module   Yahoo!, Inc.
     SVCHOST.EXE   696      Generic Host Process for Win32 Services   Microsoft Corporation
     SVCHOST.EXE   768      Generic Host Process for Win32 Services   Microsoft Corporation
      wscntfy.exe   1456      Windows Security Center Notification App   Microsoft Corporation
     SVCHOST.EXE   828      Generic Host Process for Win32 Services   Microsoft Corporation
     SVCHOST.EXE   936      Generic Host Process for Win32 Services   Microsoft Corporation
     SPOOLSV.EXE   1096      Spooler SubSystem App   Microsoft Corporation
     pavFnSvr.exe   1248      Panda Function Service   Panda Software
     PAVPROT.EXE   1268      PavProt Application   Panda Software
     PavPrSrv.exe   1528      Panda Process Protection Service   Panda Software
     PAVSRV51.EXE   1556      On-Access Antivirus Scanner Service.   Panda Software
      AVENGINE.EXE   1708      Enhanced On-Access Antivirus Scanner Process.   Panda Software
     Prevsrv.exe   1584      Panda Preventium+ © service   Panda Software
     PSIMSVC.EXE   1736      Common Interface Manager   Panda Software Internacional
     WDFMGR.EXE   1876      Windows User Mode Driver Manager   Microsoft Corporation
     WANMPSVC.EXE   1932      Wan Miniport (ATW) Service   America Online, Inc.
     ALG.EXE   764      Application Layer Gateway Service   Microsoft Corporation
    LSASS.EXE   492      LSA Shell (Export Version)   Microsoft Corporation
   CSRSS.EXE   3264      Client Server Runtime Process   Microsoft Corporation
   WINLOGON.EXE   2864      Windows NT Logon Application   Microsoft Corporation
    wscntfy.exe   3612      Windows Security Center Notification App   Microsoft Corporation
    ycommon.exe   3020      YCommon Exe Module   Yahoo!, Inc.
EXPLORER.EXE   3932      Windows Explorer   Microsoft Corporation
 YBRWICON.EXE   568      YBrwIcon   Yahoo!, Inc.
 realsched.exe   2156      RealNetworks Scheduler   RealNetworks, Inc.
 msmsgs.exe   2456      Windows Messenger   Microsoft Corporation
 aoltray.exe   1840      AOL Tray Icon   America Online, Inc.
Ymsgr_tray.exe   2300         
EXPLORER.EXE   3352      Windows Explorer   Microsoft Corporation
 YBRWICON.EXE   1688      YBrwIcon   Yahoo!, Inc.
 msmsgs.exe   2356      Windows Messenger   Microsoft Corporation
 spydoctor.exe   3656         PCTools
 aoltray.exe   2624      AOL Tray Icon   America Online, Inc.
 iexplore.exe   3124      Internet Explorer   Microsoft Corporation
 procexp.exe   1512   2   Sysinternals Process Explorer   Sysinternals

Process: Procexp Pid: -2

Type   Name
-----------------------------------------------------------------------------------

[guestolo]

I'm uploading a file
Rundll32.exe

Save that file to your C:\WINDOWS\SYSTEM32 folder

Allow it to overwrite if prompted
That file is from an Windows XP SP2 machine

If you have trouble with the link, just right click on it and copy the shortcut and paste it in IE's address bar and hit GO

Do another scan with Hijackthis and put a check next to these entries
Keep in mind that red.clientapps is red sheriff spyware

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing

O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab

After you have ticked the above entries, close down all other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit hijackthis

RESTART your computer

Is everything running better?
Post back with another Hijackthis log

If .exe's are still not opening properly

Try download this registry fix
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Save it and UNZIP it to your desktop
Double click on xp_exe_fix.reg  and Allow it to merge to the registry

EDIT>>Getting this fix confused with another user in this thread
Try downloading rundll32.exe and do the fixes I suggested and post back a fresh hijackthis log after a restart

[guestolo]

Forgot to add
Can you also set Windows to Show Hidden Files and folders
* Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Restart your computer into Safe mode
You can do this by tapping the F8 key on the keyboard and when the computer is booting up

Navigate to and delete this file if found
C:\Documents and Settings\Fam\Application Data\hsap.exe <--file

Also navigate to these folders
Delete the WHOLE contents, including subfolders, DON'T delete the Temp folders themselves
# C:\Windows\Temp\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

Look for the other file found bad by Rav's and delete it

Restart back into Normal mode

[Guest]

This is Queenshawtii, i've been tryin to download tthe rundll32.exe  but i'm getting the message that my settings don't allow for this type of file to be downloaded..so i'm trying to download it on another pc and put it in a zip file right now.. when i'm done doing all those things above i'll post a fresh log.

[queenshawtii]

Okay i tried and it won't let me download the .exe file at any pc do i have to change the security settings?

[guestolo]

If you have trouble with the link, just right click on it and copy the shortcut and paste it in IE's address bar and hit GO

[queenshawtii]

When i do that i still get the message that my security settings do not allow this file to be downloaded....I'll try on another PC that i have downstairs

[Guest_guest]

hey guestolo im haivng kinda the same problem...i have tried every thing that u have said earlier is tehre any way that i can do a system restory command line like u said u could do? but my computer cant find rundll32.exe or explorer.exe..please help