آیا سیستمم پاک شده؟ [آرشيو] - P30World Forums - انجمن های تخصصی پی سی ورلد

afshin b

19-08-2011, 22:43

سلام
جناب دکتر فرمودن:

ویروسی هستید ،

مرجع رو بخونید ، موارد ضروری رو انجام بدید ، با لاگ و ریپورت های بدست امده تاپیک جدید در اورزانس بزنید

₪◙₪◙₪ مرجع رفع تمامی آلودگی های ویروسی (قبل از ایجاد تاپیک جدید مطالعه کنید) ₪◙₪◙₪ ([ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ])

مرجع رو خوندم و کارای ضروری رو انجام دادم.
ویندوز: 7 هوم
انتی ویروس: کسپرسکی اینترنت سکیوریتی 2012

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/19/2011 at 21:42:03.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\Afshin\AppData\Local\Temp\Rar$DI33.080\rk ill.com

Rkill completed on 08/19/2011 at 21:42:21.

Malwarebytes' Anti-Malware 1.51.1.1800

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنیدDatabase version: 7035

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/19/2011 11:00:14 PM
mbam-log-2011-08-19 (23-00-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 365434
Time elapsed: 51 minute(s), 37 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2228 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\WinDefender (Trojan.Agent.Gen) -> Value: WinDefender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\WinDefender (Trojan.Agent.Gen) -> Value: WinDefender -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files (x86)\Babylon\babylon-pro\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
c:\program files (x86)\internet download manager\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\program files (x86)\internet download manager\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\1\76\5A374m01 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\4\25\10547d01 (Backdoor.RBot) -> Quarantined and deleted successfully.
c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\F\8E\C8E4Ed01 (Malware.Gen) -> Quarantined and deleted successfully.
d:\downloads\Programs\babylon.v9.0.0.r30.inc.persi an.glossaries.full_-----------.com\Patch\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\downloads\Programs\winrar 4.00 beta 7 (32bit – 64bit)-dm999\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]و کلی Tracking Cookies
اینم نتیجه:
[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Afshin at 23:24:50 on 2011-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.981.1033.18.4020.2284 [GMT 4.5:30]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS Server.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = local
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ressources] "C:\program files\steam\ressources\ressources"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 85.15.1.12 85.15.1.10
TCP: Interfaces\{DE3F753C-B51D-4DA6-AB3C-68AF7967CF54} : NameServer = 85.15.1.12,85.15.1.10
TCP: Interfaces\{DE3F753C-B51D-4DA6-AB3C-68AF7967CF54} : DhcpNameServer = 85.15.1.12 85.15.1.10
TCP: Interfaces\{F0F06C4D-D858-48E0-9C1D-096AAC149423} : NameServer = 80.84.58.27 80.84.58.28
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {ED4D839B-DAFC-FD6C-6DDA-FDE6FA28FC7E} - C:\Users\Afshin\AppData\Roaming\FILENAME.exe
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ressources] "C:\program files\steam\ressources\ressources"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Afshin\AppData\Roaming\Mozilla\Firefox\Pr ofiles\febeprof.Afshin\
FF - prefs.js: browser.startup.homepage - hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
FF - prefs.js: keyword.URL - hxxp://[ برای مشاهده لینک ، لطفا با نام کاربری خود وارد شوید یا ثبت نام کنید ]
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 3000
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullab y.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/11 12:14:41];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fc l [2011-6-11 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\P rogram Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe [2011-6-11 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe [2011-6-11 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS Server.exe [2011-6-11 312616]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-30 13592]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.s ys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-4-20 8192]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-19 366640]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD _64.sys [2011-6-11 75248]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-5-30 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atik mdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atik mpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwa mpfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\ DrvAgent64.SYS [2011-4-29 21712]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-2-14 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-2-14 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sy s --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 LUMDriver;LUMDriver;\??\C:\Windows\system32\driver s\LUMDriver.sys --> C:\Windows\system32\drivers\LUMDriver.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\ps sdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2011-5-12 14544]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"C:\Program Files\Zune\WMZuneComm.exe" --> C:\Program Files\Zune\WMZuneComm.exe [?]
.
=============== Created Last 30 ================
.
2011-08-19 18:48:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-08-19 17:41:07 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-19 17:16:47 -------- d-----w- C:\Users\Afshin\AppData\Roaming\Malwarebytes
2011-08-19 17:16:37 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-19 17:16:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-19 14:48:12 -------- d-----w- C:\Users\Afshin\AppData\Local\VirtualStore
2011-08-19 06:31:14 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA2B7193-C971-4DBC-97FA-E1271CA45F74}\mpengine.dll
2011-08-18 06:32:24 -------- d-----w- C:\Users\Afshin\AppData\Local\PunkBuster
2011-08-17 19:57:34 -------- d-----w- C:\Users\Afshin\AppData\Local\Broadcom
2011-08-17 19:00:20 -------- d-----w- C:\Users\Afshin\AppData\Local\Microsoft Games
2011-08-17 18:31:02 -------- d-----w- C:\Users\Afshin\AppData\Local\ASUS
2011-08-17 17:04:21 -------- d-----w- C:\Users\Afshin\AppData\Roaming\COWON
2011-08-17 13:56:57 -------- d-----w- C:\Users\Afshin\AppData\Local\Adobe
2011-08-17 08:48:25 454952 ----a-w- C:\Windows\System32\mss32.dll
2011-08-17 08:37:50 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-08-17 08:17:05 -------- d-----w- C:\Users\Afshin\AppData\Roaming\Intel Corporation
2011-08-13 18:44:13 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-08-13 18:44:10 -------- d-----w- C:\Program Files (x86)\Steam
2011-08-12 13:04:02 -------- d-----w- C:\FakeDir
2011-08-10 05:33:17 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-10 05:33:16 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-10 05:33:16 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-07-31 13:03:45 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-07-31 13:03:39 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-07-31 13:03:39 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-07-30 05:47:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-07-30 05:43:19 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-07-30 05:42:16 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2011-07-30 05:38:44 77936 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2011-07-30 05:27:28 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2011-07-30 05:27:28 349736 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2011-07-30 05:27:28 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2011-07-30 05:27:28 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2011-07-30 05:27:28 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2011-07-30 05:27:28 106536 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2011-07-30 05:24:52 -------- d-----w- C:\Program Files\Lenovo
2011-07-30 05:15:52 443040 ----a-w- C:\Windows\System32\athihvs.dll
2011-07-30 05:12:50 -------- d-----w- C:\Program Files\SRS Labs
2011-07-30 05:12:19 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-07-30 05:10:35 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-07-30 05:10:25 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2011-07-30 05:10:25 108960 ----a-w- C:\Windows\System32\AERTAR64.dll
2011-07-30 05:10:16 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ISBEW64.exe
2011-07-30 05:10:15 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iKernel.dll
2011-07-30 05:10:15 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ctor.dll
2011-07-30 05:10:15 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\DotNetInstaller.exe
2011-07-30 05:10:15 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps. dll
2011-07-30 05:10:15 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iscript.dll
2011-07-30 05:10:15 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iuser.dll
2011-07-30 05:10:14 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iGdi.dll
2011-07-30 05:10:13 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\setup.dll
2011-07-25 06:30:18 -------- d-----w- C:\Program Files\Babylon
2011-07-25 06:30:18 -------- d-----w- C:\Program Files (x86)\Babylon
2011-07-25 06:29:41 -------- d-----w- C:\ProgramData\Babylon
2011-07-21 20:25:52 64000 ----a-w- C:\Windows\System32\steam_api.dll
.
==================== Find3M ====================
.
2011-08-19 18:37:38 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-08-19 14:50:57 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-19 14:50:57 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-08-19 13:54:39 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-08-14 08:02:50 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-08-11 16:45:34 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex1
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-08 04:15:50 9884672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-08 03:54:26 23385600 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-08 03:33:28 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-08 03:29:54 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-08 03:29:44 689152 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-08 03:28:26 814592 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-08 03:25:48 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-08 03:25:38 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-08 03:25:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-08 03:23:48 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-08 03:23:32 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-08 03:23:26 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-08 03:23:14 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-08 03:23:08 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-08 03:23:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-08 03:22:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-08 03:19:50 4275712 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-08 03:10:38 5072896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-08 03:06:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-08 03:05:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-08 03:05:34 3848704 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-08 03:02:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-08 03:02:06 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-08 03:01:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-08 03:01:58 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-08 03:01:46 8134656 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-08 03:00:34 4367360 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-08 02:58:52 6740480 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-08 02:55:56 4039680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-08 02:54:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-08 02:54:22 5540864 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-08 02:47:42 375808 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-08 02:47:34 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-08 02:47:24 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-08 02:47:20 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-08 02:47:18 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-08 02:47:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-08 02:47:04 307712 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-08 02:46:20 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-08 02:46:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-08 02:46:06 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-08 02:45:58 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-08 02:45:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-08 02:41:02 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-08 02:40:48 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-07 19:07:30 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-07 19:07:28 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-07-07 19:06:58 16907776 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-07 19:06:46 13904896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-07-06 15:22:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-06 15:14:42 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 23:04:06 79872 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2011-06-15 23:04:06 2971648 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-06-15 23:04:06 2117632 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-06-15 23:04:06 105984 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-14 12:25:46 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
.
============= FINISH: 23:26:11.40 ===============

[B].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/14/2010 8:09:35 PM
System Uptime: 8/19/2011 11:02:43 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N61Jq
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 47.397 GiB free.
D: is FIXED (NTFS) - 431 GiB total, 51.031 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&3437BCC6&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&3437BCC6&0&2
Service: BthPan
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&001FDF849966_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&001FDF849966_C00000001
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF6CB29D485B39FF00
Manufacturer: Atheros
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF6CB29D485B39FF00
Service: L1C
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\8&1C86C5E3&0&0025CF733991_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\8&1C86C5E3&0&0025CF733991_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&001FDF849966_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&001FDF849966_C00000000
Service:
.
==== System Restore Points ===================
.
RP274: 8/13/2011 11:13:27 PM - Installed Steam
RP275: 8/14/2011 1:42:28 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
RP276: 8/14/2011 1:42:59 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
RP277: 8/14/2011 1:43:27 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
RP278: 8/14/2011 1:44:45 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
RP279: 8/14/2011 1:45:15 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer;‏tai €B?ے^
RP280: 8/14/2011 3:40:55 AM - Installed DirectX
RP268: 8/15/2011 1:14:22 PM - Installed Call of Duty(R) - World at War(TM) 1.7 Patch
RP269: 8/16/2011 1:04:44 AM - Removed WD SmartWare
RP270: 8/19/2011 11:00:19 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Alcor Micro USB Card Reader
Angry Birds Rio
Ashampoo Burning Studio 10.0.1
Ask Toolbar
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS FancyStart
ASUS LifeFrame3
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_N_Series_Screensaver
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
ATK Package
AVS4YOU Software Navigator 1.4
Babylon
BatteryCare 0.9.8.5
Boingo Wi-Fi
Call of Duty(R) - World at War(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty: Black Ops
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help English
Choice Guard
ControlDeck
COWON Media Center - jetAudio Plus VX
CyberLink PowerDVD 11
DVDVideoSoftTB Toolbar
EASEUS Partition Master 7.0.1 Server Edition
EVEREST Ultimate Edition v5.50
Express Gate
Fraps (remove only)
Free Video to MP3 Converter version 4.2.14
Gadget
Google Toolbar for Internet Explorer
Grand Theft Auto IV
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Download Manager
IRSpeedyDownloadManager
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Kaspersky Internet Security 2011
Kaspersky Internet Security 2012
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
OpenAL
Power Data Recovery 4.1.2
Punkbuster Got Busted v1.5
PunkBuster Services
Rapture3D 2.4.4 Game
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Steam
Subtitle Workshop 2.51
The KMPlayer (remove only)
Uninstall 1.0.0.1
VBA (3821b)
VirtualCloneDrive
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
8/19/2011 7:54:13 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7AC66914-79B7-4232-B957-8AC2168BEE8A}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 7:50:24 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={95AA1271-E9F3-4E27-BEE6-B917A5FEC18B}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 11:05:20 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={57317CF4-EB10-4EDF-9C35-7CF7CB116489}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
8/19/2011 11:04:34 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={007D794F-78A9-4B70-80F2-8F3B95E9032D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 11:03:41 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={A53736E7-EFBC-413E-AD90-04A959479776}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
8/19/2011 11:03:03 PM, Error: Service Control Manager [7000] - The 6077757b service failed to start due to the following error: The system cannot find the file specified.
8/19/2011 11:02:29 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={ACABEBE5-52C4-431C-B0FE-CDAA0AA4DA86}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 10:52:14 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={CD4FFE0C-1219-471D-9B6C-43CEDDD950D2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 1:41:57 AM, Error: EventLog [6008] - The previous system shutdown at 1:24:17 AM on ‎8/‎19/‎2011 was unexpected.
8/19/2011 1:21:38 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1CBD90DC-B04C-40B8-9DFE-7437FD025B4A}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 1:20:22 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={F92EB886-D151-4365-9859-081B81A32A39}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/19/2011 1:16:06 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={D038A5BF-7931-4612-86AD-E4052AC81DAE}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
8/18/2011 8:06:45 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={3BC708C8-8B68-43A4-96C5-2BC8C2992A7E}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/18/2011 10:54:33 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7D83DCE8-8793-402D-8864-3EF335A15BBC}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
8/18/2011 10:53:19 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={74FBC7B8-DCE7-4B05-90FE-5B6867609FDC}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/17/2011 9:30:50 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
8/17/2011 10:26:12 AM, Error: EventLog [6008] - The previous system shutdown at 10:24:54 AM on ‎8/‎17/‎2011 was unexpected.
8/16/2011 2:24:34 AM, Error: EventLog [6008] - The previous system shutdown at 2:21:22 AM on ‎8/‎16/‎2011 was unexpected.
8/16/2011 12:58:21 AM, Error: EventLog [6008] - The previous system shutdown at 12:54:11 AM on ‎8/‎16/‎2011 was unexpected.
8/16/2011 12:42:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.
8/16/2011 12:42:06 AM, Error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2011 12:39:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2011 12:38:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2011 12:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/16/2011 12:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/16/2011 12:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2011 12:38:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2011 12:38:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 12:38:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2011 12:38:08 AM, Error: EventLog [6008] - The previous system shutdown at 12:36:52 AM on ‎8/‎16/‎2011 was unexpected.
8/16/2011 12:32:26 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
8/16/2011 12:30:32 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} as /. The error: "5" Happened while starting this command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
8/16/2011 12:20:02 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
8/16/2011 12:19:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/16/2011 12:16:40 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}. The error: "5" Happened while starting this command: "C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe" -Embedding
8/16/2011 12:08:30 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
8/15/2011 5:56:29 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={D3028571-C8E2-4BBE-AFC4-631EA87E6333}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
8/15/2011 2:04:29 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
8/15/2011 12:33:34 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1A32DE9F-1B2B-4A82-A5CC-D0AABF8040A5}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
8/15/2011 12:32:33 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={BE4F0FB4-C197-40B6-9DE2-730502DBEF0D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
8/14/2011 3:23:03 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={5418FC4D-1B84-4E16-B2EA-A9899593C731}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
8/13/2011 8:47:46 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1685B972-A391-41A1-9B36-83F602E475CB}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
8/13/2011 4:50:27 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365
8/13/2011 4:46:30 AM, Error: EventLog [6008] - The previous system shutdown at 2:41:17 AM on ‎8/‎13/‎2011 was unexpected.
8/13/2011 11:11:21 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={068F2C5D-F184-44B4-A278-7FB8862754D7}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
8/13/2011 10:08:01 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7FE051AC-0489-48B5-9805-CE424FC87DF2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
8/12/2011 7:08:20 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={6B8748F6-C2E1-4B40-BB5D-118127BD21D2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/12/2011 5:14:16 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={5CA276DE-6F68-4C23-9CFA-3214DF7A1165}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/12/2011 5:10:13 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7A0C9336-544B-4B4C-BD0C-9092952D09B3}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/12/2011 2:49:40 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={77FC117D-A6EC-42B5-87B6-B8FFEBEE16DA}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/12/2011 11:45:37 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={01E9B02D-E694-4E12-9FC7-003C34F8FCD6}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
8/12/2011 11:37:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.
8/12/2011 11:37:56 AM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

خیلی ممنون از زحماتتون، دکتر عزیز.
حالا سیستم من پاک هست یا بازم امکان آلودگی هست؟

ادیت:
امروز صبح با Malwarebytes' Anti-Malware یه فلش اسکن کردم، دوتا فایل آلوده پیدا کرد:
Malwarebytes' Anti-Malware 1.51.1.1800

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

Database version: 7509

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/20/2011 11:01:41 AM
mbam-log-2011-08-20 (11-01-41).txt

Scan type: Flash scan
Objects scanned: 161780
Time elapsed: 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2256 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.