My computer has been infected by what appears to be the total security virus. I started getting the fake security pop-ups on my screen listing the number of infections on my computer. I also got a weird icon on my right-had system tray with a pop-up message indicating "smc.exe is infected. please start your antivirus software". Within a few seconds an error message appeared across my entire desktop behind the desktop icons indicating "Warning Your computer has been attached by a virus". None of the exe files were working and I restarted my computer in safe mode with networking. I run the Mbam antivirus program and it located one infection. I also ran SAS and no infections were found. I restarted my computer in normal mode only to realize that the virus was still present with the same annoying pop-ups. Could not use any exe files in normal mode even after I tried running the "Fixexe.reg" application. Ran Mbam antivirus once again in safe mode and this time no problems were found. however the same problem exists when I login into normal mode.
Below is the DDS log:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by ravigupta at 5:50:39.28 on Sun 01/23/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2997.2099 [GMT -5:00]
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe
C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
C:\Windows\explorer.exe
C:\Users\ravigupta\Documents\Distrib\Regclean\Other Tools\GOOD SPYWARE TOOL - FOR Peridoic Use\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SafeBootTokWatch] "c:\program files\safeboot\SbTokWatch.exe"
uRun: [Google Update] "c:\users\ravigupta\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [fNfNjJm05200] c:\programdata\fnfnjjm05200\fNfNjJm05200.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SBEVMON.EXE] c:\progra~1\safeboot\vdisk\SBEVMON.EXE -WinLogon
mRun: [SafeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "c:\program files\safeboot\SbTokWatch.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [AeXRSAView] c:\program files\altiris\recovery solution agent\AeXRSAView.exe -logon
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [sprt65ProdPID] "c:\program files\itssupportcenter\bin\sprtcmd.exe" /P sprt65ProdPID
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SbCeCore] "c:\program files\mcafee\endpoint encryption for files and folders\SbCeCore.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoInplaceSharing = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: disablecad = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: adp.com
Trusted Zone: amicillc.com
Trusted Zone: brassring.com
Trusted Zone: cch.com
Trusted Zone: cchgroup.com
Trusted Zone: cdc.gov\citgo
Trusted Zone: ctecfts.com\www.wi
Trusted Zone: dhs.gov\ace.cbp
Trusted Zone: eformrs.com
Trusted Zone: fasttax.com\gosystemrs
Trusted Zone: fasttax.com\support
Trusted Zone: fasttax.com\trustease
Trusted Zone: fasttaxtrust.com
Trusted Zone: gowebiq.com\www
Trusted Zone: hntb.com\pw
Trusted Zone: kpmg.com\*.amr
Trusted Zone: kpmg.com\*.amr.kworld
Trusted Zone: kpmg.com\*.aro.kworld
Trusted Zone: kpmg.com\*.aspac
Trusted Zone: kpmg.com\*.ema
Trusted Zone: kpmg.com\*.ema.kworld
Trusted Zone: kpmg.com\*.kclient
Trusted Zone: kpmg.com\*.kclient.kworld
Trusted Zone: kpmg.com\*.kworld
Trusted Zone: kpmg.com\alp.msvcs
Trusted Zone: kpmg.com\rea.msvcs.kworld
Trusted Zone: kpmg.com\www.seccsq.kworld
Trusted Zone: kpmg.com\www.virtualpc
Trusted Zone: kpmg.com\www.virtualpc.amr
Trusted Zone: kpmg.com\www.virtualpc.amr.kworld
Trusted Zone: kpmg.com\www.virtualpc.aspac
Trusted Zone: kpmg.com\www.virtualpc.aspac.kworld
Trusted Zone: kpmg.com\www.virtualpc.ema
Trusted Zone: kpmg.com\www.virtualpc.ema.kworld
Trusted Zone: kpmg.com\www.virtualpc.kworld
Trusted Zone: kpmg.eu
Trusted Zone: kpmgexpatextranet.com\www
Trusted Zone: kpmgproxy.com
Trusted Zone: kpmgtax.com\www
Trusted Zone: lexis.com
Trusted Zone: micromash.net\www
Trusted Zone: pacificlife.com\plcorp
Trusted Zone: paisleyhosting.com
Trusted Zone: riag.com\checkpoint
Trusted Zone: riahelp.com
Trusted Zone: riahome.com\insourcers
Trusted Zone: riahome.com\support2
Trusted Zone: thomson.com\trtasso
Trusted Zone: thomsonreuters.com
Trusted Zone: uboc.com\vo
Trusted Zone: webex.com\kpmg
Trusted Zone: xerox-xls.com
Trusted Zone: adp.com
Trusted Zone: brassring.com
Trusted Zone: cch.com
Trusted Zone: cchgroup.com
Trusted Zone: cdc.gov\citgo
Trusted Zone: dhs.gov\ace.cbp
Trusted Zone: eformrs.com
Trusted Zone: fasttax.com\gosystemrs
Trusted Zone: fasttax.com\support
Trusted Zone: fasttax.com\trustease
Trusted Zone: fasttaxtrust.com
Trusted Zone: gowebiq.com\www
Trusted Zone: hntb.com\pw
Trusted Zone: kpmg.com\*.amr
Trusted Zone: kpmg.com\*.aro.kworld
Trusted Zone: kpmg.com\*.aspac
Trusted Zone: kpmg.com\*.ema
Trusted Zone: kpmg.com\*.kclient
Trusted Zone: kpmg.com\*.kclient.kworld
Trusted Zone: kpmg.com\*.kworld
Trusted Zone: kpmg.com\alp.msvcs
Trusted Zone: kpmg.com\rea.msvcs.kworld
Trusted Zone: kpmg.com\www.seccsq.kworld
Trusted Zone: kpmg.com\www.virtualpc
Trusted Zone: kpmg.com\www.virtualpc.amr
Trusted Zone: kpmg.com\www.virtualpc.amr.kworld
Trusted Zone: kpmg.com\www.virtualpc.aspac
Trusted Zone: kpmg.com\www.virtualpc.aspac.kworld
Trusted Zone: kpmg.com\www.virtualpc.ema
Trusted Zone: kpmg.com\www.virtualpc.ema.kworld
Trusted Zone: kpmg.com\www.virtualpc.kworld
Trusted Zone: kpmg.eu
Trusted Zone: kpmgexpatextranet.com\www
Trusted Zone: kpmgproxy.com
Trusted Zone: kpmgtax.com\www
Trusted Zone: lexis.com
Trusted Zone: micromash.net\www
Trusted Zone: pacificlife.com\plcorp
Trusted Zone: paisleyhosting.com
Trusted Zone: riag.com\checkpoint
Trusted Zone: riahelp.com
Trusted Zone: riahome.com\insourcers
Trusted Zone: riahome.com\support2
Trusted Zone: thomson.com\trtasso
Trusted Zone: thomsonreuters.com
Trusted Zone: uboc.com\vo
Trusted Zone: webex.com\kpmg
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps//klladmin.us.kworld.kpmg.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = SbNp5 scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4
================= FIREFOX ===================
FF - ProfilePath - c:\users\ravigu~1\appdata\roaming\mozilla\firefox\profiles\3pakbhiz.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\users\ravigupta\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ravigupta\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ravigupta\appdata\roaming\Move Networks
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
============= SERVICES / DRIVERS ===============
R0 AeXRSFAL;AeXRSFAL;c:\windows\system32\drivers\AeXRSFAL.sys [2008-11-20 31760]
R0 MfeEERM;MfeEERM;c:\windows\system32\drivers\MfeEERM.sys [2010-3-12 157512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-23 102688]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2007-7-16 44720]
R0 SBAlg00;SBAlg00;c:\windows\system32\drivers\SbAlg00.sys [2009-6-4 7472]
R0 SBAlg01;SBAlg01;c:\windows\system32\drivers\SBALG01.SYS [2009-6-4 7728]
R0 SBAlg11;SBAlg11;c:\windows\system32\drivers\SbAlg11.sys [2009-6-4 22992]
R0 SBAlg12;SBAlg12;c:\windows\system32\drivers\SBALG12.SYS [2009-6-4 45040]
R0 SbCe;SbCe;c:\windows\system32\drivers\SbCe.sys [2010-3-12 505800]
R0 SbEncVol;SbEncVol;c:\windows\system32\drivers\SbEncVol.sys [2008-7-31 24576]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-23 12928]
R1 issnfh;ISS NDIS LightWeight Filter;c:\windows\system32\drivers\issnfhv.sys [2010-8-24 29696]
R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;c:\program files\mcafee\endpoint encryption for files and folders\SbCeCoreService.exe [2010-3-12 154440]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-1-11 2479376]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2010-8-24 197288]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-8-24 6000640]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-8-24 49152]
R3 SbCeCd;SbCeCd;c:\windows\system32\drivers\SbCeCd.sys [2010-3-12 96864]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-14 294608]
S1 issnet;issnet;c:\windows\system32\drivers\issnetv.sys [2010-8-24 102912]
S1 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2008-6-23 5840]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67656]
S1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2008-6-23 34192]
S1 SbRegFlt;SbRegFlt;c:\windows\system32\drivers\SbRegFlt.sys [2008-6-23 7680]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_8f98e448\AEstSrv.exe [2010-8-24 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-14 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-14 51280]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]
S2 BlackICE;BlackICE;c:\program files\iss\proventia desktop\blackd.exe [2010-8-24 2199818]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
S2 KGuard Service;KGuard Service;c:\program files\kpmg\kguard\KGuardService.exe [2009-6-8 24576]
S2 MSSQL$EAUDIT;SQL Server (EAUDIT);c:\users\all users\eaudit\mssql10.eaudit\mssql\binn\sqlservr.exe [2009-3-30 43010392]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\safeboot\SbClientManager.exe [2008-6-23 356352]
S2 sprtsvc_sprt65prodpid;SupportSoft Sprocket Service (sprt65prodpid);c:\program files\itssupportcenter\bin\sprtsvc.exe [2008-12-6 202016]
S2 tgsrvc_sprt65prodpid;SupportSoft Repair Service (sprt65prodpid);c:\program files\itssupportcenter\bin\tgsrvc.exe [2008-12-6 148768]
S2 VnxTcp;VnxTcp;c:\windows\system32\drivers\vnxtcp.sys [2008-9-9 40784]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
S3 Altiris Local Recovery Server;Altiris Local Recovery Server;c:\program files\altiris\recovery solution agent\LocalRSvc.exe [2008-11-20 872448]
S3 atrsdfw;atrsdfw;c:\windows\system32\drivers\atrsdfw.sys [2008-9-22 9728]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-10-22 124224]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-1-11 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-24 228408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-24 102448]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-24 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-24 209920]
S3 issfltr;issfltr;c:\windows\system32\drivers\issfltr.sys [2010-8-24 52736]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-5-26 47128]
S4 SQLAgent$EAUDIT;SQL Server Agent (EAUDIT);c:\users\all users\eaudit\mssql10.eaudit\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2011-01-23 10:09:26 691 ----a-w- c:\users\ravigu~1\appdata\roaming\GetValue.vbs
2011-01-23 10:09:26 35 ----a-w- c:\users\ravigu~1\appdata\roaming\SetValue.bat
2011-01-23 10:07:56 4140 ----a-w- c:\windows\system32\tmp.reg
2011-01-23 09:58:40 -------- d-----w- c:\program files\Trend Micro
2011-01-23 08:22:04 -------- d-----w- c:\progra~2\fNfNjJm05200
2011-01-19 12:48:08 -------- d-----w- c:\users\ravigu~1\appdata\roaming\Qazuyc
2011-01-19 12:48:08 -------- d-----w- c:\users\ravigu~1\appdata\roaming\Eros
2011-01-14 04:12:47 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-01-14 04:12:47 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-01-14 04:12:46 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-01-14 04:12:21 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-01-14 04:12:21 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-01-14 04:12:21 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-01-14 04:12:20 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-01-14 04:12:20 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-01-14 04:11:16 834048 ----a-w- c:\windows\system32\wininet.dll
2011-01-14 04:11:16 389632 ----a-w- c:\windows\system32\html.iec
2011-01-14 04:11:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-01-14 04:10:29 81920 ----a-w- c:\windows\system32\consent.exe
2011-01-14 04:09:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-14 04:09:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-14 04:09:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-14 04:09:45 2038272 ----a-w- c:\windows\system32\win32k.sys
2011-01-12 06:22:32 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-01-08 14:23:26 -------- d-----w- c:\users\ravigu~1\appdata\local\Apple
2011-01-08 13:13:53 -------- d-----w- c:\program files\Escape Medical Viewer 3.2.3
==================== Find3M ====================
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-09 19:00:44 72080 ----a-w- c:\users\ravigupta\g2mdlhlpx.exe
============= FINISH: 5:51:23.08 ===============
Below is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5576
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
1/23/2011 5:51:26 AM
mbam-log-2011-01-23 (05-51-26).txt
Scan type: Full scan (C:\|)
Objects scanned: 283431
Time elapsed: 30 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Attached are the following files:
DDS Attach log (Attach.txt)
GMER Scan Report (ark.txt)