Uncle swears he has been hacked

Started by Tiger85, January 10, 2022, 11:58:53 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tiger85

I am trying to help my uncle who says that has has been hacked.  Says the computer freezes up after 3 to 5 minutes every time he logs on, and he is afraid to pay his bills online until it can be checked.

It is a Dell Inspirion 555 laptop running Windows 10 Home 64-bit, AMD A8-7410 APU with AMD Radeon R5 Graphics 2.20 GHz processor, 6.00GB Single-Channel DDR3 @ 798MHz RAM

Please help!


# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-11-2022
# Duration: 00:00:21
# OS:       Windows 10 Home
# Scanned:  32026
# Detected: 44


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus    C:\ProgramData\slimware utilities inc
PUP.Optional.SlimCleanerPlus    C:\Users\Herman\AppData\Local\slimware utilities inc
PUP.Optional.SupportDotCom      C:\Program Files (x86)\Common Files\supportdotcom
PUP.Optional.SupportDotCom      C:\Users\Herman\AppData\Local\SPRT
PUP.Optional.SupportDotCom      C:\Users\Herman\AppData\Roaming\supportdotcom

***** [ Files ] *****

PUP.Optional.Legacy             C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverUpdate       HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
PUP.Optional.DriverUpdate       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
PUP.Optional.SlimCleanerPlus    HKLM\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKU\S-1-5-21-876510074-1270587091-375420393-1002\Software\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.DellCustomerConnect   Folder   C:\Program Files (x86)\DELL CUSTOMER CONNECT
Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}
Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{99E581C6-471C-46CA-989E-3B17EB7E3F27}
Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}
Preinstalled.DellFoundationServices   Folder   C:\ProgramData\DELL\DELL FOUNDATION SERVICES
Preinstalled.DellHelp&Support   Folder   C:\Program Files\DELL\DELL HELP & SUPPORT
Preinstalled.DellHelp&Support   Folder   C:\ProgramData\DELL\DELL HELP & SUPPORT
Preinstalled.DellHelp&Support   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\DELL HELP & SUPPORT
Preinstalled.DellHelp&Support   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8917AEA5-01A5-476F-AA27-A52EA6C94212}
Preinstalled.DellHelp&Support   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}
Preinstalled.DellQuickset   Folder   C:\Program Files\DELL\QUICKSET
Preinstalled.DellQuickset   Folder   C:\ProgramData\DELL\QUICKSET
Preinstalled.DellQuickset   Registry   HKLM\Software\Classes\CLSID\{5CF37A65-BBB9-41FE-B88D-DD61422E9E3C}
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QuickSet
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|QuickSet
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoPower2Go   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E88AF8D-F889-4654-974D-00228720B9B1} 
Preinstalled.LenovoPower2Go   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLVDLauncher
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go   Task   C:\Windows\System32\Tasks\CLVDLAUNCHER
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}


AdwCleaner[S00].txt - [5999 octets] - [11/01/2022 00:10:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Windows Defender   
McAfee VirusScan   
Malwarebytes       
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Google Chrome (97.0.4692.71)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamtray.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/11/22
Scan Time: 12:25 AM
Log File: 38a748e8-72a7-11ec-ac3c-204747c1b920.json

-Software Information-
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.49644
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1415)
CPU: x64
File System: NTFS
User: KPaige2K\Herman Ferrell

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 332431
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)




SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The computer is running two Av's; Windows Defender which is the resident AV with Windows 10 and McAfee Virusscan. You should uninstall/disable McAfee. This is usually the cause of computers freezing. A computer should only have one Av active at any time.
Windows 8 and Windows 10 dual boot with two SSD's

Tiger85

Hi Dave, I'm Mike.  Thank you for responding.  I have disabled the McAfee.

SuperDave

I really don't believe that the computer has been hacked. However, if your uncle is still concerned about its safety he could download and install Trusteer Rapport here. It can be activated on any site that your may consider unsafe especially your banking sites.
Windows 8 and Windows 10 dual boot with two SSD's

Tiger85

Thanks!  Is there anything else I need to run for you other than the three scans I originally ran?

SuperDave

No. You can keep MBAM on the computer and run it occasionally. Also, you should think of backing up the computer just in case you have a major crash from which you are unable to recover.
Windows 8 and Windows 10 dual boot with two SSD's

Tiger85

OK, thank you very much for your time and expertise.

SuperDave

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
Windows 8 and Windows 10 dual boot with two SSD's