Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01 Ran by kazek at 2015-02-05 18:30:30 Running from C:\Users\kazek\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2633542428-2779320304-759432827-1000\...\uTorrent) (Version: 3.4.2.37756 - BitTorrent Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{4572399F-5B78-3C50-7281-4AB6248FC1F0}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Card Detector for Huawei E177 (HKLM-x32\...\CardDetectorHUAWEI177) (Version: 1.1.2.0 - ) DriverIdentifier 4.2 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Orange Free (HKLM-x32\...\{BEWINTERNET-PL-IEW}.UninstallSuite) (Version: - ) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd) PITy2014 IPS 1.6 kompilacja:1.6.2.12 (HKLM-x32\...\PITy2014IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Qualcomm Atheros WiFi Driver Installation Program (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) WinRAR 5.11 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 25-01-2015 12:44:51 Kopia zapasowa systemu Windows 25-01-2015 17:53:06 Removed Adobe Reader XI (11.0.05). 29-01-2015 22:46:02 Windows Update 02-02-2015 21:23:14 Windows Update 03-02-2015 17:39:55 Windows Update 04-02-2015 22:33:49 Windows Update 05-02-2015 16:57:53 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-02-04 21:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {32E13B09-314D-4E2A-AACF-B499EF7DA6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.) Task: {8697F739-B039-4370-A191-E3E5022F8A2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.) Task: {9A38B35D-20F8-403C-9A8E-5DA882F23D1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {ADEE97AA-6CDB-41DD-8746-70F7E033BD8A} - System32\Tasks\{D9226381-807D-4A3E-877C-9580488DD8C5} => pcalua.exe -a E:\BeachSoccer-setup.exe -d E:\ Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AIRecoveryRemind.job => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f06bfe3a03b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff54025377536.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0028d1137851e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe ==================== Loaded Modules (whitelisted) ============== 2012-03-21 21:30 - 2012-03-21 21:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-11-20 14:09 - 2014-11-20 14:09 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll 2013-06-13 23:22 - 2011-02-23 10:11 - 00040960 _____ () C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\Launcher\WatchClient.dll 2013-06-13 23:23 - 2011-02-23 10:11 - 00548864 _____ () C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\Launcher\Plugins\PluginLnhHotspotLocator.dll 2013-06-13 23:23 - 2009-08-31 15:23 - 00294912 _____ () C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\Launcher\Sqlite3.dll 2013-06-13 23:22 - 2011-02-23 10:11 - 00712704 _____ () C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\Launcher\Plugins\PluginLnhPromptManager2.dll 2013-06-13 23:22 - 2009-08-31 15:23 - 00294912 _____ () C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\connectivity\Sqlite3.dll 2015-02-04 19:58 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-02-04 19:58 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-02-04 19:58 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll 2015-02-05 17:23 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\kazek\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2633542428-2779320304-759432827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kazek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2633542428-2779320304-759432827-500 - Administrator - Disabled) Gość (S-1-5-21-2633542428-2779320304-759432827-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2633542428-2779320304-759432827-1003 - Limited - Enabled) kazek (S-1-5-21-2633542428-2779320304-759432827-1000 - Administrator - Enabled) => C:\Users\kazek ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 04:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2015 04:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 10:34:18 PM) (Source: VSS) (EventID: 12344) (User: ) Description: Błąd usługi kopiowania woluminów w tle: Napotkano błąd 0x00000000c000014d, gdy moduł zapisujący rejestru przygotowywał rejestr na kopię w tle. Sprawdź, czy w dziennikach zdarzeń aplikacji i systemu nie występują pokrewne błędy. Operacja: Zdarzenie OnFreeze Zdarzenie zablokowania Kontekst: Kontekst wykonywania: Registry Writer Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {06087e53-e436-4b8a-be4d-751856559fe3} Error: (02/04/2015 08:15:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: deskboard.exe, wersja: 1.1.2.0, sygnatura czasowa: 0x4d642fff Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xf88 Godzina uruchomienia aplikacji powodującej błąd: 0xdeskboard.exe0 Ścieżka aplikacji powodującej błąd: deskboard.exe1 Ścieżka modułu powodującego błąd: deskboard.exe2 Identyfikator raportu: deskboard.exe3 Error: (02/04/2015 06:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 06:25:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (02/04/2015 05:22:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AlertModule.exe, wersja: 4.1.2.0, sygnatura czasowa: 0x4d6422de Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000058 Identyfikator procesu powodującego błąd: 0xbfc Godzina uruchomienia aplikacji powodującej błąd: 0xAlertModule.exe0 Ścieżka aplikacji powodującej błąd: AlertModule.exe1 Ścieżka modułu powodującego błąd: AlertModule.exe2 Identyfikator raportu: AlertModule.exe3 Error: (02/04/2015 05:21:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: connectivitymanager.exe, wersja: 15.1.2.0, sygnatura czasowa: 0x4d642bc9 Nazwa modułu powodującego błąd: HandlerAuth.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4d642c75 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x03803e40 Identyfikator procesu powodującego błąd: 0x594 Godzina uruchomienia aplikacji powodującej błąd: 0xconnectivitymanager.exe0 Ścieżka aplikacji powodującej błąd: connectivitymanager.exe1 Ścieżka modułu powodującego błąd: connectivitymanager.exe2 Identyfikator raportu: connectivitymanager.exe3 Error: (02/03/2015 05:27:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 07:12:09 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Wykonanie kopii zapasowej nie zostało zakończone z powodu błędu zapisu w lokalizacji kopii zapasowej F:\. Błąd: Nie można odnaleźć lokalizacji kopii zapasowej lub jest ona nieprawidłowa. Przejrzyj ustawienia kopii zapasowej i sprawdź lokalizację kopii zapasowej. (0x81000006). System errors: ============= Error: (02/04/2015 10:34:18 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: ZARZĄDZANIE NT) Description: 0xc000014d72\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Users\default\ntuser.dat Error: (02/04/2015 09:49:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (02/04/2015 09:47:22 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (02/04/2015 09:47:21 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (02/04/2015 06:39:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80242016: Zbiorcza aktualizacja zabezpieczeń programu Internet Explorer 10 dla systemu Windows 7 x64 (KB3003057). Error: (02/04/2015 06:29:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Usługa Instalator modułów systemu Windows nie została poprawnie zamknięta po odebraniu kodu sterującego przed zamknięciem. Error: (02/03/2015 08:19:47 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} Error: (02/03/2015 05:30:04 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (02/03/2015 05:26:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Avira Service Host. Error: (02/02/2015 08:41:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Microsoft Office Sessions: ========================= Error: (02/05/2015 04:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2015 04:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 10:34:18 PM) (Source: VSS) (EventID: 12344) (User: ) Description: 0x00000000c000014d Operacja: Zdarzenie OnFreeze Zdarzenie zablokowania Kontekst: Kontekst wykonywania: Registry Writer Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {06087e53-e436-4b8a-be4d-751856559fe3} Error: (02/04/2015 08:15:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: deskboard.exe1.1.2.04d642fffunknown0.0.0.000000000c000000500000000f8801d040a38f90d685C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\Deskboard\deskboard.exeunknown286a2cc4-aca2-11e4-84c7-5404a672da19 Error: (02/04/2015 06:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/04/2015 06:25:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (02/04/2015 05:22:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AlertModule.exe4.1.2.04d6422deunknown0.0.0.000000000c000000500000058bfc01d03fce28f83984C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exeunknown005060e9-ac8a-11e4-9e2d-5404a672da19 Error: (02/04/2015 05:21:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: connectivitymanager.exe15.1.2.04d642bc9HandlerAuth.dll_unloaded0.0.0.04d642c75c000000503803e4059401d03fce4588bcc7C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exeHandlerAuth.dlleadfc88c-ac89-11e4-9e2d-5404a672da19 Error: (02/03/2015 05:27:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/02/2015 07:12:09 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: F:\Nie można odnaleźć lokalizacji kopii zapasowej lub jest ona nieprawidłowa. Przejrzyj ustawienia kopii zapasowej i sprawdź lokalizację kopii zapasowej. (0x81000006) CodeIntegrity Errors: =================================== Date: 2015-02-04 21:47:22.622 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-04 21:47:22.170 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-04 21:47:21.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-04 21:47:21.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-25 02:43:13.254 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-25 02:43:13.083 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-25 02:43:12.896 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-25 02:43:12.740 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-28 21:31:18.330 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-28 21:31:18.159 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD C-50 Processor Percentage of memory in use: 73% Total physical RAM: 1643.73 MB Available physical RAM: 442.58 MB Total Pagefile: 3367.47 MB Available Pagefile: 1309.17 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:151.6 GB) (Free:109.37 GB) NTFS Drive d: () (Fixed) (Total:146.39 GB) (Free:133.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AE14F3C6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================