Clueless1

I thought I attached FRST.txt. Anyway so far the emailer is behaving itself. Hopefully this is a good sign. FRST.txt

I've attached the new FRST, Addition and Malwarebytes reports. ADwCleaner says: # AdwCleaner v6.046 - Logfile created 05/05/2017 at 10:29:59 # Updated on 24/04/2017 by Malwarebytes # Database : 2017-05-04.2 [Server] # Operating System : Windows 10 Pro (X64) # Username : lori - LORI-PC # Running from : C:\Users\lori\Desktop\adwcleaner_6.046.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-3529915425-4043898018-2729830134-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} [#] Data restored on reboot: HKU\S-1-5-21-3529915425-4043898018-2729830134-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} [#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} [#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [-] Value deleted: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1] [#] Value deleted on reboot: [x64] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Application Restart #1] ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1827 Bytes] - [05/05/2017 10:29:59] C:\AdwCleaner\AdwCleaner[S0].txt - [1982 Bytes] - [05/05/2017 10:29:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1973 Bytes] ########## JRT says: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Pro x64 Ran by lori (Administrator) on Fri 05/05/2017 at 10:45:32.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\WINDOWS\wininit.ini (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 05/05/2017 at 10:46:33.95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sophos found 0 threats. I'll turn the email back on now and see if I get anymore non-delivery messages or death threats. Addition.txt Malwarebytes.txt

Overall analysis says: Probably harmless! There are strong indicators suggesting that this file is safe to use. Under file detail it says: The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem. I don't think that is the culprit.

I have the Farbar attachments now. FRST.txt Addition.txt

I share a computer with my husband and he uses Microsoft Mail. About 10 days ago I was looking on Craigslist and Microsoft Mail started receiving non-delivery notices about emails our computer was sending out demanding people pay a speed infringement fine in Australia. The email included attachments that I didn't recognize. Microsoft Defender and Malwarebytes couldn't detect any viruses or malware even though I could see the files in Explorer. I couldn't delete the files. I downloaded Comodo and that got rid of the virus but only temporarily. It was back two days later. Comodo removed it again but it was back this morning at 7am even though we've been careful not to use Craigslist anymore. Defender, Malwarebytes and Comodo cannot find it this time. Are there any tools I can use that will detect this thing and permanently remove it from the hard drive?