Antivirus2010 infection

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.


Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )


Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.


Then try running these instructions: Using MGtools


Attach the below logs when finished with all of the above:

• C:\avplog.txt - from AVPfind
• a log from online SAS scan if you could make one
• log.txt - from exeHelper
• C:\MGlogs.zip - from MGtools

The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.

 

That is typical of this infection. Try to run both ComboFix and MGTools.exe and attach those logs.

 

I am not seeing any traces of AV 2010 in your logs. Can you do an online scan:

eSet Online Scan.

 

Try this:
Go to start / programs / accessories / right click on command prompt and choose to Run as Admininstrator. Now type in this at the prompt:
cacls "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /G Everyone:F
Press enter, then type Exit.
Now immediately try to run MBAM.

 

According to the logs, I see 2 antvirus programs installed which is an absolute NO NO!!!! I see:

ESET NOD32 Antivirus
Webroot AntiVirus with AntiSpyware

At least one of these must be uninstall immediately and then the PC needs to be rebooted.

 

Also one other thing I suggest is to download ComboFix from the below link to your Desktop but as you download and save it, RENAME it to svchost.exe to help it get around the malware.

combofix.exe

Then double click the svchost.exe file you save to your Desktop to have ComboFix run. Attach a log if this works.

Also do the same for the below. That is after running the svchost.exe that is really ComboFix, rename it to svchostCF.exe and then when downloading Malwarebytes from the below link, rename it to svchost.exe and then run it it. Make sure you get the updates. This is the installer program for Malwarebytes. If it runs, attach the log.

Malwarebytes Anti-Malware

 

Who asked you to run Avenger on Oct 22?

If you are worried about your wireless connection, use a wired connection until you get your problems fixed. You may just be picking up wireless signals from neighbors.

Have you tried running Eset Online as Tim suggested?

You need to put your PC into normal startup mode too. You are using MSconfig to control startups and should not be. But first you should apply the below registry patch to remove some entries you do not need.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Are you able to boot this PC in safe boot mode?

 

That may be your best alternative as you may just have some corrupt system files.