TechSpot

Win64/patched, Assistance Requested

Inactive
By hongyx
Apr 29, 2014
  1. Hi,

    Recently my laptop started popping up error messages that forces a restart each time it occurs. Did a scan with MBAM 2.0 and rebooted my laptop as instructed. However, on reboot my laptop is stuck on a black screen with cursor. Subsequent attempts at rebooting at last known good configuration has been unable to revive my laptop. Any assistance regarding this issue will be appreciated.

    Thank you

    -yan
     
  2. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    What Windows version is it?
     
  3. hongyx

    hongyx TS Rookie Topic Starter

    It's windows 7
     
  4. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. hongyx

    hongyx TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 01
    Ran by SYSTEM on MININT-R079J1T on 01-05-2014 17:24:46
    Running from G:\
    Windows 7 Professional (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-07] (IDT, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\Uncle Hong\...\Run: [Google Update] => C:\Users\Uncle Hong\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.)
    HKU\Uncle Hong\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Uncle Hong\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
    HKU\Uncle Hong\...\Run: [GoogleChromeAutoLaunch_9B77C47C78CA2AFB7B2E301F793C6E78] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
    HKU\Uncle Hong\...\Run: [Air Display Support] => C:\Program Files\Avatron\Air Display\AirDisplay.exe [4189688 2013-12-04] (Avatron Software, Inc)
    AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
    Startup: C:\Users\Uncle Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) =================

    S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-04] (Avatron Software)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-25] (BitRaider, LLC)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-04-08] (Mentor Graphics Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]

    ==================== Drivers (Whitelisted) ====================

    S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15352 2013-12-04] (Windows (R) Win 7 DDK provider)
    S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15352 2013-12-04] (Windows (R) Win 7 DDK provider)
    S3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows (R) Win 7 DDK provider)
    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
    S0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows (R) Win 7 DDK provider)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-11] (DT Soft Ltd)
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-01 17:24 - 2014-05-01 17:24 - 00000000 ____D () C:\FRST
    2014-04-27 20:37 - 2014-04-27 20:40 - 00000000 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
    2014-04-27 20:34 - 2014-04-27 20:34 - 00030426 _____ () C:\Windows\System32\.crusader
    2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-27 20:08 - 2014-04-27 20:34 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-27 20:08 - 2014-04-27 20:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Uncle Hong\Downloads\HitmanPro_x64.exe
    2014-04-27 19:12 - 2014-04-27 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-27 19:11 - 2014-04-03 05:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-04-27 19:11 - 2014-04-03 05:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
    2014-04-27 19:11 - 2014-04-03 05:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-04-27 19:10 - 2014-04-27 19:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004 (1).exe
    2014-04-27 19:10 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004.exe
    2014-04-27 18:35 - 2014-04-27 18:35 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\AVG2014
    2014-04-27 18:34 - 2014-04-27 18:34 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\TuneUp Software
    2014-04-27 18:26 - 2014-04-27 18:34 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-04-27 18:26 - 2014-04-27 18:26 - 00000000 ___HD () C:\$AVG
    2014-04-27 18:13 - 2014-04-27 18:13 - 02434792 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
    2014-04-27 18:12 - 2014-04-27 18:12 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-04-27 18:06 - 2014-04-30 18:25 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-27 18:06 - 2014-04-27 18:39 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\Avg2014
    2014-04-27 18:06 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\MFAData
    2014-04-27 16:38 - 2014-04-27 16:38 - 04485528 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet.exe
    2014-04-27 15:06 - 2010-06-02 00:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2014-04-27 15:06 - 2010-06-02 00:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2014-04-27 15:06 - 2010-06-02 00:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2014-04-27 15:06 - 2010-06-02 00:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2014-04-27 15:06 - 2010-06-02 00:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2014-04-27 15:06 - 2010-06-02 00:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2014-04-27 15:06 - 2010-05-26 07:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2014-04-27 15:06 - 2010-02-04 06:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2014-04-27 15:05 - 2009-09-04 13:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2014-04-27 15:05 - 2009-09-04 13:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2014-04-27 15:05 - 2009-03-16 10:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2014-04-27 15:05 - 2009-03-09 11:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2014-04-27 15:05 - 2008-10-27 06:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2014-04-27 15:05 - 2008-10-15 02:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2014-04-27 15:05 - 2008-07-31 06:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2014-04-27 15:05 - 2008-07-31 06:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2014-04-27 15:05 - 2008-07-31 06:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2014-04-27 15:05 - 2008-07-31 06:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2014-04-27 15:05 - 2008-07-31 06:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2014-04-27 15:05 - 2008-07-31 06:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2014-04-27 15:05 - 2008-07-10 07:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2014-04-27 15:05 - 2008-07-10 07:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2014-04-27 15:05 - 2008-07-10 07:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2014-04-27 15:05 - 2008-07-10 07:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2014-04-27 15:05 - 2008-07-10 07:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2014-04-27 15:05 - 2008-07-10 07:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2014-04-27 15:05 - 2008-05-30 10:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2014-04-27 15:05 - 2008-05-30 10:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2014-04-27 15:05 - 2008-05-30 10:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2014-04-27 15:05 - 2008-05-30 10:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2014-04-27 15:05 - 2008-05-30 10:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2014-04-27 15:05 - 2008-05-30 10:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2014-04-27 15:05 - 2008-05-30 10:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2014-04-27 15:05 - 2008-05-30 10:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2014-04-27 15:05 - 2008-05-30 10:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2014-04-27 15:05 - 2008-03-05 12:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2014-04-27 15:05 - 2008-03-05 12:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2014-04-27 15:05 - 2008-03-05 12:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2014-04-27 15:05 - 2008-03-05 12:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2014-04-27 15:05 - 2008-03-05 12:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2014-04-27 15:05 - 2008-03-05 12:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2014-04-27 15:05 - 2008-03-05 11:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2014-04-27 15:05 - 2008-03-05 11:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2014-04-27 15:05 - 2008-03-05 11:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2014-04-27 15:05 - 2008-03-05 11:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2014-04-27 15:05 - 2008-02-05 19:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2014-04-27 15:05 - 2008-02-05 19:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2014-04-27 15:05 - 2007-10-21 23:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2014-04-27 15:05 - 2007-10-21 23:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2014-04-27 15:05 - 2007-10-12 11:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2014-04-27 15:05 - 2007-10-12 11:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2014-04-27 15:05 - 2007-10-12 11:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2014-04-27 15:05 - 2007-10-02 05:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2014-04-27 15:05 - 2007-10-02 05:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2014-04-27 15:05 - 2007-07-19 20:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2014-04-27 15:05 - 2007-07-19 20:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2014-04-27 15:05 - 2007-07-19 14:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2014-04-27 15:04 - 2007-10-21 23:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2014-04-27 15:04 - 2007-10-21 23:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2014-04-27 15:04 - 2007-06-20 16:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2014-04-27 15:04 - 2007-06-20 16:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2014-04-27 15:04 - 2007-05-16 12:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2014-04-27 15:04 - 2007-04-04 14:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2014-04-27 15:04 - 2007-04-04 14:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2014-04-27 15:04 - 2007-04-04 14:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
    2014-04-27 15:04 - 2007-04-04 14:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2014-04-27 15:04 - 2007-03-15 12:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2014-04-27 15:04 - 2007-03-15 12:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2014-04-27 15:04 - 2007-03-12 12:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
    2014-04-27 15:04 - 2007-03-12 12:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2014-04-27 15:04 - 2007-03-12 12:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2014-04-27 15:04 - 2007-03-12 12:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2014-04-27 15:04 - 2007-03-05 08:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2014-04-27 15:04 - 2007-03-05 08:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2014-04-27 15:04 - 2007-01-24 11:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2014-04-27 15:04 - 2007-01-24 11:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2014-04-27 15:04 - 2006-12-08 08:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2014-04-27 15:04 - 2006-12-08 08:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2014-04-27 15:04 - 2006-11-29 09:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2014-04-27 15:04 - 2006-11-29 09:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2014-04-27 15:04 - 2006-11-29 09:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2014-04-27 15:04 - 2006-11-29 09:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2014-04-27 15:04 - 2006-09-28 12:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2014-04-27 15:04 - 2006-09-28 12:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2014-04-27 15:04 - 2006-09-28 12:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2014-04-27 15:04 - 2006-09-28 12:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2014-04-27 15:04 - 2006-07-28 05:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2014-04-27 15:04 - 2006-07-28 05:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2014-04-27 15:04 - 2006-07-28 05:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2014-04-27 15:04 - 2006-07-28 05:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2014-04-27 15:04 - 2006-05-31 03:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2014-04-27 15:04 - 2006-05-31 03:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2014-04-27 15:04 - 2006-03-31 08:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2014-04-27 15:04 - 2006-03-31 08:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2014-04-27 15:04 - 2006-03-31 08:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2014-04-27 15:04 - 2006-03-31 08:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2014-04-27 15:03 - 2006-03-31 08:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2014-04-27 15:03 - 2006-03-31 08:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2014-04-27 15:03 - 2006-02-03 04:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2014-04-27 15:03 - 2006-02-03 04:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2014-04-27 15:03 - 2006-02-03 04:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2014-04-27 15:03 - 2006-02-03 04:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2014-04-27 15:03 - 2006-02-03 04:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2014-04-27 15:03 - 2006-02-03 04:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2014-04-27 15:03 - 2005-12-05 14:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2014-04-27 15:03 - 2005-12-05 14:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2014-04-27 15:03 - 2005-07-22 15:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2014-04-27 15:03 - 2005-07-22 15:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2014-04-27 15:03 - 2005-05-26 11:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2014-04-27 15:03 - 2005-05-26 11:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2014-04-27 15:03 - 2005-03-18 13:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2014-04-27 15:03 - 2005-03-18 13:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2014-04-27 15:03 - 2005-02-05 15:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2014-04-27 15:03 - 2005-02-05 15:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2014-04-27 13:30 - 2014-04-27 13:30 - 00000219 _____ () C:\Users\Uncle Hong\Desktop\Dota 2.url
    2014-04-27 13:08 - 2014-04-27 19:00 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-04-27 13:08 - 2014-04-27 13:08 - 01141680 _____ () C:\Users\Uncle Hong\Downloads\SteamSetup.exe
    2014-04-27 13:08 - 2014-04-27 13:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
    2014-04-25 05:46 - 2014-04-25 06:01 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.asv
    2014-04-25 05:36 - 2014-04-25 05:41 - 00001805 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.asv
    2014-04-25 05:06 - 2014-04-25 08:01 - 00001845 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.m
    2014-04-25 05:05 - 2014-04-25 06:06 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.m
    2014-04-25 02:31 - 2014-04-25 05:06 - 00000743 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.asv
    2014-04-25 01:28 - 2014-04-25 01:28 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (3).m
    2014-04-25 01:25 - 2014-04-25 01:25 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (2).m
    2014-04-25 01:25 - 2014-04-25 01:25 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (2).m
    2014-04-24 19:42 - 2014-04-24 19:42 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (1).m
    2014-04-24 19:41 - 2014-04-24 19:42 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (1).m
    2014-04-23 01:54 - 2014-04-23 01:54 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9 (1).xls
    2014-04-22 22:08 - 2014-04-22 22:08 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (2).xlsx
    2014-04-22 22:07 - 2014-04-22 22:07 - 00700928 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_2.ppt
    2014-04-22 22:07 - 2014-04-22 22:07 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (1).xlsx
    2014-04-22 13:59 - 2014-04-22 13:59 - 00025152 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab.xlsx
    2014-04-22 13:59 - 2014-04-22 13:59 - 00000165 ____H () C:\Users\Uncle Hong\Downloads\~$Data_BL investigation using PIV Lab.xlsx
    2014-04-22 13:43 - 2014-04-22 13:43 - 03923968 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3 (1).ppt
    2014-04-18 11:01 - 2014-04-18 11:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2014-04-15 06:04 - 2014-04-15 06:04 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1).m
    2014-04-15 06:04 - 2014-04-15 06:04 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.m
    2014-04-14 22:08 - 2014-04-14 22:08 - 00001326 _____ () C:\Users\Uncle Hong\Downloads\DSO Keep In Touch_yanxiang2.txt
    2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ___RD () C:\Users\Uncle Hong\AppData\Roaming\Brother
    2014-04-14 18:26 - 2014-04-14 18:26 - 00546275 _____ () C:\Users\Uncle Hong\Downloads\WhatsApp Chat_ Meihua Wang (2).txt
    2014-04-13 23:23 - 2014-04-13 23:23 - 00000000 _____ () C:\end
    2014-04-13 23:22 - 2014-04-13 23:22 - 29720272 _____ () C:\Users\Uncle Hong\Downloads\SWTOR_setup (1).exe
    2014-04-13 22:44 - 2014-04-13 22:44 - 00003791 _____ () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University).htm
    2014-04-13 22:44 - 2014-04-13 22:44 - 00000000 ____D () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University)_files
    2014-04-10 14:08 - 2014-04-10 14:08 - 03921920 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3.ppt
    2014-04-07 21:11 - 2014-04-07 21:11 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9.xls
    2014-04-06 20:32 - 2014-04-06 20:32 - 00125065 _____ () C:\Users\Uncle Hong\Downloads\primer-resume-templates.zip
    2014-04-04 18:09 - 2014-04-27 14:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\CrashDumps

    ==================== One Month Modified Files and Folders =======

    2014-05-01 17:24 - 2014-05-01 17:24 - 00000000 ____D () C:\FRST
    2014-04-30 18:25 - 2014-04-27 18:06 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-27 20:40 - 2014-04-27 20:37 - 00000000 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
    2014-04-27 20:35 - 2012-04-05 04:33 - 01712355 _____ () C:\Windows\WindowsUpdate.log
    2014-04-27 20:34 - 2014-04-27 20:34 - 00030426 _____ () C:\Windows\System32\.crusader
    2014-04-27 20:34 - 2014-04-27 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-27 20:32 - 2012-06-26 05:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-27 20:16 - 2012-06-26 05:11 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629567320-2465665406-2385199088-1000UA.job
    2014-04-27 20:14 - 2009-07-13 20:45 - 00017312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-27 20:14 - 2009-07-13 20:45 - 00017312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-27 20:08 - 2014-04-27 20:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Uncle Hong\Downloads\HitmanPro_x64.exe
    2014-04-27 20:08 - 2012-04-11 22:12 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\Dropbox
    2014-04-27 20:06 - 2012-04-11 22:19 - 00000000 ___RD () C:\Users\Uncle Hong\Dropbox
    2014-04-27 20:04 - 2013-12-14 07:31 - 00000000 ___RD () C:\Users\Uncle Hong\Google Drive
    2014-04-27 20:03 - 2013-09-15 22:13 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-27 20:02 - 2012-04-06 04:31 - 00359570 _____ () C:\Windows\PFRO.log
    2014-04-27 20:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-27 20:02 - 2009-07-13 20:51 - 00116583 _____ () C:\Windows\setupact.log
    2014-04-27 19:40 - 2013-09-15 22:13 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-27 19:12 - 2014-04-27 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-27 19:11 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004 (1).exe
    2014-04-27 19:10 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004.exe
    2014-04-27 19:00 - 2014-04-27 13:08 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-04-27 18:39 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\Avg2014
    2014-04-27 18:35 - 2014-04-27 18:35 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\AVG2014
    2014-04-27 18:34 - 2014-04-27 18:34 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\TuneUp Software
    2014-04-27 18:34 - 2014-04-27 18:26 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-04-27 18:26 - 2014-04-27 18:26 - 00000000 ___HD () C:\$AVG
    2014-04-27 18:13 - 2014-04-27 18:13 - 02434792 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
    2014-04-27 18:12 - 2014-04-27 18:12 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-04-27 18:06 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\MFAData
    2014-04-27 16:38 - 2014-04-27 16:38 - 04485528 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet.exe
    2014-04-27 15:05 - 2014-03-30 08:47 - 00010492 _____ () C:\Windows\DirectX.log
    2014-04-27 14:25 - 2009-07-13 21:13 - 00717892 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-04-27 14:06 - 2014-04-04 18:09 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\CrashDumps
    2014-04-27 13:30 - 2014-04-27 13:30 - 00000219 _____ () C:\Users\Uncle Hong\Desktop\Dota 2.url
    2014-04-27 13:08 - 2014-04-27 13:08 - 01141680 _____ () C:\Users\Uncle Hong\Downloads\SteamSetup.exe
    2014-04-27 13:08 - 2014-04-27 13:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
    2014-04-26 09:41 - 2012-06-26 05:11 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629567320-2465665406-2385199088-1000Core.job
    2014-04-25 08:01 - 2014-04-25 05:06 - 00001845 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.m
    2014-04-25 07:48 - 2013-09-07 07:57 - 00000000 ____D () C:\Users\Uncle Hong\Documents\MATLAB
    2014-04-25 06:06 - 2014-04-25 05:05 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.m
    2014-04-25 06:06 - 2014-03-28 05:46 - 00000000 ____D () C:\Users\Uncle Hong\.felix
    2014-04-25 06:01 - 2014-04-25 05:46 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.asv
    2014-04-25 05:41 - 2014-04-25 05:36 - 00001805 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.asv
    2014-04-25 05:06 - 2014-04-25 02:31 - 00000743 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.asv
    2014-04-25 01:28 - 2014-04-25 01:28 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (3).m
    2014-04-25 01:25 - 2014-04-25 01:25 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (2).m
    2014-04-25 01:25 - 2014-04-25 01:25 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (2).m
    2014-04-24 19:42 - 2014-04-24 19:42 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (1).m
    2014-04-24 19:42 - 2014-04-24 19:41 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (1).m
    2014-04-23 01:54 - 2014-04-23 01:54 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9 (1).xls
    2014-04-23 01:17 - 2012-04-05 05:02 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\Mozilla
    2014-04-22 22:08 - 2014-04-22 22:08 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (2).xlsx
    2014-04-22 22:07 - 2014-04-22 22:07 - 00700928 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_2.ppt
    2014-04-22 22:07 - 2014-04-22 22:07 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (1).xlsx
    2014-04-22 20:48 - 2012-08-12 21:46 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\vlc
    2014-04-22 13:59 - 2014-04-22 13:59 - 00025152 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab.xlsx
    2014-04-22 13:59 - 2014-04-22 13:59 - 00000165 ____H () C:\Users\Uncle Hong\Downloads\~$Data_BL investigation using PIV Lab.xlsx
    2014-04-22 13:43 - 2014-04-22 13:43 - 03923968 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3 (1).ppt
    2014-04-21 16:39 - 2009-07-13 21:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-04-18 11:01 - 2014-04-18 11:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2014-04-18 06:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
    2014-04-15 06:04 - 2014-04-15 06:04 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1).m
    2014-04-15 06:04 - 2014-04-15 06:04 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.m
    2014-04-14 22:08 - 2014-04-14 22:08 - 00001326 _____ () C:\Users\Uncle Hong\Downloads\DSO Keep In Touch_yanxiang2.txt
    2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ___RD () C:\Users\Uncle Hong\AppData\Roaming\Brother
    2014-04-14 18:26 - 2014-04-14 18:26 - 00546275 _____ () C:\Users\Uncle Hong\Downloads\WhatsApp Chat_ Meihua Wang (2).txt
    2014-04-14 05:21 - 2014-01-25 17:03 - 00000000 ____D () C:\ProgramData\BitRaider
    2014-04-13 23:23 - 2014-04-13 23:23 - 00000000 _____ () C:\end
    2014-04-13 23:23 - 2013-08-17 13:39 - 00013671 _____ () C:\Users\Uncle Hong\Documents\Install STAR WARS The Old Republic.log
    2014-04-13 23:22 - 2014-04-13 23:22 - 29720272 _____ () C:\Users\Uncle Hong\Downloads\SWTOR_setup (1).exe
    2014-04-13 22:44 - 2014-04-13 22:44 - 00003791 _____ () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University).htm
    2014-04-13 22:44 - 2014-04-13 22:44 - 00000000 ____D () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University)_files
    2014-04-10 14:08 - 2014-04-10 14:08 - 03921920 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3.ppt
    2014-04-07 21:11 - 2014-04-07 21:11 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9.xls
    2014-04-06 20:32 - 2014-04-06 20:32 - 00125065 _____ () C:\Users\Uncle Hong\Downloads\primer-resume-templates.zip
    2014-04-03 05:51 - 2014-04-27 19:11 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-04-03 05:51 - 2014-04-27 19:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
    2014-04-03 05:50 - 2014-04-27 19:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    Some content of TEMP:
    ====================
    C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe
    C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe
    C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8139.86 MB
    Available physical RAM: 7331.42 MB
    Total Pagefile: 8138.01 MB
    Available Pagefile: 7326.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:450.44 GB) (Free:2.69 GB) NTFS
    Drive e: (RECOVERY) (Fixed) (Total:15.12 GB) (Free:1.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: (YAN 8GB) (Removable) (Total:7.45 GB) (Free:7.17 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 652A864E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.


    LastRegBack: 2014-04-19 13:57

    ==================== End Of Log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  7. hongyx

    hongyx TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2014 01
    Ran by SYSTEM at 2014-05-01 23:27:41 Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
    ShortcutTarget: Dropbox.lnk -> (No File)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe
    C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe
    C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe
    LastRegBack: 2014-04-19 13:57
    *****************

    "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" => Value Data removed successfully.
    ShortcutTarget: Dropbox.lnk -> (No File) not found.
    MyWiFiDHCPDNS => Service deleted successfully.
    BRDriver64 => Service deleted successfully.
    C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe => Moved successfully.
    C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe => Moved successfully.
    C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe => Moved successfully.
    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  8. hongyx

    hongyx TS Rookie Topic Starter

    Attempted to boot normally, but it is still stuck on a black screen with cursor
     
  9. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Same thing if you try safe mode?
     
  10. hongyx

    hongyx TS Rookie Topic Starter

    Yup, attempted to boot in safe mode and it get stuck at the black screen with cursor
     
  11. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Unfortunately there is not much more I can help you with.
    I don't see any infection there.
    With FRST fix we restored your computer to a date when it last booted successfully (2014-04-19) but it didn't help.

    At this point I see no other option but to reinstall Windows.
     
     
  12. hongyx

    hongyx TS Rookie Topic Starter

    Alright, thanks a lot for the assistance
     
  13. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.