Possible Hack, Hijacking or Virus

[EmpressPhoenix]

Ok..having some issues with Malewarebyes.

First of all, there was no -tab- that said "Updates"
Secondly, nothing says "Perform Quick Scan"

I have a tab that says "Scan" and when I click it, the only options are "Threat Scan", "Custom Scan" and "Hyber Scan"

What do I do? :( Perhaps I have a different version?

[OCD]

Hi EmpressPhoenix,

I apologize for the confusion. MBAM has changed the GUI of the program and I failed to update my instructions to reflect the change.

=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  
  
• Select the Scan tab.
  
  
  
  
• Select type of scan to perform:
  
  
  
  
  • Threat Scan < --- Select this type of scan
  • Custom Scan
  • Hyper Scan
  
  
• Next click the Scan Now button.
• When the scan is complete, if no malicious items are found you can close the program.
• If malicious items are found be sure that everything is checked, and click Quarantine .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

In your next reply post the MBAM & ESET logs

[EmpressPhoenix]

Sorry, I am just wanting to make sure things are done correctly. Thus, asking questions when I am unsure.

There is nothing that says "remove selected"

There is Quarantine/Quarantine All, Add Exclusoin and, Ignore Once

I figure I am to quarantine all, however, asking to be sure.

[OCD]

Hi EmpressPhoenix,

Yes, choose Quarantine/Quarantine All. I'm still tweaking my instructions.

[OCD]

Hi EmpressPhoenix,

Just checking in to see if you still need help?

[EmpressPhoenix]

Yes, I am sorry. Inventory coming up at the store where I work so it's been hectic. I honestly loose track of days and forget things x.x I'll hopefully have this by tomorrow, I apologize.

[OCD]

[EmpressPhoenix]

I did the MWB scan, and ran ESET..had a storm though and lost power SO..having to start all over with ESET

[EmpressPhoenix]

Hopefully I have done everything right..sorry for the delay..

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2014
Scan Time: 6:50:56 PM
Logfile: MWBLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272795
Time Elapsed: 17 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SafeInstall.A, C:\Users\Owner\Downloads\7zip_14395_stf.exe, Quarantined, [b46a007b0a719c9adb862b097d834db3],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\DTLite4491-0356.exe, Quarantined, [42dca3d84239979f6da5d9cd9b6931cf],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [21fd44372853c076f3cf406705fd19e7],

Physical Sectors: 0
(No malicious items detected)


(end)

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe Win32/Somoto.M potentially unwanted application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll Win32/Somoto.C potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js Win32/Adware.MultiPlug.H application

[OCD]

Hi EmpressPhoenix,

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

• Fixlog.txt
• How is the computer running?