BleepingComputer.com: Unable to access certain files

Hello,
This is the first time I have posted so please bear with me.
I am using Windows Vista 32 bit. On March 18th, 2011, a message popped up and I accidentally clicked it off before I could read it. I ran Malwarebyes and here was the log as follows:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6103

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/18/2011 10:33:36 PM
mbam-log-2011-03-18 (22-33-36).txt

Scan type: Quick scan
Objects scanned: 166712
Time elapsed: 20 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QiffIeqXNyJn (Trojan.FakeAlert) -> Value: QiffIeqXNyJn -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\qiffieqxnyjn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\tmp2500.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\-213E8.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\1363E8.tmp (Trojan.Agent) -> Delete on reboot.


Malwarebytes then stated that 2 of the infections were not deleted. I rebooted and was unable to access any of my personal files, such as photos, music, etc. It says that all of my folders are empty. I received another message upon reboot:

CCPLG.XML:
Unable to find file (C:Program Files\Avira\AntiVir Desktop\ccplg.xml).

I cannot turn on my antivirus software.
I tried to update Malwarebytes and received this message:

An error has occured. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (5,0, CreateFile)
Access is denied.

I also ran RKill and here is what popped up:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/18/2011 at 22:09:59.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\ProgramData\QiffIeqXNyJn.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe


Rkill completed on 03/18/2011 at 22:10:57.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/18/2011 at 22:58:58.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:




Rkill completed on 03/18/2011 at 22:59:07.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Owner on 03/18/2011 at 23:12:10.


Processes terminated by Rkill or while it was running:


c:\Users\Owner\Desktop\My Documents\Support\rkill.exe


Rkill completed on 03/18/2011 at 23:12:15.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 8:29:04.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 03/19/2011 at 8:29:10.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 17:37:45.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 03/19/2011 at 17:37:53.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 18:41:03.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 03/19/2011 at 18:41:09.

Other than that, the computer starts up fine, I am able to get online and open certain programs such as Word and Photoshop. I ran another scan on Malwarebytes and it is scanning all of my files that the computer says aren't there so I don't know what to do, I also have not lost any gigabytes on my C drive.
Please help! Any suggestions would be greatly appreciated!
Thank you!

This post has been edited by boopme: 19 March 2011 - 07:49 PM
Reason for edit: Moved from Vista to Am I Infected~~boopme

Hello and Welcome rsyma
Did you run RKILL before MBAM (Malwarebytes )?

This the proper proxy settings.
open Tools, Internet Options, Connections tab, Lan settings, uncheck the box next to "use proxy...."

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

This post has been edited by boopme: 19 March 2011 - 08:03 PM

Hello, boopme
thanks for the reply.
I re-ran RKill and when the black box appeared, this is what it said:

Preparing Rkill
Terminating known malware processes.
Please be patient.
Access is denied.

Then a rkill log popped up and this is what it said:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/18/2011 at 22:09:59.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\ProgramData\QiffIeqXNyJn.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe


Rkill completed on 03/18/2011 at 22:10:57.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/18/2011 at 22:58:58.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:




Rkill completed on 03/18/2011 at 22:59:07.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Owner on 03/18/2011 at 23:12:10.


Processes terminated by Rkill or while it was running:


c:\Users\Owner\Desktop\My Documents\Support\rkill.exe


Rkill completed on 03/18/2011 at 23:12:15.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 8:29:04.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 03/19/2011 at 8:29:10.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 17:37:45.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 03/19/2011 at 17:37:53.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 18:41:03.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 03/19/2011 at 18:41:09.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 18:46:21.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 03/19/2011 at 18:46:28.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/19/2011 at 22:52:19.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_C8CBFED7F00D3A8C.exe


Rkill completed on 03/19/2011 at 22:52:26.

I then tried to update Malwarebytes again and received this message:

An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (5,0, CreateFile)
Access is denied.

I'm having no problems with my internet connection, but I am unable to access any of my files. Should I click on the rk-proxy.reg file on my desktop? I have no idea how it appeared there.

Any more suggestions would be greatly appreciated.
Thanks!

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Ok, did what was asked and reposted in correct forum! Thanks!

Thank you.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.