Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015 Ran by martyna (administrator) on MARTYNA1 on 27-06-2015 15:03:03 Running from C:\Users\martyna\Downloads Loaded Profiles: martyna (Available Profiles: martyna) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe () C:\Program Files\ChromeEnhancer\ChromeEnhancer.exe (The Privoxy team - www.privoxy.org) C:\Program Files\Alfasistem Memory\privoxy.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\ChromeEnhancer\ChromeEnhancerMonitor32.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe () C:\Users\martyna\AppData\Local\Temp\GPUpd558DA9730.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe (Microsoft Corporation) C:\Windows\System32\osk.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [467304 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-11-30] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1586472 2009-10-15] (Synaptics Incorporated) HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [BService] => C:\Program Files\Bench\BService\1.1\bservice.exe HKLM\...\Run: [Wd] => C:\Program Files\Bench\Wd\wd.exe HKLM\...\Run: [Bench Communicator Watcher] => C:\Program Files\Bench\Proxy\pwdg.exe HKLM\...\Run: [Bench Settings Cleaner] => C:\Program Files\Bench\Proxy\cl.exe HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-1578190112-648321355-4129859527-1000\...\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe [14276784 2013-12-31] (www.BitComet.com) HKU\S-1-5-21-1578190112-648321355-4129859527-1000\...\Run: [SpeedTray] => C:\Users\martyna\AppData\Roaming\SpeedTray\speedtray.exe [725518 2014-12-15] () HKU\S-1-5-21-1578190112-648321355-4129859527-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-26] (Adobe Systems Incorporated) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1578190112-648321355-4129859527-1000] => Internet Explorer proxy is enabled ProxyServer: [S-1-5-21-1578190112-648321355-4129859527-1000] => 127.0.0.1:8118 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT&q={searchTerms} HKU\S-1-5-21-1578190112-648321355-4129859527-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1420144967&from=wpm12233&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT&q={searchTerms} HKU\S-1-5-21-1578190112-648321355-4129859527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT HKU\S-1-5-21-1578190112-648321355-4129859527-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1420187640&from=irs&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT HKU\S-1-5-21-1578190112-648321355-4129859527-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1420144967&from=wpm12233&uid=TOSHIBAXMK2555GSX_798BP8QVTXX798BP8QVT&q={searchTerms} SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421734934&from=zbd1&uid=toshibaxmk2555gsx_798bp8qvtxx798bp8qvt&q={searchTerms} SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421734934&from=zbd1&uid=toshibaxmk2555gsx_798bp8qvtxx798bp8qvt&q={searchTerms} SearchScopes: HKU\S-1-5-21-1578190112-648321355-4129859527-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=ds&ts=1421734934&from=zbd1&uid=toshibaxmk2555gsx_798bp8qvtxx798bp8qvt&q={searchTerms} SearchScopes: HKU\S-1-5-21-1578190112-648321355-4129859527-1000 -> {4d996d34-c590-467a-8db3-4d63b68df3f1} URL = http://www.searchshock.com/search.html?&q={searchTerms}&cid=3975 BHO: Browser Warden BHO -> {2C09954F-CDA8-4BD1-8794-1D543E050378} -> C:\Program Files\Browser Warden\FrameworkBHO.dll [2014-11-03] () BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files\Alfasistem Memory\amie.dll [2015-05-29] (SecureSoft) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: pio FF Homepage: https://search.protectedio.com/?u=81031a34-9815-ec46-cf0c-28da2455aed5&c=p1&s=hp&inst=1432539379 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] () FF user.js: detected! => C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\user.js [2015-01-09] FF SearchPlugin: C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\searchplugins\SearchShock.xml [2014-08-18] FF SearchPlugin: C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\searchplugins\V9.xml [2015-05-25] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pio.xml [2015-06-26] FF Extension: Security Protection - C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\Extensions\detgdp@gmail.com [2015-01-01] FF Extension: Fast Start - C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\Extensions\faststartff@gmail.com [2014-09-19] FF Extension: BitComet Video Downloader - C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-09-12] FF Extension: Firefox Helper Tool - C:\Program Files\Mozilla Firefox\distribution\bundles\ba5dffa143e58729b135bc7a2e69f729 [2015-04-28] FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\d9791abb5cfd9e3fba39b774236bf829 [2015-04-28] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\extensions\faststartff@gmail.com FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\martyna\AppData\Roaming\Mozilla\Firefox\Profiles\5h597rcm.default\extensions\detgdp@gmail.com ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-27] (TOSHIBA CORPORATION) R2 ChromeEnhancer; C:\Program Files\ChromeEnhancer\ChromeEnhancer.exe [44544 2015-01-29] () [File not signed] <==== ATTENTION R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-19] (Cherished Technololgy LIMITED) R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda) R2 PrivoxyService; C:\Program Files\Alfasistem Memory\privoxy.exe [371200 2015-05-29] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-09-28] (TOSHIBA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-07-11] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1242112 2014-07-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation ) R1 {31a2f244-4a67-4367-b593-df9513aea360}Gw; C:\Windows\System32\drivers\{31a2f244-4a67-4367-b593-df9513aea360}Gw.sys [52824 2014-08-09] (StdLib) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 15:03 - 2015-06-27 15:03 - 00014557 _____ C:\Users\martyna\Downloads\FRST.txt 2015-06-27 15:02 - 2015-06-27 15:03 - 00000000 ____D C:\FRST 2015-06-27 15:02 - 2015-06-27 15:02 - 01636352 _____ (Farbar) C:\Users\martyna\Downloads\FRST.exe 2015-06-27 15:02 - 2015-06-27 15:02 - 00380416 _____ C:\Users\martyna\Downloads\dwmpqj28.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 14:51 - 2009-07-14 06:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-27 14:51 - 2009-07-14 06:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-27 14:12 - 2014-08-17 14:16 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-27 13:49 - 2014-10-02 08:07 - 00000336 _____ C:\Windows\Tasks\bench-S-1-5-21-1578190112-648321355-4129859527-1000.job 2015-06-27 09:31 - 2014-09-20 09:31 - 00070144 _____ C:\Windows\system32\tasks.dll 2015-06-26 22:12 - 2014-08-17 14:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-26 22:12 - 2014-08-17 14:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-26 21:32 - 2014-09-12 20:02 - 00000000 ____D C:\Users\martyna\AppData\Roaming\BitComet 2015-06-26 21:26 - 2014-08-12 00:04 - 00926336 _____ C:\Windows\WindowsUpdate.log 2015-06-26 21:23 - 2014-07-11 20:27 - 00101460 _____ C:\Windows\setupact.log 2015-06-26 21:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-05-29 09:33 - 2015-05-05 09:33 - 00000000 ____D C:\Program Files\Alfasistem Memory ==================== Files in the root of some directories ======= 2015-04-20 19:47 - 2015-04-20 19:47 - 0009662 _____ () C:\Users\martyna\AppData\Roaming\em_64x64.ico 2014-10-02 08:07 - 2015-01-10 05:24 - 0000003 _____ () C:\Users\martyna\AppData\Local\proxy.log Some files in TEMP: ==================== C:\Users\martyna\AppData\Local\Temp\7675_.exe C:\Users\martyna\AppData\Local\Temp\amisetup2841__7675.exe C:\Users\martyna\AppData\Local\Temp\amisetup4795__7675.exe C:\Users\martyna\AppData\Local\Temp\amisetup5430__7675.exe C:\Users\martyna\AppData\Local\Temp\amisetup9894__7675.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54A657C71.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54A657CB2.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54A7A9481.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54A8FAC81.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54AA4C481.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54AB9DC71.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54ACEF481.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54AE40C81.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54AF92481.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B0E3C91.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B235481.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B386C71.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B4D8471.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B629C81.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B629CA2.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54B77B471.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54C9F0480.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54CC93480.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54CC93491.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54CDE4C70.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54CF36480.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54D103060.exe C:\Users\martyna\AppData\Local\Temp\GPUpd54D1D9640.exe C:\Users\martyna\AppData\Local\Temp\GPUpd55353B970.exe C:\Users\martyna\AppData\Local\Temp\GPUpd55353BA43.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554089380.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554872380.exe C:\Users\martyna\AppData\Local\Temp\GPUpd5549C3B70.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554B15370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554C66B70.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554E19BA0.exe C:\Users\martyna\AppData\Local\Temp\GPUpd554F8E1C0.exe C:\Users\martyna\AppData\Local\Temp\GPUpd55505B370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd5552FE370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd55544FB70.exe C:\Users\martyna\AppData\Local\Temp\GPUpd5555A1370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd5556F2B80.exe C:\Users\martyna\AppData\Local\Temp\GPUpd555995B80.exe C:\Users\martyna\AppData\Local\Temp\GPUpd555AE7370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd555C38B70.exe C:\Users\martyna\AppData\Local\Temp\GPUpd5562D0380.exe C:\Users\martyna\AppData\Local\Temp\GPUpd556816370.exe C:\Users\martyna\AppData\Local\Temp\GPUpd558DA9730.exe C:\Users\martyna\AppData\Local\Temp\hp_238583.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-26 22:03 ==================== End of log ============================