Solved How do I stop my pc sending spam

riider June 10, 2015 at 18:39:12

Your email account has likely been hacked. Change your password.

Derek June 11, 2015 at 02:09:28

Also run this on it: MalwareBytes: http://filehippo.com/download_malwa... (green Download button top right - not anything else on the page) Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds. If it finds anything please copy/paste the log on here. Always pop back and let us know the outcome - thanks

I have run malwarebytes but it found nothing

Derek June 11, 2015 at 08:04:23

OK can you run this little file too - it is quick to do and looks for quite different things: AdwCleaner: http://www.bleepingcomputer.com/dow... (blue Download button near top - not anything else on the page). Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button. Again, paste the log if it finds anything please. Always pop back and let us know the outcome - thanks

Sorry for the delay I have just got up. Ran Adwcleaner log below # AdwCleaner v3.101 - Report created 12/06/2015 at 08:48:14 # Updated 20/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Brian Halson - BRIANHALSON-PC # Running from : C:\Users\Brian Halson\Desktop\Security\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Users\Brian Halson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Folder Found C:\AI_RecycleBin Folder Found C:\Program Files (x86)\Toolbar Cleaner Folder Found C:\ProgramData\Package Cache Folder Found C:\Users\Brian Halson\AppData\LocalLow\adawaretb Folder Found C:\Users\Brian Halson\AppData\Roaming\SecureSearch Folder Found C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Found C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Found C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Found C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Found C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Found C:\Windows\SysWOW64\AI_RecycleBin ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\AppDataLow\Software\adawaretb Key Found : HKCU\Software\Classes\pokki Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\Software\adawaretb Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Found : HKLM\SOFTWARE\Classes\CLSID\{baad6aa7-889d-4db4-8666-f71544310e82} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06} Key Found : HKLM\SOFTWARE\classes\FMMediaFormats.FormatCodecVideo Key Found : HKLM\SOFTWARE\classes\FMMediaFormats.FormatCodecVideo.1 Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Found : HKLM\Software\Toolbar Cleaner Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v38.0.5 (x86 en-US) [ File : C:\Users\Brian Halson\AppData\Roaming\Mozilla\Firefox\Profiles\qaysjhks.default-1423976249486\prefs.js ] -\\ Google Chrome v43.0.2357.124 [ File : C:\Users\Brian Halson\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13300 octets] - [21/04/2014 15:17:07] AdwCleaner[R1].txt - [4171 octets] - [12/06/2015 08:48:14] AdwCleaner[S0].txt - [13320 octets] - [21/04/2014 15:21:36] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4292 octets] ##########

Derek June 11, 2015 at 16:48:07

Yes, it found and fixed a few things. it would therefore be worth running this one too: Junkware Removal Tool (JRT) http://www.bleepingcomputer.com/dow... (blue Download button near top - not anything else on the page). Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished. Please copy/paste log as before and let me know if you are still getting the undelivered messages.. Always pop back and let us know the outcome - thanks

Johnw June 11, 2015 at 16:49:48

Next step topbooka, more steps will be needed after this. Run Junkware Removal Tool http://www.softpedia.com/get/Securi... http://www.bleepingcomputer.com/dow... http://thisisudax.org/ http://thisisudax.blogspot.com.au/2... Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Warning! Once the scan is complete JRT will shut down your browser with NO warning. Shut down your protection software now to avoid potential conflicts. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for... http://www.techsupportforum.com/for... Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open. Copy and Paste the contents of the JRT.txt log please.

Johnw June 11, 2015 at 16:51:56

Opp's Derek, saw the post was about an hour old, thought you may not be around.

Johnw June 11, 2015 at 16:55:58

topbooka, did you hit the AdwCleaner Clean button? If so can we have the log please. message edited by Johnw

Derek June 11, 2015 at 16:57:53

No matter, I've gotta go now anyhow (gas men tearing up the main and service pipes early tomorrow). Please carry on - Nite. Always pop back and let us know the outcome - thanks

Scan complete for JRT log below ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.9.1 (06.08.2015:1) OS: Windows 7 Home Premium x64 Ran by Brian Halson on Fri 12/06/2015 at 10:17:41.61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} ~~~ Files Successfully deleted: [File] C:\Windows\reimage.ini Successfully deleted: [File] C:\Windows\system32\LavasoftTcpService64.dll Successfully deleted: [File] C:\Windows\system32\LavasoftTcpServiceOff.ini Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.dll Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.ini Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpServiceOff.ini Successfully deleted: [File] C:\Users\Brian Halson\appdata\local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage Successfully deleted: [File] C:\Users\Brian Halson\appdata\local\google\chrome\user data\default\local storage\hxxp_st.chatango.com_0.localstorage-journal ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{0FE5A262-4593-4B46-ACBE-CE1BF8680E20} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{18E00A1B-759A-4305-85C9-857A22C0D2BC} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{246BB934-69E8-4F5D-B450-18E7D2A74316} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{2E6FDAC2-7640-44C8-925C-515680FD6CA8} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{4ED9330C-9D2B-483E-9DDA-F48783632BFE} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{541A7EE6-E726-4DCB-A110-11C066BF285B} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{597C6705-4C36-49B4-AB5C-4312A57D23E5} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{71C9B01D-C8BD-487E-B877-6F280B549D8B} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{90AC93D8-9AC8-4E2D-8CEF-382DAFCF61D0} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{B041A4BC-6D8E-480A-A773-66DDB771F040} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{C302BB07-D6B1-483E-94DA-17693E20A646} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{C832CF3F-9475-4B30-A85F-218E5F97628E} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{DD54A7D0-FBE1-416E-9D00-4B427DB3E7EC} Successfully deleted: [Empty Folder] C:\Users\Brian Halson\appdata\local\{F5998EFF-7693-4AFC-9F62-008770DAA4B3} Successfully deleted: [Folder] C:\Users\Brian Halson\AppData\Roaming\getprivate Successfully deleted: [Folder] C:\Users\Brian Halson\AppData\Roaming\getrighttogo Successfully deleted: [Folder] C:\ProgramData\4899dd140d5f13cc ~~~ FireFox ~~~ Chrome Successfully deleted: [Folder] C:\Users\Brian Halson\appdata\local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [C:\Users\Brian Halson\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Brian Halson\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Brian Halson\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Brian Halson\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [ jbolfgndggfhhpbnkgnpjkfhinclbigj ] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/06/2015 at 10:23:24.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Johnw June 11, 2015 at 17:31:09

"Sorry for the delay I have just got up" Me too, I'm here. http://www.timeanddate.com/worldclo... Just waiting on the log from my post #9 EDIT. Note: AdwCleaner has a Clean button, not Delete. message edited by Johnw

Morning Johnw Log is at post #5

Johnw June 11, 2015 at 17:45:56

"Log is at post #5" Yep, but that only shows what it found. Need the log showing what it deleted after hitting the Clean button. message edited by Johnw

Sorry but I can not find this log can only find what is in quarantine

Johnw June 11, 2015 at 18:09:05

You can find the logfile at C:\AdwCleaner[S1].txt

thank found it # AdwCleaner v3.101 - Report created 12/06/2015 at 09:59:06 # Updated 20/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Brian Halson - BRIANHALSON-PC # Running from : C:\Users\Brian Halson\Desktop\Security\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\AI_RecycleBin Folder Deleted : C:\ProgramData\Package Cache Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin Folder Deleted : C:\Users\BRIANH~1\AppData\Local\Temp\AI_RecycleBin Folder Deleted : C:\Users\Brian Halson\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Brian Halson\AppData\Roaming\SecureSearch Folder Deleted : C:\Users\Brian Halson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Key Deleted : HKCU\Software\Classes\pokki Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\classes\FMMediaFormats.FormatCodecVideo Key Deleted : HKLM\SOFTWARE\classes\FMMediaFormats.FormatCodecVideo.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{baad6aa7-889d-4db4-8666-f71544310e82} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v38.0.5 (x86 en-US) [ File : C:\Users\Brian Halson\AppData\Roaming\Mozilla\Firefox\Profiles\qaysjhks.default-1423976249486\prefs.js ] -\\ Google Chrome v43.0.2357.124 [ File : C:\Users\Brian Halson\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13300 octets] - [21/04/2014 15:17:07] AdwCleaner[R1].txt - [4400 octets] - [12/06/2015 08:48:14] AdwCleaner[S0].txt - [13320 octets] - [21/04/2014 15:21:36] AdwCleaner[S1].txt - [4123 octets] - [12/06/2015 09:59:06] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4183 octets] ##########

Johnw June 11, 2015 at 18:26:52

Next step. Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT. The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please. http://www.zippyshare.com/ Instructions on how to use ZippyShare. http://i.imgur.com/naG6t2T.gif http://i.imgur.com/Vi9ZdIh.gif http://i.imgur.com/1IZu5kP.gif http://www.bleepingcomputer.com/dow... http://download.bleepingcomputer.co... http://www.forospyware.com/sUBs/Com... A guide and tutorial on using ComboFix http://www.bleepingcomputer.com/com... http://www.winhelp.us/index.php/gen... Manually restoring the Internet connection http://www.bleepingcomputer.com/com... There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual" If you think it's frozen, look at the computer clock. If it's running, Combofix is still working. NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall. NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed. ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.*** **Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run. Allow ComboFix to download the Recovery Console. Accept the End-User License Agreement. The Recovery Console will be installed. You will then get this next prompt that asks if you want to continue the malware scan, select yes. If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected. Can't Install an Antivirus - Windows Security Center still detects previous AV http://www.experts-exchange.com/Vir... We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following: * Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic. http://www.bleepingcomputer.com/for... http://www.techsupportforum.com/for... Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop. Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

combofix scan complete link below http://www9.zippyshare.com/v/bmGLHw...

Johnw June 11, 2015 at 20:04:36

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. http://www.bleepingcomputer.com/dow... If we have to run Farbar more than once, refer this SS. http://i.imgur.com/yUxNw0j.gif Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the Desktop. The first time the tool is run, it makes also another log (Addition.txt). The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please. http://www.zippyshare.com/ Instructions on how to use ZippyShare. http://i.imgur.com/naG6t2T.gif http://i.imgur.com/Vi9ZdIh.gif http://i.imgur.com/1IZu5kP.gif

frst complete links to logs below http://www36.zippyshare.com/v/cq6Sp... http://www36.zippyshare.com/v/jJ6Zi...

Johnw June 11, 2015 at 21:03:05

Give me about 15mins to do the first step in analyzing.

ok thanks I will be standing by

Johnw June 11, 2015 at 21:13:20

✔ Best Answer

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt NOTE:It is important that Notepad is used. The fix will not work if Word or some other program is used. NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. closeprocesses: emptytemp: AlternateDataStreams: C:\ProgramData\Temp:4116B5AB AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8 HKLM-x32\...\Run: [] => [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-279346440-3864694767-3748385609-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searc... SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source... SearchScopes: HKU\S-1-5-21-279346440-3864694767-3748385609-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Homepage: hxxp://media.telstra.com.au/home.html FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\BRIANH~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 motandroidusb; System32\Drivers\motoandroid.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X] S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [X] Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

Do I have to run fix in farbar before I do this

DAVEINCAPS June 11, 2015 at 21:27:36

Depending on the outcome of the scans, there may be another explanation. If your email address is in someone else's address book the problem may be on their computer instead of yours. Malware on their computer may be using their address book to spoof messages. You would be notified of any message that was undeliverable since the email server would think you were the sender. That happened to me several years ago and there wasn't anything I could do as I had no idea where they were originating.

Johnw June 11, 2015 at 21:33:12

"Do I have to run fix in farbar before I do this" I don't think you have scrolled down to the bottom of my post.

Here is the fix log http://www22.zippyshare.com/v/PB4rE...

Johnw June 11, 2015 at 22:06:13

I will be out for a few hours, let me know how your issues are going.