Hi, I was surfing the net, and all of the sudden I got all of these popup messages that my computer was infected and I was asked if I wanted to update AntiVirus. I got off of the computer as quickly as I could and I ran Malwarebytes which said I had 15 infections. I clicked to remove the infections, and then I could not get back on my desktop and I couldn't do anything at all. I went to Tools, Options, ADvanced Settings, and "Use System Proxy Settings" was checked. I changed this to "no proxy" and now I am back on the desktop. But I don't know if my system has an infection or the pest or not. Help appreciated, please. This is very scary.:confused:

Run Malwarebaytes again and see what it shows. Also post the log from the time you got 15 infected files.

Ran MBAM this morning and it shows clear. But system acting strange for couple of weeks as problem displaying home page, accessing email, getting messages that "error report will be sent and system has to close". Humming sound from tower getting louder. I think I need virus protection program, or something more than what I have.?:confused: This is MBAM Report from last night showing infections:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2010 7:51:32 PM
mbam-log-2010-07-15 (19-51-32).txt

Scan type: Quick scan
Objects scanned: 148393
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\pprgkeumm\aivhxtetssd.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\wibrtsdf.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\hsekihumevixi (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\afoeuwhe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\afoeuwhe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\wibrtsdf.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Application Data\pprgkeumm\aivhxtetssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\30.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\e.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\YDKdGGnput.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\VUFogAZaZf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KAJIADKF\exe[1].php (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KAJIADKF\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W125BK0V\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HM6J5TK4\setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

Scareware back today at 12:15 p.m. today, Friday, 7-16-2010. Using my computer and received following message: "Generic Host Process for Win32 Services has encountered a problem and needs to close and will send error report to Microsoft." Then, another message appeared: "Application cannot be executed, the file wmiprvse.exe is infected. Do you want to activate anti virus"? I pressed Alt F4 and Alt/Control/Del and had a hard time getting off of my desktop. Then I ran Malbytes and it showed I have 76 infections: Here is log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/16/2010 12:33:32 PM
mbam-log-2010-07-16 (12-33-32).txt

Scan type: Quick scan
Objects scanned: 154171
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 34

Memory Processes Infected:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jqrjecuxh\xkkiiystssd.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1da4164e-7a46-4aaa-9134-b4082f7e8000} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{1da4164e-7a46-4aaa-9134-b4082f7e8000} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1da4164e-7a46-4aaa-9134-b4082f7e8000} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1da4164e-7a46-4aaa-9134-b4082f7e8000} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3fa9a640-f522-4d18-bd9a-b334f929b563} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fa9a640-f522-4d18-bd9a-b334f929b563} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ruytaltk (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\ruytaltk (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\mcexecwin (Virus.Ertfor) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\hsehf98u34i9tjioaugy987iuegdsg (Trojan.Ransom) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\uiha98uiohf873yuiadnhgjesgregas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Policies\Explorer\Run\13 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Part 2 of above log:

Folders Infected:
C:\Documents and Settings\Owner\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jqrjecuxh\xkkiiystssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\ff3b51.dll (Virus.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\avp.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\wufw0xs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msrss.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mthqp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\q0upzld.dll (Virus.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\win.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\notepad.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\qgkmdut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\lcsne.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\ukm0qjio2j4c3.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\csrss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\wininst.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\1876281770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\mrxru.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\iexplarer.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\hexdump.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\spoolsv.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\user.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\uxeut.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\dbiqws.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\07SS0LZA\ggbrzx[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LMDU34ZQ\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\47HFTVJO\gxbjd[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1Q5CZ3NT\ffmhcw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1Q5CZ3NT\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1Q5CZ3NT\gkbjdlwqlt[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1Q5CZ3NT\wzdytaicxe[1].htm (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zthqp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ithqp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

Hi Classic, I know you are busy and I don't mean to be a pest but I was just wondering if you had a chance to look at the MBAM logs which I posted. I don't know if there is a possibility of getting my system virus free and free of the "pests" or not. Took it to CompUSA yesterday and the technician said he could only help with the scareware if it popped up while he was looking at it and he said the only way that we could be sure it is clean is to restore it to the way it was when it came out of the box in 2006 (they charge $80 to do this and $50 to back up data). He told me the lifespan of desktops is normally about five to six years. I respect your expert technical knowledge and if I could get your advice on this, I would be greatly appreciative. I have been in and out alot as I have been doing what I can to help out my brother who was recently diagnosed with stage T4 lung cancer. If you think maybe a new desktop would be advisable, well if you could recommend a good reliable system which would be good for email, Microsoft Word documents, and playing a minimal amount of songs, again I would be very appreciative. I have been Internet Surfing on cancer help sites a good deal as of late but I don't visit any suspicious sites however I had been on Facebook which I think I will stay away from from here on out. Thanks a bunch.

If you don't have the scareware messages, don't worry about it. Let's monitor it for a few days and see what happens. If you want a new desktop we can speak. But I think you can ring a little more life out of this one..

Thanks Classic. A few things that my desktop is doing now. When I first turn it on a little box appears with the following message "RUNDLL Error loading MTHQP.DLL specified modile could not be found." When I try to use the System Restore feature, I get the following message: "System Restore has been turned off by a group policy. To turn on System Restore, contact your Domain Administrator." When I click on my email account, other strange sites appear that I did not click on. Then this morning, there was an email message from another Forum saying that someone had tried to log into my account with an incorrect password five times. Thanks for help to get me back on track, as I don't know how to correct any of this.

I'll look at this when I get home tonight.