1
Malware removal help / Re: OUC.EXE
« on: December 23, 2014, 04:09:56 PM »
Well if you say so.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Malware removal help / Re: OUC.EXE
« on: December 23, 2014, 03:50:00 PM »
I don't think it really updates as there is nothing it really do. I don't even get a prompt that I have been given an update.
3
Malware removal help / Re: OUC.EXE
« on: December 23, 2014, 02:25:51 PM »
Yes it is. And it's what I used for internet. But I don't know if my usbstick is connecting from their site. Also I'm using Smart sim.
4
Malware removal help / Re: OUC.EXE
« on: December 23, 2014, 01:00:16 PM »
But it never gets updated. anyway it will reappear again. I assumed it is a malware coz I frequently get disconnected for no reason. So do I leave it behind?
5
Malware removal help / OUC.EXE
« on: December 23, 2014, 11:25:15 AM »
It says Killer proc something and is located on my Globebroadband stick like its an updater, I delete it normally but it reappears for a time. And I notice my internet connection cuts itself a number of times then I can't connect for 1 day. PLs help.
RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 12/23/2014 17:46:13
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe[7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 1 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bf542e6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bf542eb
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HUAWEI MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_DEL_09232014_170922.log - RKreport_DEL_09252014_213631.log
RKreport_DEL_09262014_205035.log - RKreport_DEL_09272014_072940.log - RKreport_DEL_09272014_194409.log - RKreport_DEL_09272014_203221.log
RKreport_DEL_10102014_004027.log - RKreport_DEL_10242014_223849.log - RKreport_DEL_10242014_232032.log - RKreport_DEL_10252014_224603.log
RKreport_DEL_10262014_015811.log - RKreport_DEL_10272014_222906.log - RKreport_DEL_10312014_130228.log - RKreport_DEL_11012014_161055.log
RKreport_DEL_11122014_164910.log - RKreport_DEL_11142014_004018.log - RKreport_DEL_11142014_044737.log - RKreport_DEL_11142014_122025.log
RKreport_DEL_11142014_122919.log - RKreport_DEL_11152014_161742.log - RKreport_DEL_11162014_125511.log - RKreport_DEL_11172014_125758.log
RKreport_DEL_11182014_152821.log - RKreport_DEL_11192014_115306.log - RKreport_DEL_11252014_010624.log - RKreport_DEL_11262014_123437.log
RKreport_DEL_11262014_161521.log - RKreport_DEL_12122014_151735.log - RKreport_DEL_12192014_024411.log - RKreport_DEL_12192014_035428.log
RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log
RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log
RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log
RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log
RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log
RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log
RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log
RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log
RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log
RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log
RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log
RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log
RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log
RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log
RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log
RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log
RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log
RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log
RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log
RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log
RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log
RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log
RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log
RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log
RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log - RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
RKreport_SCN_09232014_170109.log - RKreport_SCN_09232014_171259.log - RKreport_SCN_09242014_230518.log - RKreport_SCN_09252014_213522.log
RKreport_SCN_09262014_204840.log - RKreport_SCN_09272014_072901.log - RKreport_SCN_09272014_194302.log - RKreport_SCN_09272014_203158.log
RKreport_SCN_09302014_010043.log - RKreport_SCN_10012014_205246.log - RKreport_SCN_10102014_004006.log - RKreport_SCN_10152014_054529.log
RKreport_SCN_10242014_223730.log - RKreport_SCN_10242014_224148.log - RKreport_SCN_10242014_231950.log - RKreport_SCN_10242014_233127.log
RKreport_SCN_10252014_224538.log - RKreport_SCN_10252014_230002.log - RKreport_SCN_10262014_015608.log - RKreport_SCN_10272014_222831.log
RKreport_SCN_10272014_224354.log - RKreport_SCN_10282014_125728.log - RKreport_SCN_10282014_140052.log - RKreport_SCN_10312014_125845.log
RKreport_SCN_11012014_152322.log - RKreport_SCN_11012014_160900.log - RKreport_SCN_11122014_164847.log - RKreport_SCN_11132014_112439.log
RKreport_SCN_11142014_003210.log - RKreport_SCN_11142014_044710.log - RKreport_SCN_11142014_120405.log - RKreport_SCN_11142014_121243.log
RKreport_SCN_11142014_122856.log - RKreport_SCN_11152014_161656.log - RKreport_SCN_11162014_125432.log - RKreport_SCN_11172014_125727.log
RKreport_SCN_11182014_152804.log - RKreport_SCN_11192014_114632.log - RKreport_SCN_11252014_010558.log - RKreport_SCN_11262014_123426.log
RKreport_SCN_11262014_161110.log - RKreport_SCN_12032014_025822.log - RKreport_SCN_12122014_151706.log - RKreport_SCN_12142014_173217.log
RKreport_SCN_12192014_024316.log - RKreport_SCN_12192014_035319.log - RKreport_SCN_12192014_042221.log
RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 12/23/2014 17:46:13
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe[7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 1 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bf542e6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bf542eb
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HUAWEI MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_DEL_09232014_170922.log - RKreport_DEL_09252014_213631.log
RKreport_DEL_09262014_205035.log - RKreport_DEL_09272014_072940.log - RKreport_DEL_09272014_194409.log - RKreport_DEL_09272014_203221.log
RKreport_DEL_10102014_004027.log - RKreport_DEL_10242014_223849.log - RKreport_DEL_10242014_232032.log - RKreport_DEL_10252014_224603.log
RKreport_DEL_10262014_015811.log - RKreport_DEL_10272014_222906.log - RKreport_DEL_10312014_130228.log - RKreport_DEL_11012014_161055.log
RKreport_DEL_11122014_164910.log - RKreport_DEL_11142014_004018.log - RKreport_DEL_11142014_044737.log - RKreport_DEL_11142014_122025.log
RKreport_DEL_11142014_122919.log - RKreport_DEL_11152014_161742.log - RKreport_DEL_11162014_125511.log - RKreport_DEL_11172014_125758.log
RKreport_DEL_11182014_152821.log - RKreport_DEL_11192014_115306.log - RKreport_DEL_11252014_010624.log - RKreport_DEL_11262014_123437.log
RKreport_DEL_11262014_161521.log - RKreport_DEL_12122014_151735.log - RKreport_DEL_12192014_024411.log - RKreport_DEL_12192014_035428.log
RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log
RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log
RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log
RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log
RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log
RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log
RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log
RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log
RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log
RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log
RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log
RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log
RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log
RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log
RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log
RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log
RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log
RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log
RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log
RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log
RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log
RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log
RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log
RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log
RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log - RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
RKreport_SCN_09232014_170109.log - RKreport_SCN_09232014_171259.log - RKreport_SCN_09242014_230518.log - RKreport_SCN_09252014_213522.log
RKreport_SCN_09262014_204840.log - RKreport_SCN_09272014_072901.log - RKreport_SCN_09272014_194302.log - RKreport_SCN_09272014_203158.log
RKreport_SCN_09302014_010043.log - RKreport_SCN_10012014_205246.log - RKreport_SCN_10102014_004006.log - RKreport_SCN_10152014_054529.log
RKreport_SCN_10242014_223730.log - RKreport_SCN_10242014_224148.log - RKreport_SCN_10242014_231950.log - RKreport_SCN_10242014_233127.log
RKreport_SCN_10252014_224538.log - RKreport_SCN_10252014_230002.log - RKreport_SCN_10262014_015608.log - RKreport_SCN_10272014_222831.log
RKreport_SCN_10272014_224354.log - RKreport_SCN_10282014_125728.log - RKreport_SCN_10282014_140052.log - RKreport_SCN_10312014_125845.log
RKreport_SCN_11012014_152322.log - RKreport_SCN_11012014_160900.log - RKreport_SCN_11122014_164847.log - RKreport_SCN_11132014_112439.log
RKreport_SCN_11142014_003210.log - RKreport_SCN_11142014_044710.log - RKreport_SCN_11142014_120405.log - RKreport_SCN_11142014_121243.log
RKreport_SCN_11142014_122856.log - RKreport_SCN_11152014_161656.log - RKreport_SCN_11162014_125432.log - RKreport_SCN_11172014_125727.log
RKreport_SCN_11182014_152804.log - RKreport_SCN_11192014_114632.log - RKreport_SCN_11252014_010558.log - RKreport_SCN_11262014_123426.log
RKreport_SCN_11262014_161110.log - RKreport_SCN_12032014_025822.log - RKreport_SCN_12122014_151706.log - RKreport_SCN_12142014_173217.log
RKreport_SCN_12192014_024316.log - RKreport_SCN_12192014_035319.log - RKreport_SCN_12192014_042221.log
6
RogueKiller / Re: Can't be deleted possible malware
« on: September 23, 2014, 03:41:15 PM »
Ok. thanks for the assistance.
7
RogueKiller / Re: Can't be deleted possible malware
« on: September 23, 2014, 02:21:23 PM »
So what about my screen being like that and the sites I visit now requires a cloudfare check even if I scanned before connecting to the net. And some changes in my laptop settings like I mentioned? It feels like there's something else or my laptop have a damage. How do I check for damage?
8
RogueKiller / Re: Can't be deleted possible malware
« on: September 23, 2014, 01:01:23 PM »
Yeah that's what I did. So that not to confuse I made a new scan with Roguekiller and after that
is Gmer. Here's a pic and the report;
But may I ask, is the highlighted in orange [SSDT] a good thing or a bad thing and if it's bad
can it be removed? And from another pic there's these stains from the top screen which I
believed is caused by malware. The changes I found in my laptop are suspicious. On startup
my firewall seems to be always turned off which happened recently and my Broadband stick
is displaying wrong color indication even if the signal is strong. Also I have a game that have
a notepad file which sometimes the contents of it are erased but the file is still there resulting
to the game unable to start.
=============================================================
RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 09/23/2014 17:01:09
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 8 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[75] : Unknown @ 0x8c83e11e
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[276] : Unknown @ 0x8c83e128
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8c83e123
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[314] : Unknown @ 0x8c83e12d
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[332] : Unknown @ 0x8c83e132
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8c83e0bf
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8c83e146
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8c83e14b
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log
RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log - RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log
RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log - RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log
RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log - RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log
RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log - RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log
RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log - RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log
RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log - RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log
RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log - RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log
RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log - RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log
RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log - RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log
RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log - RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log
RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log - RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log
RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log - RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log
RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log - RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log
RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log - RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log
RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log - RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log
RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log - RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log
RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log - RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log
RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log - RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log
RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log - RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log
RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log - RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log
RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log - RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log
RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log - RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log
RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log - RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log
RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log - RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log
RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
==================================================================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-23 17:37:51
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232.89GB
Running: gmer.exe; Driver: C:\Users\Rai\AppData\Local\Temp\pwdiqpow.sys
---- System - GMER 2.1 ----
SSDT 8C83E11E ZwCreateSection
SSDT 8C83E128 ZwRequestWaitReplyPort
SSDT 8C83E123 ZwSetContextThread
SSDT 8C83E12D ZwSetSecurityObject
SSDT 8C83E132 ZwSystemDebugControl
SSDT 8C83E0BF ZwTerminateProcess
---- Devices - GMER 2.1 ----
Device \Driver\USBSTOR -> DriverStartIo \Device\0000008e BE034F26
Device \Driver\USBSTOR \Device\0000008e BE03EFC8
Device \Driver\USBSTOR -> DriverStartIo \Device\0000008f BE034F26
Device \Driver\USBSTOR \Device\0000008f BE03EFC8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
Device \Driver\hwdatacard \Device\QCUSB_COM10_2 BE1C3A3C
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\hwdatacard \Device\QCUSB_COM11_3 BE1C3A3C
Device \Driver\hwdatacard \Device\QCUSB_COM9_1 BE1C3A3C
Device \Driver\USBSTOR -> DriverStartIo \Device\00000090 BE034F26
Device \Driver\USBSTOR \Device\00000090 BE03EFC8
Device \Driver\USBSTOR -> DriverStartIo \Device\00000091 BE034F26
Device \Driver\USBSTOR \Device\00000091 BE03EFC8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
---- EOF - GMER 2.1 ----
is Gmer. Here's a pic and the report;
But may I ask, is the highlighted in orange [SSDT] a good thing or a bad thing and if it's bad
can it be removed? And from another pic there's these stains from the top screen which I
believed is caused by malware. The changes I found in my laptop are suspicious. On startup
my firewall seems to be always turned off which happened recently and my Broadband stick
is displaying wrong color indication even if the signal is strong. Also I have a game that have
a notepad file which sometimes the contents of it are erased but the file is still there resulting
to the game unable to start.
=============================================================
RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 09/23/2014 17:01:09
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 8 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[75] : Unknown @ 0x8c83e11e
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[276] : Unknown @ 0x8c83e128
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8c83e123
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[314] : Unknown @ 0x8c83e12d
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[332] : Unknown @ 0x8c83e132
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8c83e0bf
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8c83e146
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8c83e14b
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log
RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log - RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log
RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log - RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log
RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log - RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log
RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log - RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log
RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log - RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log
RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log - RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log
RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log - RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log
RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log - RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log
RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log - RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log
RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log - RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log
RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log - RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log
RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log - RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log
RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log - RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log
RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log - RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log
RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log - RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log
RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log - RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log
RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log - RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log
RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log - RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log
RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log - RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log
RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log - RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log
RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log - RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log
RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log - RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log
RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log - RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log
RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log - RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log
RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
==================================================================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-23 17:37:51
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232.89GB
Running: gmer.exe; Driver: C:\Users\Rai\AppData\Local\Temp\pwdiqpow.sys
---- System - GMER 2.1 ----
SSDT 8C83E11E ZwCreateSection
SSDT 8C83E128 ZwRequestWaitReplyPort
SSDT 8C83E123 ZwSetContextThread
SSDT 8C83E12D ZwSetSecurityObject
SSDT 8C83E132 ZwSystemDebugControl
SSDT 8C83E0BF ZwTerminateProcess
---- Devices - GMER 2.1 ----
Device \Driver\USBSTOR -> DriverStartIo \Device\0000008e BE034F26
Device \Driver\USBSTOR \Device\0000008e BE03EFC8
Device \Driver\USBSTOR -> DriverStartIo \Device\0000008f BE034F26
Device \Driver\USBSTOR \Device\0000008f BE03EFC8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
Device \Driver\hwdatacard \Device\QCUSB_COM10_2 BE1C3A3C
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\hwdatacard \Device\QCUSB_COM11_3 BE1C3A3C
Device \Driver\hwdatacard \Device\QCUSB_COM9_1 BE1C3A3C
Device \Driver\USBSTOR -> DriverStartIo \Device\00000090 BE034F26
Device \Driver\USBSTOR \Device\00000090 BE03EFC8
Device \Driver\USBSTOR -> DriverStartIo \Device\00000091 BE034F26
Device \Driver\USBSTOR \Device\00000091 BE03EFC8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
---- EOF - GMER 2.1 ----
9
RogueKiller / Re: Can't be deleted possible malware
« on: September 22, 2014, 11:41:59 AM »
I'm a little confused because I can't find where it was installed. I go to that site and downloaded it. It was in zip and inside is Gmer.exe and another but no zip and named with a combination of numbers and letters. It's just double click then you start to scan. But it did say in the site that it installed somewhere and you can delete it. Maybe I'm missing something here. Anyway I'm scanning for the 2nd time so maybe I did something wrong on the 1st scan.
10
RogueKiller / Re: Can't be deleted possible malware
« on: September 22, 2014, 11:18:06 AM »
I've downloaded both and both are only .exe file. So I open with 7z but all files I found are digits and sys file. It basically runs and doesnt need to install so I don't know where that tmp folder your talking about.
11
RogueKiller / Re: Can't be deleted possible malware
« on: September 22, 2014, 11:07:02 AM »
I think I downloaded the .exe that doesn't need to install. and the driver file your mentioning is in that installer. I downloaded the non installer bec. it doesnt let me download the installer. So I'll try again.
12
RogueKiller / Re: Can't be deleted possible malware
« on: September 21, 2014, 10:11:41 PM »
Here's the GMER Scan:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-22 04:05:42
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232.89GB
Running: gmer.exe; Driver: C:\Users\Rai\AppData\Local\Temp\pwdiqpow.sys
---- System - GMER 2.1 ----
SSDT 8BD31CFE ZwCreateSection
SSDT 8BD31D08 ZwRequestWaitReplyPort
SSDT 8BD31D03 ZwSetContextThread
SSDT 8BD31D0D ZwSetSecurityObject
SSDT 8BD31D12 ZwSystemDebugControl
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F690640]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 840FC860 4 Bytes [FE, 1C, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 840FCB84 4 Bytes [08, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 840FCBB8 4 Bytes [03, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 840FCC1C 4 Bytes [0D, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 840FCC64 4 Bytes [12, 1D, D3, 8B]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
---- EOF - GMER 2.1 ----
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-22 04:05:42
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232.89GB
Running: gmer.exe; Driver: C:\Users\Rai\AppData\Local\Temp\pwdiqpow.sys
---- System - GMER 2.1 ----
SSDT 8BD31CFE ZwCreateSection
SSDT 8BD31D08 ZwRequestWaitReplyPort
SSDT 8BD31D03 ZwSetContextThread
SSDT 8BD31D0D ZwSetSecurityObject
SSDT 8BD31D12 ZwSystemDebugControl
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F690640]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 840FC860 4 Bytes [FE, 1C, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 840FCB84 4 Bytes [08, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 840FCBB8 4 Bytes [03, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 840FCC1C 4 Bytes [0D, 1D, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 840FCC64 4 Bytes [12, 1D, D3, 8B]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556f814e0@02823c0d6622 0xD1 0x07 0xB8 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x21 0x5B 0xCF ...
---- EOF - GMER 2.1 ----
13
RogueKiller / Re: Can't be deleted possible malware
« on: September 21, 2014, 12:24:43 PM »
Yes. And everytime I go to a site I'm directed to cloudfare or other security check. Ok I'll try Gmer.
14
RogueKiller / Re: Can't be deleted possible malware
« on: September 21, 2014, 12:01:22 PM »
I can't find it. Don't know if its hiding itself. And there are other temp folders (12 & 35) aside from the original temp. How do I fix these?
15
RogueKiller / Re: Can't be deleted possible malware
« on: September 19, 2014, 08:47:15 AM »
Here's a 2nd scan with more detection
Code: [Select]
RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 09/19/2014 14:28:03
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A773825-CD3A-43AA-B6FF-1A6A9E969E5E} | NameServer : 121.1.3.74 121.1.3.89 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 23 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[75] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1962e8c
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1963010
[SSDT:Addr(Hook.SSDT)] NtMakeTemporaryObject[174] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1962e02
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb196312e
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[276] : Unknown @ 0x8bd70b20
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb196324e
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[314] : Unknown @ 0x8bd70b25
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195f94c
[SSDT:Addr(Hook.SSDT)] NtSetSystemTime[319] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195fb02
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[332] : Unknown @ 0x8bd70b2a
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8bd70ab7
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1962d74
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb196102e
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb196309e
[ShwSSDT:Addr(Hook.Shadow)] NtUserCallTwoParam[334] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1961d0a
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195f2f6
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195f292
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195eece
[ShwSSDT:Addr(Hook.Shadow)] NtUserQueryWindow[504] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195ecce
[ShwSSDT:Addr(Hook.Shadow)] NtUserSendInput[525] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb1961cb4
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bd70b3e
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bd70b43
[ShwSSDT:Addr(Hook.Shadow)] NtUserSwitchDesktop[582] : C:\Users\Rai\AppData\Local\Temp\B098834F4D.sys @ 0xb195e99c
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log
RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log
RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log
RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log
RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log
RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log
RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log
RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log
RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log
RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log
RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log
RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log
RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log
RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log
RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log
RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log
RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log
RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log
RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log
RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log
RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log
RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log
RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log
RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log
Pages: [1] 2
