Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01 Ran by adm (2015-08-15 01:54:07) Running from E:\ Boot Mode: Normal ========================================================== ==================== Accounts: ============================= adm (S-1-5-21-1577132951-3405702-2605363723-1000 - Administrator - Enabled) => C:\Users\adm Administrator (S-1-5-21-1577132951-3405702-2605363723-500 - Administrator - Disabled) Gość (S-1-5-21-1577132951-3405702-2605363723-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.12) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{9E52008D-8FAA-1500-3643-A08AFA29942E}) (Version: 3.0.820.0 - ATI Technologies, Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.84.7.10-111101a-128107C-Lenovo - ATI Technologies, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo) Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.1.1821.1806 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Polski (HKLM-x32\...\{90140011-0066-0415-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Moduł Szybka instalacja pakietu Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated) Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo) VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 23-07-2015 19:55:08 Windows Update 31-07-2015 17:11:45 Windows Update 02-08-2015 14:26:30 Software Removal Tool 02-08-2015 14:28:26 Software Removal Tool 02-08-2015 14:39:44 Software Removal Tool 05-08-2015 08:46:30 Windows Update 13-08-2015 20:17:33 avast! antivirus system restore point 13-08-2015 20:24:47 Windows Update 13-08-2015 22:02:48 Windows Update 14-08-2015 21:05:09 Usuwanie pakietu językowego ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-08-14 01:56 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03E54D18-8600-4702-BABB-25BE0E061994} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-13] (AVAST Software) Task: {4B6184F9-8222-4A5E-92AC-B4753CD274F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {5C6F39C6-B6B2-43F2-B82D-090670B89969} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) Task: {5FE113C9-58C8-4A13-A915-C87A00D13DB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {720ED788-421B-4528-808C-9A97C3788E2B} - System32\Tasks\Opera scheduled Autoupdate 1439499363 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software) Task: {99547B2F-EDA9-4C5B-BEC9-D40F5DD453F9} - System32\Tasks\{428BC455-95FD-4DD9-A677-15CB7BB123DF} => Chrome.exe Task: {A4309A1B-C92A-4270-A0C3-B264994B6FC1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink) Task: {BD0797BB-7D06-482C-93D1-FD73DDD1E4B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) Task: {F6828200-E427-4175-84B9-3BFD634F0131} - System32\Tasks\avastBCLRestartS-1-5-21-1577132951-3405702-2605363723-1000 => Chrome.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2012-03-22 02:46 - 2012-03-22 02:46 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" MSCONFIG\startupreg: UVS11 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A0CBF9B3-0EBE-4428-B6E3-469561FC8B43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{96B36E75-9AFC-4E36-9234-F6BDEF3DFC42}] => (Allow) LPort=2869 FirewallRules: [{1C761B7A-E0E0-4CC9-93A5-47368ECE2751}] => (Allow) LPort=1900 FirewallRules: [{A17B6339-AA71-42E6-AC6C-4A4DD103A982}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{0867F0CB-0B7E-4F6D-82DF-2C1D329DE4CE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{21C412ED-140A-44DD-959E-7B8CC35B2103}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{45E6CC5C-8463-47D1-96A1-C04BA1088736}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{BF44D9C5-C438-4412-B8FE-01122ED0D0AE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{44C66398-4D51-4358-9F72-2BE542DCAB27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/14/2015 03:06:14 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:06:14 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:05:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:05:46 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:05:46 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:05:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:03:57 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:03:57 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:03:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (08/14/2015 03:03:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC System errors: ============= Error: (08/15/2015 01:31:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Harmonogram klas multimediów, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (08/15/2015 01:31:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Instrumentacja zarządzania Windows, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (08/15/2015 01:30:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Serwer, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Instrumentacja zarządzania Windows niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Kompozycje niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Wykrywanie sprzętu powłoki niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa powiadamiania o zdarzeniach systemowych niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Logowanie pomocnicze niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Harmonogram zadań niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/15/2015 01:29:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Menedżer połączeń usługi Dostęp zdalny niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Microsoft Office: ========================= Error: (08/14/2015 03:06:14 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:06:14 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:05:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:05:46 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:05:46 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:05:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:03:57 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:03:57 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:03:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (08/14/2015 03:03:48 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: CodeIntegrity: =================================== Date: 2015-08-14 01:53:52.593 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-14 01:53:52.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-14 01:53:52.499 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-14 01:53:52.452 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-10 15:04:06.259 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-10 15:04:06.213 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 26% Total physical RAM: 6087.86 MB Available physical RAM: 4503.12 MB Total Virtual: 12173.92 MB Available Virtual: 10504.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:337.3 GB) NTFS Drive d: () (Fixed) (Total:29 GB) (Free:9.54 GB) NTFS Drive e: (XYZ) (Removable) (Total:29.43 GB) (Free:28.52 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E8E9F0B7) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: 2B1652FC) Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C) ==================== End of log ============================