rogerthat69
Posts: 57 +0
Have a laptop. I am sole user. Comp was earlier hijacked. Processor-fan also disappeared, was over- heated. Had it cleaned but nothing there. Then OS reinstalled. Fan worked again. But slowly things started to look worse again(1 month). Had 2 user-accounts on my own. I.e Windows Firewall where often open to Remote control! Found 3 PUM´s which could not be deleted(replaced). Fan stopped working again. Did a System Restore. Fan still not working but much better overall performance. Reduced processor-throttle(can not manage the fan) to reduce overheating but it keeps shutting down(95dgrs C). Ran aswMBR but found nothing. Ran Malwarebytes AntiMalware but nothing(both Fast and Full Scans). MBR-Virus? No more Firewall-problems after restoring it seems!
Belarc shows a lot of security-problems, done SFC-scannow with repair done, done chkdisk with repair.
Other Symtoms:
After Log In a lot of "normal" processes starts. But they occupy a lot of processor-power(100% and disk-activity(100%) for about 5 min(10-20 Mb/sec). Then it goes down to normal but during a few minutes I can hardly do anything. Memory-hard errors also increases sometimes. Svchost.exe (LocalSystemNetwork-Restricted) is the process that takes upp most of the disk-usage(100%). It looks like some kind of backup? Reading and reading almost everything(and in the end writing). Both Back- ground and Normal processes with 100-500 ms response-times. Also Trusted Installer runs.
Sometimes sudden close-down of computer but after rebooting there is no info about "unexpected close-down" as when overheating does the same!
* Icons on desktop often disappears. But they are all reproduced in a minute.
* RoqueKiller shows 3 HP Desk PUM´s. When deleted they are all replaced!(Log encl)
* Have 2 Dllhost at start-up every time I look in TaskManager but both disappears in seconds.
Both have long command-instructions.
* Have 2 csrss.exe programs running with identical very long command-instructions, starts with
Object dir =\Windows Shared Section.......
* Can not disable Window Components(exe-program stalls)
* On desktop there is a folder named "Shared" which is undeletable.
* Mobsync.exe starts after booting. Had the file renamed. So no more problems!
* Since Mobsync.exe where renamed my fan has been doing a slow come-back! Fan tries to start
when there is very low processor-activity. Today it seems working fine!
* Have a disk-volyme named \\?...hexadec.-name... . Don´t know what it is!
* I don´t use IE since reinstalling OS(only once). Think it´s compromized. Thought of uninstall it but it
doesn´t work(see above)
LOGS(4): (sorry about some swedish language in logs(3), but nothing really to missunderstand I hope)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databasversion: v2014.01.26.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ägaren :: ÄGAREN-DATOR [administratör]
2014-01-26 17:42:43
mbam-log-2014-01-26 (17-42-43).txt
Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 221226
Förfluten tid: 6 minut(er), 4 sekund(er)
Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)
Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)
Upptäckta registernycklar: 0
(Inga skadliga poster hittades)
Upptäckta registervärden: 0
(Inga skadliga poster hittades)
Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)
Upptäckta mappar: 0
(Inga skadliga poster hittades)
Upptäckta filer: 0
(Inga skadliga poster hittades)
(klar)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.45.2
Run by Ägaren at 17:59:48 on 2014-01-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.1256 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ägaren\Desktop\dds.scr
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{7C28FB24-23FB-4DFF-9F5A-02C6CBD9B99D} : DHCPNameServer = 83.255.245.11 193.150.193.150
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ägaren\appdata\roaming\mozilla\firefox\profiles\zmugow3t.default\
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-4 208896]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-10-16 159840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
S3 NisSrv;Microsoft Nätverkskontroll;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2013-12-29 4608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-01-26 16:08:50 -------- d--h--w- c:\windows\PIF
2014-01-25 19:32:04 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbecb68-8c3d-4771-bac3-253642915985}\mpengine.dll
2014-01-24 18:59:03 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c23d153-8ac1-4cbd-aaf1-7c9fb6aee1dc}\gapaengine.dll
2014-01-21 15:20:15 -------- d-----w- c:\windows\CheckSur
2014-01-18 12:50:52 -------- d-----r- C:\Sandbox
2014-01-18 01:41:05 -------- d-----w- c:\program files\Sandboxie
2014-01-15 11:03:00 -------- d-----w- c:\windows\Migration
2014-01-09 21:45:49 -------- d-----w- C:\mbar
2014-01-09 20:42:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-06 22:40:02 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2014-01-06 22:39:53 -------- d-----w- c:\program files\Notebook Hardware Control
2014-01-04 14:58:14 -------- d-----w- c:\program files\Belarc
2013-12-31 12:25:56 -------- d-----w- C:\getservices
2013-12-29 15:07:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-29 14:54:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-29 14:54:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-29 14:39:39 -------- d-----w- c:\program files\RMClock
2013-12-28 23:18:41 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-28 23:18:41 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-28 23:18:41 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-28 23:18:41 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-28 23:18:41 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-28 23:17:56 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-28 23:17:52 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-28 23:17:51 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-28 23:17:51 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-28 23:17:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-28 23:14:58 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-28 17:03:17 -------- d-----w- c:\program files\BillP Studios
2013-12-28 09:37:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-12-28 09:37:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-12-28 09:37:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-27 23:28:29 -------- d-----w- c:\program files\SysInternals
.
==================== Find3M ====================
.
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-09 22:03:59 4608 ----a-w- c:\windows\system32\drivers\null.sys.bak
2014-01-08 01:03:45 334720 ----a-w- c:\program files\RootkitRevealer.exe
2013-12-30 08:09:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-30 08:09:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:43:24 1105408 ----a-w- c:\windows\system32\urlmon(634).dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet(747).dll
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:36:16 1796096 ----a-w- c:\windows\system32\iertutil(582).dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-10 04:35:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-09-20 13:30:30 475136 ----a-w- c:\program files\setup.exe
2013-09-20 13:30:28 2260992 ----a-w- c:\program files\openoffice401.msi
.
============= FINISH: 17:59:56,99 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2013-10-21 12:51:15
System Uptime: 2014-01-26 15:45:34 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | F40
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2101/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 139,631 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 38 GiB total, 37,482 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP111: 2013-12-27 20:13:12 - Återställningsåtgärd
RP112: 2013-12-27 22:34:30 - Återställningsåtgärd
RP113: 2013-12-27 23:06:39 - Återställningsåtgärd
RP114: 2013-12-27 23:19:07 - Återställningsåtgärd
RP115: 2013-12-27 23:37:13 - Återställningsåtgärd
RP116: 2013-12-28 01:20:59 - Windows Update
RP117: 2013-12-28 10:37:12 - Windows Update
RP119: 2013-12-28 11:22:19 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP121: 2013-12-28 16:00:47 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP122: 2013-12-29 13:01:25 - Windows Update
RP123: 2013-12-30 13:04:58 - Windows Update
RP124: 2014-01-02 23:17:51 - Windows Update
RP125: 2014-01-05 01:02:20 - Windows Update
RP126: 2014-01-08 00:51:42 - Efter anpassn av Schemalägg samt före borttag av appmngr/fil sa
RP127: 2014-01-08 12:47:32 - Windows Update
RP128: 2014-01-09 08:57:39 - Före körning av RoqueKiller och borttag av Recycle(19).Bin26/11
RP129: 2014-01-12 17:20:08 - Windows Update
RP131: 2014-01-12 18:43:38 - Revo Uninstaller's restore point - Prevx
RP132: 2014-01-15 11:57:23 - Windows Update
RP133: 2014-01-19 14:48:43 - Windows Update
RP134: 2014-01-20 17:08:53 - Windows Update
RP135: 2014-01-21 14:13:33 - Schemalagd kontrollpunkt
RP136: 2014-01-21 15:08:27 - Installationsprogram för Windows-moduler
RP137: 2014-01-21 15:46:55 - Före fix av Windows-funktioner
RP138: 2014-01-21 16:19:47 - Windows Update
RP139: 2014-01-24 18:23:24 - Schemalagd kontrollpunkt
RP140: 2014-01-24 19:58:36 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Ad-Aware Security Add-on
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belarc Advisor 8.4
CCleaner
Exterminate It!
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (SVE)
Microsoft .NET Framework 4.5.1 (svenska)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola SM56 Speakerphone Modem
Mozilla Firefox 26.0 (x86 sv-SE)
Mozilla Maintenance Service
NirSoft BlueScreenView
Nitro PDF Reader 2
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
NVIDIA Drivers
OpenOffice 4.0.1
PVSonyDll
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Sandboxie 4.06 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinPatrol
.
==== End Of File ===========================
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Ägaren [Admin rights]
Mode : Remove -- Date : 01/09/2014 20:40:44
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
[...]
¤¤¤ MBR Check: ¤¤¤
Finished : << RKreport[0]_D_01092014_204044.txt >>
RKreport[0]_S_01092014_203618.txt
Belarc shows a lot of security-problems, done SFC-scannow with repair done, done chkdisk with repair.
Other Symtoms:
After Log In a lot of "normal" processes starts. But they occupy a lot of processor-power(100% and disk-activity(100%) for about 5 min(10-20 Mb/sec). Then it goes down to normal but during a few minutes I can hardly do anything. Memory-hard errors also increases sometimes. Svchost.exe (LocalSystemNetwork-Restricted) is the process that takes upp most of the disk-usage(100%). It looks like some kind of backup? Reading and reading almost everything(and in the end writing). Both Back- ground and Normal processes with 100-500 ms response-times. Also Trusted Installer runs.
Sometimes sudden close-down of computer but after rebooting there is no info about "unexpected close-down" as when overheating does the same!
* Icons on desktop often disappears. But they are all reproduced in a minute.
* RoqueKiller shows 3 HP Desk PUM´s. When deleted they are all replaced!(Log encl)
* Have 2 Dllhost at start-up every time I look in TaskManager but both disappears in seconds.
Both have long command-instructions.
* Have 2 csrss.exe programs running with identical very long command-instructions, starts with
Object dir =\Windows Shared Section.......
* Can not disable Window Components(exe-program stalls)
* On desktop there is a folder named "Shared" which is undeletable.
* Mobsync.exe starts after booting. Had the file renamed. So no more problems!
* Since Mobsync.exe where renamed my fan has been doing a slow come-back! Fan tries to start
when there is very low processor-activity. Today it seems working fine!
* Have a disk-volyme named \\?...hexadec.-name... . Don´t know what it is!
* I don´t use IE since reinstalling OS(only once). Think it´s compromized. Thought of uninstall it but it
doesn´t work(see above)
LOGS(4): (sorry about some swedish language in logs(3), but nothing really to missunderstand I hope)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databasversion: v2014.01.26.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ägaren :: ÄGAREN-DATOR [administratör]
2014-01-26 17:42:43
mbam-log-2014-01-26 (17-42-43).txt
Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 221226
Förfluten tid: 6 minut(er), 4 sekund(er)
Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)
Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)
Upptäckta registernycklar: 0
(Inga skadliga poster hittades)
Upptäckta registervärden: 0
(Inga skadliga poster hittades)
Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)
Upptäckta mappar: 0
(Inga skadliga poster hittades)
Upptäckta filer: 0
(Inga skadliga poster hittades)
(klar)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.45.2
Run by Ägaren at 17:59:48 on 2014-01-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2046.1256 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ägaren\Desktop\dds.scr
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{7C28FB24-23FB-4DFF-9F5A-02C6CBD9B99D} : DHCPNameServer = 83.255.245.11 193.150.193.150
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ägaren\appdata\roaming\mozilla\firefox\profiles\zmugow3t.default\
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-4 208896]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-10-16 159840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
S3 NisSrv;Microsoft Nätverkskontroll;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2013-12-29 4608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-01-26 16:08:50 -------- d--h--w- c:\windows\PIF
2014-01-25 19:32:04 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbecb68-8c3d-4771-bac3-253642915985}\mpengine.dll
2014-01-24 18:59:03 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-01-23 17:28:45 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c23d153-8ac1-4cbd-aaf1-7c9fb6aee1dc}\gapaengine.dll
2014-01-21 15:20:15 -------- d-----w- c:\windows\CheckSur
2014-01-18 12:50:52 -------- d-----r- C:\Sandbox
2014-01-18 01:41:05 -------- d-----w- c:\program files\Sandboxie
2014-01-15 11:03:00 -------- d-----w- c:\windows\Migration
2014-01-09 21:45:49 -------- d-----w- C:\mbar
2014-01-09 20:42:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-06 22:40:02 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2014-01-06 22:39:53 -------- d-----w- c:\program files\Notebook Hardware Control
2014-01-04 14:58:14 -------- d-----w- c:\program files\Belarc
2013-12-31 12:25:56 -------- d-----w- C:\getservices
2013-12-29 15:07:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-12-29 14:54:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-29 14:54:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-29 14:39:39 -------- d-----w- c:\program files\RMClock
2013-12-28 23:18:41 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-28 23:18:41 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-28 23:18:41 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-28 23:18:41 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-28 23:18:41 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-28 23:17:56 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-28 23:17:52 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-28 23:17:51 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-28 23:17:51 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-28 23:17:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-28 23:14:58 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-28 17:03:17 -------- d-----w- c:\program files\BillP Studios
2013-12-28 09:37:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-12-28 09:37:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-12-28 09:37:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-27 23:28:29 -------- d-----w- c:\program files\SysInternals
.
==================== Find3M ====================
.
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-09 22:03:59 4608 ----a-w- c:\windows\system32\drivers\null.sys.bak
2014-01-08 01:03:45 334720 ----a-w- c:\program files\RootkitRevealer.exe
2013-12-30 08:09:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-30 08:09:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:43:24 1105408 ----a-w- c:\windows\system32\urlmon(634).dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet(747).dll
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:36:16 1796096 ----a-w- c:\windows\system32\iertutil(582).dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-10 04:35:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-09-20 13:30:30 475136 ----a-w- c:\program files\setup.exe
2013-09-20 13:30:28 2260992 ----a-w- c:\program files\openoffice401.msi
.
============= FINISH: 17:59:56,99 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2013-10-21 12:51:15
System Uptime: 2014-01-26 15:45:34 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | F40
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2101/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 139,631 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 38 GiB total, 37,482 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP111: 2013-12-27 20:13:12 - Återställningsåtgärd
RP112: 2013-12-27 22:34:30 - Återställningsåtgärd
RP113: 2013-12-27 23:06:39 - Återställningsåtgärd
RP114: 2013-12-27 23:19:07 - Återställningsåtgärd
RP115: 2013-12-27 23:37:13 - Återställningsåtgärd
RP116: 2013-12-28 01:20:59 - Windows Update
RP117: 2013-12-28 10:37:12 - Windows Update
RP119: 2013-12-28 11:22:19 - Revo Uninstaller's restore point - Microsoft Security Essentials
RP121: 2013-12-28 16:00:47 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP122: 2013-12-29 13:01:25 - Windows Update
RP123: 2013-12-30 13:04:58 - Windows Update
RP124: 2014-01-02 23:17:51 - Windows Update
RP125: 2014-01-05 01:02:20 - Windows Update
RP126: 2014-01-08 00:51:42 - Efter anpassn av Schemalägg samt före borttag av appmngr/fil sa
RP127: 2014-01-08 12:47:32 - Windows Update
RP128: 2014-01-09 08:57:39 - Före körning av RoqueKiller och borttag av Recycle(19).Bin26/11
RP129: 2014-01-12 17:20:08 - Windows Update
RP131: 2014-01-12 18:43:38 - Revo Uninstaller's restore point - Prevx
RP132: 2014-01-15 11:57:23 - Windows Update
RP133: 2014-01-19 14:48:43 - Windows Update
RP134: 2014-01-20 17:08:53 - Windows Update
RP135: 2014-01-21 14:13:33 - Schemalagd kontrollpunkt
RP136: 2014-01-21 15:08:27 - Installationsprogram för Windows-moduler
RP137: 2014-01-21 15:46:55 - Före fix av Windows-funktioner
RP138: 2014-01-21 16:19:47 - Windows Update
RP139: 2014-01-24 18:23:24 - Schemalagd kontrollpunkt
RP140: 2014-01-24 19:58:36 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Ad-Aware Security Add-on
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Belarc Advisor 8.4
CCleaner
Exterminate It!
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (SVE)
Microsoft .NET Framework 4.5.1 (svenska)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola SM56 Speakerphone Modem
Mozilla Firefox 26.0 (x86 sv-SE)
Mozilla Maintenance Service
NirSoft BlueScreenView
Nitro PDF Reader 2
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
NVIDIA Drivers
OpenOffice 4.0.1
PVSonyDll
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Sandboxie 4.06 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinPatrol
.
==== End Of File ===========================
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Ägaren [Admin rights]
Mode : Remove -- Date : 01/09/2014 20:40:44
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
[...]
¤¤¤ MBR Check: ¤¤¤
Finished : << RKreport[0]_D_01092014_204044.txt >>
RKreport[0]_S_01092014_203618.txt