computer hacked

DR M · July 05, 2024, 04:29:50 PM

So you clicked on Export and then chose Copy to Clipboard?

mare_wbpa · July 05, 2024, 05:35:08 PM

I thought I did

DR M · July 05, 2024, 05:37:52 PM

Do it once more, just to be sure. As soon as you do that, let me know, without doing anything else. OK?

mare_wbpa · July 05, 2024, 05:44:07 PM

As soon as I do what?

DR M · July 05, 2024, 05:44:58 PM

Click on Export and then chose Copy to Clipboard.

DR M · July 05, 2024, 06:10:39 PM

Since it's getting late for me:

After you click on Copy to clipboard, come here to reply. In the reply box, right click your mouse and select paste. The log will appear in your next reply.

mare_wbpa · July 05, 2024, 06:12:05 PM

Hope this is it

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/5/2024
Scan Time: 1:50 PM
Log File: 03cf51ae-3af7-11ef-9092-cc5ef8f272ec.json

-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1270
Update Package Version: 1.0.86541
License: Trial

-System Information-
OS: Windows 11 (Build 22631.3737)
CPU: x64
File System: NTFS
User: LAPTOP-4EQFBMN3\mary ann

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 239001
Threats Detected: 5
Threats Quarantined: 0
Time Elapsed: 6 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Wave, HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Wavesor, No Action By User, 8525, 947065, 1.0.86541, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (1).EXE, No Action By User, 8525, 1065894, 1.0.86541, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER.EXE, No Action By User, 8525, 1065894, 1.0.86541, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (3).EXE, No Action By User, 8525, 1065894, 1.0.86541, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (2).EXE, No Action By User, 8525, 1065894, 1.0.86541, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

DR M · July 05, 2024, 06:18:23 PM

YES, Mary Ann! This is the log and it seems that we must remove some potentially unwanted items, related to the Wave browser you had installed.

The instructions are similar to the previously given ones. Be careful, because now we want to remove the detected items.

Malwarebytes (Clean mode)

Run Malwarebytes as you did before, but this time, when the threats are found:

Make sure that all threats are selected, and click on Quarantine/Remove selected.
You may need to restart the computer.
Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.

In your next reply please post:

The Malwarebytes report

mare_wbpa · July 06, 2024, 12:46:21 AM

I found out that my brother is in the hospital. It's hard for me to concentrate on the computer when I'm worried about him. Give me a day or two to get myself together to get back to the computer. I'm sorry but I'm a wreck over my brother and would probably screw up the next process. I'll be back. Don't give up on m.

DR M · July 06, 2024, 08:44:07 AM

Mary Ann, I sincerely wish that your brother will recover and return home soon.

I'll be here for you, when you are ready.

mare_wbpa · July 06, 2024, 03:27:42 PM

Thank you for your good wishes. Before I do the next procedure could you tell me which options should be enabled and which should be disabled.

DR M · July 06, 2024, 03:36:23 PM

Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
Return to the Dashboard and choose Scan.
When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected. When it finishes, restart the computer.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.

mare_wbpa · July 06, 2024, 11:47:41 PM

I went thru the steps. this is the most recent log.

createrestorepoint:
closeprocesses:
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
2024-06-29 20:54 - 2024-06-29 20:54 - 000003332 _____ C:\windows\system32\Tasks\SystemOptimizerCustomEvent
2024-06-29 20:54 - 2024-06-29 20:54 - 000002892 _____ C:\windows\system32\Tasks\SystemOptimizer
2024-06-29 16:52 - 2024-06-29 16:52 - 012365296 _____ (McAfee, LLC) C:\Users\mary ann\Downloads\MCPR.exe
2024-06-29 16:50 - 2024-06-29 16:50 - 000002334 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk
2024-06-29 16:49 - 2024-06-29 16:49 - 002397032 _____ (LogMeIn, Inc.) C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe
2024-06-29 15:01 - 2024-06-29 15:01 - 000223878 _____ C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-29 20:54 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN
C:\windows\system32\drivers\vmbusproxy.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
RemoveProxy:
emptytemp:

DR M · July 07, 2024, 06:28:53 AM

Mary Ann,

you didn't do the following:

Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it. The report in Malwarebytes, of course! Not any report in your computer.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.

mare_wbpa · July 07, 2024, 03:07:11 PM

When I click export I get 2 choices, to computer or txt. I clicked txt this time and a box came up with option to save, Clicked on that and a box came up with this log.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/6/2024
Scan Time: 7:30 PM
Log File: b56b6026-3bef-11ef-938d-cc5ef8f272ec.json

-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1270
Update Package Version: 1.0.86593
License: Trial

-System Information-
OS: Windows 11 (Build 22631.3737)
CPU: x64
File System: NTFS
User: LAPTOP-4EQFBMN3\mary ann

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 239011
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 5 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Wave, HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Wavesor, Quarantined, 8517, 947065, 1.0.86593, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER.EXE, Quarantined, 8517, 1065894, 1.0.86593, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (1).EXE, Quarantined, 8517, 1065894, 1.0.86593, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (2).EXE, Quarantined, 8517, 1065894, 1.0.86593, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D
PUP.Optional.Wave, C:\USERS\MARY ANN\DOWNLOADS\WAVE BROWSER (3).EXE, Quarantined, 8517, 1065894, 1.0.86593, , ame, , A69D796AB71F88742EBC5317FF46015A, 204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)