help with roguekiller report, What should I have fixed?

[JHMartinez001]

Hello I am trying to remove some malware that has infected my mothers company computer and is driving up the bandwith usage an has costed them of $5000 in the last 2 months. I have run roquekiller once and fixed everything that was in red and checked but these items were either yellow or gray and were not checked. Below is the roguekiller log.

RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : H R Septic [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/30/2017 14:43:55 (Duration : 00:59:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 39 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Freeze.com -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\InstallIQ -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\W3i -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\APN PIP -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\InstallCore -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PC Optimizer Pro -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\APN PIP -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\InstallCore -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PC Optimizer Pro -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\iWon -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\iWon -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\PackageTracer_69 -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PackageTracer_69bar Uninstall Internet Explorer -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :   -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUP.Gen1|PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=dsites03_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0Czy0CyB0FyEtD0B0FtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0C0ByEyB0F0EyDtG0AtCyDtCtG0EyC0B0CtG0A0EtAyCtGtDtByC0ByE0C0DtA0C0C0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtBtA0EtB0ByCtGzzyC0AtAtG0C0AyEzytGtCyByCtBtGyB0EyByCyD0DtCyEtBtC0E0D2Q&cr=167961586&ir=  -> Found
[PUP.Gen1|PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=dsites03_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0Czy0CyB0FyEtD0B0FtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0C0ByEyB0F0EyDtG0AtCyDtCtG0EyC0B0CtG0A0EtAyCtGtDtByC0ByE0C0DtA0C0C0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtBtA0EtB0ByCtGzzyC0AtAtG0C0AyEzytGtCyByCtBtGyB0EyByCyD0DtCyEtBtC0E0D2Q&cr=167961586&ir=  -> Found
[PUP.Gen1|PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language  -> Found
[PUP.Gen1|PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\MySearchDial.job -- C:\Users\HRSEPT~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \MySearchDial -- C:\Users\HRSEPT~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] e9e433d0e4697d1c16ee1c52f23f98da
[BSP] 3a4b3c8c16813df0e5b144d11597f541 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 465683 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953925632 | Size: 11155 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

[Curson]

Hi JHMartinez001,

Welcome to Adlice.com Forum.
You can select all lines for deletion except the following ones :

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found

If you need any more help with malware removal, don't hesitate to ask us.

Regards.

[JHMartinez001]

Awesome thank you so much

[Curson]

Hi JHMartinez001,

You are very welcome.

Regards.