Author Topic: help with roguekiller report, What should I have fixed?  (Read 7693 times)

0 Members and 1 Guest are viewing this topic.

December 02, 2017, 09:21:19 PM

JHMartinez001

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
help with roguekiller report, What should I have fixed?
« on: December 02, 2017, 09:21:19 PM »
Hello I am trying to remove some malware that has infected my mothers company computer and is driving up the bandwith usage an has costed them of $5000 in the last 2 months. I have run roquekiller once and fixed everything that was in red and checked but these items were either yellow or gray and were not checked. Below is the roguekiller log.

RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : H R Septic [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/30/2017 14:43:55 (Duration : 00:59:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 39 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Freeze.com -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\InstallIQ -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\W3i -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\APN PIP -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\InstallCore -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PC Optimizer Pro -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\APN PIP -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\InstallCore -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\PC Optimizer Pro -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\iWon -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\PackageTracer_69 -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\iWon -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\MapsGalaxy_39 -> Found
[PUP.Mindspark] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\AppDataLow\Software\PackageTracer_69 -> Found
[PUP.Mindspark] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PackageTracer_69bar Uninstall Internet Explorer -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :   -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
[PUP.Gen1|PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=dsites03_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0Czy0CyB0FyEtD0B0FtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0C0ByEyB0F0EyDtG0AtCyDtCtG0EyC0B0CtG0A0EtAyCtGtDtByC0ByE0C0DtA0C0C0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtBtA0EtB0ByCtGzzyC0AtAtG0C0AyEzytGtCyByCtBtGyB0EyByCyD0DtCyEtBtC0E0D2Q&cr=167961586&ir=  -> Found
[PUP.Gen1|PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=dsites03_14_19_ie&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0Czy0CyB0FyEtD0B0FtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0C0ByEyB0F0EyDtG0AtCyDtCtG0EyC0B0CtG0A0EtAyCtGtDtByC0ByE0C0DtA0C0C0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtBtA0EtB0ByCtGzzyC0AtAtG0C0AyEzytGtCyByCtBtGyB0EyByCyD0DtCyEtBtC0E0D2Q&cr=167961586&ir=  -> Found
[PUP.Gen1|PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language  -> Found
[PUP.Gen1|PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-998168604-2222605666-1485238642-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\MySearchDial.job -- C:\Users\HRSEPT~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \MySearchDial -- C:\Users\HRSEPT~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] e9e433d0e4697d1c16ee1c52f23f98da
[BSP] 3a4b3c8c16813df0e5b144d11597f541 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 465683 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953925632 | Size: 11155 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Reply #1December 02, 2017, 09:29:46 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: help with roguekiller report, What should I have fixed?
« Reply #1 on: December 02, 2017, 09:29:46 PM »
Hi JHMartinez001,

Welcome to Adlice.com Forum.
You can select all lines for deletion except the following ones :
Quote
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C5ECBE24-0E8E-41AC-8745-DD44A0B0FEA3} | DhcpNameServer : 172.20.10.1 ([])  -> Found

If you need any more help with malware removal, don't hesitate to ask us.

Regards.

Reply #2December 02, 2017, 09:32:09 PM

JHMartinez001

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: help with roguekiller report, What should I have fixed?
« Reply #2 on: December 02, 2017, 09:32:09 PM »
Awesome thank you so much

Reply #3December 02, 2017, 09:33:24 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: help with roguekiller report, What should I have fixed?
« Reply #3 on: December 02, 2017, 09:33:24 PM »
Hi JHMartinez001,

You are very welcome.

Regards.