They dont seem to be there. Here is a FRST scan anyway. I will try to rescan. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014Ran by Mr.Li (administrator) on MRLI-PC on 02-07-2014 18:33:00Running from C:\Users\Mr.Li\Desktop\FRSTPlatform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe(VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\wsnm.exe(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe(VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Valve Corporation) C:\Program Files\Steam\Steam.exe(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe(PPStream Inc.) D:\PPS.tv\PPStream\PPSKernel.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe() C:\Users\Mr.Li\Desktop\RogueKiller.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2562848 2013-04-19] ()HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exeHKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [software Informer] => C:\Program Files\Software Informer\softinfo.exe [2920517 2011-10-27] (Informer Technologies, Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mr.Li\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe [4154232 2013-09-16] (PPStream Inc.)HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-1522354521-3173218659-3440494766-1000\...\MountPoints2: E - E:\FalloutLauncher.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2D69F8471348CD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.defaultFF DefaultSearchEngine: YahooFF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No FileFF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No FileFF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin: @pps.tv/nppps - D:\PPS.tv\PPStream\nppps.dll ()FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)FF Plugin: @qq.com/QQlive - C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll (Tencent)FF Plugin: @qq.com/QQPhotoDrawEx - C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll ()FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.41\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mr.Li\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Battlefield Play4Free - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\battlefieldplay4free@ea.com [2013-05-04]FF Extension: XJZ Survey Remover - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\survey-remover@gmx.com.xpi [2013-05-04]FF Extension: Adblock Plus - C:\Users\Mr.Li\AppData\Roaming\Mozilla\Firefox\Profiles\er1zbp71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-09]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-31] Chrome: =======CHR StartupUrls: "https://www.google.com/"CHR DefaultSearchProvider: Google.comCHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04]CHR Extension: (Google Drive) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]CHR Extension: (YouTube) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]CHR Extension: (4chan X) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2014-06-18]CHR Extension: (Google Search) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-04]CHR Extension: (Dynamite) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoedchmhkmbnkggjnbachnpikkabfhk [2014-06-02]CHR Extension: (AdBlock) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-11]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-16]CHR Extension: (Google Wallet) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-25]CHR Extension: (4chan Plus) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-03-24]CHR Extension: (Gmail) - C:\Users\Mr.Li\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-05-04] ()R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [725208 2013-12-09] (VMware, Inc.)R2 vmware-view-usbd; C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2509016 2013-12-10] (VMware, Inc.)R2 wsnm; C:\Program Files\VMware\VMware Horizon View Client\wsnm.exe [486104 2014-01-21] (VMware, Inc.)S3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== S3 apf003; C:\Windows\system32\apf003.sys [13232 2014-01-31] () [File not signed]R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43736 2013-12-09] (VMware, Inc.)S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-01] ()S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [35288 2014-03-10] (The OpenVPN Project)R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-03-11] (Power Software Ltd)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35152 2014-07-02] ()S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2013-12-09] (VMware, Inc.)S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]S3 vtany; \??\C:\Windows\vtany.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]R3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]U3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 16:53 - 2014-07-02 16:53 - 00079623 _____ () C:\Users\Mr.Li\Downloads\Junction.zip2014-07-02 16:53 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\Windows\junction.exe2014-07-02 16:15 - 2014-07-02 16:16 - 00000000 ____D () C:\Users\Mr.Li\Desktop\REGEDIT2014-07-02 16:12 - 2014-07-02 16:12 - 00085504 _____ () C:\Users\Mr.Li\Downloads\Inherit.exe2014-07-02 15:00 - 2014-07-02 15:04 - 00000822 _____ () C:\Users\Mr.Li\Downloads\SystemLook.txt2014-07-02 15:00 - 2014-07-02 15:00 - 00139264 _____ () C:\Users\Mr.Li\Downloads\SystemLook.exe2014-07-02 13:58 - 2014-07-02 13:58 - 00426965 _____ () C:\Users\Mr.Li\Downloads\FAPCF ONE.rar2014-07-02 13:44 - 2014-07-02 13:44 - 00000000 ___SD () C:\ComboFix2014-07-02 13:43 - 2014-07-02 13:43 - 05212874 ____R (Swearware) C:\Users\Mr.Li\Downloads\ComboFix.exe2014-07-02 13:43 - 2014-07-02 13:43 - 00000071 _____ () C:\Users\Mr.Li\Desktop\ComboFix.exe.url2014-07-02 13:41 - 2014-07-02 13:41 - 00001701 _____ () C:\Users\Mr.Li\Downloads\fixlist.txt2014-07-02 12:22 - 2014-07-02 18:12 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-02 12:22 - 2014-07-02 12:22 - 04721240 _____ () C:\Users\Mr.Li\Desktop\RogueKiller.exe2014-07-02 12:22 - 2014-07-02 12:22 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-02 12:08 - 2014-07-02 18:33 - 00000000 ____D () C:\Users\Mr.Li\Desktop\FRST2014-07-01 21:48 - 2014-07-01 23:30 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform2014-07-01 21:48 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform-store2014-07-01 21:32 - 2014-07-02 13:58 - 00001792 _____ () C:\Users\Public\Desktop\FAPCF ONE.lnk2014-07-01 21:32 - 2014-07-02 13:58 - 00000000 ____D () C:\Windows\FAPCF2014-07-01 21:24 - 2014-07-01 21:25 - 00000000 ____D () C:\CFLog2014-07-01 21:15 - 2014-07-01 21:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-01 19:43 - 2014-07-01 21:04 - 00005964 _____ () C:\Windows\system32\.crusader2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-01 19:35 - 2014-07-01 19:45 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-01 19:02 - 2014-07-01 19:02 - 00000000 ____H () C:\Users\Mr.Li\Documents\Default.rdp2014-07-01 17:41 - 2014-07-01 17:41 - 00000000 ____D () C:\Program Files\Symform2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\Program Files\Magical Jelly Bean2014-07-01 10:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-07-01 10:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-07-01 10:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-07-01 10:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-07-01 10:51 - 2014-07-01 10:52 - 00000000 ____D () C:\Qoobox2014-07-01 10:51 - 2014-07-01 10:51 - 00000000 ____D () C:\Windows\erdnt2014-06-30 23:22 - 2013-01-04 00:46 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2014-06-30 23:01 - 2014-06-30 23:01 - 00000079 _____ () C:\Windows\wininit.ini2014-06-30 22:54 - 2014-06-30 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files2014-06-30 22:26 - 2014-07-02 12:07 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-06-30 22:26 - 2014-06-30 22:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard2014-06-30 21:27 - 2014-07-01 10:21 - 00416938 _____ () C:\Windows\PFRO.log2014-06-30 20:30 - 2014-06-30 23:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-30 18:17 - 2014-07-02 18:33 - 00000000 ____D () C:\FRST2014-06-30 18:15 - 2014-06-30 18:15 - 00008376 _____ () C:\Users\hijackthis.log2014-06-30 16:58 - 2014-07-02 12:03 - 00078388 _____ () C:\Windows\WindowsUpdate.log2014-06-30 16:55 - 2014-07-02 00:00 - 00001456 _____ () C:\Windows\setupact.log2014-06-30 16:55 - 2014-06-30 16:55 - 00000000 _____ () C:\Windows\setuperr.log2014-06-30 16:51 - 2014-06-30 16:51 - 00000000 ____H () C:\Windows\system32\Default.rdp2014-06-30 15:49 - 2014-06-01 17:18 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-21 22:59 - 2014-06-21 23:16 - 00000000 ____D () C:\Program Files\AudioSurf2014-06-19 21:49 - 2014-06-19 21:49 - 00000000 ____D () C:\Program Files\Z8Games2014-06-10 19:59 - 2014-06-10 19:59 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-06-07 18:33 - 2014-06-07 18:33 - 00007602 _____ () C:\Users\Mr.Li\AppData\Local\Resmon.ResmonCfg2014-06-07 12:31 - 2014-06-07 12:31 - 00000000 ____D () C:\Program Files\Common Files\InstallShield2014-06-05 20:41 - 2014-06-05 20:41 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\SniperV22014-06-05 20:00 - 2014-06-05 20:00 - 00000000 _____ () C:\dfu.log ==================== One Month Modified Files and Folders ======= 2014-07-02 18:33 - 2014-07-02 12:08 - 00000000 ____D () C:\Users\Mr.Li\Desktop\FRST2014-07-02 18:33 - 2014-06-30 18:17 - 00000000 ____D () C:\FRST2014-07-02 18:12 - 2014-07-02 12:22 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-02 18:03 - 2009-07-14 00:34 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-02 18:03 - 2009-07-14 00:34 - 00033664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-02 16:53 - 2014-07-02 16:53 - 00079623 _____ () C:\Users\Mr.Li\Downloads\Junction.zip2014-07-02 16:16 - 2014-07-02 16:15 - 00000000 ____D () C:\Users\Mr.Li\Desktop\REGEDIT2014-07-02 16:12 - 2014-07-02 16:12 - 00085504 _____ () C:\Users\Mr.Li\Downloads\Inherit.exe2014-07-02 15:04 - 2014-07-02 15:00 - 00000822 _____ () C:\Users\Mr.Li\Downloads\SystemLook.txt2014-07-02 15:00 - 2014-07-02 15:00 - 00139264 _____ () C:\Users\Mr.Li\Downloads\SystemLook.exe2014-07-02 14:42 - 2014-03-14 18:40 - 00000000 ____D () C:\Users\Mr.Li\Documents\Cross Fire2014-07-02 13:58 - 2014-07-02 13:58 - 00426965 _____ () C:\Users\Mr.Li\Downloads\FAPCF ONE.rar2014-07-02 13:58 - 2014-07-01 21:32 - 00001792 _____ () C:\Users\Public\Desktop\FAPCF ONE.lnk2014-07-02 13:58 - 2014-07-01 21:32 - 00000000 ____D () C:\Windows\FAPCF2014-07-02 13:58 - 2014-04-05 21:12 - 00000002 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2014-07-02 13:44 - 2014-07-02 13:44 - 00000000 ___SD () C:\ComboFix2014-07-02 13:43 - 2014-07-02 13:43 - 05212874 ____R (Swearware) C:\Users\Mr.Li\Downloads\ComboFix.exe2014-07-02 13:43 - 2014-07-02 13:43 - 00000071 _____ () C:\Users\Mr.Li\Desktop\ComboFix.exe.url2014-07-02 13:41 - 2014-07-02 13:41 - 00001701 _____ () C:\Users\Mr.Li\Downloads\fixlist.txt2014-07-02 13:33 - 2012-06-12 21:07 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\Microsoft Help2014-07-02 12:22 - 2014-07-02 12:22 - 04721240 _____ () C:\Users\Mr.Li\Desktop\RogueKiller.exe2014-07-02 12:22 - 2014-07-02 12:22 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-02 12:09 - 2013-08-15 21:21 - 00000000 ____D () C:\ProgramData\MFAData2014-07-02 12:07 - 2014-06-30 22:26 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-07-02 12:03 - 2014-06-30 16:58 - 00078388 _____ () C:\Windows\WindowsUpdate.log2014-07-02 12:03 - 2012-06-29 00:20 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Software Informer2014-07-02 12:03 - 2012-06-28 16:03 - 00000000 ____D () C:\Program Files\Steam2014-07-02 00:00 - 2014-06-30 16:55 - 00001456 _____ () C:\Windows\setupact.log2014-07-02 00:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-01 23:30 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform2014-07-01 21:48 - 2014-07-01 21:48 - 00000000 ___HD () C:\Users\Mr.Li\Documents\.symform-store2014-07-01 21:25 - 2014-07-01 21:24 - 00000000 ____D () C:\CFLog2014-07-01 21:19 - 2013-12-27 13:16 - 00000000 ____D () C:\Users\Mr.Li\Desktop\James2014-07-01 21:15 - 2014-07-01 21:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-07-01 21:04 - 2014-07-01 19:43 - 00005964 _____ () C:\Windows\system32\.crusader2014-07-01 19:45 - 2014-07-01 19:35 - 00000000 ____D () C:\ProgramData\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-07-01 19:36 - 2014-07-01 19:36 - 00000000 ____D () C:\Program Files\HitmanPro2014-07-01 19:02 - 2014-07-01 19:02 - 00000000 ____H () C:\Users\Mr.Li\Documents\Default.rdp2014-07-01 18:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_322014-07-01 17:41 - 2014-07-01 17:41 - 00000000 ____D () C:\Program Files\Symform2014-07-01 13:20 - 2012-06-29 00:51 - 00000000 ____D () C:\Users\Mr.Li\Documents\Tencent Files2014-07-01 12:36 - 2014-03-26 16:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder2014-07-01 12:21 - 2014-07-01 12:21 - 00000000 ____D () C:\Program Files\Magical Jelly Bean2014-07-01 10:52 - 2014-07-01 10:51 - 00000000 ____D () C:\Qoobox2014-07-01 10:51 - 2014-07-01 10:51 - 00000000 ____D () C:\Windows\erdnt2014-07-01 10:21 - 2014-06-30 21:27 - 00416938 _____ () C:\Windows\PFRO.log2014-07-01 10:21 - 2013-09-06 22:24 - 00000000 ____D () C:\ProgramData\AVAST Software2014-06-30 23:01 - 2014-06-30 23:01 - 00000079 _____ () C:\Windows\wininit.ini2014-06-30 23:01 - 2014-06-30 20:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-06-30 22:54 - 2014-06-30 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files2014-06-30 22:26 - 2014-06-30 22:26 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard2014-06-30 21:31 - 2009-07-14 00:53 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-06-30 21:24 - 2014-05-27 00:08 - 00000026 _____ () C:\Windows\Zone.Identifier2014-06-30 18:16 - 2014-02-16 01:55 - 00780436 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-30 18:15 - 2014-06-30 18:15 - 00008376 _____ () C:\Users\hijackthis.log2014-06-30 17:58 - 2014-05-04 15:48 - 00000000 ____D () C:\Users\Mr.Li\Desktop\New folder2014-06-30 17:31 - 2014-05-20 19:08 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-30 16:55 - 2014-06-30 16:55 - 00000000 _____ () C:\Windows\setuperr.log2014-06-30 16:52 - 2012-07-19 14:32 - 00000000 ____D () C:\Windows\Minidump2014-06-30 16:52 - 2012-06-11 20:16 - 00000000 ____D () C:\Windows\Panther2014-06-30 16:51 - 2014-06-30 16:51 - 00000000 ____H () C:\Windows\system32\Default.rdp2014-06-30 16:16 - 2013-06-29 15:32 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\Akamai2014-06-30 16:16 - 2013-05-26 18:35 - 00000000 ____D () C:\Users\Public\Documents\ppstream2014-06-30 16:16 - 2012-07-31 20:14 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\PPStream2014-06-30 16:16 - 2012-06-11 16:26 - 00000000 ____D () C:\Users\Mr.Li2014-06-30 16:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration2014-06-30 16:07 - 2013-08-28 13:19 - 00000000 ____D () C:\Users\Administrator2014-06-30 16:07 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp2014-06-30 14:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Offline Web Pages2014-06-25 00:02 - 2013-05-04 23:34 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\BitTorrent2014-06-22 22:56 - 2012-08-07 10:46 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Skype2014-06-22 14:49 - 2012-07-03 21:44 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-06-21 23:16 - 2014-06-21 22:59 - 00000000 ____D () C:\Program Files\AudioSurf2014-06-19 21:49 - 2014-06-19 21:49 - 00000000 ____D () C:\Program Files\Z8Games2014-06-19 20:35 - 2013-12-20 18:54 - 00003382 _____ () C:\console.log2014-06-19 20:04 - 2014-03-11 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games2014-06-19 17:02 - 2014-03-25 17:23 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared2014-06-19 17:02 - 2014-03-25 17:22 - 00000000 ____D () C:\ProgramData\DivX2014-06-18 13:28 - 2013-12-03 14:46 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-06-18 13:28 - 2013-12-03 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-06-13 20:22 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\.minecraft2014-06-10 19:59 - 2014-06-10 19:59 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-06-10 19:59 - 2012-08-07 10:46 - 00000000 ___RD () C:\Program Files\Skype2014-06-10 19:59 - 2012-08-07 10:46 - 00000000 ____D () C:\ProgramData\Skype2014-06-07 20:59 - 2013-06-29 16:33 - 00000000 ____D () C:\Windows\system32\directx2014-06-07 20:58 - 2013-06-29 16:33 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-06-07 20:53 - 2013-08-16 01:08 - 00000000 ____D () C:\Users\Mr.Li\Documents\My games2014-06-07 18:33 - 2014-06-07 18:33 - 00007602 _____ () C:\Users\Mr.Li\AppData\Local\Resmon.ResmonCfg2014-06-07 17:22 - 2013-08-24 17:53 - 00000000 ____D () C:\Users\Mr.Li\Documents\Nexus Mod Manager2014-06-07 12:35 - 2013-08-23 01:56 - 00000000 ____D () C:\Program Files\Bethesda Softworks2014-06-07 12:35 - 2012-06-13 12:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-06-07 12:31 - 2014-06-07 12:31 - 00000000 ____D () C:\Program Files\Common Files\InstallShield2014-06-05 20:41 - 2014-06-05 20:41 - 00000000 ____D () C:\Users\Mr.Li\AppData\Local\SniperV22014-06-05 20:24 - 2013-06-29 16:33 - 00000000 ____D () C:\Users\Mr.Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 _____ () C:\dfu.log2014-06-05 18:49 - 2013-06-29 16:26 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll[2014-06-30 23:22] - [2013-01-04 00:46] - 0850944 ____A (Microsoft Corporation) 424A0F3A5FA80C4B23116EC944FA64D3 C:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-29 01:12 ==================== End Of Log ============================