Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - wolf wolfman

Pages: [1]
1
Malware removal help / Re: savingsCOOL malware I'm trying to remove
« on: May 01, 2018, 03:59:26 am »
Malwarebytes expired
Is there anything else I can do?

2
Malware removal help / Re: savingsCOOL malware I'm trying to remove
« on: May 01, 2018, 03:56:45 am »
Saved 'Addition'

3
Malware removal help / Re: savingsCOOL malware I'm trying to remove
« on: May 01, 2018, 03:40:55 am »
Saved FRST scan 

4
Malware removal help / Re: savingsCOOL malware I'm trying to remove
« on: April 29, 2018, 03:07:48 am »
4/28/2018

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
C

Processes : 0

Registry : 8
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282018021617954\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282018021617954\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282018021617954\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1193257731-625740395-4096007851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282018021617954\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE  -> Found

Tasks : 0

Files : 1
[PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\donwo\AppData\Roaming\AGData -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 2
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://asus.us.msn.com/?pc=ASU2&ocid=ASUDHP] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.wqed.org/fm/player/main|https://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311158&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1jBiUaoTp2HzLezqyRGgV7ncwZITKKYfhFz7dO3LRCnrTnrNw5Fipj0LOXi1xhp8h3A4SGX6Ugrq6hhxrIimXxjEtndZB5%2FsqGdrXybIxMNeFeied0aPbjX6AJu44xGNc4FJ04kTX%2FJq56XZTIthbue3r05ITxDOFxuXguRKUyCOk8xwyM1L%2Fw%2BoP23YN9jEWMStIDAklxflBEhyVO452MVVEgUyINoRS3cfRvth%2Bn3MDpTbexqy8iXiaj74qBGBY%3D] -> Found

MBR Check :
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] bbde588f1b2c289c40a8988c4c4d767c
[BSP] 24843b9c464bc54149989a47b2ab6162 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 940675 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1927792640 | Size: 851 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1929535488 | Size: 11712 MB

5
Malware removal help / savingsCOOL malware I'm trying to remove
« on: April 28, 2018, 08:49:06 am »
I have run Malwarebytes, RogueKiller, RKill, AdwCleaner, and HitmanPro

Pages: [1]