Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014 Ran by Jakub at 2014-12-10 14:23:43 Running from C:\Users\Jakub\logi Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - ) µTorrent (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Betfair.com Poker (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\Betfair.com Poker) (Version: - ) Betsson Poker by Microgaming (HKLM-x32\...\betssonpoker (Poker)) (Version: 16.6.2.11243 - ) BingoCabin (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\BingoCabin) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{16B9E87F-260D-4FA9-B3ED-7049655C2E31}) (Version: 1.33.0 - Kovid Goyal) Casino Classic (HKLM-x32\...\casinoclassic) (Version: 16.10.2.1587 - ) Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version: - ) Classic Casino (HKLM-x32\...\{D0EAA1D3-6ED7-465F-90A5-8CFDEDD59BFD}) (Version: 1.00.0000 - ClassicCasino) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Dafa Poker (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\Dafa Poker) (Version: - ) Divinity - Grzech Pierworodny wersja 1.0.0.0 (HKLM-x32\...\Divinity - Grzech Pierworodny_is1) (Version: 1.0.0.0 - HydeFromT70s) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Football Manager 2008 (HKLM-x32\...\Football Manager 2008) (Version: 8.0.0.0 - Sports Interactive) Football Manager 2012 (HKLM-x32\...\Football Manager 2012_is1) (Version: - ) Football Manager 2014 (HKLM-x32\...\Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1) (Version: 1 - ) Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden GameDesire-Pool & Snooker (HKLM-x32\...\GameDesire-Pool & Snooker) (Version: - ) Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge) GG (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\GG) (Version: 12 - GG Network S.A.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG) Heroes III Armageddon's Blade (HKLM-x32\...\Heroes III Armageddon's Blade) (Version: - ) Heroes III The Restoration of Erathia (HKLM-x32\...\Heroes III The Restoration of Erathia) (Version: - ) Heroes III The Shadow of Death (HKLM-x32\...\Heroes III The Shadow of Death) (Version: - ) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{B6A04A05-23B7-4506-A3AA-98AA2D7DA0ED}) (Version: 4.2.8.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation) ipla 2.8.4 (HKLM-x32\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.) K-Lite Codec Pack 9.8.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - ) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotoConnect (HKLM-x32\...\{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}) (Version: 1.1.25 - Motorola) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 33.1.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 pl)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden NapiProjekt 2.0.0 (build 2151) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - ) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation) Odkurzacz (HKLM-x32\...\Odkurzacz 13.4_is1) (Version: 13.4.0.1685 - FranmoSoftware - Maciej Opaliński) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden OpenFM (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\OpenFM) (Version: 2 - GG Network S.A.) Opera Stable 26.0.1656.32 (HKLM-x32\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Paper Galeria® v4.2.0.1 (HKLM-x32\...\Paper Galeria® v4.2_is1) (Version: - ) partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Poker 770 (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\Poker 770) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Nazwa firmy) Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink) Ravia.eu (HKLM-x32\...\Ravia.eu) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Restaurant Empire (HKLM-x32\...\{9C0A9803-4592-11D7-B796-0050BFE4DB80}) (Version: - ) Restaurant Empire 2 (HKLM-x32\...\{80CD98CB-995A-4524-826B-D03B331FF12A}) (Version: 100 - Enlight) Royal Quest (HKLM-x32\...\{DF3F2F7F-FE61-4BEB-B7DB-BF2D3071431E}) (Version: 1.0.0.0 - Cenega Poland Sp. z o.o.) Runes of Magic (HKLM-x32\...\{F57FBE91-C48B-4A86-91C8-A9C3D744E459}_is1) (Version: 6.1.0.2710 - Gameforge Productions GmbH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.) SopCast 3.9.3 (HKLM-x32\...\SopCast) (Version: 3.9.3 - www.sopcast.com) Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Walking Dead (HKLM-x32\...\The Walking Dead_is1) (Version: The Walking Dead - ) Treasure Island Jackpots (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\{0CF1AA97-47BC-41D8-B8DF-EE79C86B1573}) (Version: - ) Tropico 4 1.00 (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\Tropico 4) (Version: 1.00 - Kalypso Media) Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version: - ) William Hill Poker (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\William Hill Poker) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Winner Poker (HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\winnerpoker) (Version: - ) WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wrzuta Media Downloader (HKLM-x32\...\WrzutaMediaDownloader) (Version: - Dragonshorn Studios) WSC Real 09 (HKLM-x32\...\{51AA8C3F-B316-44A8-B371-4BB6047E45DF}) (Version: 1.00.0000 - Blade Interactive Studios) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Jakub\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-632503941-784987641-2221626834-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 03-11-2014 05:15:32 Zaplanowany punkt kontrolny 10-11-2014 11:59:58 Zaplanowany punkt kontrolny 12-11-2014 19:22:32 ComboFix created restore point 15-11-2014 12:41:24 Installed SpyHunter 30-11-2014 21:11:31 Usunięte Gothic III 04-12-2014 05:26:06 Installed WSC Real 09. 10-12-2014 09:21:52 Removed Java 7 Update 55 (64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2014-11-12 20:44 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02AA3941-D92B-49CF-A812-73A3B733CEC5} - System32\Tasks\Odkurzacz => C:\Program Files (x86)\Odkurzacz\odkurzacz.exe [2013-09-21] (FranmoSoftware) Task: {1CCFC47A-0493-4942-9D75-BAEDE601B54E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink) Task: {20C8FDE9-E0AD-4D5A-A296-307F723D7809} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {247A1929-4DE0-4DD4-9F0F-704D1810A236} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3CEDD7B6-FDAA-464E-937C-52AD099DC0B5} - System32\Tasks\Opera scheduled Autoupdate 1391860249 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-25] (Opera Software) Task: {48EE84E1-FA5D-4553-B6F6-08071513EB3B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {4967C2BC-46F1-4984-A11F-BB1378502FB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {70763493-6C40-45E6-8B76-AC989A1E1A59} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {717E1CB2-0760-4C31-AF95-32BEC44869BB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-25] (Synaptics Incorporated) Task: {71D8A597-3CB5-441C-A7B2-33CBC3C609E7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {72680864-9CC3-472A-8839-181BA2AA13FF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: {85685BCF-918C-4EE9-A43C-F42FF910B4BF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {9AC02159-BB84-45FF-80EC-FF32E603381E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {A3D4D193-8FF8-491A-9706-788DB92CF9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {BB574B8C-6810-4A42-AA53-92ACCD4DF9BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632503941-784987641-2221626834-1001UA => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-22] (Facebook Inc.) Task: {D6412550-D902-4599-BEFD-8E957E639B18} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {E99CD04D-3AA7-40D6-853C-6A801D2EDBC2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632503941-784987641-2221626834-1001Core => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-22] (Facebook Inc.) Task: {FC07761B-4F12-4C64-AB1C-FB5BB6EC9B12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632503941-784987641-2221626834-1001Core.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632503941-784987641-2221626834-1001UA.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-25 14:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2013-03-21 12:22 - 2013-03-21 12:22 - 00120224 _____ () C:\Users\Jakub\AppData\Local\assembly\dl3\T8Z593VR.0L6\NVQTO5MT.771\0f566697\004b58b8_95a8cd01\HPItunesModule.DLL 2014-12-08 02:11 - 2014-11-25 10:57 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\opera_crashreporter.exe 2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll 2012-09-24 14:27 - 2012-09-24 14:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll 2012-05-02 17:28 - 2012-05-02 17:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll 2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll 2013-08-19 08:09 - 2013-08-19 08:09 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll 2012-12-24 11:34 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-05-01 22:51 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll 2014-12-08 02:11 - 2014-11-25 10:57 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\message_center_win8.dll 2014-12-08 02:11 - 2014-11-25 10:57 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\libglesv2.dll 2014-12-08 02:11 - 2014-11-25 10:57 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\libegl.dll 2014-12-08 02:11 - 2014-11-25 10:57 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\pdf.dll 2014-12-08 02:11 - 2014-11-25 10:57 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.32\ffmpegsumo.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKU\S-1-5-21-632503941-784987641-2221626834-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ========================= Accounts: ========================== Administrator (S-1-5-21-632503941-784987641-2221626834-500 - Administrator - Disabled) Gość (S-1-5-21-632503941-784987641-2221626834-501 - Limited - Disabled) Jakub (S-1-5-21-632503941-784987641-2221626834-1001 - Administrator - Enabled) => C:\Users\Jakub ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Nokia 5230 Zdalne sterowanie audio/wideo urządzenia HID Description: Zdalne sterowanie audio/wideo urządzenia Bluetooth HID Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: BthAvrcpTg Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2014 01:03:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: fm.exe, wersja: 15.1.3.0, sygnatura czasowa: 0x545f6b97 Nazwa modułu powodującego błąd: fm.exe, wersja: 15.1.3.0, sygnatura czasowa: 0x545f6b97 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00e7fd96 Identyfikator procesu powodującego błąd: 0x12d8 Godzina uruchomienia aplikacji powodującej błąd: 0xfm.exe0 Ścieżka aplikacji powodującej błąd: fm.exe1 Ścieżka modułu powodującego błąd: fm.exe2 Identyfikator raportu: fm.exe3 Pełna nazwa pakietu powodującego błąd: fm.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: fm.exe5 Error: (12/10/2014 10:54:56 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (12/10/2014 10:41:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: BlueSoleilCS.exe, wersja: 9.0.723.0, sygnatura czasowa: 0x5062b290 Nazwa modułu powodującego błąd: tl_filter.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x505fc6a9 Kod wyjątku: 0xc0000094 Przesunięcie błędu: 0x0000d53d Identyfikator procesu powodującego błąd: 0xc3c Godzina uruchomienia aplikacji powodującej błąd: 0xBlueSoleilCS.exe0 Ścieżka aplikacji powodującej błąd: BlueSoleilCS.exe1 Ścieżka modułu powodującego błąd: BlueSoleilCS.exe2 Identyfikator raportu: BlueSoleilCS.exe3 Pełna nazwa pakietu powodującego błąd: BlueSoleilCS.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: BlueSoleilCS.exe5 Error: (12/10/2014 10:40:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: BlueSoleilCS.exe, wersja: 9.0.723.0, sygnatura czasowa: 0x5062b290 Nazwa modułu powodującego błąd: tl_filter.dll, wersja: 0.0.0.0, sygnatura czasowa: 0x505fc6a9 Kod wyjątku: 0xc0000094 Przesunięcie błędu: 0x0000d53d Identyfikator procesu powodującego błąd: 0x674 Godzina uruchomienia aplikacji powodującej błąd: 0xBlueSoleilCS.exe0 Ścieżka aplikacji powodującej błąd: BlueSoleilCS.exe1 Ścieżka modułu powodującego błąd: BlueSoleilCS.exe2 Identyfikator raportu: BlueSoleilCS.exe3 Pełna nazwa pakietu powodującego błąd: BlueSoleilCS.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: BlueSoleilCS.exe5 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10672 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10672 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9203 Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9203 Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/10/2014 01:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi lirsgt z powodu następującego błędu: %%577 Error: (12/10/2014 01:10:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi atksgt z powodu następującego błędu: %%577 Error: (12/10/2014 01:08:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (12/10/2014 01:07:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Technologia pamięci Intel® Rapid niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/10/2014 01:07:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa HP Connected Remote Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (12/10/2014 01:07:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa HP Support Assistant Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (12/10/2014 01:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa BlueSoleilCS niespodziewanie zakończyła pracę. Wystąpiło to razy: 3. Error: (12/10/2014 01:07:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (12/10/2014 01:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/10/2014 01:07:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa IconMan_R niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Microsoft Office Sessions: ========================= Error: (12/10/2014 01:03:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: fm.exe15.1.3.0545f6b97fm.exe15.1.3.0545f6b97c000000500e7fd9612d801d01467e545ae77C:\Users\Jakub\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exeC:\Users\Jakub\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe9a8bfe42-8064-11e4-bf61-a41731afcad8 Error: (12/10/2014 10:54:56 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (12/10/2014 10:41:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BlueSoleilCS.exe9.0.723.05062b290tl_filter.dll0.0.0.0505fc6a9c00000940000d53dc3c01d0145d8939cf42C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dllc769ccda-8050-11e4-bf61-a41731afcad8 Error: (12/10/2014 10:40:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BlueSoleilCS.exe9.0.723.05062b290tl_filter.dll0.0.0.0505fc6a9c00000940000d53d67401d0145d5a14b5afC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll98171763-8050-11e4-bf61-a41731afcad8 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10672 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10672 Error: (12/10/2014 03:46:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9203 Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9203 Error: (12/10/2014 03:46:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2014-12-10 13:10:58.301 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-10 13:10:55.520 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-10 10:40:37.565 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-10 10:40:36.956 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-09 11:48:32.896 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-09 11:48:32.490 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-09 09:08:59.520 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-09 09:08:56.473 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-08 13:36:19.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-08 13:36:12.113 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz Percentage of memory in use: 40% Total physical RAM: 3988.27 MB Available physical RAM: 2354.14 MB Total Pagefile: 8084.27 MB Available Pagefile: 6268.52 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.29 GB) (Free:167.29 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:16.7 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 873B541F) Partition: GPT Partition Type. ==================== End Of Log ============================