Inactive Win64/patched, Assistance Requested

hongyx

hongyx

Posts: 7   +0
Hi,

Recently my laptop started popping up error messages that forces a restart each time it occurs. Did a scan with MBAM 2.0 and rebooted my laptop as instructed. However, on reboot my laptop is stuck on a black screen with cursor. Subsequent attempts at rebooting at last known good configuration has been unable to revive my laptop. Any assistance regarding this issue will be appreciated.

Thank you

-yan
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

What Windows version is it?
 
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:     Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 01
Ran by SYSTEM on MININT-R079J1T on 01-05-2014 17:24:46
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-07] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Uncle Hong\...\Run: [Google Update] => C:\Users\Uncle Hong\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.)
HKU\Uncle Hong\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Uncle Hong\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\Uncle Hong\...\Run: [GoogleChromeAutoLaunch_9B77C47C78CA2AFB7B2E301F793C6E78] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
HKU\Uncle Hong\...\Run: [Air Display Support] => C:\Program Files\Avatron\Air Display\AirDisplay.exe [4189688 2013-12-04] (Avatron Software, Inc)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
Startup: C:\Users\Uncle Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-04] (Avatron Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-25] (BitRaider, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-04-08] (Mentor Graphics Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]

==================== Drivers (Whitelisted) ====================

S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15352 2013-12-04] (Windows (R) Win 7 DDK provider)
S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15352 2013-12-04] (Windows (R) Win 7 DDK provider)
S3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [48632 2013-12-04] (Windows (R) Win 7 DDK provider)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 AVPCIFilter; C:\Windows\System32\DRIVERS\AVPCIFilter.sys [36344 2013-12-04] (Windows (R) Win 7 DDK provider)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-11] (DT Soft Ltd)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-01 17:24 - 2014-05-01 17:24 - 00000000 ____D () C:\FRST
2014-04-27 20:37 - 2014-04-27 20:40 - 00000000 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-04-27 20:34 - 2014-04-27 20:34 - 00030426 _____ () C:\Windows\System32\.crusader
2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-27 20:08 - 2014-04-27 20:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-27 20:08 - 2014-04-27 20:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Uncle Hong\Downloads\HitmanPro_x64.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 19:11 - 2014-04-03 05:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-27 19:11 - 2014-04-03 05:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-27 19:11 - 2014-04-03 05:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-27 19:10 - 2014-04-27 19:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-27 19:10 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-27 18:35 - 2014-04-27 18:35 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\AVG2014
2014-04-27 18:34 - 2014-04-27 18:34 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\TuneUp Software
2014-04-27 18:26 - 2014-04-27 18:34 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-27 18:26 - 2014-04-27 18:26 - 00000000 ___HD () C:\$AVG
2014-04-27 18:13 - 2014-04-27 18:13 - 02434792 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-04-27 18:12 - 2014-04-27 18:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-27 18:06 - 2014-04-30 18:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-27 18:06 - 2014-04-27 18:39 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\Avg2014
2014-04-27 18:06 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\MFAData
2014-04-27 16:38 - 2014-04-27 16:38 - 04485528 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-04-27 15:06 - 2010-06-02 00:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-04-27 15:06 - 2010-06-02 00:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2014-04-27 15:06 - 2010-06-02 00:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-04-27 15:06 - 2010-06-02 00:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2014-04-27 15:06 - 2010-06-02 00:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2014-04-27 15:06 - 2010-06-02 00:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2014-04-27 15:06 - 2010-05-26 07:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2014-04-27 15:06 - 2010-02-04 06:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2014-04-27 15:05 - 2009-09-04 13:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2014-04-27 15:05 - 2009-09-04 13:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2014-04-27 15:05 - 2009-03-16 10:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2014-04-27 15:05 - 2009-03-09 11:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2014-04-27 15:05 - 2008-10-27 06:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2014-04-27 15:05 - 2008-10-15 02:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-04-27 15:05 - 2008-07-31 06:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-04-27 15:05 - 2008-07-31 06:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2014-04-27 15:05 - 2008-07-31 06:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2014-04-27 15:05 - 2008-07-31 06:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-04-27 15:05 - 2008-07-31 06:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2014-04-27 15:05 - 2008-07-31 06:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-04-27 15:05 - 2008-07-10 07:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-04-27 15:05 - 2008-07-10 07:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2014-04-27 15:05 - 2008-07-10 07:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-04-27 15:05 - 2008-07-10 07:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2014-04-27 15:05 - 2008-07-10 07:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-04-27 15:05 - 2008-07-10 07:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2014-04-27 15:05 - 2008-05-30 10:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2014-04-27 15:05 - 2008-05-30 10:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-04-27 15:05 - 2008-05-30 10:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-04-27 15:05 - 2008-05-30 10:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2014-04-27 15:05 - 2008-05-30 10:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2014-04-27 15:05 - 2008-05-30 10:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-04-27 15:05 - 2008-05-30 10:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-04-27 15:05 - 2008-05-30 10:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2014-04-27 15:05 - 2008-05-30 10:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-04-27 15:05 - 2008-03-05 12:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2014-04-27 15:05 - 2008-03-05 12:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-04-27 15:05 - 2008-03-05 12:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-04-27 15:05 - 2008-03-05 12:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2014-04-27 15:05 - 2008-03-05 12:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2014-04-27 15:05 - 2008-03-05 12:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-04-27 15:05 - 2008-03-05 11:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2014-04-27 15:05 - 2008-03-05 11:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-04-27 15:05 - 2008-03-05 11:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2014-04-27 15:05 - 2008-03-05 11:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-04-27 15:05 - 2008-02-05 19:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2014-04-27 15:05 - 2008-02-05 19:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-04-27 15:05 - 2007-10-21 23:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2014-04-27 15:05 - 2007-10-21 23:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-04-27 15:05 - 2007-10-12 11:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-04-27 15:05 - 2007-10-12 11:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2014-04-27 15:05 - 2007-10-12 11:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-04-27 15:05 - 2007-10-02 05:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2014-04-27 15:05 - 2007-10-02 05:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-04-27 15:05 - 2007-07-19 20:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2014-04-27 15:05 - 2007-07-19 20:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2014-04-27 15:05 - 2007-07-19 14:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-04-27 15:04 - 2007-10-21 23:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2014-04-27 15:04 - 2007-10-21 23:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-04-27 15:04 - 2007-06-20 16:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2014-04-27 15:04 - 2007-06-20 16:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2014-04-27 15:04 - 2007-05-16 12:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-04-27 15:04 - 2007-04-04 14:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2014-04-27 15:04 - 2007-04-04 14:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-04-27 15:04 - 2007-04-04 14:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2014-04-27 15:04 - 2007-04-04 14:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-04-27 15:04 - 2007-03-15 12:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2014-04-27 15:04 - 2007-03-15 12:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-04-27 15:04 - 2007-03-12 12:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2014-04-27 15:04 - 2007-03-12 12:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-04-27 15:04 - 2007-03-12 12:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2014-04-27 15:04 - 2007-03-12 12:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-04-27 15:04 - 2007-03-05 08:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2014-04-27 15:04 - 2007-03-05 08:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-04-27 15:04 - 2007-01-24 11:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2014-04-27 15:04 - 2007-01-24 11:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-04-27 15:04 - 2006-12-08 08:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-04-27 15:04 - 2006-12-08 08:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2014-04-27 15:04 - 2006-11-29 09:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2014-04-27 15:04 - 2006-11-29 09:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-04-27 15:04 - 2006-11-29 09:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2014-04-27 15:04 - 2006-11-29 09:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-04-27 15:04 - 2006-09-28 12:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2014-04-27 15:04 - 2006-09-28 12:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-04-27 15:04 - 2006-09-28 12:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-04-27 15:04 - 2006-09-28 12:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2014-04-27 15:04 - 2006-07-28 05:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2014-04-27 15:04 - 2006-07-28 05:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2014-04-27 15:04 - 2006-07-28 05:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-04-27 15:04 - 2006-07-28 05:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-04-27 15:04 - 2006-05-31 03:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-04-27 15:04 - 2006-05-31 03:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2014-04-27 15:04 - 2006-03-31 08:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2014-04-27 15:04 - 2006-03-31 08:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-04-27 15:04 - 2006-03-31 08:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2014-04-27 15:04 - 2006-03-31 08:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-04-27 15:03 - 2006-03-31 08:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2014-04-27 15:03 - 2006-03-31 08:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-04-27 15:03 - 2006-02-03 04:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2014-04-27 15:03 - 2006-02-03 04:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-04-27 15:03 - 2006-02-03 04:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2014-04-27 15:03 - 2006-02-03 04:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-04-27 15:03 - 2006-02-03 04:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2014-04-27 15:03 - 2006-02-03 04:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-04-27 15:03 - 2005-12-05 14:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2014-04-27 15:03 - 2005-12-05 14:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-04-27 15:03 - 2005-07-22 15:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2014-04-27 15:03 - 2005-07-22 15:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-04-27 15:03 - 2005-05-26 11:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2014-04-27 15:03 - 2005-05-26 11:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-04-27 15:03 - 2005-03-18 13:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2014-04-27 15:03 - 2005-03-18 13:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-04-27 15:03 - 2005-02-05 15:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2014-04-27 15:03 - 2005-02-05 15:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-04-27 13:30 - 2014-04-27 13:30 - 00000219 _____ () C:\Users\Uncle Hong\Desktop\Dota 2.url
2014-04-27 13:08 - 2014-04-27 19:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-27 13:08 - 2014-04-27 13:08 - 01141680 _____ () C:\Users\Uncle Hong\Downloads\SteamSetup.exe
2014-04-27 13:08 - 2014-04-27 13:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-04-25 05:46 - 2014-04-25 06:01 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.asv
2014-04-25 05:36 - 2014-04-25 05:41 - 00001805 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.asv
2014-04-25 05:06 - 2014-04-25 08:01 - 00001845 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.m
2014-04-25 05:05 - 2014-04-25 06:06 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.m
2014-04-25 02:31 - 2014-04-25 05:06 - 00000743 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.asv
2014-04-25 01:28 - 2014-04-25 01:28 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (3).m
2014-04-25 01:25 - 2014-04-25 01:25 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (2).m
2014-04-25 01:25 - 2014-04-25 01:25 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (2).m
2014-04-24 19:42 - 2014-04-24 19:42 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (1).m
2014-04-24 19:41 - 2014-04-24 19:42 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (1).m
2014-04-23 01:54 - 2014-04-23 01:54 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9 (1).xls
2014-04-22 22:08 - 2014-04-22 22:08 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (2).xlsx
2014-04-22 22:07 - 2014-04-22 22:07 - 00700928 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_2.ppt
2014-04-22 22:07 - 2014-04-22 22:07 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (1).xlsx
2014-04-22 13:59 - 2014-04-22 13:59 - 00025152 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab.xlsx
2014-04-22 13:59 - 2014-04-22 13:59 - 00000165 ____H () C:\Users\Uncle Hong\Downloads\~$Data_BL investigation using PIV Lab.xlsx
2014-04-22 13:43 - 2014-04-22 13:43 - 03923968 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3 (1).ppt
2014-04-18 11:01 - 2014-04-18 11:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-15 06:04 - 2014-04-15 06:04 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1).m
2014-04-15 06:04 - 2014-04-15 06:04 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.m
2014-04-14 22:08 - 2014-04-14 22:08 - 00001326 _____ () C:\Users\Uncle Hong\Downloads\DSO Keep In Touch_yanxiang2.txt
2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ___RD () C:\Users\Uncle Hong\AppData\Roaming\Brother
2014-04-14 18:26 - 2014-04-14 18:26 - 00546275 _____ () C:\Users\Uncle Hong\Downloads\WhatsApp Chat_ Meihua Wang (2).txt
2014-04-13 23:23 - 2014-04-13 23:23 - 00000000 _____ () C:\end
2014-04-13 23:22 - 2014-04-13 23:22 - 29720272 _____ () C:\Users\Uncle Hong\Downloads\SWTOR_setup (1).exe
2014-04-13 22:44 - 2014-04-13 22:44 - 00003791 _____ () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University).htm
2014-04-13 22:44 - 2014-04-13 22:44 - 00000000 ____D () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University)_files
2014-04-10 14:08 - 2014-04-10 14:08 - 03921920 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3.ppt
2014-04-07 21:11 - 2014-04-07 21:11 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9.xls
2014-04-06 20:32 - 2014-04-06 20:32 - 00125065 _____ () C:\Users\Uncle Hong\Downloads\primer-resume-templates.zip
2014-04-04 18:09 - 2014-04-27 14:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\CrashDumps

==================== One Month Modified Files and Folders =======

2014-05-01 17:24 - 2014-05-01 17:24 - 00000000 ____D () C:\FRST
2014-04-30 18:25 - 2014-04-27 18:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-27 20:40 - 2014-04-27 20:37 - 00000000 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-04-27 20:35 - 2012-04-05 04:33 - 01712355 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 20:34 - 2014-04-27 20:34 - 00030426 _____ () C:\Windows\System32\.crusader
2014-04-27 20:34 - 2014-04-27 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-27 20:32 - 2012-06-26 05:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 20:16 - 2012-06-26 05:11 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629567320-2465665406-2385199088-1000UA.job
2014-04-27 20:14 - 2009-07-13 20:45 - 00017312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 20:14 - 2009-07-13 20:45 - 00017312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 20:09 - 2014-04-27 20:09 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-27 20:08 - 2014-04-27 20:08 - 10971424 _____ (SurfRight B.V.) C:\Users\Uncle Hong\Downloads\HitmanPro_x64.exe
2014-04-27 20:08 - 2012-04-11 22:12 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\Dropbox
2014-04-27 20:06 - 2012-04-11 22:19 - 00000000 ___RD () C:\Users\Uncle Hong\Dropbox
2014-04-27 20:04 - 2013-12-14 07:31 - 00000000 ___RD () C:\Users\Uncle Hong\Google Drive
2014-04-27 20:03 - 2013-09-15 22:13 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 20:02 - 2012-04-06 04:31 - 00359570 _____ () C:\Windows\PFRO.log
2014-04-27 20:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 20:02 - 2009-07-13 20:51 - 00116583 _____ () C:\Windows\setupact.log
2014-04-27 19:40 - 2013-09-15 22:13 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 19:12 - 2014-04-27 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:11 - 2014-04-27 19:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 19:11 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-27 19:10 - 2014-04-27 19:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Uncle Hong\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-27 19:00 - 2014-04-27 13:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-27 18:39 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\Avg2014
2014-04-27 18:35 - 2014-04-27 18:35 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\AVG2014
2014-04-27 18:34 - 2014-04-27 18:34 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-27 18:34 - 2014-04-27 18:34 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\TuneUp Software
2014-04-27 18:34 - 2014-04-27 18:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-27 18:26 - 2014-04-27 18:26 - 00000000 ___HD () C:\$AVG
2014-04-27 18:13 - 2014-04-27 18:13 - 02434792 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet (1).exe
2014-04-27 18:12 - 2014-04-27 18:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-27 18:06 - 2014-04-27 18:06 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\MFAData
2014-04-27 16:38 - 2014-04-27 16:38 - 04485528 _____ (AVG Technologies) C:\Users\Uncle Hong\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-04-27 15:05 - 2014-03-30 08:47 - 00010492 _____ () C:\Windows\DirectX.log
2014-04-27 14:25 - 2009-07-13 21:13 - 00717892 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-27 14:06 - 2014-04-04 18:09 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Local\CrashDumps
2014-04-27 13:30 - 2014-04-27 13:30 - 00000219 _____ () C:\Users\Uncle Hong\Desktop\Dota 2.url
2014-04-27 13:08 - 2014-04-27 13:08 - 01141680 _____ () C:\Users\Uncle Hong\Downloads\SteamSetup.exe
2014-04-27 13:08 - 2014-04-27 13:08 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-04-26 09:41 - 2012-06-26 05:11 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629567320-2465665406-2385199088-1000Core.job
2014-04-25 08:01 - 2014-04-25 05:06 - 00001845 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.m
2014-04-25 07:48 - 2013-09-07 07:57 - 00000000 ____D () C:\Users\Uncle Hong\Documents\MATLAB
2014-04-25 06:06 - 2014-04-25 05:05 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.m
2014-04-25 06:06 - 2014-03-28 05:46 - 00000000 ____D () C:\Users\Uncle Hong\.felix
2014-04-25 06:01 - 2014-04-25 05:46 - 00000799 _____ () C:\Users\Uncle Hong\Downloads\Project4Main.asv
2014-04-25 05:41 - 2014-04-25 05:36 - 00001805 _____ () C:\Users\Uncle Hong\Downloads\Project4Function.asv
2014-04-25 05:06 - 2014-04-25 02:31 - 00000743 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.asv
2014-04-25 01:28 - 2014-04-25 01:28 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (3).m
2014-04-25 01:25 - 2014-04-25 01:25 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (2).m
2014-04-25 01:25 - 2014-04-25 01:25 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (2).m
2014-04-24 19:42 - 2014-04-24 19:42 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction (1).m
2014-04-24 19:42 - 2014-04-24 19:41 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1) (1).m
2014-04-23 01:54 - 2014-04-23 01:54 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9 (1).xls
2014-04-23 01:17 - 2012-04-05 05:02 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\Mozilla
2014-04-22 22:08 - 2014-04-22 22:08 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (2).xlsx
2014-04-22 22:07 - 2014-04-22 22:07 - 00700928 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_2.ppt
2014-04-22 22:07 - 2014-04-22 22:07 - 00010157 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab (1).xlsx
2014-04-22 20:48 - 2012-08-12 21:46 - 00000000 ____D () C:\Users\Uncle Hong\AppData\Roaming\vlc
2014-04-22 13:59 - 2014-04-22 13:59 - 00025152 _____ () C:\Users\Uncle Hong\Downloads\Data_BL investigation using PIV Lab.xlsx
2014-04-22 13:59 - 2014-04-22 13:59 - 00000165 ____H () C:\Users\Uncle Hong\Downloads\~$Data_BL investigation using PIV Lab.xlsx
2014-04-22 13:43 - 2014-04-22 13:43 - 03923968 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3 (1).ppt
2014-04-21 16:39 - 2009-07-13 21:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-18 11:01 - 2014-04-18 11:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-18 06:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-15 06:04 - 2014-04-15 06:04 - 00000806 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleMain(1).m
2014-04-15 06:04 - 2014-04-15 06:04 - 00000759 _____ () C:\Users\Uncle Hong\Downloads\Project4ExampleFunction.m
2014-04-14 22:08 - 2014-04-14 22:08 - 00001326 _____ () C:\Users\Uncle Hong\Downloads\DSO Keep In Touch_yanxiang2.txt
2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ___RD () C:\Users\Uncle Hong\AppData\Roaming\Brother
2014-04-14 18:26 - 2014-04-14 18:26 - 00546275 _____ () C:\Users\Uncle Hong\Downloads\WhatsApp Chat_ Meihua Wang (2).txt
2014-04-14 05:21 - 2014-01-25 17:03 - 00000000 ____D () C:\ProgramData\BitRaider
2014-04-13 23:23 - 2014-04-13 23:23 - 00000000 _____ () C:\end
2014-04-13 23:23 - 2013-08-17 13:39 - 00013671 _____ () C:\Users\Uncle Hong\Documents\Install STAR WARS The Old Republic.log
2014-04-13 23:22 - 2014-04-13 23:22 - 29720272 _____ () C:\Users\Uncle Hong\Downloads\SWTOR_setup (1).exe
2014-04-13 22:44 - 2014-04-13 22:44 - 00003791 _____ () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University).htm
2014-04-13 22:44 - 2014-04-13 22:44 - 00000000 ____D () C:\Users\Uncle Hong\Downloads\SAO Hostel Accommodation Application (Nanyang Technological University)_files
2014-04-10 14:08 - 2014-04-10 14:08 - 03921920 _____ () C:\Users\Uncle Hong\Downloads\BL_measurements_PIV_lab_part_1_updated_Div3.ppt
2014-04-07 21:11 - 2014-04-07 21:11 - 00057344 _____ () C:\Users\Uncle Hong\Downloads\ME309L Lab Groups_division number_Exp8-9.xls
2014-04-06 20:32 - 2014-04-06 20:32 - 00125065 _____ () C:\Users\Uncle Hong\Downloads\primer-resume-templates.zip
2014-04-03 05:51 - 2014-04-27 19:11 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-27 19:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2014-04-27 19:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe
C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe
C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8139.86 MB
Available physical RAM: 7331.42 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7326.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.44 GB) (Free:2.69 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:15.12 GB) (Free:1.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (YAN 8GB) (Removable) (Total:7.45 GB) (Free:7.17 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 652A864E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-04-19 13:57

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    501 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2014 01
Ran by SYSTEM at 2014-05-01 23:27:41 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
ShortcutTarget: Dropbox.lnk -> (No File)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe
C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe
C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe
LastRegBack: 2014-04-19 13:57
*****************

"c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" => Value Data removed successfully.
ShortcutTarget: Dropbox.lnk -> (No File) not found.
MyWiFiDHCPDNS => Service deleted successfully.
BRDriver64 => Service deleted successfully.
C:\Users\Uncle Hong\AppData\Local\Temp\892B.exe => Moved successfully.
C:\Users\Uncle Hong\AppData\Local\Temp\C350.exe => Moved successfully.
C:\Users\Uncle Hong\AppData\Local\Temp\F140.exe => Moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
Unfortunately there is not much more I can help you with.
I don't see any infection there.
With FRST fix we restored your computer to a date when it last booted successfully (2014-04-19) but it didn't help.

At this point I see no other option but to reinstall Windows.
 
You're very welcome
p22002759.gif
 
You must log in or register to reply here.

Similar threads

M
Solved Infection dllhost.exe causing avast to block harmful webpage very frequently
Replies
17
Views
8K
Broni
Broni
T
Solved Win64/Patched.B.Gen Trojan + Win64/Wirefef.AL Trojan
Replies
14
Views
8K
Broni
Broni
jestein
Solved Help computer infected! log files requested in sticky are pasted
2 3
Replies
70
Views
10K
Broni
Broni

Latest posts

Back