Author Topic: OUC.EXE  (Read 11167 times)

0 Members and 3 Guests are viewing this topic.

December 23, 2014, 11:25:15 AM

RaiZZZ19

  • Newbie

  • Offline
  • *

  • 16
  • Reputation:
    0
    • View Profile
OUC.EXE
« on: December 23, 2014, 11:25:15 AM »
It says Killer proc something and is located on my Globebroadband stick like its an updater, I delete it normally but it reappears for a time. And I notice my internet connection cuts itself a number of times then I can't connect for 1 day. PLs help.

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rai [Admin rights]
Mode : Scan -- Date : 12/23/2014  17:46:13

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe[7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8bf542e6
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bf542eb

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 98500ec2b7b5edecd534cd194c873eea
[BSP] fb2fd27aa6b059f12a8e0326786d723d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 110000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 225282048 | Size: 128473 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HUAWEI MMC Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_08252014_141057.log - RKreport_DEL_08252014_142437.log - RKreport_DEL_08252014_143444.log - RKreport_DEL_08252014_144154.log
RKreport_DEL_08252014_144912.log - RKreport_DEL_08252014_150337.log - RKreport_DEL_08262014_231506.log - RKreport_DEL_08262014_232640.log
RKreport_DEL_08262014_234357.log - RKreport_DEL_08292014_192844.log - RKreport_DEL_08302014_192856.log - RKreport_DEL_08302014_215715.log
RKreport_DEL_08312014_125835.log - RKreport_DEL_08312014_130448.log - RKreport_DEL_08312014_163003.log - RKreport_DEL_08312014_163943.log
RKreport_DEL_08312014_211853.log - RKreport_DEL_09042014_052841.log - RKreport_DEL_09042014_201213.log - RKreport_DEL_09042014_203512.log
RKreport_DEL_09052014_010805.log - RKreport_DEL_09052014_032809.log - RKreport_DEL_09062014_192835.log - RKreport_DEL_09062014_193849.log
RKreport_DEL_09062014_210144.log - RKreport_DEL_09072014_000852.log - RKreport_DEL_09072014_002032.log - RKreport_DEL_09072014_003229.log
RKreport_DEL_09072014_004306.log - RKreport_DEL_09072014_012101.log - RKreport_DEL_09072014_013809.log - RKreport_DEL_09072014_015023.log
RKreport_DEL_09072014_020430.log - RKreport_DEL_09072014_021655.log - RKreport_DEL_09072014_022916.log - RKreport_DEL_09072014_031947.log
RKreport_DEL_09072014_033134.log - RKreport_DEL_09072014_170449.log - RKreport_DEL_09072014_171547.log - RKreport_DEL_09072014_172720.log
RKreport_DEL_09072014_173809.log - RKreport_DEL_09072014_174812.log - RKreport_DEL_09072014_175842.log - RKreport_DEL_09072014_180416.log
RKreport_DEL_09072014_180950.log - RKreport_DEL_09072014_181548.log - RKreport_DEL_09072014_182141.log - RKreport_DEL_09072014_182725.log
RKreport_DEL_09072014_183304.log - RKreport_DEL_09072014_184153.log - RKreport_DEL_09072014_185519.log - RKreport_DEL_09072014_201056.log
RKreport_DEL_09072014_222351.log - RKreport_DEL_09072014_230025.log - RKreport_DEL_09082014_180137.log - RKreport_DEL_09082014_195410.log
RKreport_DEL_09092014_024938.log - RKreport_DEL_09102014_003411.log - RKreport_DEL_09122014_184753.log - RKreport_DEL_09122014_185920.log
RKreport_DEL_09122014_223254.log - RKreport_DEL_09132014_031215.log - RKreport_DEL_09192014_022324.log - RKreport_DEL_09192014_033818.log
RKreport_DEL_09192014_142930.log - RKreport_DEL_09192014_184013.log - RKreport_DEL_09232014_170922.log - RKreport_DEL_09252014_213631.log
RKreport_DEL_09262014_205035.log - RKreport_DEL_09272014_072940.log - RKreport_DEL_09272014_194409.log - RKreport_DEL_09272014_203221.log
RKreport_DEL_10102014_004027.log - RKreport_DEL_10242014_223849.log - RKreport_DEL_10242014_232032.log - RKreport_DEL_10252014_224603.log
RKreport_DEL_10262014_015811.log - RKreport_DEL_10272014_222906.log - RKreport_DEL_10312014_130228.log - RKreport_DEL_11012014_161055.log
RKreport_DEL_11122014_164910.log - RKreport_DEL_11142014_004018.log - RKreport_DEL_11142014_044737.log - RKreport_DEL_11142014_122025.log
RKreport_DEL_11142014_122919.log - RKreport_DEL_11152014_161742.log - RKreport_DEL_11162014_125511.log - RKreport_DEL_11172014_125758.log
RKreport_DEL_11182014_152821.log - RKreport_DEL_11192014_115306.log - RKreport_DEL_11252014_010624.log - RKreport_DEL_11262014_123437.log
RKreport_DEL_11262014_161521.log - RKreport_DEL_12122014_151735.log - RKreport_DEL_12192014_024411.log - RKreport_DEL_12192014_035428.log
RKreport_SCN_08252014_140738.log - RKreport_SCN_08252014_142050.log - RKreport_SCN_08252014_143226.log - RKreport_SCN_08252014_144120.log
RKreport_SCN_08252014_144747.log - RKreport_SCN_08252014_145755.log - RKreport_SCN_08252014_151229.log - RKreport_SCN_08252014_181328.log
RKreport_SCN_08262014_231328.log - RKreport_SCN_08262014_232051.log - RKreport_SCN_08262014_234330.log - RKreport_SCN_08272014_005804.log
RKreport_SCN_08272014_011227.log - RKreport_SCN_08292014_192743.log - RKreport_SCN_08292014_193402.log - RKreport_SCN_08292014_235858.log
RKreport_SCN_08302014_192425.log - RKreport_SCN_08302014_195223.log - RKreport_SCN_08302014_215628.log - RKreport_SCN_08302014_220227.log
RKreport_SCN_08302014_221353.log - RKreport_SCN_08312014_024930.log - RKreport_SCN_08312014_030634.log - RKreport_SCN_08312014_125520.log
RKreport_SCN_08312014_130415.log - RKreport_SCN_08312014_150328.log - RKreport_SCN_08312014_162836.log - RKreport_SCN_08312014_163452.log
RKreport_SCN_08312014_211802.log - RKreport_SCN_09032014_000512.log - RKreport_SCN_09042014_052237.log - RKreport_SCN_09042014_123307.log
RKreport_SCN_09042014_200927.log - RKreport_SCN_09042014_201302.log - RKreport_SCN_09042014_203222.log - RKreport_SCN_09042014_225307.log
RKreport_SCN_09052014_010749.log - RKreport_SCN_09052014_025055.log - RKreport_SCN_09052014_032751.log - RKreport_SCN_09052014_033452.log
RKreport_SCN_09052014_122730.log - RKreport_SCN_09062014_102110.log - RKreport_SCN_09062014_192723.log - RKreport_SCN_09062014_193830.log
RKreport_SCN_09062014_195228.log - RKreport_SCN_09062014_205845.log - RKreport_SCN_09062014_215014.log - RKreport_SCN_09062014_234832.log
RKreport_SCN_09072014_000755.log - RKreport_SCN_09072014_001743.log - RKreport_SCN_09072014_003211.log - RKreport_SCN_09072014_003828.log
RKreport_SCN_09072014_004252.log - RKreport_SCN_09072014_005346.log - RKreport_SCN_09072014_012029.log - RKreport_SCN_09072014_013725.log
RKreport_SCN_09072014_014936.log - RKreport_SCN_09072014_020349.log - RKreport_SCN_09072014_021626.log - RKreport_SCN_09072014_022839.log
RKreport_SCN_09072014_031936.log - RKreport_SCN_09072014_033119.log - RKreport_SCN_09072014_170442.log - RKreport_SCN_09072014_171513.log
RKreport_SCN_09072014_172715.log - RKreport_SCN_09072014_173754.log - RKreport_SCN_09072014_174803.log - RKreport_SCN_09072014_175837.log
RKreport_SCN_09072014_175853.log - RKreport_SCN_09072014_180410.log - RKreport_SCN_09072014_180945.log - RKreport_SCN_09072014_181539.log
RKreport_SCN_09072014_182132.log - RKreport_SCN_09072014_182717.log - RKreport_SCN_09072014_183258.log - RKreport_SCN_09072014_183911.log
RKreport_SCN_09072014_185443.log - RKreport_SCN_09072014_201050.log - RKreport_SCN_09072014_222312.log - RKreport_SCN_09072014_230004.log
RKreport_SCN_09082014_175721.log - RKreport_SCN_09082014_181234.log - RKreport_SCN_09082014_195327.log - RKreport_SCN_09092014_024838.log
RKreport_SCN_09102014_003309.log - RKreport_SCN_09122014_184727.log - RKreport_SCN_09122014_185857.log - RKreport_SCN_09122014_223225.log
RKreport_SCN_09132014_031123.log - RKreport_SCN_09132014_033024.log - RKreport_SCN_09142014_163814.log - RKreport_SCN_09162014_155818.log
RKreport_SCN_09182014_161214.log - RKreport_SCN_09182014_162655.log - RKreport_SCN_09192014_022245.log - RKreport_SCN_09192014_033736.log
RKreport_SCN_09192014_142803.log - RKreport_SCN_09192014_150406.log - RKreport_SCN_09192014_183936.log - RKreport_SCN_09222014_183836.log
RKreport_SCN_09232014_170109.log - RKreport_SCN_09232014_171259.log - RKreport_SCN_09242014_230518.log - RKreport_SCN_09252014_213522.log
RKreport_SCN_09262014_204840.log - RKreport_SCN_09272014_072901.log - RKreport_SCN_09272014_194302.log - RKreport_SCN_09272014_203158.log
RKreport_SCN_09302014_010043.log - RKreport_SCN_10012014_205246.log - RKreport_SCN_10102014_004006.log - RKreport_SCN_10152014_054529.log
RKreport_SCN_10242014_223730.log - RKreport_SCN_10242014_224148.log - RKreport_SCN_10242014_231950.log - RKreport_SCN_10242014_233127.log
RKreport_SCN_10252014_224538.log - RKreport_SCN_10252014_230002.log - RKreport_SCN_10262014_015608.log - RKreport_SCN_10272014_222831.log
RKreport_SCN_10272014_224354.log - RKreport_SCN_10282014_125728.log - RKreport_SCN_10282014_140052.log - RKreport_SCN_10312014_125845.log
RKreport_SCN_11012014_152322.log - RKreport_SCN_11012014_160900.log - RKreport_SCN_11122014_164847.log - RKreport_SCN_11132014_112439.log
RKreport_SCN_11142014_003210.log - RKreport_SCN_11142014_044710.log - RKreport_SCN_11142014_120405.log - RKreport_SCN_11142014_121243.log
RKreport_SCN_11142014_122856.log - RKreport_SCN_11152014_161656.log - RKreport_SCN_11162014_125432.log - RKreport_SCN_11172014_125727.log
RKreport_SCN_11182014_152804.log - RKreport_SCN_11192014_114632.log - RKreport_SCN_11252014_010558.log - RKreport_SCN_11262014_123426.log
RKreport_SCN_11262014_161110.log - RKreport_SCN_12032014_025822.log - RKreport_SCN_12122014_151706.log - RKreport_SCN_12142014_173217.log
RKreport_SCN_12192014_024316.log - RKreport_SCN_12192014_035319.log - RKreport_SCN_12192014_042221.log

Reply #1December 23, 2014, 12:07:42 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: OUC.EXE
« Reply #1 on: December 23, 2014, 12:07:42 PM »
I think that's a false positive, you shouldn't delete it.

Reply #2December 23, 2014, 01:00:16 PM

RaiZZZ19

  • Newbie

  • Offline
  • *

  • 16
  • Reputation:
    0
    • View Profile
Re: OUC.EXE
« Reply #2 on: December 23, 2014, 01:00:16 PM »
But it never gets updated. anyway it will reappear again. I assumed it is a malware coz I frequently get disconnected for no reason. So do I leave it behind?

Reply #3December 23, 2014, 01:39:05 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: OUC.EXE
« Reply #3 on: December 23, 2014, 01:39:05 PM »
Comes from that: http://tattoo.globe.com.ph/
Do you know it?

Reply #4December 23, 2014, 02:25:51 PM

RaiZZZ19

  • Newbie

  • Offline
  • *

  • 16
  • Reputation:
    0
    • View Profile
Re: OUC.EXE
« Reply #4 on: December 23, 2014, 02:25:51 PM »
Yes it is. And it's what I used for internet. But I don't know if my usbstick is connecting from their site. Also I'm using Smart sim.

Reply #5December 23, 2014, 03:45:23 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: OUC.EXE
« Reply #5 on: December 23, 2014, 03:45:23 PM »
I would go for if you know it, don't touch it :)
Especially if it works.

Reply #6December 23, 2014, 03:50:00 PM

RaiZZZ19

  • Newbie

  • Offline
  • *

  • 16
  • Reputation:
    0
    • View Profile
Re: OUC.EXE
« Reply #6 on: December 23, 2014, 03:50:00 PM »
I don't think it really updates as there is nothing it really do. I don't even get a prompt that I have been given an update.

Reply #7December 23, 2014, 04:02:36 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: OUC.EXE
« Reply #7 on: December 23, 2014, 04:02:36 PM »
Can't answer, I don't know how it's supposed to work. What I know is it's probably legit.

Reply #8December 23, 2014, 04:09:56 PM

RaiZZZ19

  • Newbie

  • Offline
  • *

  • 16
  • Reputation:
    0
    • View Profile
Re: OUC.EXE
« Reply #8 on: December 23, 2014, 04:09:56 PM »
Well if you say so.