Email address book hijacked

[udhetari]

Hello,  A few friends have told me today they've gotten emails apparently from me, but with strange links. Clearly someone has raided my address book. Interestingly, one friend received an email with a link to a thai website that, as I found through a Google search, relates to someone calling himself Mr KeyBoard Hacker.

Anyway, I have run a few clean up tools and have started changing important passwords, but I would like to be sure I have removed whatever software might be tracking my keyboard activity, so that I can be sure I won't need to change all the passwords again so soon.

I'll post the logs for the scans I've already run. Could someone tell me if I need to do more?  Thanks very much in advance.

To start with, hear is the AdwCleaner log:

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 18:31:43
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Teresa - TERESA-HP
# Running from : C:\Users\Teresa\Downloads\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecC
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Probit Software
[-] Folder Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn
[!] Folder Not Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn
[-] Folder Deleted : C:\Users\Clara\AppData\LocalLow\CodecC
[-] Folder Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\Extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
[!] Folder Not Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\Extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
[-] Folder Deleted : C:\Users\Marius\AppData\LocalLow\CodecC
[-] Folder Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\Extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
[!] Folder Not Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\Extensions\staged\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}
[-] Folder Deleted : C:\Users\Teresa\AppData\Roaming\DigitalSites

***** [ Files ] *****

[-] File Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdjfcdinekpfcedakhpngcnaamhiihn_0.localstorage
[-] File Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdjfcdinekpfcedakhpngcnaamhiihn_0.localstorage-journal
[-] File Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdjfcdinekpfcedakhpngcnaamhiihn_0.localstorage
[-] File Deleted : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdjfcdinekpfcedakhpngcnaamhiihn_0.localstorage-journal
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\user.js
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\user.js
[-] File Deleted : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\h69ubxaw.default\user.js
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\user.js
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\user.js
[-] File Deleted : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\fa889zg6.default\user.js
[-] File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_embed.movshare.net_0.localstorage-journal
[-] File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_kwiclick.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.bearshare.net_0.localstorage-journal
[-] File Deleted : C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\searchplugins\Vosteran.xml
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\user.js
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\user.js
[-] File Deleted : C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\8qywzvdz.default\user.js
[-] File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
[-] File Deleted : C:\Windows\SysNative\ImhxxpComm.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[udhetari]

Here is the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2015
Scan Time: 18:44
Logfile: MAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.11.05
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Teresa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453984
Time Elapsed: 46 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.MediaBar, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}, Quarantined, [ba0724586f1c49ed9e085bd52cd67987],
PUP.Optional.MediaBar, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}, Quarantined, [ba0724586f1c49ed9e085bd52cd67987],
PUP.Optional.Vosteran, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [734e4c30fa9176c0acd09affe023a759],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [ba07413bff8cda5cf28bdbbef112e41c],
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{94894B1E-941A-4BC7-806A-ED039BCEB43B}, Quarantined, [5071720ab5d6c37346b2ee6e6e950ff1],
PUP.Optional.SearchResults, HKU\S-1-5-21-3339506287-1119840997-285041404-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}, Quarantined, [19a834488cff37ff6564b0dcf50efc04],
PUP.Optional.EasyDriverPro, HKU\S-1-5-21-3339506287-1119840997-285041404-1002\SOFTWARE\PROBIT SOFTWARE\Easy Driver Pro, Quarantined, [20a1710be2a91224b3369dcfc043ab55],
PUP.Optional.SearchResults, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}, Quarantined, [a31e83f9eaa19a9c4d7c97f5669dfb05],
PUP.Optional.EasyDriverPro, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\PROBIT SOFTWARE\Easy Driver Pro, Quarantined, [e3de0775fa9188ae9b4ebcb071929a66],

Registry Values: 10
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzutB0CtByB0DyBtBzyyE0FzytA0DyB0ByBtN0D0Tzu0StCtDyCzztN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByCzy0C0F0EtDyCtG0BzzzzzztG0A0BzyzytGzyyBtC0AtGyCzy0AtAtD0ByCyEyE0AyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0CyC0AyByBtGyE0BtDtDtGyEtB0AtBtGzytCyCtCtGtBtDtAtD0EyD0AyCyB0ByEyC2Q&cr=1114098882&ir=, Quarantined, [ba07413bff8cda5cf28bdbbef112e41c]
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzutB0CtByB0DyBtBzyyE0FzytA0DyB0ByBtN0D0Tzu0StCtDyCzztN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByCzy0C0F0EtDyCtG0BzzzzzztG0A0BzyzytGzyyBtC0AtGyCzy0AtAtD0ByCyEyE0AyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0CyC0AyByBtGyE0BtDtDtGyEtB0AtBtGzytCyCtCtGtBtDtAtD0EyD0AyCyB0ByEyC2Q&cr=1114098882&ir=, Quarantined, [942df785dbb03006e5989ffab84b946c]
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, Quarantined, [be038def236880b64c31544510f30cf4]
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Vosteran, Quarantined, [ba07ff7d0d7e3501720badecfe05c43c]
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Vosteran, Quarantined, [556c89f30c7f3bfb6914f2a7996a1fe1]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{94894B1E-941A-4BC7-806A-ED039BCEB43B}|AppPath, C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar, Quarantined, [5071720ab5d6c37346b2ee6e6e950ff1]
PUP.Optional.SearchResults, HKU\S-1-5-21-3339506287-1119840997-285041404-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}|URL, http://dts.search-results.com/sr?src=ieb&appid=812&systemid=2&sr=0&q={searchTerms}, Quarantined, [19a834488cff37ff6564b0dcf50efc04]
PUP.Optional.SearchQu, HKU\S-1-5-21-3339506287-1119840997-285041404-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=812&systemid=2&qu={searchTerms}&ft=json, Quarantined, [467b74082f5c092dba0a0d7f2dd66f91]
PUP.Optional.SearchResults, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}|URL, http://dts.search-results.com/sr?src=ieb&appid=812&systemid=2&sr=0&q={searchTerms}, Quarantined, [a31e83f9eaa19a9c4d7c97f5669dfb05]
PUP.Optional.SearchQu, HKU\S-1-5-21-3339506287-1119840997-285041404-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=812&systemid=2&qu={searchTerms}&ft=json, Quarantined, [17aa7efe1279b97d279d9cf04bb8a957]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OpenCandy, C:\Users\Teresa\Downloads\InternationalPrimoPDF.exe, Quarantined, [3091304c0d7e2214b027bca8b35113ed],
Trojan.Injector.BHO, C:\settings.ini, Quarantined, [f6cbfc80d1baaf876877ee8a11f3de22],

Physical Sectors: 0
(No malicious items detected)

[udhetari]

And here is the JRT log:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Teresa on 11/11/2015 at 21:08:39,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Teresa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Teresa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Teresa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.saveur.com_0.localstorage
Successfully deleted: [File] C:\Users\Teresa\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.saveur.com_0.localstorage-journal
Successfully deleted: [File] C:\Windows\SysWOW64\REN82AD.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENEE99.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Teresa\Appdata\Local\{17999323-9C93-4E56-A2D6-E5F47A5047C6}
Successfully deleted: [Empty Folder] C:\Users\Teresa\Appdata\Local\{1945FDF0-6730-4FF2-A64C-32BBC2F4D35B}
Successfully deleted: [Empty Folder] C:\Users\Teresa\Appdata\Local\{B8D3A781-6CB8-4727-9E73-8B444F55BA7F}



~~~ FireFox

Successfully deleted the following from C:\Users\Teresa\AppData\Roaming\mozilla\firefox\profiles\8qywzvdz.default\prefs.js

user_pref(extensions.srchvstrn.prtnrId, WSE_Vosteran);
user_pref(extensions.srchvstrn.srchPrvdr, Vosteran);



~~~ Chrome


[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Teresa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/11/2015 at 21:13:12,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[udhetari]

Sorry - it just occured to me I didn't give you any information about my computer. I'm running Windows 7 with Norton 360. I usually use Chrome as a browser. My email is Yahoo.

Thanks again for any advice.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
That usually happens when your e-mail account has been hacked. It has very little to do with your computer. You will need to change your e-mail account password.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[udhetari]

Thanks, Dave. Here is the ESET log:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe.vir   a variant of Win32/Adware.SpeedingUpMyPC.AN application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\DPSchedule.exe.vir   a variant of Win32/Adware.SpeedingUpMyPC.AL application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\DPSmartScan.exe.vir   a variant of Win32/Adware.SpeedingUpMyPC.C application   cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe.vir   a variant of Win32/Adware.SpeedingUpMyPC.AM application   cleaned by deleting - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\1\AB\DBC07d01   HTML/ScrInject.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\2\13\7E739d01   HTML/Fraud.BD.Gen trojan   cleaned by deleting - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\2\AD\8E526d01   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\5\CD\0AC72d01   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\7\98\99516d01   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\A\39\C2E9Ad01   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\C\30\28000d01   HTML/Fraud.BD.Gen trojan   cleaned by deleting - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\C\78\05349d01   HTML/ScrInject.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\C\9D\4926Cd01   HTML/ScrInject.B.Gen virus   deleted - quarantined
C:\Users\Clara\AppData\Local\Mozilla\Firefox\Profiles\h69ubxaw.default\Cache\F\0D\CEFD8d01   HTML/ScrInject.B.Gen virus   deleted - quarantined

[SuperDave]

Did you change your password?

[udhetari]

Yes, I did, first thing. Do I need to do anything else?

[SuperDave]

If you changed the password on your e-mail account that's all you should need to do.