Cannot get mail (error ox800ccc92) and Malware pop up message:Malicious Website

[SellieS]

Corrine, thank you for your reply to my question about my email address appearing on the world wide web. 

1. Today my Outlook program gets the annoying error message:
ox800cc92.  I cannot send or receive mail.
I looked it up on line and it wants me to correct my user name and pw.
I have looked at my data and it appears right.

2. I ran Malware Anti virus and although it says there are no errors, a pop up
warns me over and over

Malicious Website Blocked c:\windows\SysWOW64\svchost.exe
IP 88214.193.54
Port: 61549
Process: c:\windows\SysWOW64\svchost.exe

Xfinity Comcast forum board has very old info on ox800cc92

Now I am getting another message asking if I want to debug this page and it is stopping me from easily typing to you. I captured it but won't let me paste on here.  forgot that this came up this week when I used this PC.

I would like to have you notify me when you are working on this however, my message appear on the web....something I have tried to stop for important reason.

thanks, diana

[SellieS]

Will try to get messages I snipped and saved.

Well, the one I see is not what I wanted but funny.

Can't tell if you got the others I snipped, captured, save and sent.

[Corrine]

Hi, Diana.  I have seen that side-by-side picture before and agree, it is funny.  Love the puppy.  :)

I'm glad I was able to reassure you regarding the question about your email address.

Regarding the site blocked by Malwarebytes, I looked up the IP address (adding the needed ".") and based on a site hosted using that IP address, it is not a site I believe you would want to visit.  That means that Malwarebytes was doing what you need it to do.  However, considering that was based on blocking outgoing rather than blocking from a link you clicked, I'd like to see fresh logs.  Please provide the requested logs in Log Posting Instructions.

As to the Outlook error message, I believe that the actual error code is 0x800ccc92 in Outlook 2010.  Can you log on to your email account from the Internet rather than through Outlook?  See if you can access your email from the webmail link:  https://login.comcast.net/login?ts=7544eb3b&s=wnamp# (uncheck the "Keep me signed in" box).

[SellieS]

My Outlook mail program gave me the error message
ox8000ccc92. I cannot send or receive.
I ran the Malware Anti virus which gave me a police message that warned me it had blocked a malicious website. It is relentless and pops up and down. The area is c:\windows\SysWOW64\svchost.exe.
Corrine has asked me to run checkup txt.
Here are the results:
Results of screen317's Security Check version 0.99.89 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Secunia PSI (3.0.0.2004)   
Adobe Flash Player 15.0.0.152 
Adobe Reader XI 
Mozilla Firefox 23.0 Firefox out of Date! 
Google Chrome 37.0.2062.124 
Google Chrome 38.0.2125.104 
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe   
Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Next I ran dds.scr and here are the results DDS.txt and attach.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Diana at 17:02:12 on 2014-10-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.3709 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe
svchost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\splwow64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uProxyOverride = <-loopback>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MapsGalaxy EPM Support] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Diana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{59695647-A96B-44F9-B00A-07A63E9F4A60} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\tom6abi5.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-3-21 57480]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-3-21 48264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-3-21 19592]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-3-21 189576]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-8-2 203392]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-3-21 61064]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-3-21 23176]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-7 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-7 968504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-2 2314240]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-2 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-2 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-7 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-7 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-7 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-5-10 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-2 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-2 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-6-10 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-9 1255736]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-25 20:00:03   11627712   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F4E4E7B-39AC-45E8-8D86-9B33DF5E85C7}\mpengine.dll
2014-10-25 08:57:14   11627712   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-19 02:48:53   0   ----a-w-   C:\Windows\System32\jrvwjhb.dll
2014-10-19 02:48:51   81408   ----a-w-   C:\Windows\System32\izglmsk.dll
2014-10-19 02:48:48   39424   ----a-w-   C:\Users\Diana\AppData\Roaming\ocwuljx.dll
2014-10-17 17:32:10   --------   d-----w-   C:\Program Files\iPod
2014-10-17 17:32:09   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-17 17:32:09   --------   d-----w-   C:\Program Files\iTunes
2014-10-17 17:32:09   --------   d-----w-   C:\Program Files (x86)\iTunes
2014-10-15 00:34:18   3198976   ----a-w-   C:\Windows\System32\win32k.sys
2014-10-15 00:34:16   1943696   ----a-w-   C:\Windows\System32\dfshim.dll
2014-10-15 00:34:16   156824   ----a-w-   C:\Windows\SysWow64\mscorier.dll
2014-10-15 00:34:16   156312   ----a-w-   C:\Windows\System32\mscorier.dll
2014-10-15 00:34:16   1131664   ----a-w-   C:\Windows\SysWow64\dfshim.dll
2014-10-15 00:34:15   81560   ----a-w-   C:\Windows\SysWow64\mscories.dll
2014-10-15 00:34:15   73880   ----a-w-   C:\Windows\System32\mscories.dll
2014-10-15 00:34:01   842240   ----a-w-   C:\Windows\System32\blackbox.dll
2014-10-15 00:34:01   744960   ----a-w-   C:\Windows\SysWow64\blackbox.dll
2014-10-15 00:34:01   1202176   ----a-w-   C:\Windows\System32\drmv2clt.dll
2014-10-15 00:34:00   988160   ----a-w-   C:\Windows\SysWow64\drmv2clt.dll
2014-10-15 00:32:52   6584320   ----a-w-   C:\Windows\System32\mstscax.dll
2014-10-15 00:32:51   77312   ----a-w-   C:\Windows\System32\packager.dll
2014-10-15 00:32:51   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2014-10-15 00:32:51   5703168   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-10-03 00:33:49   536576   ----a-w-   C:\Windows\SysWow64\sqlite3.dll
2014-10-01 11:36:08   371712   ----a-w-   C:\Windows\System32\qdvd.dll
2014-10-01 11:36:07   519680   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2014-10-01 09:06:23   1188440   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19CA32E7-689E-43A0-B530-05C6A00CD695}\gapaengine.dll
2014-09-27 07:32:23   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
==================== Find3M  ====================
.
2014-10-25 20:03:16   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 02:05:59   276480   ----a-w-   C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42   507392   ----a-w-   C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-10-01 15:11:26   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04   2017280   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02   2108416   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-09-24 18:26:29   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 18:26:29   701104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39   278152   ------w-   C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03   547328   ----a-w-   C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57   5829632   ----a-w-   C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12   4201472   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09   758272   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47   72704   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07   454656   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40   61952   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31   597504   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18   2309632   ----a-w-   C:\Windows\System32\wininet.dll
2014-09-19 00:18:55   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11   1810944   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42   3241472   ----a-w-   C:\Windows\System32\msi.dll
2014-09-18 01:32:52   2363904   ----a-w-   C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04   2048   ----a-w-   C:\Windows\System32\tzres.dll
2014-09-09 21:47:10   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20   424448   ----a-w-   C:\Windows\System32\rastls.dll
2014-09-04 05:04:15   372736   ----a-w-   C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13   3179520   ----a-w-   C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00   404480   ----a-w-   C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55   311808   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28   693176   ----a-w-   C:\Windows\System32\winload.efi
2014-08-19 03:10:10   616352   ----a-w-   C:\Windows\System32\winresume.efi
2014-08-19 03:08:04   503808   ----a-w-   C:\Windows\System32\srcore.dll
2014-08-19 03:08:04   50176   ----a-w-   C:\Windows\System32\srclient.dll
2014-08-19 03:08:03   63488   ----a-w-   C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51   58880   ----a-w-   C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51   32256   ----a-w-   C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11   17920   ----a-w-   C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11   146944   ----a-w-   C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22   50688   ----a-w-   C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56   61440   ----a-w-   C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22   1031168   ----a-w-   C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06   793600   ----a-w-   C:\Windows\SysWow64\TSWorkspace.dll
2014-07-28 18:52:00   6112072   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2014-07-28 18:52:00   54784   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys

As Corrine looks at this (and there are some pretty scary words in the logs) I will try and fix my mail my mail.

[SellieS]

Corrine: I am going out soon and will check back later tonight and tomorrow for your posts.  Have a good evening......

[Corrine]

Hi, Diana.

I merged your posts with the original topic you started about this issue so everything is in one place.

Please advise regarding my question below:

Can you log on to your email account from the Internet rather than through Outlook?  See if you can access your email from the webmail link:  https://login.comcast.net/login?ts=7544eb3b&s=wnamp# (uncheck the "Keep me signed in" box).

[SellieS]

Gosh, I am sorry.....I thought in my notes where you wanted me to explain what I was doing and why, I said YES I can see my up to date mail in Xfinity.

[Corrine]

Thank you, Diana.  Since you can at least get to your email from the web link, let's first deal with the files I see in your log that I suspect are most likely causing the recurring malicious website blocking by Malwarebytes.  Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 
  
  Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.
  
  
• If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  
• Double-click ComboFix.exe on your desktop and follow the prompts. 
  
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  
• When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
  

[SellieS]

Corrine,

I will be out this afternoon and will work on this around dinnertime.

Thanks, Diana

[Corrine]

Sound good.  Have a nice day.  :)

[SellieS]

ComboFix 14-10-27.01 - Diana 10/27/2014   1:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.4043 [GMT -4:00]
Running from: c:\users\Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E1X9F88\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Recent\Burke & Herbert Bank Online Log In.url
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Recent\photobucket.url
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Recent\Pin It (2).url
c:\users\Diana\AppData\Roaming\ocwuljx.dll
c:\users\Diana\Contacts\Desktop\Favorites\~$pt bath 2012.docx
c:\users\Diana\Contacts\Desktop\Favorites\~$tter to Board and Covenants with preface to us from Janice.docx
c:\users\Diana\Contacts\Desktop\Favorites\A person doesn.docx
c:\users\Diana\Contacts\Desktop\Favorites\After the Mark-ups, ready for B JJ D meeting ,.docx
c:\users\Diana\Contacts\Desktop\Favorites\April  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\August 22 addition to Angie's List.docx
c:\users\Diana\Contacts\Desktop\Favorites\blackhistory.html
c:\users\Diana\Contacts\Desktop\Favorites\Bloody Caesar.docx
c:\users\Diana\Contacts\Desktop\Favorites\calendar December 2013.docx
c:\users\Diana\Contacts\Desktop\Favorites\Calendar for Den.docx
c:\users\Diana\Contacts\Desktop\Favorites\Cats boxes.docx
c:\users\Diana\Contacts\Desktop\Favorites\Charlotte and Carrie.jpeg
c:\users\Diana\Contacts\Desktop\Favorites\co2 levels.docx
c:\users\Diana\Contacts\Desktop\Favorites\codes for Dr. Bray's Unneccessary Testing.jpeg
c:\users\Diana\Contacts\Desktop\Favorites\Comcast supports Xfinity Connect webmail and industry standard POP3.docx
c:\users\Diana\Contacts\Desktop\Favorites\Communication Strategy for the BHE and Social Management Project in Sierra Leone draft.docx
c:\users\Diana\Contacts\Desktop\Favorites\Con te Partrio in English.docx
c:\users\Diana\Contacts\Desktop\Favorites\Con te Partrio in Italian.docx
c:\users\Diana\Contacts\Desktop\Favorites\Condo Act docx.docx
c:\users\Diana\Contacts\Desktop\Favorites\Copy of Property_listing.xlsx
c:\users\Diana\Contacts\Desktop\Favorites\Correction of  office visit notes from Dr. Bray.docx
c:\users\Diana\Contacts\Desktop\Favorites\Crab Cakes.docx
c:\users\Diana\Contacts\Desktop\Favorites\Daniel Ellsberg.docx
c:\users\Diana\Contacts\Desktop\Favorites\december  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\Diana's Cover letter to Pet Rules Draft Final and the rest.docx
c:\users\Diana\Contacts\Desktop\Favorites\Doc1.docx
c:\users\Diana\Contacts\Desktop\Favorites\Dr. O'Brien. 1st letter regarding monitor.docx
c:\users\Diana\Contacts\Desktop\Favorites\Dr. smith = Medicine exception in Part D.docx
c:\users\Diana\Contacts\Desktop\Favorites\Easter and passover story and recipe.docx
c:\users\Diana\Contacts\Desktop\Favorites\Email petition copy.docx
c:\users\Diana\Contacts\Desktop\Favorites\Final letter to Burke and Herbert re Craig Smith.docx
c:\users\Diana\Contacts\Desktop\Favorites\Final Ltr for Residents before 9 18 2012 Brd Mtg..docx
c:\users\Diana\Contacts\Desktop\Favorites\First page for readers includes existing rules and Judith's changes..docx
c:\users\Diana\Contacts\Desktop\Favorites\George Smith.docx
c:\users\Diana\Contacts\Desktop\Favorites\Hallmark Board.docx
c:\users\Diana\Contacts\Desktop\Favorites\Hallmark Input Sheet.docx
c:\users\Diana\Contacts\Desktop\Favorites\He freed slaves.docx
c:\users\Diana\Contacts\Desktop\Favorites\House by Rumi.docx
c:\users\Diana\Contacts\Desktop\Favorites\I am a cobbler junkie.docx
c:\users\Diana\Contacts\Desktop\Favorites\I am taking care of two cats living in 1507.docx
c:\users\Diana\Contacts\Desktop\Favorites\I think [ossibly maybe I'm possibly falling for you.  Landon Pigg.docx
c:\users\Diana\Contacts\Desktop\Favorites\I won't give you another cent..docx
c:\users\Diana\Contacts\Desktop\Favorites\I won't pay another cent.docx
c:\users\Diana\Contacts\Desktop\Favorites\Ice castle....man made structure in Silverthorne CO.docx
c:\users\Diana\Contacts\Desktop\Favorites\Interesting Facts About the Guards at the Tomb of the Unknown Soldier.docx
c:\users\Diana\Contacts\Desktop\Favorites\Israel worries about US budget.docx
c:\users\Diana\Contacts\Desktop\Favorites\It's not worth it snowmen.docx
c:\users\Diana\Contacts\Desktop\Favorites\Janice's suggested by laws.docx
c:\users\Diana\Contacts\Desktop\Favorites\Janice Jib Jab.docx
c:\users\Diana\Contacts\Desktop\Favorites\Judith's  response at final submission.docx
c:\users\Diana\Contacts\Desktop\Favorites\July  2011 new design.docx
c:\users\Diana\Contacts\Desktop\Favorites\Jume 2013.docx
c:\users\Diana\Contacts\Desktop\Favorites\June  2011 new design.docx
c:\users\Diana\Contacts\Desktop\Favorites\June  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\KT story.docx
c:\users\Diana\Contacts\Desktop\Favorites\Learning HTML.docx
c:\users\Diana\Contacts\Desktop\Favorites\letter to B&H re Craig.docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Board and Covenants with preface to us from Janice.docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Dr  Nawab.docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Dr. Nawab..docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Dr. O'Brien for records..docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Friends of Hallmark.docx
c:\users\Diana\Contacts\Desktop\Favorites\Letter to Midicare w enclosures.docx
c:\users\Diana\Contacts\Desktop\Favorites\Marilyn Monroe kids.docx
c:\users\Diana\Contacts\Desktop\Favorites\Mark ups made for Bob, Janice and Joyce Thurs afternoon  09 13 2012.docx
c:\users\Diana\Contacts\Desktop\Favorites\may  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\Meatloaf Patties.docx
c:\users\Diana\Contacts\Desktop\Favorites\Middle Age Texting Abbreviations for Adele and Roy.docx
c:\users\Diana\Contacts\Desktop\Favorites\Mill End letter.docx
c:\users\Diana\Contacts\Desktop\Favorites\My Brothers in Arms.docx
c:\users\Diana\Contacts\Desktop\Favorites\My first visit with Dr. Dobrynski..docx
c:\users\Diana\Contacts\Desktop\Favorites\My markup.docx
c:\users\Diana\Contacts\Desktop\Favorites\My Movie.wlmp
c:\users\Diana\Contacts\Desktop\Favorites\Namaste definition..docx
c:\users\Diana\Contacts\Desktop\Favorites\Notes for Dr. smith.docx
c:\users\Diana\Contacts\Desktop\Favorites\November  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\November 2012.docx
c:\users\Diana\Contacts\Desktop\Favorites\November 5 comments from Janice.docx
c:\users\Diana\Contacts\Desktop\Favorites\October  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\October  bath 2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\Octoberr  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\On September the Hallmark Board received a letter from a resident concerning the Board.docx
c:\users\Diana\Contacts\Desktop\Favorites\Page 1, CA Lindman Contract for Masonry   July 23  2012.jpeg
c:\users\Diana\Contacts\Desktop\Favorites\Posted by damccoy.docx
c:\users\Diana\Contacts\Desktop\Favorites\Quest Diagnostics page 1..docx
c:\users\Diana\Contacts\Desktop\Favorites\Quest Diagnostics pages 1 and 2.docx
c:\users\Diana\Contacts\Desktop\Favorites\Ramen noodle salad.docx
c:\users\Diana\Contacts\Desktop\Favorites\Request for Medicare notes on unnecessary testing.jpeg
c:\users\Diana\Contacts\Desktop\Favorites\REST IN PEACE Princess.docx
c:\users\Diana\Contacts\Desktop\Favorites\Resume for Mr James Lindsey Adult Companion Care.docm
c:\users\Diana\Contacts\Desktop\Favorites\Revised  After the Mark-ups, ready for B JJ D meeting ,.docx
c:\users\Diana\Contacts\Desktop\Favorites\Sept 12, 2012.. Ltr to residents. VA Condo Act..docx
c:\users\Diana\Contacts\Desktop\Favorites\sept bath 2012.docx
c:\users\Diana\Contacts\Desktop\Favorites\September  2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\September  Bath 2011.docx
c:\users\Diana\Contacts\Desktop\Favorites\Sheldon.docx
c:\users\Diana\Contacts\Desktop\Favorites\The cropped Marilyn.docx
c:\users\Diana\Contacts\Desktop\Favorites\The reason for the appointment was I had a rash that was quite bad and I describe the office visit in detail under Dr.docx
c:\users\Diana\Contacts\Desktop\Favorites\themedata.thmx
c:\users\Diana\Contacts\Desktop\Favorites\This is how Israel does it..docx
c:\users\Diana\Contacts\Desktop\Favorites\This sensitive letter is from a dear Hallmark dog owner.docx
c:\users\Diana\Contacts\Desktop\Favorites\Those who forget the lessons of history.docx
c:\users\Diana\Contacts\Desktop\Favorites\Tomato Pie.docx
c:\users\Diana\Contacts\Desktop\Favorites\Two bloods of humour...[1].jpeg
c:\users\Diana\Contacts\Desktop\Favorites\Unexplainable.docx
c:\users\Diana\Contacts\Desktop\Favorites\We enjoy finding evidence that backs up our already held opinions.docx
c:\users\Diana\Contacts\Desktop\Favorites\Wheat Grass directions.docx
c:\users\Diana\Contacts\Desktop\Favorites\Why do you stay in prison when.docx
c:\windows\SysWow64\u
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27  )))))))))))))))))))))))))))))))
.
.
2014-10-26 20:14 . 2014-10-14 19:59   11627712   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7649222-241A-49B2-8581-8C7DCC77D9BD}\mpengine.dll
2014-10-25 20:00 . 2014-10-14 19:59   11627712   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-24 07:10 . 2014-10-24 07:10   --------   d-----w-   c:\users\Public\Recorded TV
2014-10-19 02:48 . 2014-10-19 02:48   0   ----a-w-   c:\windows\system32\jrvwjhb.dll
2014-10-19 02:48 . 2014-10-19 02:48   81408   ----a-w-   c:\windows\system32\izglmsk.dll
2014-10-17 17:32 . 2014-10-17 17:32   --------   d-----w-   c:\program files\iPod
2014-10-17 17:32 . 2014-10-17 17:32   --------   d-----w-   c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-17 17:32 . 2014-10-17 17:32   --------   d-----w-   c:\program files\iTunes
2014-10-17 17:32 . 2014-10-17 17:32   --------   d-----w-   c:\program files (x86)\iTunes
2014-10-15 00:34 . 2014-09-29 00:58   3198976   ----a-w-   c:\windows\system32\win32k.sys
2014-10-15 00:34 . 2014-06-18 22:23   1943696   ----a-w-   c:\windows\system32\dfshim.dll
2014-10-15 00:34 . 2014-06-18 22:23   156312   ----a-w-   c:\windows\system32\mscorier.dll
2014-10-15 00:34 . 2014-06-18 22:23   156824   ----a-w-   c:\windows\SysWow64\mscorier.dll
2014-10-15 00:34 . 2014-06-18 22:23   1131664   ----a-w-   c:\windows\SysWow64\dfshim.dll
2014-10-15 00:34 . 2014-06-18 22:23   73880   ----a-w-   c:\windows\system32\mscories.dll
2014-10-15 00:34 . 2014-06-18 22:23   81560   ----a-w-   c:\windows\SysWow64\mscories.dll
2014-10-15 00:34 . 2014-07-07 02:06   1202176   ----a-w-   c:\windows\system32\drmv2clt.dll
2014-10-15 00:34 . 2014-07-07 02:06   842240   ----a-w-   c:\windows\system32\blackbox.dll
2014-10-15 00:34 . 2014-07-07 01:40   744960   ----a-w-   c:\windows\SysWow64\blackbox.dll
2014-10-15 00:34 . 2014-07-07 02:07   14632960   ----a-w-   c:\windows\system32\wmp.dll
2014-10-15 00:34 . 2014-07-07 01:40   988160   ----a-w-   c:\windows\SysWow64\drmv2clt.dll
2014-10-15 00:32 . 2014-09-05 02:11   6584320   ----a-w-   c:\windows\system32\mstscax.dll
2014-10-15 00:32 . 2014-09-13 01:58   77312   ----a-w-   c:\windows\system32\packager.dll
2014-10-15 00:32 . 2014-09-13 01:40   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2014-10-15 00:32 . 2014-09-05 01:52   5703168   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-10-03 00:33 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\SysWow64\sqlite3.dll
2014-10-01 11:36 . 2014-09-25 02:08   371712   ----a-w-   c:\windows\system32\qdvd.dll
2014-10-01 11:36 . 2014-09-25 01:40   519680   ----a-w-   c:\windows\SysWow64\qdvd.dll
2014-10-01 09:06 . 2014-09-17 07:43   1188440   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CA32E7-689E-43A0-B530-05C6A00CD695}\gapaengine.dll
2014-09-30 16:30 . 2014-09-30 16:35   --------   d-----w-   c:\programdata\Yahoo!
2014-09-27 07:32 . 2014-10-25 18:06   539984   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 19:38 . 2014-08-07 04:01   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 15:30 . 2014-07-23 14:10   163504   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-26 07:15 . 2013-11-06 06:01   736952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-10-25 08:50 . 2013-10-07 17:07   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-10-25 08:50 . 2013-10-07 17:07   42168   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-10-25 07:49 . 2013-10-07 17:17   736952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-10-23 07:06 . 2013-12-14 06:23   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-10-23 07:06 . 2013-12-14 06:22   42168   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-10-23 07:06 . 2013-10-07 17:07   539984   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-10-15 07:00 . 2011-06-12 17:48   103265616   ----a-w-   c:\windows\system32\MRT.exe
2014-10-01 15:11 . 2014-08-07 04:00   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2014-08-07 04:00   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11 . 2014-08-07 04:00   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-09-24 18:26 . 2012-04-10 00:25   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:26 . 2011-09-23 03:49   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2012-01-12 06:38   278152   ------w-   c:\windows\system32\MpSigStub.exe
2014-09-17 07:43 . 2012-07-03 21:38   1188440   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-23 22:07   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 22:07   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-28 11:54   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 11:54   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-08-19 10:05 . 2014-08-19 10:05   10   ----a-w-   c:\windows\Fonts\wfonts.key
2014-08-01 11:53 . 2014-09-12 08:54   1031168   ----a-w-   c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 08:54   793600   ----a-w-   c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-12-04 39408]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

• 
  R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
• 
  R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
• 
  R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS
• 
  R3 cpuz134;cpuz134;c:\users\Diana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Diana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys
• 
  R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
• 
  R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
• 
  R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys
• 
  R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
• 
  R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys
• 
  R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe
• 
  R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
• 
  R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys
• 
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
• 
  R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
• 
  R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
• 
  S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys
• 
  S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys
• 
  S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys
• 
  S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys
• 
  S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys
• 
  S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
• 
  S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
• 
  S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
• 
  S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe
• 
  S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe
• 
  S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
• 
  S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
• 
  S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe
• 
  S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe
• 
  S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
• 
  S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys
• 
  S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
• 
  S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys
• 
  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
• 
  .
  .
  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  Hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
  .
  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  2014-10-17 00:18   1089352   ----a-w-   c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
  .
  Contents of the 'Scheduled Tasks' folder
  .
  2014-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:26]
  .
  2014-10-25 c:\windows\Tasks\Defraggler Volume C Task.job
  - c:\program files\Defraggler\df64.exe [2011-11-08 09:12]
  .
  2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04 05:38]
  .
  2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04 05:38]
  .
  2014-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636108111-3271393454-2496197924-1000Core.job
  - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 20:46]
  .
  2014-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636108111-3271393454-2496197924-1000UA.job
  - c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 20:46]
  .
  .
  --------- X64 Entries -----------
  .
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
  "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
  "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
  "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
  .
  ------- Supplementary Scan -------
  .
  uLocal Page = c:\windows\system32\blank.htm
  uStart Page = https://www.google.com/?gws_rd=ssl
  mLocal Page = c:\windows\SysWOW64\blank.htm
  uInternet Settings,ProxyOverride = <-loopback>
  mSearchAssistant =
  IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  Trusted Zone: vts.edu\www
  TCP: DhcpNameServer = 192.168.1.1
  FF - ProfilePath - c:\users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\tom6abi5.default\
  .
  - - - - ORPHANS REMOVED - - - -
  .
  Toolbar-Locked - (no file)
  Wow6432Node-HKLM-Run-MapsGalaxy EPM Support - c:\progra~2\MAPSGA~2\bar\1.bin\39medint.exe
  HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
  .
  .
  .
  --------------------- LOCKED REGISTRY KEYS ---------------------
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker6"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Shockwave Flash Object"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  @="0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  @="ShockwaveFlash.ShockwaveFlash.15"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="ShockwaveFlash.ShockwaveFlash"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  @Denied: (A 2) (Everyone)
  @="Macromedia Flash Factory Object"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
  "ThreadingModel"="Apartment"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  @="FlashFactory.FlashFactory.1"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  @="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  @="FlashFactory.FlashFactory"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker6"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  @Denied: (A) (Everyone)
  "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  .
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  @Denied: (A) (Everyone)
  .
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  "Key"="ActionsPane3"
  "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  @Denied: (Full) (Everyone)
  .
  Completion time: 2014-10-27  01:40:51
  ComboFix-quarantined-files.txt  2014-10-27 05:40
  .
  Pre-Run: 903,191,031,808 bytes free
  Post-Run: 905,881,800,704 bytes free
  .
  - - End Of File - - AE3AE3F32342AE7B03A3182A392EE76E
  4976D4A7A40B83FC7F06EE4BDD84EB9B
  

[Corrine]

Hi, Diana.

That is some strange list of removed documents that were in an unusual location (Contacts folder).  Do you recognize the file names?  Can you log in to Outlook 2010 now or do you still need to check email from the web link?

As to the files that were in your log that I referenced in my previous reply, ComboFix took care of one of them and we'll take care of the other two with the script below.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select Expand


File::
c:\windows\system32\jrvwjhb.dll
c:\windows\system32\izglmsk.dll


• Save this as CFScript.txt and place it on your desktop.
• Close any open browsers.
• Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
  
  
  
  
  


• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[SellieS]

C,I am having a hard time with popups for the mail and the attachment.  I have to hurry a message to you because they will cut me off from typing.
Yes, my libraries have been a mess since I tried to eliminate the duplicate files that had different header names.  I talked to you about it and it appeared I was deleting the source files.  I had sent my computer to a technician he started over with files under the name of Diana. I never can explain this correctly buy videos and pics and docs were in the wrong categories.  I set a new restore point and that did not help me.  Even backing up files now have been delayed.  I don't know how to get out of this mess even though I keep trying to put docs where they belong and eliminating those I don't need any more.  Can't find a darn thing on the spur of the moment because there is more than one video file name and there are different things in each.  I wrote to you about it but it is too complicated to backup or even move on to Microsoft 8.  Need to learn how to do it.

I just gave you an attachment (debugger) that won't stop popping up. I checked off don't show it again.  My mail is not fixed and it keeps on asking me to enter my name and pw.  After we fixed this portion, I believe you are going to address this.  I still get mail on Xfinity.

I will work on what you have given me to do now.  Thanks.

[SellieS]

I opened the notebook and nothing is in it.

From a copy of
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Diana at 17:02:12 on 2014-10-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.3709 [GMT -4:00]

I found each .dll from a log done before the combofix.

I have looked everywhere for Notebook after using your directions.  My logs always went to downloads and that particular folder with past downloads (there are other downloads files!) doesn't appear on my desktop or thru my searches.




I f2014-10-25 20:00:03   11627712   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F4E4E7B-39AC-45E8-8D86-9B33DF5E85C7}\mpengine.dll
2014-10-25 08:57:14   11627712   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-19 02:48:53   0   ----a-w-   C:\Windows\System32\jrvwjhb.dll
2014-10-19 02:48:51   81408   ----a-w-   C:\Windows\System32\izglmsk.dllound

[Corrine]

Yes, I rather thought you might have a problem.  The instructions were to save ComboFix to your Desktop.  Instead, ComboFix was saved to the Temporary Internet Files folder.  In addition, it isn't Notebook, it is Notepad in the instructions. 

Please see if you can do one of the following:

1)  Navigate to c:\users\Diana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E1X9F88\ComboFix.exe
Right-click ComboFix.exe and select Cut
Go to your desktop, C:\Users\Diana\Desktop, and Right-click again and select Paste

2.  If the above doesn't work, download a  new copy of ComboFix.
Go to http://www.bleepingcomputer.com/download/combofix/
Right-click the blue box reading "Download now @Bleeping Computer"
Select "Save target as".
Navigate to C:\Users\Diana\Desktop and click Save.



After you have ComboFix on your Desktop, please return to my instructions above, http://www.landzdown.com/analysis-and-malware-removal/cannot-get-mail-%28error-ox800ccc92%29-and-malware-pop-up-messagemalicious-website/msg170963/#msg170963