I have tried to run malwarebytes and avast and they blink and close before I can use them.
If I try to go to any web site like trend micro the browser will close immediately.
A google search with hijackthis in the search box will close the browser also. This is with IE and FF.
When I first started to work on this I found the System security file in C:/documents and setting/all users/application data/system security.
I deleted that file and the "scan" quit running on boot.
The "program" was never in the /program folder and did not show up in add/remove programs.
The only thing that I can run as far as a scanner is RSIT.
All other malware/spyware programs do not run even in safe mode or Run as...admin.
I have even tried to check the system in PE mode but to no avail.
Win XPpro ver 2002 sp2
Any thoughts on this or help would be greatly appreciated.
I was told to run DDS and post the results here so here it is.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Shirley at 22:17:08.03 on Sun 03/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.176 [GMT -4:00]
AV: avast! antivirus 4.7.1098 [VPS 080725-1] *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Shirley\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\shirley\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: dfcefcfae - c:\windows\system32\dfcefcfae.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\shirley\applic~1\mozilla\firefox\profiles\u2u7aezv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPView22.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\view22\version_4\NPView22.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
============= SERVICES / DRIVERS ===============
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-23 91841]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-2-9 140664]
S4 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-2-9 345464]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-20 24652]
============== File Associations ===============
scrfile="%1" %*
=============== Created Last 30 ================
2009-03-14 18:40 <DIR> --d----- c:\program files\WhatsRunning
2009-03-14 17:54 <DIR> --d----- c:\windows\ERUNT
2009-03-14 17:48 <DIR> --d----- C:\SDFix
2009-03-14 09:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-14 09:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-13 21:48 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-13 19:06 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-13 18:47 <DIR> --d----- c:\program files\CleanUp!
2009-03-13 18:46 <DIR> --d----- C:\Opera
2009-03-13 15:48 <DIR> --d----- c:\program files\trend micro
2009-03-13 14:48 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-13 14:48 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-13 14:38 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-13 14:38 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-10 22:21 <DIR> --d----- c:\docume~1\shirley\applic~1\MSNInstaller
2009-03-05 19:32 <DIR> --d----- c:\program files\Windows Media Connect 2
==================== Find3M ====================
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-05 18:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-02-23 19:44 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
============= FINISH: 22:18:44.08 ===============
I have also attached; attach.txt
Thanks in advance for any help.
PS. I had to run DDS off a flash drive and post from my computer as the other one will drop any browser as soon as any page or entry displays the words hijackthis, virus,malware etc.