Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01 Ran by Mariusz at 2014-12-07 16:28:09 Running from C:\Users\Mariusz\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.240 - Adobe Systems Incorporated) AntiLogger Free version 1.8.2.24 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.24 - Zemana Ltd.) ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS) ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS) blueconnect (HKLM-x32\...\blueconnect) (Version: 11.302.09.27.49 - Huawei Technologies Co.,Ltd) GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.30 - SecureMix LLC) Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0a1 - Mozilla) Nightly 37.0a1 (x64 en-US) (HKLM\...\Nightly 37.0a1 (x64 en-US)) (Version: 37.0a1 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation) Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com) WinDirStat 1.1.2 (HKU\S-1-5-21-2376877967-2081922626-2068000606-1000\...\WinDirStat) (Version: - ) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 25-11-2014 13:02:47 Installed ATK Hotkey 25-11-2014 13:03:49 Installed ATK Media 25-11-2014 13:04:11 Installed ATK Generic Function Service 25-11-2014 14:14:44 Windows Update 25-11-2014 14:21:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 25-11-2014 18:38:24 Windows Update 06-12-2014 16:44:12 ComboFix created restore point 06-12-2014 17:32:47 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-07 11:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {5416E9A3-BFE1-4B01-B72E-CDDC8273B985} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) Task: {5F15C5AF-A49F-48EE-A1FA-065B987DCB0B} - System32\Tasks\{2D260A41-672B-4825-A0E0-73DE8597A013} => c:\program files (x86)\opera\launcher.exe [2014-11-25] (Opera Software) Task: {B642009A-2D27-4045-800A-14401979BC9D} - System32\Tasks\Opera scheduled Autoupdate 1416921688 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software) ==================== Loaded Modules (whitelisted) ============= 2014-11-25 13:58 - 2011-05-05 15:13 - 00120160 _____ () C:\Program Files (x86)\blueconnect\blueconnect.exe 2014-12-06 21:11 - 2014-12-06 21:11 - 23043248 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll 2014-11-25 13:58 - 2011-03-26 16:59 - 00020320 _____ () C:\Program Files (x86)\blueconnect\isaputrace.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00128352 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\NetInfoPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00095584 _____ () C:\Program Files (x86)\blueconnect\DialUpPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:53 - 00071008 _____ () C:\Program Files (x86)\blueconnect\ConfigFilePlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 01025376 _____ () C:\Program Files (x86)\blueconnect\NDISAPI.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00161120 _____ () C:\Program Files (x86)\blueconnect\DetectDev.dll 2014-11-25 13:58 - 2011-03-26 16:53 - 00566624 _____ () C:\Program Files (x86)\blueconnect\atcomm.dll 2014-11-25 13:58 - 2011-03-26 16:56 - 00066912 _____ () C:\Program Files (x86)\blueconnect\XCodec.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00066912 _____ () C:\Program Files (x86)\blueconnect\DeviceOperate.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00144736 _____ () C:\Program Files (x86)\blueconnect\LocaleMgrPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00038240 _____ () C:\Program Files (x86)\blueconnect\NotifyServicePlugin.dll 2014-11-25 13:58 - 2011-03-26 16:58 - 00095584 _____ () C:\Program Files (x86)\blueconnect\FileManager.dll 2014-11-25 13:58 - 2011-03-26 16:55 - 00165216 _____ () C:\Program Files (x86)\blueconnect\SMSPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:54 - 00243040 _____ () C:\Program Files (x86)\blueconnect\DeviceMgrUIPlugin.dll 2014-11-25 13:58 - 2011-03-26 16:56 - 00071008 _____ () C:\Program Files (x86)\blueconnect\SpeedManagerPlugin.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00893224 _____ () C:\Program Files (x86)\GlassWire\platforms\qwindows.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00030504 _____ () C:\Program Files (x86)\GlassWire\imageformats\qico.dll 2014-11-06 08:08 - 2014-11-06 08:08 - 00248104 _____ () C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASLDRService => 2 MSCONFIG\Services: HWDeviceService64.exe => 2 MSCONFIG\Services: MbaeSvc => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: Secunia PSI Agent => 3 MSCONFIG\Services: Secunia Update Agent => 2 MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HW_OPENEYE_OUC_blueconnect => "C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe" MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot MSCONFIG\startupreg: ZALFree => "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED ========================= Accounts: ========================== Administrator (S-1-5-21-2376877967-2081922626-2068000606-500 - Administrator - Disabled) Gość (S-1-5-21-2376877967-2081922626-2068000606-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2376877967-2081922626-2068000606-1002 - Limited - Enabled) Mariusz (S-1-5-21-2376877967-2081922626-2068000606-1000 - Administrator - Enabled) => C:\Users\Mariusz ==================== Faulty Device Manager Devices ============= Name: Urządzenie pamięci masowej USB Description: Urządzenie pamięci masowej USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Zgodne urządzenie magazynujące USB Service: USBSTOR Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38) Resolution: The driver could not be loaded because a previous instance is still loaded. Restart the computer. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Zewnętrzne urządzenie Bluetooth Description: Zewnętrzne urządzenie Bluetooth Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Urządzenie pamięci masowej USB Description: Urządzenie pamięci masowej USB Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Zgodne urządzenie magazynujące USB Service: USBSTOR Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38) Resolution: The driver could not be loaded because a previous instance is still loaded. Restart the computer. ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program windirstat.exe w wersji 1.1.2.80 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 304 Godzina rozpoczęcia: 01d011fc5c5a096f Godzina zakończenia: 16 Ścieżka aplikacji: C:\Program Files (x86)\WinDirStat\windirstat.exe Identyfikator raportu: ba294275-7def-11e4-9e97-002243c190ce Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa Nazwa modułu powodującego błąd: RootkitRevealer.exe, wersja: 1.71.0.0, sygnatura czasowa: 0x44e255aa Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000040cd Identyfikator procesu powodującego błąd: 0x63c Godzina uruchomienia aplikacji powodującej błąd: 0xRootkitRevealer.exe0 Ścieżka aplikacji powodującej błąd: RootkitRevealer.exe1 Ścieżka modułu powodującego błąd: RootkitRevealer.exe2 Identyfikator raportu: RootkitRevealer.exe3 Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Windows Surface Scanner.exe, wersja: 1.0.0.1, sygnatura czasowa: 0x4c113abb Nazwa modułu powodującego błąd: msvcrt.dll, wersja: 7.0.7600.16385, sygnatura czasowa: 0x4a5bda6f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000d193 Identyfikator procesu powodującego błąd: 0xca0 Godzina uruchomienia aplikacji powodującej błąd: 0xWindows Surface Scanner.exe0 Ścieżka aplikacji powodującej błąd: Windows Surface Scanner.exe1 Ścieżka modułu powodującego błąd: Windows Surface Scanner.exe2 Identyfikator raportu: Windows Surface Scanner.exe3 Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program NOTEPAD.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: dec Godzina rozpoczęcia: 01d0117dc7c2d407 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Windows\system32\NOTEPAD.EXE Identyfikator raportu: 0f7f3df2-7d71-11e4-8e19-002243c190ce Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/07/2014 02:09:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/07/2014 11:53:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (12/07/2014 11:52:03 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (12/07/2014 11:50:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (12/07/2014 11:37:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/07/2014 11:05:58 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 11:05:00 na ‎2014-‎12-‎07 było nieoczekiwane. Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (12/07/2014 11:02:29 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (12/07/2014 11:02:25 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (12/07/2014 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (12/07/2014 10:02:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: windirstat.exe1.1.2.8030401d011fc5c5a096f16C:\Program Files (x86)\WinDirStat\windirstat.exeba294275-7def-11e4-9e97-002243c190ce Error: (12/07/2014 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd63c01d011fb779e2ffdC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeC:\Users\Mariusz\AppData\Local\Temp\HBCD\RootkitRevealer.exeb67446df-7dee-11e4-9e97-002243c190ce Error: (12/07/2014 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Windows Surface Scanner.exe1.0.0.14c113abbmsvcrt.dll7.0.7600.163854a5bda6fc00000050000d193ca001d011f3cf84e1c4C:\Users\Mariusz\Desktop\WindowsSurfaceScanner\Windows Surface Scanner.exeC:\Windows\syswow64\msvcrt.dll1f6d9198-7de7-11e4-860a-002243c190ce Error: (12/06/2014 06:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: NOTEPAD.EXE6.1.7600.16385dec01d0117dc7c2d4070C:\Windows\system32\NOTEPAD.EXE0f7f3df2-7d71-11e4-8e19-002243c190ce Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 06:13:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:36:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (12/06/2014 05:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2014 05:09:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-12-07 11:52:03.026 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-07 11:52:03.011 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz Percentage of memory in use: 55% Total physical RAM: 4095.11 MB Available physical RAM: 1820.72 MB Total Pagefile: 8188.43 MB Available Pagefile: 5691.99 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:443.62 GB) NTFS Drive d: (HBCD152) (CDROM) (Total:2.77 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00059748) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================