Virus won't allow any antivirus to run

What do you mean by "basic mode"?

Are you booting from the hard disk or using UBCD4Win? You need to boot from the hard disk to properly clean it at some point. UBCD4Win is an alternate start point when you cannot get started at all but it will not allow you to remove all aspects of an infection since many parts only show when the hard disk and user account that is infected are booted.

ComboFix removed a ton of malware. Have you tried running other scans now that ComboFix has been run? If not, please do so and report back. Also download the current version of ComboFix.exe to your Desktop and this time do not rename it.

Your MGtools logs are incomplete. Did you didable UAC and reboot before running it? Did you notice any error messages or problems? Was any protection software running (like Norton)?



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now from hopefully normal boot mode, continue with the below or use safe mode if really necessary.

Run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Did you ever look at Error Message Type 2 of the instructions given here: Using MGtools

Note: Per the read and run me instructions, you should only be doing what we as you to do and nothing else. For example, you should not be doing anything with Kaspersky or any other software unless we have asked you to do so.

According to information in your registry, Norton Internet Security was never uninstalled. At least not properly. This is another reason why Kaspersky should not have been installed.

Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)


Make sure that you now run MSconfig and select Normal Startup mode before continuing.

Are the below folders thing you created? Are they needed. If not then delete them.

Code:

2009-11-14 13:59 . 2009-11-14 14:28 -------- d-----w- C:\123124871
2009-11-14 11:37 . 2009-11-14 11:37 -------- d-----w- C:\TMRBLog
2009-11-14 11:37 . 2009-11-14 11:37 -------- d-----w- C:\log
2009-11-13 01:17 . 2009-11-13 01:46 -------- d-----w- C:\12330791
2009-11-13 01:07 . 2009-11-13 01:07 -------- d-----w- C:\123

Uninstall the below old versions of software:
Java(TM) 6 Update 13
Java(TM) 6 Update 7

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [vabarajiru] Rundll32.exe "C:\Windows\system32\rulufutu.dll",s
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!