Hello jmterry,
What is actually going on is yes, the active monitoring part of the antivirus has been shutdown, and then the fake security software is running a few files that are all just a bunch of fake scan and alert show. Let's see if you can make some changes and then we'll check as we go.
If necessary you can also try working from Safe Mode. At startup tap the F8 key about once per half-second, then select
Safe Mode with Networking from the menu.
----------------
Be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Assuming what some of the running processes might be active there, download and run Process Explorer from
here. Click on View and check "Show processes from all users", "show fractional CPU" and "Show unnamed handles".
In the upper panel right click
mradll.exe , and select "
Suspend". Not "Kill Process" or the other options you might see.
Then do the same "Suspend" for the following items:
gra.exe
RUNDLL32.EXE
After doing that you may get alerts about a missing rundll32.exe. This is a legit file often used for your different display/control panels there, but being misused by infection, so we are stopping it for now.
---------------
Then download Malwarebytes' Anti-Malware from
Here or
Here.
Right click to download, select Save Target/File As, and rename that
mbam-setup.exe to
bami.com as you download and save it to your desktop (don't download and then rename it).
Double Click
bami.com to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
-------
Download
RSIT (random's system information tool) from
here to your desktop, then click on the
RSIT.exe to start the scan.
If necessary allow it to locate or download a copy of HijackThis as needed.
Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.
RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).
You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
--------------
Post those logs and the Malwarebytes log, if you were able to run that.