AV Security 2012 isn't being removed by avast.

[toobusyforvirus]

So that's quick scan with nothing in the custom scan/fixes field?

[toobusyforvirus]

Here's the OTL log...

Hmmm... I've been running the new aswmbr.exe you linked and it's been spending a lot of time in it's scan going over the roguekiller.exe
It's been scanning the RK file for a few minutes now.
Could it have been infected somehow? I know I got a malware warning from norton on the laptop I'm borrowing the first time I clicked the download link on the RK site (the one that is like half in french?). Could that be a problem

[essexboy]

No the file is good

What are the problems when you boot to normal mode ?

[toobusyforvirus]

The aswmbr has slowed to a crawl, is this normal?
Here's what it's displayed so far...
http://ctrlv.in/51528

It shows a couple of locked files, but has steadily decreased in speed and has now been on the file shown for a while.

I'm not sure what you mean by "problems when I boot to normal mode".

Using the roguekiller before and then reinstalling the malewarebytes (it removed 1 item on a quick scan, and 5 on a full scan, I posted the logs earlier) has prevented the av 2012 from popping up, but the roguekiller is still saying there's a rootkit.

edit: it's still on that file in the picture. should I try running it in normal mode? would that allow it to scan faster (everything seems slower in safe mode?)?

[toobusyforvirus]

Okay, it just decided to finish really quickly for some reason. Here's the log from it...

[essexboy]

Yes boot to normal mode as the locked files are suspicious

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[toobusyforvirus]

Hmmm, don't see an option to simply turn off avast. I also can not end avast from processes.

[essexboy]

Right click the Avast ball and select shield control
Select disable until reboot

Do not let Avast sandbox or quarantine anything whilst combofix is running

[toobusyforvirus]

Okay, I got combfix to run, and it popped up a dialog box saying...

this machine does not have the microsoft windows recovery console installed. alternately, an existing installation of the recoveryconsole may be present but requires updating.
without it, combofixshall not attempt the fixing of some serious infections
click yes to have combofix download and install it
not: this requires an active internet connection.


what do I do now?

edit: I went ahead and let it download what it wanted to. now it said it's scanning for files

it popped up a dialog saying the computer was infected with a rootkit, then went back to scanning in it's blue command prompt window. now it says"rootkit is detected be patient this may take some moments"

[toobusyforvirus]

It didn't produce a log, it just said it had to reboot the machine.

[essexboy]

Has it rebooted ?

If not wait for ten minutes or so and reboot manually

[toobusyforvirus]

It went through a lot of scans (30 something at last check) and is now rebooting.

It says preparing log report. I will attach that as soon as it finishes.

It says don't run any programs, but malewarebytes and peerblock started up automatically. should that be a problem?

[essexboy]

No not a problem - the log may take a while to prepare as the data is all gathered

[toobusyforvirus]

Okay, it just finished and produced the log.

Did that actually fix the problem? Because I noticed the whole genuine windows thing that I always ignore on boot up is gone. Could that have been a part of it?

[toobusyforvirus]

Do the results of the log mean that it is clean, or that we know what program to run next?

Also, I have a new file on my desktop titled "MBR" which is listed as an ArmyBuilder file used by my warhammer 40k application. It wasn't there before, is that normal or something worth noting?

Is there any use for all the logs that have been saved to the desktop for use in dealing with future problems? I'll attach those if they can be helpful in any way