The scans have shown nothing for 2 days now, and I can’t find any logs on my computer except for an adwcleaner scan and clean. I will put in that info and what avast reported though.
AdwCleaner scan:
AdwCleaner v3.311 - Report created 11/10/2014 at 21:30:28
Updated 30/09/2014 by Xplode
Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
Username : Alex - HAL
Running from : C:\Users\Alex\Downloads\AdwCleaner.exe
Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\Alex\AppData\Local\iLivid
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Classes\AppID{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
***** [ Browsers ] *****
-\ Internet Explorer v11.0.9600.17280
-\ Mozilla Firefox v32.0.3 (x86 en-US)
[ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\zkanhgp6.default-1413030450884\prefs.js ]
-\ Google Chrome v37.0.2062.124
[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]
AdwCleaner[R0].txt - [3319 octets] - [11/10/2014 21:30:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3379 octets] ##########
As for Avast:
A quick scan found these infected files:
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6GMZ0NOR\fr[1] Severity: High, Status: Threat: JS:ScriptIP-inf[Trj]
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 [followed by a ton of random numbers, letters]
Severity: High, Status: Threat HTML: FakeLock-F[Trj]
Following a successfully quarantining of these two, avast did a boot scan, in which it found three similar files in this location:
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles
These were HTML: FakeLock-F[Trj]
Finally, another quick scan found a JS: ScriptIP[Trj] under the same general location as the first quick scan.
Though all these were successfully quarantined, I have run about 17 scans since finding absolutely nothing although the problem persists.
Malwarebytes found infected files a few weeks ago, but then everything was fine until a few days ago, during which time malwarebytes has absolutely nothing to report.
Hope this helps