Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - RaiZZZ19

Pages: [1]
1
Malware removal help / OUC.EXE
« on: December 23, 2014, 11:25:15 am »
It says Killer proc something and is located on my Globebroadband stick like its an updater, I delete it normally but it reappears for a time. And I notice my internet connection cuts itself a number of times then I can't connect for 1 day. PLs help.

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 12/23/2014  17:46:13

Bad processes : 1
[Suspicious.Path] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe[7] -> KILLED [TermProc]

Registry Entries : 1
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> FOUND

Scheduled tasks : 0

Files : 0

HOSTS File : 1
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

Antirootkit : 2 (Driver: LOADED)
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bf542e6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bf542eb

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HUAWEI MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_DEL_09232014_170922.log - RKreport_DEL_09252014_213631.log
RKreport_DEL_09262014_205035.log - RKreport_DEL_09272014_072940.log - RKreport_DEL_09272014_194409.log - RKreport_DEL_09272014_203221.log
RKreport_DEL_10102014_004027.log - RKreport_DEL_10242014_223849.log - RKreport_DEL_10242014_232032.log - RKreport_DEL_10252014_224603.log
RKreport_DEL_10262014_015811.log - RKreport_DEL_10272014_222906.log - RKreport_DEL_10312014_130228.log - RKreport_DEL_11012014_161055.log
RKreport_DEL_11122014_164910.log - RKreport_DEL_11142014_004018.log - RKreport_DEL_11142014_044737.log - RKreport_DEL_11142014_122025.log
RKreport_DEL_11142014_122919.log - RKreport_DEL_11152014_161742.log - RKreport_DEL_11162014_125511.log - RKreport_DEL_11172014_125758.log
RKreport_DEL_11182014_152821.log - RKreport_DEL_11192014_115306.log - RKreport_DEL_11252014_010624.log - RKreport_DEL_11262014_123437.log
RKreport_DEL_11262014_161521.log - RKreport_DEL_12122014_151735.log - RKreport_DEL_12192014_024411.log - RKreport_DEL_12192014_035428.log
RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log
RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log
RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log
RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log
RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log
RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log
RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log
RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log
RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log
RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log
RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log
RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log
RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log
RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log
RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log
RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log
RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log
RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log
RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log
RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log
RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log
RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log
RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log
RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log
RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log - RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
RKreport_SCN_09232014_170109.log - RKreport_SCN_09232014_171259.log - RKreport_SCN_09242014_230518.log - RKreport_SCN_09252014_213522.log
RKreport_SCN_09262014_204840.log - RKreport_SCN_09272014_072901.log - RKreport_SCN_09272014_194302.log - RKreport_SCN_09272014_203158.log
RKreport_SCN_09302014_010043.log - RKreport_SCN_10012014_205246.log - RKreport_SCN_10102014_004006.log - RKreport_SCN_10152014_054529.log
RKreport_SCN_10242014_223730.log - RKreport_SCN_10242014_224148.log - RKreport_SCN_10242014_231950.log - RKreport_SCN_10242014_233127.log
RKreport_SCN_10252014_224538.log - RKreport_SCN_10252014_230002.log - RKreport_SCN_10262014_015608.log - RKreport_SCN_10272014_222831.log
RKreport_SCN_10272014_224354.log - RKreport_SCN_10282014_125728.log - RKreport_SCN_10282014_140052.log - RKreport_SCN_10312014_125845.log
RKreport_SCN_11012014_152322.log - RKreport_SCN_11012014_160900.log - RKreport_SCN_11122014_164847.log - RKreport_SCN_11132014_112439.log
RKreport_SCN_11142014_003210.log - RKreport_SCN_11142014_044710.log - RKreport_SCN_11142014_120405.log - RKreport_SCN_11142014_121243.log
RKreport_SCN_11142014_122856.log - RKreport_SCN_11152014_161656.log - RKreport_SCN_11162014_125432.log - RKreport_SCN_11172014_125727.log
RKreport_SCN_11182014_152804.log - RKreport_SCN_11192014_114632.log - RKreport_SCN_11252014_010558.log - RKreport_SCN_11262014_123426.log
RKreport_SCN_11262014_161110.log - RKreport_SCN_12032014_025822.log - RKreport_SCN_12122014_151706.log - RKreport_SCN_12142014_173217.log
RKreport_SCN_12192014_024316.log - RKreport_SCN_12192014_035319.log - RKreport_SCN_12192014_042221.log

2
RogueKiller / Can't be deleted possible malware
« on: September 18, 2014, 09:51:55 pm »
I had trouble dealing with this because I don't know if it's a malware or not and Roguekiller seems can't delete it.
Here's my report using the latest. I've tried everything from antivrus to superantimalware and combofix but nothing seems to remove it. It gives me headache. Pls help. Also I noticed my screen have a stain if I have a malware and now my broadband stick does not display the correct color for speed connection.

RogueKiller V9.2.11.0 [Sep  9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Remove -- Date : 09/19/2014  03:38:18

Bad processes : 0

Registry Entries : 1
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A773825-CD3A-43AA-B6FF-1A6A9E969E5E} | NameServer : 121.1.3.74 121.1.3.89  -> REPLACED ()

Scheduled tasks : 0

Files : 0

HOSTS File : 1
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

Antirootkit : 7 (Driver: LOADED)
[SSDT:Addr(Hook.SSDT)] NtCreateSection[75] : Unknown @ 0x8bd70b16
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[276] : Unknown @ 0x8bd70b20
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8bd70b1b
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[314] : Unknown @ 0x8bd70b25
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[332] : Unknown @ 0x8bd70b2a
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bd70b3e
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bd70b43

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_SCN_08252014_140738.log
RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log - RKreport_SCN_08252014_144747.log
RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log - RKreport_SCN_08262014_231328.log
RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log - RKreport_SCN_08272014_011227.log
RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log - RKreport_SCN_08302014_192425.log
RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log - RKreport_SCN_08302014_221353.log
RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log - RKreport_SCN_08312014_130415.log
RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log - RKreport_SCN_08312014_211802.log
RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log - RKreport_SCN_09042014_200927.log
RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log - RKreport_SCN_09052014_010749.log
RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log - RKreport_SCN_09052014_122730.log
RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log - RKreport_SCN_09062014_195228.log
RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log - RKreport_SCN_09072014_000755.log
RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log - RKreport_SCN_09072014_004252.log
RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log - RKreport_SCN_09072014_014936.log
RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log - RKreport_SCN_09072014_031936.log
RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log - RKreport_SCN_09072014_172715.log
RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log - RKreport_SCN_09072014_175853.log
RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log - RKreport_SCN_09072014_182132.log
RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log - RKreport_SCN_09072014_185443.log
RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log - RKreport_SCN_09082014_175721.log
RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log - RKreport_SCN_09102014_003309.log
RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log - RKreport_SCN_09132014_031123.log
RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log - RKreport_SCN_09182014_161214.log
RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log

Pages: [1]