Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by dut (administrator) on DUT-KOMPUTER on 19-03-2014 13:02:53 Running from C:\Users\dut\Downloads\Programs Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.) Startup: C:\Users\dut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bvmqbib.lnk ShortcutTarget: bvmqbib.lnk -> C:\PROGRA~3\bibqmvb.cpp (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {E7F1BB3F-1CDF-4621-89DC-89F3F564A18C} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {E7F1BB3F-1CDF-4621-89DC-89F3F564A18C} URL = http://www.google.com/search?hl=pl&q={searchTerms} SearchScopes: HKCU - {F92A9602-F47A-44C5-B51F-C261DA10F4A0} URL = http://www.google.com/search?q={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.) S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] ==================== Drivers (Whitelisted) ==================== R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [56832 2007-12-17] (Atheros Communications, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-19 13:01 - 2014-03-19 13:02 - 00000000 ____D () C:\FRST 2014-03-19 10:13 - 2014-03-19 10:13 - 00020966 _____ () C:\ComboFix.txt 2014-03-19 09:57 - 2014-03-19 10:11 - 00000000 ____D () C:\Windows\erdnt 2014-03-18 07:51 - 2014-03-18 10:55 - 95027928 ____T () C:\ProgramData\bvmqbib.fee 2014-03-15 13:08 - 2014-03-15 13:08 - 00001641 _____ () C:\Users\dut\Desktop\LEGOEMMET — skrót.lnk 2014-03-15 13:08 - 2014-03-15 13:08 - 00000000 ____D () C:\Users\dut\AppData\Roaming\ttales 2014-03-15 13:08 - 2014-03-15 13:08 - 00000000 ____D () C:\ProgramData\Steam 2014-03-15 12:53 - 2014-03-18 08:27 - 00000000 ____D () C:\Program Files (x86)\The LEGO Movie - Videogame 2014-03-06 16:27 - 2014-03-06 16:27 - 00003066 _____ () C:\Windows\System32\Tasks\{1C9D9B74-70C5-44D4-A955-EBC77977A725} 2014-03-06 15:58 - 2014-03-06 15:58 - 00000000 ____D () C:\Users\dut\AppData\Roaming\pl.juka.Juka 2014-02-28 20:03 - 2014-03-18 08:27 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2014-02-28 20:03 - 2014-02-28 20:03 - 00000911 _____ () C:\Users\Public\Desktop\e-Deklaracje.lnk 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\dut\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\dut\AppData\Roaming\e-Deklaracje 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-02-28 17:25 - 2014-02-28 17:25 - 00000000 ____D () C:\Users\dut\AppData\Local\SKIDROW 2014-02-28 17:21 - 2014-03-18 08:22 - 00000000 ____D () C:\Users\dut\Documents\Assetto Corsa 2014-02-28 17:14 - 2014-03-18 08:27 - 00000000 ____D () C:\Program Files (x86)\Kunos Simulazioni 2014-02-28 16:38 - 2014-03-18 08:22 - 00000000 ____D () C:\Users\dut\Desktop\Nowy folder (3) 2014-02-24 12:16 - 2014-02-24 12:16 - 00000701 _____ () C:\dut — skrót.lnk 2014-02-24 12:01 - 2014-02-24 12:01 - 00717080 _____ () C:\Windows\unins000.exe 2014-02-24 11:39 - 2014-03-18 08:22 - 00000000 ____D () C:\Users\dut\Desktop\aparat 2014-02-22 17:44 - 2014-03-18 08:22 - 00000000 ____D () C:\Users\dut\AppData\Roaming\Patcher 2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2014-02-22 10:55 - 2014-03-18 08:22 - 00000000 ____D () C:\Windows\WindowsMobile 2014-02-22 07:59 - 2014-02-24 12:01 - 01635560 _____ () C:\Windows\unins000.dat ==================== One Month Modified Files and Folders ======= 2014-03-19 13:02 - 2014-03-19 13:01 - 00000000 ____D () C:\FRST 2014-03-19 12:49 - 2013-10-07 08:57 - 01820345 _____ () C:\Windows\WindowsUpdate.log 2014-03-19 12:48 - 2009-07-14 05:51 - 00214748 _____ () C:\Windows\setupact.log 2014-03-19 12:47 - 2013-10-14 13:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-19 12:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 10:22 - 2013-10-07 11:59 - 00223982 _____ () C:\Windows\PFRO.log 2014-03-19 10:21 - 2013-10-07 11:08 - 00000000 ____D () C:\Users\dut\AppData\Roaming\DMCache 2014-03-19 10:13 - 2014-03-19 10:13 - 00020966 _____ () C:\ComboFix.txt 2014-03-19 10:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-03-19 10:11 - 2014-03-19 09:57 - 00000000 ____D () C:\Windows\erdnt 2014-03-19 10:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-18 10:55 - 2014-03-18 07:51 - 95027928 ____T () C:\ProgramData\bvmqbib.fee 2014-03-18 09:51 - 2013-10-07 09:00 - 00000000 ____D () C:\Recovery 2014-03-18 09:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery 2014-03-18 08:27 - 2014-03-15 12:53 - 00000000 ____D () C:\Program Files (x86)\The LEGO Movie - Videogame 2014-03-18 08:27 - 2014-02-28 20:03 - 00000000 ____D () C:\Program Files (x86)\e-Deklaracje 2014-03-18 08:27 - 2014-02-28 17:14 - 00000000 ____D () C:\Program Files (x86)\Kunos Simulazioni 2014-03-18 08:27 - 2013-10-09 14:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-18 08:22 - 2014-02-28 17:21 - 00000000 ____D () C:\Users\dut\Documents\Assetto Corsa 2014-03-18 08:22 - 2014-02-28 16:38 - 00000000 ____D () C:\Users\dut\Desktop\Nowy folder (3) 2014-03-18 08:22 - 2014-02-24 11:39 - 00000000 ____D () C:\Users\dut\Desktop\aparat 2014-03-18 08:22 - 2014-02-22 17:44 - 00000000 ____D () C:\Users\dut\AppData\Roaming\Patcher 2014-03-18 08:22 - 2014-02-22 10:55 - 00000000 ____D () C:\Windows\WindowsMobile 2014-03-18 08:22 - 2013-10-07 09:01 - 00000000 ___RD () C:\Users\dut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-18 08:22 - 2013-10-07 09:00 - 00000000 ____D () C:\Users\dut 2014-03-17 09:13 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 09:13 - 2009-07-14 05:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-15 13:08 - 2014-03-15 13:08 - 00001641 _____ () C:\Users\dut\Desktop\LEGOEMMET — skrót.lnk 2014-03-15 13:08 - 2014-03-15 13:08 - 00000000 ____D () C:\Users\dut\AppData\Roaming\ttales 2014-03-15 13:08 - 2014-03-15 13:08 - 00000000 ____D () C:\ProgramData\Steam 2014-03-15 10:36 - 2013-11-26 08:55 - 00000000 ____D () C:\Users\dut\Downloads\Compressed 2014-03-06 19:39 - 2013-12-11 19:45 - 00000000 ___RD () C:\Users\dut\Desktop\aga 2014-03-06 16:27 - 2014-03-06 16:27 - 00003066 _____ () C:\Windows\System32\Tasks\{1C9D9B74-70C5-44D4-A955-EBC77977A725} 2014-03-06 15:58 - 2014-03-06 15:58 - 00000000 ____D () C:\Users\dut\AppData\Roaming\pl.juka.Juka 2014-03-05 17:49 - 2013-11-23 10:09 - 00000000 ____D () C:\Users\dut\AppData\Roaming\.minecraft 2014-03-05 16:21 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-04 13:09 - 2013-10-07 11:08 - 00000000 ____D () C:\Users\dut\Downloads\Video 2014-03-01 09:01 - 2013-10-25 19:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-01 08:58 - 2013-10-12 17:53 - 00105346 _____ () C:\Windows\DirectX.log 2014-02-28 20:03 - 2014-02-28 20:03 - 00000911 _____ () C:\Users\Public\Desktop\e-Deklaracje.lnk 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\dut\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\dut\AppData\Roaming\e-Deklaracje 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-02-28 20:03 - 2014-02-28 20:03 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-02-28 20:03 - 2013-10-15 12:11 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-28 20:03 - 2013-10-08 12:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-02-28 20:00 - 2013-10-07 10:05 - 00000000 ____D () C:\Users\dut\AppData\Local\Adobe 2014-02-28 17:32 - 2013-10-12 17:50 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-02-28 17:32 - 2013-10-12 17:50 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-02-28 17:25 - 2014-02-28 17:25 - 00000000 ____D () C:\Users\dut\AppData\Local\SKIDROW 2014-02-24 13:55 - 2009-07-14 18:55 - 00740422 _____ () C:\Windows\system32\perfh015.dat 2014-02-24 13:55 - 2009-07-14 18:55 - 00155996 _____ () C:\Windows\system32\perfc015.dat 2014-02-24 13:55 - 2009-07-14 06:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-24 12:16 - 2014-02-24 12:16 - 00000701 _____ () C:\dut — skrót.lnk 2014-02-24 12:01 - 2014-02-24 12:01 - 00717080 _____ () C:\Windows\unins000.exe 2014-02-24 12:01 - 2014-02-22 07:59 - 01635560 _____ () C:\Windows\unins000.dat 2014-02-24 11:29 - 2013-10-07 10:16 - 00000000 ____D () C:\Users\dut\Desktop\dut 2014-02-23 15:38 - 2013-10-26 18:01 - 00000000 ____D () C:\Users\dut\AppData\Roaming\Skype 2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2014-02-20 12:11 - 2013-11-26 08:55 - 00000000 ____D () C:\Users\dut\AppData\Roaming\IDM Files to move or delete: ==================== C:\ProgramData\bvmqbib.fee ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-20 10:47 ==================== End Of Log ============================