rebelrider87

Yikes.... Alright, the laptop has been disconnected from the internet. We have changed all at-risk passwords that we could think of. We are now moving all important documents/pictures to a jumpdrive before we reformat. We keep pretty close watch on our bank accounts and have not noticed any unauthorized transactions.

There is also a new folder called RK_Quarantine on my desktop. Here is the pasted report. RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laura [Admin rights] Mode : Scan -- Date : 05/04/2013 09:49:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : UIoqcMjUXy.exe (C:\ProgramData\UIoqcMjUXy.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-897294885-3930974983-2373750498-1000[...]\Run : UIoqcMjUXy.exe (C:\ProgramData\UIoqcMjUXy.exe) [x] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-897294885-3930974983-2373750498-1000\$6ce342f7d5e61a1425e44ec6855cb6a6\n.) [x] -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-897294885-3930974983-2373750498-1000\$6ce342f7d5e61a1425e44ec6855cb6a6\@ [-] --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-897294885-3930974983-2373750498-1000\$6ce342f7d5e61a1425e44ec6855cb6a6\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-897294885-3930974983-2373750498-1000\$6ce342f7d5e61a1425e44ec6855cb6a6\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Mal.Hosts|ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 198.15.104.132 www.google-analytics.com. 198.15.104.132 ad-emea.doubleclick.net. 198.15.104.132 www.statcounter.com. 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3256GSY +++++ --- User --- [MBR] e3d93d7debd6ce4ff79f9edaa5ba5150 [bSP] 8d646a5a2b092bf0710e567cc6e1cd7c : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 287296 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 588791808 | Size: 17645 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05042013_02d0949.txt >> RKreport[1]_S_05042013_02d0949.txt

I am on Windows 7 laptop using Chrome as my primary browser. I tried to install and run Malwarebytes so I can try to find the source of some very annoying popups in my lower left and right hand corners of all browsers. I turned off my firewall and Microsoft Security Essentials before installation. When it tries to open I get the message "Run-time error '339': Component 'ieframe.dll' or one of its dependencies not correctly registered: a file is missing or invalid" I went ahead and ran the DDS tool. Here are the two logs that came back. "DDS log" DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.21.2 Run by Laura at 18:48:18 on 2013-05-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2381 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/405 mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [uIoqcMjUXy.exe] C:\ProgramData\UIoqcMjUXy.exe uRun: [Microsoft] C:\Program Files (x86)\MSBuild\Microsoft\MSServices.lnk mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\14344594F4E4455434 : DHCPNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\26F69746 : DHCPNameServer = 64.53.83.131 165.166.142.42 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\44162797C6 : DHCPNameServer = 24.159.64.23 24.217.201.67 66.189.0.100 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\7657563747D277966696 : DHCPNameServer = 10.189.200.236 10.189.200.237 TCP: Interfaces\{03626132-A460-4F6D-8944-C3CE895A7898}\D4D4723702E4564777F627B6 : DHCPNameServer = 10.0.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\6gw0c2tm.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-20 2320920] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-11 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-20 271872] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-11-20 1093152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-20 245792] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== File Associations =============== . .js: <filetype is not registered> .jse: <filetype is not registered> . =============== Created Last 30 ================ . 2013-05-03 23:25:47 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A661A486-DFB3-412D-8D30-D5AE436D220A}\mpengine.dll 2013-05-03 23:24:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-03 23:24:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-03 23:04:14 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes 2013-05-03 23:03:58 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-03 23:03:29 -------- d-----w- C:\Users\Laura\AppData\Local\Programs 2013-04-28 03:15:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 00:00:26 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D4AE7CE-A8CD-4B2F-AC1D-CFC699596E6D}\gapaengine.dll 2013-04-28 00:00:10 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-27 23:42:58 -------- d-----r- C:\Users\Laura\Dropbox 2013-04-27 23:42:40 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-14 23:34:03 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 23:34:03 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 18:48:37.96 =============== "Attach log" . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2010 10:53:49 AM System Uptime: 5/3/2013 6:15:41 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1425 Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 281 GiB total, 213.551 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2.492 GiB free. E: is CDROM () F: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP453: 2/28/2013 4:45:32 PM - Windows Update RP454: 3/3/2013 6:39:17 PM - Windows Update RP455: 3/8/2013 10:09:33 PM - Windows Update RP456: 3/8/2013 11:20:11 PM - Windows Update RP457: 3/12/2013 6:38:51 PM - Windows Update RP458: 3/16/2013 9:49:24 AM - Windows Update RP459: 3/19/2013 9:26:27 PM - Windows Update RP461: 3/24/2013 2:49:37 PM - Windows Modules Installer RP462: 3/24/2013 3:13:55 PM - Windows Update RP463: 3/29/2013 4:21:09 PM - Windows Update RP464: 4/7/2013 5:00:25 PM - Windows Update RP465: 4/14/2013 8:23:11 PM - Windows Update RP466: 4/27/2013 6:36:10 PM - Windows Update RP467: 4/27/2013 7:44:20 PM - Windows Update RP468: 4/27/2013 10:14:05 PM - Removed Java 6 Update 26 RP469: 4/27/2013 10:14:55 PM - Installed Java 7 Update 21 RP470: 5/3/2013 5:03:45 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 MUI Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour BufferChm C4700 CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam D3DX10 Dropbox e-Sword Energy Star Digital Logo ESU for Microsoft Windows 7 Google Chrome Google Talk Plugin Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Documentation HP MediaSmart CinemaNow 2.0 HP Photo Creations HP Power Manager HP Product Detection HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Update HP Wireless Assistant HPPhotoGadget iCloud Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java 7 Update 21 Java Auto Updater Java 6 Update 20 (64-bit) Junk Mail filter update LabelPrint Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MindPoint Quiz Show MobileMe Control Panel Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 PDF Reader PhotoNow! Power2Go PowerDirector PS_AIO_06_C4700_SW_Min QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Software Recovery Manager Roxio CinemaNow 2.0 RtVOsd Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Synaptics Pointing Device Driver The Football News App Installer Theme Manager v 1.0 Toolbox Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio 2010 x64 Redistributables WebReg Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZB Handwriting GR 1 . ==== Event Viewer Messages From Past Week ======== . 5/3/2013 6:18:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player. 5/3/2013 6:17:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================

I am new here. I just downloaded Malwarebytes Anti-Malware so I can try to find the source of some very annoying popups in my lower left and right hand corners. I turned off my firewall and Microsoft Security Essentials before installation. When it tries to open I get the message "Run-time error '339': Component 'ieframe.dll' or one of its dependencies not correctly registered: a file is missing or invalid" I am on Windows 7. How do I proceed to open Malwarebytes, run the program and eliminate the malware?