Was able to get Malaware Bytes installed on my laptop. Burned the exe to a disk on my working non-infected computer. Here is my log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6481
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
4/30/2011 9:39:32 PM
mbam-log-2011-04-30 (21-39-32).txt
Scan type: Quick scan
Objects scanned: 157949
Time elapsed: 2 minute(s), 38 second(s)
Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
c:\Users\Kathy\AppData\Local\gif.exe (Trojan.FakeMS) -> 2264 -> Unloaded process successfully.
c:\Users\Kathy\AppData\Local\gif.exe (Trojan.FakeMS) -> 2224 -> Unloaded process successfully.
c:\Users\Kathy\AppData\Local\gif.exe (Trojan.FakeMS) -> 4668 -> Unloaded process successfully.
c:\Users\Kathy\AppData\Local\gif.exe (Trojan.FakeMS) -> 3080 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kathy\AppData\Local\gif.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kathy\AppData\Local\gif.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kathy\AppData\Local\gif.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Kathy\AppData\Local\gif.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Kathy\AppData\Local\gif.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Kathy\local settings\gif.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Kathy\local settings\application data\gif.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.