Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Uncle swears he has been hacked  (Read 87161 times)

0 Members and 1 Guest are viewing this topic.

Tiger85

    Topic Starter


    Starter

    • Experience: Familiar
    • OS: Windows 10
    Uncle swears he has been hacked
    « on: January 10, 2022, 11:58:53 PM »
    I am trying to help my uncle who says that has has been hacked.  Says the computer freezes up after 3 to 5 minutes every time he logs on, and he is afraid to pay his bills online until it can be checked.

    It is a Dell Inspirion 555 laptop running Windows 10 Home 64-bit, AMD A8-7410 APU with AMD Radeon R5 Graphics 2.20 GHz processor, 6.00GB Single-Channel DDR3 @ 798MHz RAM

    Please help!


    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.1.0
    # -------------------------------
    # Build:    11-18-2021
    # Database: 2021-12-02.1 (Cloud)
    # Support:  https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start:    01-11-2022
    # Duration: 00:00:21
    # OS:       Windows 10 Home
    # Scanned:  32026
    # Detected: 44


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
    PUP.Optional.SlimCleanerPlus    C:\ProgramData\slimware utilities inc
    PUP.Optional.SlimCleanerPlus    C:\Users\Herman\AppData\Local\slimware utilities inc
    PUP.Optional.SupportDotCom      C:\Program Files (x86)\Common Files\supportdotcom
    PUP.Optional.SupportDotCom      C:\Users\Herman\AppData\Local\SPRT
    PUP.Optional.SupportDotCom      C:\Users\Herman\AppData\Roaming\supportdotcom

    ***** [ Files ] *****

    PUP.Optional.Legacy             C:\Windows\System32\drivers\swdumon.sys

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.DriverUpdate       HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
    PUP.Optional.DriverUpdate       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
    PUP.Optional.SlimCleanerPlus    HKLM\Software\SlimWare Utilities Inc
    PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
    PUP.Optional.SlimCleanerPlus    HKU\S-1-5-21-876510074-1270587091-375420393-1002\Software\SlimWare Utilities Inc

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
    Preinstalled.DellCustomerConnect   Folder   C:\Program Files (x86)\DELL CUSTOMER CONNECT
    Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}
    Preinstalled.DellCustomerConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{99E581C6-471C-46CA-989E-3B17EB7E3F27}
    Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
    Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}
    Preinstalled.DellFoundationServices   Folder   C:\ProgramData\DELL\DELL FOUNDATION SERVICES
    Preinstalled.DellHelp&Support   Folder   C:\Program Files\DELL\DELL HELP & SUPPORT
    Preinstalled.DellHelp&Support   Folder   C:\ProgramData\DELL\DELL HELP & SUPPORT
    Preinstalled.DellHelp&Support   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\DELL HELP & SUPPORT
    Preinstalled.DellHelp&Support   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8917AEA5-01A5-476F-AA27-A52EA6C94212}
    Preinstalled.DellHelp&Support   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}
    Preinstalled.DellQuickset   Folder   C:\Program Files\DELL\QUICKSET
    Preinstalled.DellQuickset   Folder   C:\ProgramData\DELL\QUICKSET
    Preinstalled.DellQuickset   Registry   HKLM\Software\Classes\CLSID\{5CF37A65-BBB9-41FE-B88D-DD61422E9E3C}
    Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QuickSet
    Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|QuickSet
    Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258}
    Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSIST
    Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
    Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
    Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
    Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
    Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
    Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
    Preinstalled.LenovoPower2Go   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E88AF8D-F889-4654-974D-00228720B9B1} 
    Preinstalled.LenovoPower2Go   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLVDLauncher
    Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
    Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
    Preinstalled.LenovoPower2Go   Task   C:\Windows\System32\Tasks\CLVDLAUNCHER
    Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
    Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}


    AdwCleaner[S00].txt - [5999 octets] - [11/01/2022 00:10:53]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


     Results of screen317's Security Check version 1.014 --- 12/23/15 
       x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Windows Defender   
    McAfee VirusScan   
    Malwarebytes       
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Google Chrome (97.0.4692.71)
     Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Malwarebytes Anti-Malware mbamtray.exe 
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````[/u]


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/11/22
    Scan Time: 12:25 AM
    Log File: 38a748e8-72a7-11ec-ac3c-204747c1b920.json

    -Software Information-
    Version: 4.5.0.152
    Components Version: 1.0.1538
    Update Package Version: 1.0.49644
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19042.1415)
    CPU: x64
    File System: NTFS
    User: KPaige2K\Herman Ferrell

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 332431
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 6 min, 18 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)




    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Uncle swears he has been hacked
    « Reply #1 on: January 11, 2022, 04:09:05 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    The computer is running two Av's; Windows Defender which is the resident AV with Windows 10 and McAfee Virusscan. You should uninstall/disable McAfee. This is usually the cause of computers freezing. A computer should only have one Av active at any time.
    Windows 8 and Windows 10 dual boot with two SSD's

    Tiger85

      Topic Starter


      Starter

      • Experience: Familiar
      • OS: Windows 10
      Re: Uncle swears he has been hacked
      « Reply #2 on: January 11, 2022, 06:59:36 PM »
      Hi Dave, I'm Mike.  Thank you for responding.  I have disabled the McAfee.

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Uncle swears he has been hacked
      « Reply #3 on: January 12, 2022, 03:57:11 PM »
      I really don't believe that the computer has been hacked. However, if your uncle is still concerned about its safety he could download and install Trusteer Rapport here. It can be activated on any site that your may consider unsafe especially your banking sites.
      Windows 8 and Windows 10 dual boot with two SSD's

      Tiger85

        Topic Starter


        Starter

        • Experience: Familiar
        • OS: Windows 10
        Re: Uncle swears he has been hacked
        « Reply #4 on: January 12, 2022, 06:06:44 PM »
        Thanks!  Is there anything else I need to run for you other than the three scans I originally ran?

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Uncle swears he has been hacked
        « Reply #5 on: January 13, 2022, 03:43:04 PM »
        No. You can keep MBAM on the computer and run it occasionally. Also, you should think of backing up the computer just in case you have a major crash from which you are unable to recover.
        Windows 8 and Windows 10 dual boot with two SSD's

        Tiger85

          Topic Starter


          Starter

          • Experience: Familiar
          • OS: Windows 10
          Re: Uncle swears he has been hacked
          « Reply #6 on: January 16, 2022, 08:56:22 AM »
          OK, thank you very much for your time and expertise.

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Uncle swears he has been hacked
          « Reply #7 on: January 16, 2022, 03:57:19 PM »
          You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
          Windows 8 and Windows 10 dual boot with two SSD's