[Metallica]

Sigh. Can you upload C:\WINDOWS\system32\Microsoft\security\services.exe at http://www.virustotal.com/

Copy and paste the scanresults into your next post.
We will need to establish which scanners we can use.

Regards,

[Advertisements]

It wouldn't let me copy it, so I typed it out.

AntiVir - No virus found
Avast - Win32:Trojan-gen. {UPX!}
AVG - Backdoor.Generic.SQQ
Avira - no virus found
BitDefender - Backdoor.Mosv.A
CAT-QuickHeal - no virus found
ClamAV - Trojan.Mosucker-5
DrWeb - Backdoor.Mosu
eTrust-Iris - no virus found
eTrust-Vet - no virus found
Fortinet - W32/MoSucker.V07-bdr
F-Prot - security risk named W32/Backdoor.DGH
Ikarus - Backdoor.Win32.Mosucker.07a
Kaspersky - Backdoor.Win32.MoSucker.07a
McAfee - no virus found
NOD32v2 - Win32/MoSucker.07
Norman - no virus found
Panda - Bck/Sink.A
Sophos - no virus found
TheHacker - Backdoor/MoSucker.07a
VBA32 - Backdoor.Win32.MoSucker.07a

[SATAN[sS]]

It wouldn't let me copy it, so I typed it out.

AntiVir - No virus found
Avast - Win32:Trojan-gen. {UPX!}
AVG - Backdoor.Generic.SQQ
Avira - no virus found
BitDefender - Backdoor.Mosv.A
CAT-QuickHeal - no virus found
ClamAV - Trojan.Mosucker-5
DrWeb - Backdoor.Mosu
eTrust-Iris - no virus found
eTrust-Vet - no virus found
Fortinet - W32/MoSucker.V07-bdr
F-Prot - security risk named W32/Backdoor.DGH
Ikarus - Backdoor.Win32.Mosucker.07a
Kaspersky - Backdoor.Win32.MoSucker.07a
McAfee - no virus found
NOD32v2 - Win32/MoSucker.07
Norman - no virus found
Panda - Bck/Sink.A
Sophos - no virus found
TheHacker - Backdoor/MoSucker.07a
VBA32 - Backdoor.Win32.MoSucker.07a

[Metallica]

Excellent. It shows that McAfee indeed doesn't know it.

I suggest you download a free trial of Nod32
Download the correct version for your system ( probably NOD32 for Windows NT/2000/2003/XP - Version 2.5 nentenst.exe ) here:
http://www.nod32.com...nload/trial.htm

Install NOD32 as an on demand scanner and do a full system scan.

Post back with a new HijackThis log when you are done.

Keep us posted.

Regards,

[SATAN[sS]]

Sorry I havent been posting, my internet was off for a couple of days.
I did as you asked, but I have a problem. I cant open some of the programs on my desktop, it asks what program I want to open it with, and when i open it with the right program it says its not a win32 application.When I go to turn system restore on it says "C:\Windows\system32\rundll32.exe Application not found". Please help me fix this, and here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:59 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\walt and robin\My Documents\My Music\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Microsoft\security\services.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113234282218
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD862C3D-3B92-47B7-92A4-A2D77590B106}: NameServer = 69.72.11.13 69.72.11.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Edited by SATAN[sS], 25 November 2005 - 11:49 AM.

[Metallica]

Please find:
C:\WINDOWS\system32\dllcache\rundll32.exe and copy (not move) it to the
C:\Windows\system32 directory.

Then try again.
Let nme know the results of the NOD scan.

Regards,

[SATAN[sS]]

C:\WINDOWS\system32\dllcache\rundll32.exe wasnt there but i found it inside of the C:\Windows\system32 folder.

[Metallica]

Click Start > Run and copy & paste this command:
RunDLL32.EXE shell32.dll,Control_RunDLL sysdm.cpl,,4
then click OK.

Let me know what happens.

Regards,

[SATAN[sS]]

I entered the command and it asked me what program I want to open it with.

[Metallica]

I have no idea what has happened to your computer.

I think it would be advisable to start over.
Backup the files you want to keep and repair XP as described here:
http://www.geekstogo...p?showtopic=138

Regards,

[SATAN[sS]]

I don't have the XP cd to repair my computer.

[Metallica]

How was Windows installed on the computer?
Did you buy it pre-installed?

If so, did it come with Restore CD's ?

Regards,

[SATAN[sS]]

It was pre-installed and never came with the discs.

[Metallica]

Is there any chance you can get the CD's ?

Or borrow a CD that has the correct version from someone. If you have your own product key we can still use those.

Note: if you did not get the product key it's time to make some noise to the person that sold you the computer

Regards,