Hello,
This started as a result of me being stupid. I have Avast anti virus, and I disabled it for an hour to complete a specific task on my phone.
At the beginning my computer was running very slow. Programs and Windows features took forever to open. A program called Eclipse crashed pretty badly and I restarted the computer. I thought it was Eclipse that was the cause of it so I restarted my computer one or two more times (I know, I'm stupid).
Eventually, Windows wouldn't start. I saw only the mouse which was not responding and a black background. I tried opening safe mode and it didn't work, and that time there was no mouse.
The next time I was able to get into some kind of trouble shooting boot, and Windows started in an earlier stage (about first reset). I ran Avast full scan, which only scanned one folder and 10 files. Path said "Pid 836".
I opened task manager to see what was slowing down the computer - It was a couple of service hosts: local service, one running 7 services, the other 10.
I started the computer at safe mode and there was no problem.
I moved my important files to my other hard disk and ran an Avast scan, which ran through the computer but didn't find anything. Looking at it's logs, it had a problem scanning a few of it's own files, with the error saying "system didn't find files in path". The threat level was blank.
I scheduled a boot scan and made windows open up in safe mode with networking. The boot scan didn't scan anything so now I'm asking you for help.
In safe mode the computer seems to run all right, but there are still some weird things going on -Chrome not downloading the DDS file (Internet Explorer was able to do it), when I accidentally moved the logs in my desktop and hit "Ctrl+z" the dds script was gone, recycle bin empty. Not sure if they are really because of the virus or just coincidences.
DDS
----------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2
Run by Neta at 0:11:45 on 2013-08-10
Microsoft Windows 8 Pro 6.2.9200.0.1255.972.1033.18.4073.2961 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Neta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{540A8840-F67E-46CF-840D-5164B4861590} : DHCPNameServer = 192.117.235.235 62.219.186.7
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-25 283200]
S0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-5-25 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-5-25 189936]
S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-5-25 1030952]
S1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-5-25 378944]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-5-25 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-5-25 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-25 46808]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 14984480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem10.inf,%PID_0802_DD%(UVC);Logitech Webcam 200(UVC);C:\Windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2013-7-30 39712]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0153;RsFx0153 Driver;C:\Windows\System32\Drivers\RsFx0153.sys [2012-6-29 321992]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-29 441288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-09 15:34:26 -------- d-----w- C:\Users\Neta\.android
2013-08-09 15:34:21 -------- d-----w- C:\Users\Neta\workspace_Android
2013-08-06 18:11:31 -------- d-----w- C:\Users\Neta\AppData\Local\Samsung
2013-08-06 18:11:29 -------- d-----w- C:\Users\Neta\AppData\Roaming\Samsung
2013-08-06 18:07:28 -------- d-----w- C:\ProgramData\Samsung
2013-08-06 18:07:28 -------- d-----w- C:\Program Files (x86)\Samsung
2013-08-06 18:03:34 -------- d-----w- C:\Users\Neta\AppData\Local\Downloaded Installations
2013-07-30 18:46:08 -------- d-----w- C:\NvidiaLogging
2013-07-30 18:45:08 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-07-30 18:45:08 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-07-30 18:45:08 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-22 09:16:06 -------- d-----w- C:\FFOutput
2013-07-22 09:14:55 -------- d-----w- C:\Program Files (x86)\FreeTime
2013-07-21 19:10:31 -------- d-----w- C:\Windows\System32\MRT
2013-07-18 14:03:58 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-07-18 14:03:58 2391280 ----a-w- C:\Windows\explorer.exe
2013-07-18 14:03:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-07-18 14:03:58 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-07-18 14:03:57 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-07-18 14:03:57 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-07-18 14:03:57 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-07-18 14:03:57 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-07-18 14:03:57 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-07-18 14:03:57 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-07-18 14:03:57 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-07-18 14:03:56 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-07-18 14:03:25 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-07-18 09:54:59 -------- d-----w- C:\Games
2013-07-18 09:47:09 33 ----a-w- C:\Windows\SysWow64\mnprxpd2f.bin
2013-07-18 09:46:57 -------- d-----w- C:\Program Files (x86)\ChordPulse
2013-07-15 21:22:57 144384 ----a-w- C:\Windows\System32\tssdisai.dll
.
==================== Find3M ====================
.
2013-08-09 18:36:29 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-07-18 16:01:06 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-18 16:01:05 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-06-28 06:36:00 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-28 06:36:00 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-24 12:13:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 12:13:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 12:13:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 02:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-18 00:40:33 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-18 00:40:33 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-13 20:31:08 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-13 20:18:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-08 14:15:56 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 14:15:50 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-08 14:15:50 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-05-25 19:12:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
.
============= FINISH: 0:12:41.68 ===============
Sorry for explaining for so long, your guide said to write every little thing...
Thanks in advance!
This started as a result of me being stupid. I have Avast anti virus, and I disabled it for an hour to complete a specific task on my phone.
At the beginning my computer was running very slow. Programs and Windows features took forever to open. A program called Eclipse crashed pretty badly and I restarted the computer. I thought it was Eclipse that was the cause of it so I restarted my computer one or two more times (I know, I'm stupid).
Eventually, Windows wouldn't start. I saw only the mouse which was not responding and a black background. I tried opening safe mode and it didn't work, and that time there was no mouse.
The next time I was able to get into some kind of trouble shooting boot, and Windows started in an earlier stage (about first reset). I ran Avast full scan, which only scanned one folder and 10 files. Path said "Pid 836".
I opened task manager to see what was slowing down the computer - It was a couple of service hosts: local service, one running 7 services, the other 10.
I started the computer at safe mode and there was no problem.
I moved my important files to my other hard disk and ran an Avast scan, which ran through the computer but didn't find anything. Looking at it's logs, it had a problem scanning a few of it's own files, with the error saying "system didn't find files in path". The threat level was blank.
I scheduled a boot scan and made windows open up in safe mode with networking. The boot scan didn't scan anything so now I'm asking you for help.
In safe mode the computer seems to run all right, but there are still some weird things going on -Chrome not downloading the DDS file (Internet Explorer was able to do it), when I accidentally moved the logs in my desktop and hit "Ctrl+z" the dds script was gone, recycle bin empty. Not sure if they are really because of the virus or just coincidences.
DDS
----------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2
Run by Neta at 0:11:45 on 2013-08-10
Microsoft Windows 8 Pro 6.2.9200.0.1255.972.1033.18.4073.2961 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Neta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{540A8840-F67E-46CF-840D-5164B4861590} : DHCPNameServer = 192.117.235.235 62.219.186.7
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-5-25 283200]
S0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-5-25 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-5-25 189936]
S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-5-25 1030952]
S1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-5-25 378944]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-5-25 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-5-25 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-25 46808]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 14984480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem10.inf,%PID_0802_DD%(UVC);Logitech Webcam 200(UVC);C:\Windows\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2013-7-30 39712]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0153;RsFx0153 Driver;C:\Windows\System32\Drivers\RsFx0153.sys [2012-6-29 321992]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-29 441288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-09 15:34:26 -------- d-----w- C:\Users\Neta\.android
2013-08-09 15:34:21 -------- d-----w- C:\Users\Neta\workspace_Android
2013-08-06 18:11:31 -------- d-----w- C:\Users\Neta\AppData\Local\Samsung
2013-08-06 18:11:29 -------- d-----w- C:\Users\Neta\AppData\Roaming\Samsung
2013-08-06 18:07:28 -------- d-----w- C:\ProgramData\Samsung
2013-08-06 18:07:28 -------- d-----w- C:\Program Files (x86)\Samsung
2013-08-06 18:03:34 -------- d-----w- C:\Users\Neta\AppData\Local\Downloaded Installations
2013-07-30 18:46:08 -------- d-----w- C:\NvidiaLogging
2013-07-30 18:45:08 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-07-30 18:45:08 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-07-30 18:45:08 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-07-22 09:16:06 -------- d-----w- C:\FFOutput
2013-07-22 09:14:55 -------- d-----w- C:\Program Files (x86)\FreeTime
2013-07-21 19:10:31 -------- d-----w- C:\Windows\System32\MRT
2013-07-18 14:03:58 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-07-18 14:03:58 2391280 ----a-w- C:\Windows\explorer.exe
2013-07-18 14:03:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-07-18 14:03:58 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-07-18 14:03:57 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-07-18 14:03:57 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-07-18 14:03:57 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-07-18 14:03:57 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-07-18 14:03:57 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-07-18 14:03:57 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-07-18 14:03:57 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-07-18 14:03:56 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-07-18 14:03:25 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-07-18 09:54:59 -------- d-----w- C:\Games
2013-07-18 09:47:09 33 ----a-w- C:\Windows\SysWow64\mnprxpd2f.bin
2013-07-18 09:46:57 -------- d-----w- C:\Program Files (x86)\ChordPulse
2013-07-15 21:22:57 144384 ----a-w- C:\Windows\System32\tssdisai.dll
.
==================== Find3M ====================
.
2013-08-09 18:36:29 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-07-18 16:01:06 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-18 16:01:05 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-06-28 06:36:00 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-28 06:36:00 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-24 12:13:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 12:13:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 12:13:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 02:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-18 00:40:33 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-18 00:40:33 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-13 20:31:08 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-13 20:18:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-08 14:15:56 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-08 14:15:50 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-08 14:15:50 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-05-25 19:12:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
.
============= FINISH: 0:12:41.68 ===============
Sorry for explaining for so long, your guide said to write every little thing...
Thanks in advance!