Hi,
I Would be grateful for some advice/help. I had a window pop-up detailing that MediaPlayerplus is infected; I'm pretty sure it wasn't a window associated with my Avast Antivirus. Not sure where this MediaPlayerplus has come from, I think it may have been part of associated programs/codecs that was used when I installed Popcorn MKV converter.
I have now un-installed as much of these as I can via Control Panel/Uninstall; some still remain and seem stubborn to remove by this method. I have not done anything else like deleting from Programs folder for fear that this may not completely remove them. All these programs came from the web in general via normal download, not via Usenet.
I am also suspicious of Java install.
I have then run a boot scan and looking in Avast chest it now reports that it has - Win32Installer-AP [PUP], Win32:Malware-gen, NSIS:Adware-NN {PUP], Win32:PUP-gen [PUP] and FileRepMetagen [Malware]. I would like to delete all of these but haven't done so yet in case they are of use in tracking down the root cause.
System is - T2300 @ 1.66Ghz, 2Gb Ram, Win7 32bit with SP1. I only have access to a Windows install disk.
Thanks in advance for any help
Headly
DDS.TXT -
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by X at 9:24:03 on 2014-04-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.1326 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - c:\program files\mediaplayerplus\MediaPlayerplus-bho.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [fst_gb_4] <no file>
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\e0fdfaa8-df9c-4863-a4ce-27a6a8ddc184.exe /check
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DD65F08-AB37-4B8F-A4CD-62D3A14B128C} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DD65F08-AB37-4B8F-A4CD-62D3A14B128C}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.1 8.8.8.8 4.2.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\x\appdata\roaming\mozilla\firefox\profiles\0zrxemxs.default\
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-13 180760]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-4-14 107256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-13 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-13 411552]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2014-4-22 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-4-14 156024]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-4-14 228888]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-13 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-13 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-4-14 1444120]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-4-13 67264]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-10-18 971752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-15 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-13 1343400]
.
=============== Created Last 30 ================
.
2014-04-29 07:10:21 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{406d44ce-83c6-4cde-8182-301871fdb907}\mpengine.dll
2014-04-28 23:27:55 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 21:12:54 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 21:12:53 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-27 12:27:26 -------- d-----w- c:\program files\predm
2014-04-27 12:24:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-27 12:24:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-27 12:21:43 1107768 ----a-w- c:\users\x\appdata\local\nsx507E.tmp
2014-04-27 12:20:22 -------- d-----w- c:\program files\MediaPlayerplus
2014-04-27 12:18:31 -------- d-----w- c:\users\x\appdata\local\Programs
2014-04-25 09:59:00 -------- d-----w- c:\users\x\appdata\local\Adobe
2014-04-25 09:18:29 -------- d-----w- c:\programdata\IDMComp
2014-04-25 09:16:56 -------- d-----w- c:\program files\IDM Computer Solutions
2014-04-25 08:56:51 -------- d-----w- c:\users\x\appdata\local\Downloaded Installations
2014-04-22 14:57:46 -------- d-----w- c:\users\x\appdata\local\Trusteer
2014-04-22 14:57:32 -------- d-----w- c:\program files\Trusteer
2014-04-22 14:55:40 -------- d-----w- c:\programdata\Trusteer
2014-04-21 19:13:52 -------- d-----w- c:\programdata\F-Secure
2014-04-20 14:12:29 -------- d-----w- c:\program files\common files\DivX Shared
2014-04-20 12:53:11 -------- d-----w- c:\users\x\appdata\roaming\LavFilters
2014-04-20 12:53:11 -------- d-----w- c:\users\x\appdata\roaming\CDXReader
2014-04-20 12:53:09 -------- d-----w- c:\programdata\DivX
2014-04-20 12:53:09 -------- d-----w- c:\program files\DSP-worx
2014-04-20 12:33:32 -------- d-----w- c:\users\x\appdata\roaming\DigitalSites
2014-04-20 11:49:12 -------- d-----w- c:\program files\MediaInfo
2014-04-19 20:12:34 -------- d-----w- c:\program files\MKVToolNix
2014-04-18 09:16:17 -------- d-----w- c:\program files\Lightspeed Screen Saver
2014-04-17 17:19:20 -------- d-----w- c:\program files\Analog Devices
2014-04-17 16:57:47 -------- d-----w- C:\Drivers
2014-04-17 16:36:48 -------- d-----w- c:\program files\VideoLAN
2014-04-16 21:30:50 -------- d-----w- c:\users\x\appdata\local\QuickPar
2014-04-16 21:23:17 -------- d-----w- c:\program files\QuickPar
2014-04-16 20:19:24 -------- d-----w- c:\users\x\appdata\roaming\NewsBin
2014-04-16 20:19:24 -------- d-----w- c:\programdata\NewsBin
2014-04-16 20:19:24 -------- d-----w- c:\program files\NewsBin
2014-04-16 19:44:12 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-04-16 19:42:12 -------- d-----w- c:\windows\PCHEALTH
2014-04-16 19:42:12 -------- d-----w- c:\program files\Microsoft SQL Server
2014-04-16 19:38:36 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-04-16 19:38:12 -------- d-----w- c:\users\x\appdata\local\Microsoft Help
2014-04-16 19:32:19 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-04-15 17:28:59 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 06:54:08 -------- d-----w- c:\users\x\appdata\local\ElevatedDiagnostics
2014-04-15 06:49:07 -------- d-----w- c:\users\x\appdata\local\Diagnostics
2014-04-13 23:01:06 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-04-13 20:26:54 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-04-13 19:39:02 -------- d-----w- c:\program files\HashTab Shell Extension
2014-04-13 19:36:34 -------- d-----w- c:\windows\system32\ShellExt
2014-04-13 17:56:31 -------- d-----w- c:\users\x\appdata\roaming\AVAST Software
2014-04-13 17:55:37 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-13 17:55:35 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-13 17:55:32 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-13 17:55:30 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-13 17:55:24 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-13 17:55:20 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-13 17:54:58 43152 ----a-w- c:\windows\avastSS.scr
2014-04-13 17:54:09 -------- d-----w- c:\program files\AVAST Software
2014-04-13 17:52:30 -------- d-----w- c:\programdata\AVAST Software
2014-04-13 17:27:20 -------- d-----w- c:\users\x\appdata\local\Mozilla
2014-04-13 17:21:43 -------- d-----w- c:\windows\Migration
2014-04-13 17:15:17 -------- d-----w- c:\users\x\appdata\local\Google
2014-04-13 17:14:22 -------- d-----w- c:\users\x\appdata\local\Apps
2014-04-13 17:14:19 -------- d-----w- c:\users\x\appdata\local\Deployment
2014-04-13 16:57:30 -------- d-----w- c:\windows\system32\Wat
2014-04-13 09:43:41 797216 ----a-w- c:\windows\system32\nvcplui.exe
2014-04-13 09:43:41 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2014-04-13 09:43:41 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2014-04-13 09:43:40 453152 ----a-w- c:\windows\system32\nvuninst.exe
2014-04-13 09:34:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-13 09:34:30 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-13 09:34:30 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-13 09:34:30 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-13 09:34:29 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-13 09:34:29 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-13 09:34:29 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-13 09:32:57 5120 ----a-w- c:\windows\system32\wmi.dll
2014-04-13 09:32:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-04-13 09:28:53 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-04-13 09:16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-13 09:14:34 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-13 09:14:34 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-13 09:01:16 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-13 08:55:52 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-13 08:52:05 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-04-13 08:52:05 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-04-13 08:52:04 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-04-13 08:50:49 1549312 ----a-w- c:\windows\system32\tquery.dll
2014-04-13 08:49:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-04-13 08:48:58 903168 ----a-w- c:\windows\system32\certutil.exe
2014-04-13 08:47:57 67072 ----a-w- c:\windows\system32\packager.dll
2014-04-13 08:46:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2014-04-13 08:45:59 850944 ----a-w- c:\windows\system32\sbe.dll
2014-04-13 08:43:35 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-04-13 08:43:35 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-04-13 08:43:35 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-04-13 08:26:25 769024 ----a-w- c:\windows\system32\localspl.dll
2014-04-13 08:24:48 101720 ----a-w- c:\windows\system32\consent.exe
2014-04-13 08:24:47 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-04-13 08:24:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-04-13 08:24:26 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-13 08:24:26 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-13 08:24:26 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-13 08:24:26 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-13 08:24:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-13 08:24:26 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-13 08:24:24 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-04-13 07:07:04 -------- d-----w- c:\windows\Panther
2014-04-13 07:06:47 -------- d-sh--w- C:\Boot
2014-04-12 23:06:36 -------- d-----w- c:\windows\AutoKMS
2014-04-12 23:06:14 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-04-12 23:05:02 -------- d-----w- c:\programdata\Microsoft Toolkit
2014-04-12 23:01:15 -------- d-sh--w- c:\windows\Installer
2014-04-12 22:36:24 -------- d-----w- c:\program files\AuthenTec
2014-04-12 22:30:56 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-04-12 22:30:56 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-04-12 22:24:44 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-12 22:23:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-12 22:22:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-12 22:22:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-12 22:21:10 -------- d-----w- c:\users\x\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2014-04-13 08:58:54 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:07:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-02-04 02:07:50 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-02-04 02:07:41 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- c:\windows\system32\iologmsg.dll
.
============= FINISH: 9:24:45.60 ===============
I Would be grateful for some advice/help. I had a window pop-up detailing that MediaPlayerplus is infected; I'm pretty sure it wasn't a window associated with my Avast Antivirus. Not sure where this MediaPlayerplus has come from, I think it may have been part of associated programs/codecs that was used when I installed Popcorn MKV converter.
I have now un-installed as much of these as I can via Control Panel/Uninstall; some still remain and seem stubborn to remove by this method. I have not done anything else like deleting from Programs folder for fear that this may not completely remove them. All these programs came from the web in general via normal download, not via Usenet.
I am also suspicious of Java install.
I have then run a boot scan and looking in Avast chest it now reports that it has - Win32Installer-AP [PUP], Win32:Malware-gen, NSIS:Adware-NN {PUP], Win32:PUP-gen [PUP] and FileRepMetagen [Malware]. I would like to delete all of these but haven't done so yet in case they are of use in tracking down the root cause.
System is - T2300 @ 1.66Ghz, 2Gb Ram, Win7 32bit with SP1. I only have access to a Windows install disk.
Thanks in advance for any help
Headly
DDS.TXT -
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by X at 9:24:03 on 2014-04-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.1326 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - c:\program files\mediaplayerplus\MediaPlayerplus-bho.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [fst_gb_4] <no file>
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\e0fdfaa8-df9c-4863-a4ce-27a6a8ddc184.exe /check
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DD65F08-AB37-4B8F-A4CD-62D3A14B128C} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DD65F08-AB37-4B8F-A4CD-62D3A14B128C}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.1 8.8.8.8 4.2.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\x\appdata\roaming\mozilla\firefox\profiles\0zrxemxs.default\
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-13 180760]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-4-14 107256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-13 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-13 411552]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2014-4-22 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-4-14 156024]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-4-14 228888]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-13 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-13 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-4-14 1444120]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-4-13 67264]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-10-18 971752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-15 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-13 1343400]
.
=============== Created Last 30 ================
.
2014-04-29 07:10:21 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{406d44ce-83c6-4cde-8182-301871fdb907}\mpengine.dll
2014-04-28 23:27:55 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 21:12:54 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 21:12:53 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-27 12:27:26 -------- d-----w- c:\program files\predm
2014-04-27 12:24:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-27 12:24:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-27 12:21:43 1107768 ----a-w- c:\users\x\appdata\local\nsx507E.tmp
2014-04-27 12:20:22 -------- d-----w- c:\program files\MediaPlayerplus
2014-04-27 12:18:31 -------- d-----w- c:\users\x\appdata\local\Programs
2014-04-25 09:59:00 -------- d-----w- c:\users\x\appdata\local\Adobe
2014-04-25 09:18:29 -------- d-----w- c:\programdata\IDMComp
2014-04-25 09:16:56 -------- d-----w- c:\program files\IDM Computer Solutions
2014-04-25 08:56:51 -------- d-----w- c:\users\x\appdata\local\Downloaded Installations
2014-04-22 14:57:46 -------- d-----w- c:\users\x\appdata\local\Trusteer
2014-04-22 14:57:32 -------- d-----w- c:\program files\Trusteer
2014-04-22 14:55:40 -------- d-----w- c:\programdata\Trusteer
2014-04-21 19:13:52 -------- d-----w- c:\programdata\F-Secure
2014-04-20 14:12:29 -------- d-----w- c:\program files\common files\DivX Shared
2014-04-20 12:53:11 -------- d-----w- c:\users\x\appdata\roaming\LavFilters
2014-04-20 12:53:11 -------- d-----w- c:\users\x\appdata\roaming\CDXReader
2014-04-20 12:53:09 -------- d-----w- c:\programdata\DivX
2014-04-20 12:53:09 -------- d-----w- c:\program files\DSP-worx
2014-04-20 12:33:32 -------- d-----w- c:\users\x\appdata\roaming\DigitalSites
2014-04-20 11:49:12 -------- d-----w- c:\program files\MediaInfo
2014-04-19 20:12:34 -------- d-----w- c:\program files\MKVToolNix
2014-04-18 09:16:17 -------- d-----w- c:\program files\Lightspeed Screen Saver
2014-04-17 17:19:20 -------- d-----w- c:\program files\Analog Devices
2014-04-17 16:57:47 -------- d-----w- C:\Drivers
2014-04-17 16:36:48 -------- d-----w- c:\program files\VideoLAN
2014-04-16 21:30:50 -------- d-----w- c:\users\x\appdata\local\QuickPar
2014-04-16 21:23:17 -------- d-----w- c:\program files\QuickPar
2014-04-16 20:19:24 -------- d-----w- c:\users\x\appdata\roaming\NewsBin
2014-04-16 20:19:24 -------- d-----w- c:\programdata\NewsBin
2014-04-16 20:19:24 -------- d-----w- c:\program files\NewsBin
2014-04-16 19:44:12 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-04-16 19:42:12 -------- d-----w- c:\windows\PCHEALTH
2014-04-16 19:42:12 -------- d-----w- c:\program files\Microsoft SQL Server
2014-04-16 19:38:36 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-04-16 19:38:12 -------- d-----w- c:\users\x\appdata\local\Microsoft Help
2014-04-16 19:32:19 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-04-15 17:28:59 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 06:54:08 -------- d-----w- c:\users\x\appdata\local\ElevatedDiagnostics
2014-04-15 06:49:07 -------- d-----w- c:\users\x\appdata\local\Diagnostics
2014-04-13 23:01:06 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-04-13 20:26:54 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-04-13 19:39:02 -------- d-----w- c:\program files\HashTab Shell Extension
2014-04-13 19:36:34 -------- d-----w- c:\windows\system32\ShellExt
2014-04-13 17:56:31 -------- d-----w- c:\users\x\appdata\roaming\AVAST Software
2014-04-13 17:55:37 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-13 17:55:35 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-13 17:55:32 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-13 17:55:30 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-13 17:55:24 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-13 17:55:20 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-13 17:54:58 43152 ----a-w- c:\windows\avastSS.scr
2014-04-13 17:54:09 -------- d-----w- c:\program files\AVAST Software
2014-04-13 17:52:30 -------- d-----w- c:\programdata\AVAST Software
2014-04-13 17:27:20 -------- d-----w- c:\users\x\appdata\local\Mozilla
2014-04-13 17:21:43 -------- d-----w- c:\windows\Migration
2014-04-13 17:15:17 -------- d-----w- c:\users\x\appdata\local\Google
2014-04-13 17:14:22 -------- d-----w- c:\users\x\appdata\local\Apps
2014-04-13 17:14:19 -------- d-----w- c:\users\x\appdata\local\Deployment
2014-04-13 16:57:30 -------- d-----w- c:\windows\system32\Wat
2014-04-13 09:43:41 797216 ----a-w- c:\windows\system32\nvcplui.exe
2014-04-13 09:43:41 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2014-04-13 09:43:41 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2014-04-13 09:43:40 453152 ----a-w- c:\windows\system32\nvuninst.exe
2014-04-13 09:34:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-13 09:34:30 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-13 09:34:30 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-13 09:34:30 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-13 09:34:29 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-13 09:34:29 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-13 09:34:29 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-13 09:32:57 5120 ----a-w- c:\windows\system32\wmi.dll
2014-04-13 09:32:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-04-13 09:28:53 293376 ----a-w- c:\windows\system32\browserchoice.exe
2014-04-13 09:16:19 -------- d-----w- c:\windows\system32\MRT
2014-04-13 09:14:34 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-13 09:14:34 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-13 09:01:16 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-13 08:55:52 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-13 08:52:05 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-04-13 08:52:05 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-04-13 08:52:04 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-04-13 08:50:49 1549312 ----a-w- c:\windows\system32\tquery.dll
2014-04-13 08:49:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-04-13 08:48:58 903168 ----a-w- c:\windows\system32\certutil.exe
2014-04-13 08:47:57 67072 ----a-w- c:\windows\system32\packager.dll
2014-04-13 08:46:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2014-04-13 08:45:59 850944 ----a-w- c:\windows\system32\sbe.dll
2014-04-13 08:43:35 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-04-13 08:43:35 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-04-13 08:43:35 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-04-13 08:26:25 769024 ----a-w- c:\windows\system32\localspl.dll
2014-04-13 08:24:48 101720 ----a-w- c:\windows\system32\consent.exe
2014-04-13 08:24:47 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-04-13 08:24:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-04-13 08:24:26 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-13 08:24:26 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-13 08:24:26 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-13 08:24:26 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-13 08:24:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-13 08:24:26 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-13 08:24:24 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-04-13 07:07:04 -------- d-----w- c:\windows\Panther
2014-04-13 07:06:47 -------- d-sh--w- C:\Boot
2014-04-12 23:06:36 -------- d-----w- c:\windows\AutoKMS
2014-04-12 23:06:14 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-04-12 23:05:02 -------- d-----w- c:\programdata\Microsoft Toolkit
2014-04-12 23:01:15 -------- d-sh--w- c:\windows\Installer
2014-04-12 22:36:24 -------- d-----w- c:\program files\AuthenTec
2014-04-12 22:30:56 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-04-12 22:30:56 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-04-12 22:24:44 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-04-12 22:23:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-04-12 22:22:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-04-12 22:22:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-12 22:21:10 -------- d-----w- c:\users\x\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2014-04-13 08:58:54 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:07:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-02-04 02:07:50 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-02-04 02:07:41 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- c:\windows\system32\iologmsg.dll
.
============= FINISH: 9:24:45.60 ===============