Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 Ran by piotrek (25-06-2017 18:12:58) Running from C:\frt Windows 7 Ultimate Service Pack 1 (X64) (2016-12-08 07:03:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-586139971-3745640054-995972772-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-586139971-3745640054-995972772-501 - Limited - Disabled) piotrek (S-1-5-21-586139971-3745640054-995972772-1000 - Administrator - Enabled) => C:\Users\piotrek ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: Zapora osobista ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) ATI Catalyst Install Manager (HKLM\...\{1C790FDA-56A4-C164-6307-8A80EAAB5325}) (Version: 3.0.624.0 - ATI Technologies, Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.383.1.1-070621a-049739C-Lenovo - ATI Technologies, Inc.) BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM-x32\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry) BlackBerry Blend (x32 Version: 1.2.0.50 - BlackBerry Ltd.) Hidden BlackBerry Communication Drivers (x32 Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Device Drivers (x32 Version: 8.0.0.143 - BlackBerry Ltd.) Hidden BlackBerry Link (x32 Version: 1.2.4.39 - BlackBerry) Hidden BlackBerry Link Remover (x32 Version: 1.2.4.0 - BlackBerry Ltd.) Hidden BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.7302 - BlueStack Systems, Inc.) ccc-Branding (HKLM-x32\...\{7379FDD1-D0ED-4FF2-B168-E246772E731E}) (Version: 1.00.0000 - ATI) ccc-core-static (x32 Version: 2007.0621.1715.28924 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform) Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU) CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Deluxe Ski Jump 4 (HKLM-x32\...\Deluxe Ski Jump 4_is1) (Version: 1.5.1 - Mediamond Tmi) ESET Smart Security (HKLM\...\{B0D9ABD0-A8FD-41CE-85A5-D5AFF3BB3990}) (Version: 7.0.302.26 - ESET, spol s r. o.) f.lux (HKU\S-1-5-21-586139971-3745640054-995972772-1000\...\Flux) (Version: - ) GnuWin32: FreeType-2.3.5-1 (HKLM-x32\...\FreeType-2.3.5-1_is1) (Version: 2.3.5-1 - GnuWin32) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.109 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.20) (Version: 9.20 - Artifex Software Inc.) Greenshot 1.2.9.112 (HKLM\...\Greenshot_is1) (Version: 1.2.9.112 - Greenshot) GSview 5.0 (HKLM-x32\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd) ilSFV 1.10 (HKLM-x32\...\{D463AB63-D949-4FB1-B586-968FBBE529D2}_is1) (Version: - Jud White) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) LEd Beta 0.53 (HKLM-x32\...\LEd_is1) (Version: - www.LaTeXEditor.org) Lenovo Power Management Driver (Version: 1.67.12.18 - Lenovo) Hidden Lenovo Service Bridge (HKU\S-1-5-21-586139971-3745640054-995972772-1000\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0042 - Lenovo) LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 52.2.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.2.0 ESR (x64 en-US)) (Version: 52.2.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.0.6367 - Mozilla) ODF Add-in for Microsoft Word (HKLM-x32\...\{E6738F45-D704-4D83-9E51-24695E717D09}) (Version: 1.0.0 - Clever Age) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - ) Pakiet zgodnoƛci dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation) Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited) REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.0.5.2 - Lenovo, Inc.) Skins (x32 Version: 2007.0621.1715.28924 - ATI) Hidden Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Sunrise Seven 1.2.61 (HKLM-x32\...\{AB0DBC9A-422A-4888-A8E5-A32EC1779E68}_is1) (Version: - Sunrise Software) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - ) ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VMware Player (HKLM\...\{646FD2AF-74E5-462C-82EE-1860DD252BF6}) (Version: 12.5.1 - VMware, Inc.) Windows 7 Codec Pack 4.1.7 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.7 - Windows 7 Codec Pack) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinShell (HKLM-x32\...\WinShell_is1) (Version: 3.32 - Ingo H. de Boer) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FE982CB-DBE0-48EB-A4C0-2A4F3B0E5919} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-13] (Google Inc.) Task: {2A0AF9DA-E0FF-4B6E-8B8D-64E26EC4828A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-586139971-3745640054-995972772-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {2D81699E-D796-4476-965A-90C04F066A41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd) Task: {41F10617-FB95-41E1-832F-9C09ABBF3DDA} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo) Task: {6EC794B0-69FB-4E9A-AA79-C6E47BB3695C} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-02-09] (Lenovo) Task: {7294B502-4F84-49EE-B7FC-F790F35EAEAF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo) Task: {8441D238-B1C7-43CC-9AC1-8237BE6C68FC} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {94AACF04-76DF-4865-A771-781B4CAD3AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-13] (Google Inc.) Task: {A9D6B1A9-2135-4108-A1D5-11150158B5DD} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited) Task: {B6157DC8-32BF-4322-99DD-F4DEDA4D77BB} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-02-09] (Lenovo) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-10-19 23:39 - 2010-10-19 23:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2016-12-09 00:54 - 2016-04-14 16:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2007-03-02 21:44 - 2007-03-02 21:44 - 00076800 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll 2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-05-20 23:00 - 2015-05-20 23:00 - 00688888 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe 2007-03-07 03:03 - 2007-03-07 03:03 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2017-06-21 17:09 - 2017-06-20 08:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.109\swiftshader\libglesv2.dll 2017-06-21 17:09 - 2017-06-20 08:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.109\swiftshader\libegl.dll 2015-05-27 02:46 - 2015-05-27 02:46 - 00094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [464] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-586139971-3745640054-995972772-1000\...\tau.ac.il -> hxxps://clumpak.tau.ac.il IE trusted site: HKU\S-1-5-21-586139971-3745640054-995972772-1000\...\videostar.pl -> hxxps://videostar.pl ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2017-06-25 10:40 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-586139971-3745640054-995972772-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\piotrek\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 217.172.224.160 - 89.231.1.206 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1BF8869E-988F-4221-AF9B-35658C5B71A3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F1EEF824-88FE-4E59-89DA-87B715E2E5BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E460D35F-8BA6-4010-9FC9-CE2D6A313D03}] => (Allow) tunmgr.exe FirewallRules: [{F1E4E75B-9875-4B10-8176-62A48EB8E038}] => (Allow) tunmgr.exe FirewallRules: [{1B307ED8-71D9-47C3-AC0A-F9E46AD7E87F}] => (Allow) mDNSResponder.exe FirewallRules: [{8384CB16-E468-406C-8779-6D012CC42973}] => (Allow) mDNSResponder.exe FirewallRules: [{06EB68CA-B126-498C-AA5D-A48A2667B21A}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe FirewallRules: [{CC911CAF-1787-4438-AAC3-D5B637971304}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\tunnel manager\PeerManager.exe FirewallRules: [{0BAF4731-95B0-42C9-9DA9-94343EAEED01}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe FirewallRules: [{4587CD96-EBEB-4846-B78E-BA7954795B99}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{DA76E3F0-973C-4EB8-B48B-188FDB0FFE1D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{629FDE6C-02DA-457E-B2DD-234EB2233A2A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{AA868287-FBC4-40A2-A155-1A8E8CADEE7F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{4DB376BD-140D-4FB4-9AAF-ABB8BEBCD634}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{98126907-E656-429F-B434-B29C42B7241D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{75819538-DFAA-4511-BD46-A979E3DA79B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1B76356E-B859-4719-9775-76676466B67B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{722B493C-BD7D-47C1-876D-9CF2C950C6EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Biometric Coprocessor Description: Biometric Coprocessor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/25/2017 05:46:31 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 1.44.168.192.in-addr.arpa. PTR piotrek-PC-2.local. Error: (06/25/2017 05:46:31 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.44.1:5353 18 1.44.168.192.in-addr.arpa. PTR piotrek-PC.local. Error: (06/25/2017 05:46:31 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 20 103.0.168.192.in-addr.arpa. PTR piotrek-PC-2.local. Error: (06/25/2017 05:46:31 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.103:5353 18 103.0.168.192.in-addr.arpa. PTR piotrek-PC.local. Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: Local Hostname piotrek-PC.local already in use; will try piotrek-PC-2.local instead Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 piotrek-PC.local. Addr 192.168.0.103 Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.103:5353 16 piotrek-PC.local. AAAA FE80:0000:0000:0000:9428:FE4C:88B0:6D93 Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 piotrek-PC.local. Addr 169.254.204.231 Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.26.1:5353 4 piotrek-PC.local. Addr 192.168.26.1 Error: (06/25/2017 05:46:30 PM) (Source: RIM MDNS) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 piotrek-PC.local. Addr 192.168.0.103 System errors: ============= Error: (06/25/2017 05:46:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: The system cannot find the file specified. Error: (06/25/2017 05:45:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect. Error: (06/25/2017 05:45:55 PM) (Source: atikmdag) (EventID: 10266) (User: ) Description: Unknown EDID version Error: (06/25/2017 05:45:55 PM) (Source: atikmdag) (EventID: 10266) (User: ) Description: Unknown EDID version Error: (06/25/2017 05:45:13 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (06/25/2017 05:14:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/25/2017 04:32:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. Error: (06/25/2017 01:24:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: The system cannot find the file specified. Error: (06/25/2017 01:24:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect. Error: (06/25/2017 01:23:59 PM) (Source: atikmdag) (EventID: 10266) (User: ) Description: Unknown EDID version CodeIntegrity: =================================== Date: 2017-06-25 10:33:58.181 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-06-25 10:33:58.153 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz Percentage of memory in use: 70% Total physical RAM: 3070.43 MB Available physical RAM: 893.6 MB Total Virtual: 6139.05 MB Available Virtual: 3269.09 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:77.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: C615ED46) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================