drorl81

what the point? i need help everyone download pirat games or software.... thank you for nothing you can close this post , i try to get help from others site.

and last one frst file Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by Dror at 2015-03-09 19:06:40 Running from C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F46Z8KS Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Game Collector (HKLM-x32\...\{9E6E8929-ECC5-4941-9898-C7C66ACE49F1}_is1) (Version: - Collectorz.com) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 11.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.1 - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור ‎3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA מנהל ההתקן של בקר ‎3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA מנהל התקן עבור נתונים גרפיים 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC) Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.50 - VSO Software) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) לוח הבקרה של NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden עדכוני NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation) תוכנת Intel® Chipset Device (x32 Version: 10.0.13 - Intel® Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-03-2015 20:47:20 Removed ESET NOD32 Antivirus 09-03-2015 10:35:52 Installed McAfee VirusScan Enterprise. 09-03-2015 12:32:16 Removed McAfee VirusScan Enterprise. 09-03-2015 12:35:44 Removed McAfee Agent. 09-03-2015 16:40:53 Removed 7-Zip 9.20 (x64 edition) ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06A8BDA6-0722-4FA9-A497-14CB290B9BDD} - \AutoKMS No Task File <==== ATTENTION Task: {3F01DDC8-232E-4857-8ECB-C2F9D4F9440D} - System32\Tasks\{FB204B8C-C09B-4B1A-89EE-73A8CF7411C3} => pcalua.exe -a "C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDTX0E5\AdobeAIRInstaller.exe" -d C:\Users\Dror\Desktop Task: {A36EBF4D-1103-47C3-A376-7120D0869801} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {BFC4BB9E-522B-4705-AC99-85370B1DE90D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-11 14:52 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-24 00:13 - 2015-02-18 20:00 - 03502592 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax 2015-02-24 00:13 - 2015-02-18 20:00 - 00147456 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ff_libmad.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dror\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASGT => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: MSI_LiveUpdate_Service => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: Steam Client Service => 3 ==================== Accounts: ============================= Administrator (S-1-5-21-1394726961-1820311630-1626729296-500 - Administrator - Disabled) Dror (S-1-5-21-1394726961-1820311630-1626729296-1001 - Administrator - Enabled) => C:\Users\Dror Guest (S-1-5-21-1394726961-1820311630-1626729296-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1394726961-1820311630-1626729296-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x878 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x8e0 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x824 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x6dc שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/09/2015 07:01:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:44:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:08:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:41:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ‏‏הקריאה ה- ScRegSetValueExW נכשלה עבור FailureCommand עם השגיאה הבאה: %%5 Error: (03/09/2015 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ‏‏הקריאה ה- ScRegSetValueExW נכשלה עבור Start עם השגיאה הבאה: %%5 Error: (03/09/2015 04:31:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:31:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:25:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:25:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:07:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Microsoft Office Sessions: ========================= Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95387801d05a5cdc351fcdC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL19ed918e-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9538e001d05a5cc7814f6bC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL0534fe6c-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95382401d05a5cbfaaa764C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLfd631926-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9536dc01d05a5cba1b3080C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLf8673793-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU 530 @ 2.93GHz Percentage of memory in use: 57% Total physical RAM: 3959.12 MB Available physical RAM: 1680.71 MB Total Pagefile: 7916.42 MB Available Pagefile: 5885.83 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:417.83 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:322.12 GB) NTFS Drive e: () (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 14C56FD3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCC88017) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 149 GB) (Disk ID: 25242523) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================

here is another from farbar recovery tool Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by Dror at 2015-03-09 19:06:40 Running from C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F46Z8KS Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Game Collector (HKLM-x32\...\{9E6E8929-ECC5-4941-9898-C7C66ACE49F1}_is1) (Version: - Collectorz.com) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 11.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.1 - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור ‎3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA מנהל ההתקן של בקר ‎3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA מנהל התקן עבור נתונים גרפיים 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC) Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.50 - VSO Software) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) לוח הבקרה של NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden עדכוני NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation) תוכנת Intel® Chipset Device (x32 Version: 10.0.13 - Intel® Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-03-2015 20:47:20 Removed ESET NOD32 Antivirus 09-03-2015 10:35:52 Installed McAfee VirusScan Enterprise. 09-03-2015 12:32:16 Removed McAfee VirusScan Enterprise. 09-03-2015 12:35:44 Removed McAfee Agent. 09-03-2015 16:40:53 Removed 7-Zip 9.20 (x64 edition) ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06A8BDA6-0722-4FA9-A497-14CB290B9BDD} - \AutoKMS No Task File <==== ATTENTION Task: {3F01DDC8-232E-4857-8ECB-C2F9D4F9440D} - System32\Tasks\{FB204B8C-C09B-4B1A-89EE-73A8CF7411C3} => pcalua.exe -a "C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDTX0E5\AdobeAIRInstaller.exe" -d C:\Users\Dror\Desktop Task: {A36EBF4D-1103-47C3-A376-7120D0869801} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {BFC4BB9E-522B-4705-AC99-85370B1DE90D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-11 14:52 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-24 00:13 - 2015-02-18 20:00 - 03502592 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax 2015-02-24 00:13 - 2015-02-18 20:00 - 00147456 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ff_libmad.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dror\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASGT => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: MSI_LiveUpdate_Service => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: Steam Client Service => 3 ==================== Accounts: ============================= Administrator (S-1-5-21-1394726961-1820311630-1626729296-500 - Administrator - Disabled) Dror (S-1-5-21-1394726961-1820311630-1626729296-1001 - Administrator - Enabled) => C:\Users\Dror Guest (S-1-5-21-1394726961-1820311630-1626729296-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1394726961-1820311630-1626729296-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x878 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x8e0 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x824 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ‏‏יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x6dc שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/09/2015 07:01:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:44:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:08:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:41:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ‏‏הקריאה ה- ScRegSetValueExW נכשלה עבור FailureCommand עם השגיאה הבאה: %%5 Error: (03/09/2015 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ‏‏הקריאה ה- ScRegSetValueExW נכשלה עבור Start עם השגיאה הבאה: %%5 Error: (03/09/2015 04:31:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:31:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:25:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:25:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:07:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: ‏‏אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Microsoft Office Sessions: ========================= Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95387801d05a5cdc351fcdC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL19ed918e-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9538e001d05a5cc7814f6bC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL0534fe6c-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95382401d05a5cbfaaa764C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLfd631926-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9536dc01d05a5cba1b3080C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLf8673793-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU 530 @ 2.93GHz Percentage of memory in use: 57% Total physical RAM: 3959.12 MB Available physical RAM: 1680.71 MB Total Pagefile: 7916.42 MB Available Pagefile: 5885.83 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:417.83 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:322.12 GB) NTFS Drive e: () (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 14C56FD3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCC88017) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 149 GB) (Disk ID: 25242523) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================

hi everyone...im new here and my english not so good..and i have a problem with my cpu usage... my anti virus hes detected trojan miner and i cant delete him no matter what im trying to do. but....i download this software roguekiller and he found somthing but i dont know how to handle this. software i used to try for the problems roguekiller - find but dont know what to do next malwarebytes anti malware - find nothing adwcleaner - found 4 of the them and delete and preform restart to pc. after a second scan nothing was found but again i run roguekiller and the problems return. this report might help RogueKiller V10.5.2.0 (x64) [Mar 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dror [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 03/09/2015 18:57:35 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤ [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x3b222c0 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++ --- User --- [MBR] 5018b619dc5990b26762b56dde298375 [bSP] d0dcff66bed89af345d58bbfef0ad90c : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD5000AAKS-00YGA0 ATA Device +++++ --- User --- [MBR] f25f819634570d7e3ef42bac93ceffd7 [bSP] 89135db499ba69a6d4feab0e44acfeb9 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD1600JS-08NCB1 ATA Device +++++ --- User --- [MBR] 80b2f452c728b00c169a8966014e4da6 [bSP] 02c6115d3e23ea468d219ad9895e95d4 : Legit.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152624 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_03092015_161912.log - RKreport_DEL_03092015_161923.log - RKreport_DEL_03092015_164948.log - RKreport_DEL_03092015_165004.log RKreport_SCN_03092015_095721.log - RKreport_SCN_03092015_155621.log - RKreport_SCN_03092015_161531.log - RKreport_SCN_03092015_162231.log RKreport_SCN_03092015_164741.log

thank you i will do as you say....

hi everyone...im new here and my english not so good..and i have a problem with my cpu usage... my anti virus hes detected trojan miner and i cant delete him no matter what im trying to do. but....i download this software roughkiller and he found somthing but i dont know how to handle this. this is the report: RogueKiller V10.5.1.0 [Mar 5 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dror [Administrator] Started from : C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4ZWWQ7V\RogueKiller.exe Mode : Scan -- Date : 03/09/2015 09:57:21 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] FreemakeUtilsService.exe(1888) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 17 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00YGA0 ATA Device +++++ --- User --- [MBR] f25f819634570d7e3ef42bac93ceffd7 [bSP] 89135db499ba69a6d4feab0e44acfeb9 : Windows Vista/7/8 MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 ATA Device +++++ --- User --- [MBR] 5018b619dc5990b26762b56dde298375 [bSP] d0dcff66bed89af345d58bbfef0ad90c : Windows Vista/7/8 MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD1600JS-08NCB1 ATA Device +++++ --- User --- [MBR] 80b2f452c728b00c169a8966014e4da6 [bSP] 02c6115d3e23ea468d219ad9895e95d4 : Legit.Unknown MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK if i posted in the wrong place im sorry... waiting for help thanks