What I am about to say is VERY confusing, so I will try to elaborate as best as I can, because I have never been as desperate for help as I am right now. Today, I noticed that someone on Youtube had posted a comment under my own account. In other words, my Youtube name is UnresolvedExternal, and at 6:46 A.M. while I was at the gym, someone posted the following message on THIS youtube video:
"This site is clearly a scam, no one should be using it !!" I immediately changed my password, but I was confused, because why would someone hack my account just to call another video user a scam? At any rate, I looked into my google+ security and it did not show ANY unauthorized logins. Next, I ran Malware Bytes and it found that I had the following: "Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.11.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Kevin :: KEVIN-PC [administrator] 4/11/2014 10:13:45 AM mbam-log-2014-04-11 (10-13-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241948 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Kevin\AppData\Roaming\EelguyPf\f1YRdTk.exe,explorer.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Kevin\AppData\Roaming\imlgs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 2 C:\Users\Kevin\AppData\Roaming\imlgs\10-04-2014 (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Roaming\imlgs\11-04-2014 (Stolen.Data) -> Quarantined and deleted successfully. (end)" Now, here's why I need help. The first thing I am wondering is if there is a causal relationship between this "virus" (or whatever it is) and my youtube account comment DESPITE the fact that Google+ security does not show that anyone had gained unathorized access to my account. The second thing I was wondering is how to read the file to find out what was stolen. It's just random characters. Does this file mean that every single one of my passwords stored in Firefox was stolen? Every last one of them?